[cxf] branch master updated: Adding some tests for Jose encrypt before signing

Wed, 13 Mar 2019 14:15:49 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 40ec1e6  Adding some tests for Jose encrypt before signing
40ec1e6 is described below

commit 40ec1e6da2ccf52e37dcb3ec77e2fae11cc33cf4
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Wed Mar 13 21:14:10 2019 +0000

    Adding some tests for Jose encrypt before signing
---
 .../cxf/systest/jaxrs/failover/cxf-client.xml      |  2 -
 .../jwejws/EncrSignJweContainerRequestFilter.java  | 33 ++++++++++++++++
 .../jwejws/EncrSignJwsContainerRequestFilter.java  | 33 ++++++++++++++++
 .../security/jose/jwejws/JAXRSJweJwsTest.java      | 44 ++++++++++++++++++++++
 .../systest/jaxrs/security/jose/jwejws/server.xml  | 17 +++++++++
 5 files changed, 127 insertions(+), 2 deletions(-)

diff --git 
a/systests/jaxrs/src/test/resources/org/apache/cxf/systest/jaxrs/failover/cxf-client.xml
 
b/systests/jaxrs/src/test/resources/org/apache/cxf/systest/jaxrs/failover/cxf-client.xml
index 89d1245..c45945d 100644
--- 
a/systests/jaxrs/src/test/resources/org/apache/cxf/systest/jaxrs/failover/cxf-client.xml
+++ 
b/systests/jaxrs/src/test/resources/org/apache/cxf/systest/jaxrs/failover/cxf-client.xml
@@ -18,7 +18,6 @@
 -->
 <beans xmlns="http://www.springframework.org/schema/beans";
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-   xmlns:jaxrs="http://cxf.apache.org/jaxrs-client";
    xmlns:cxf="http://cxf.apache.org/core";
    xmlns:http="http://cxf.apache.org/transports/http/configuration";
    xmlns:sec="http://cxf.apache.org/configuration/security";
@@ -27,7 +26,6 @@
    xsi:schemaLocation="
 http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans.xsd
 http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
-http://cxf.apache.org/jaxrs-client 
http://cxf.apache.org/schemas/jaxrs-client.xsd
 http://cxf.apache.org/transports/http/configuration 
http://cxf.apache.org/schemas/configuration/http-conf.xsd
 http://cxf.apache.org/configuration/security 
http://cxf.apache.org/schemas/configuration/security.xsd
 http://cxf.apache.org/clustering http://cxf.apache.org/schemas/clustering.xsd
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/EncrSignJweContainerRequestFilter.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/EncrSignJweContainerRequestFilter.java
new file mode 100644
index 0000000..5e3fa2c
--- /dev/null
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/EncrSignJweContainerRequestFilter.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import javax.annotation.Priority;
+import javax.ws.rs.container.PreMatching;
+
+import org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter;
+import org.apache.cxf.rs.security.jose.jaxrs.Priorities;
+
+// Switch the priorities to have encryption run before signature
+@PreMatching
+@Priority(Priorities.JWS_SERVER_READ_PRIORITY)
+public class EncrSignJweContainerRequestFilter extends 
JweContainerRequestFilter {
+
+}
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/EncrSignJwsContainerRequestFilter.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/EncrSignJwsContainerRequestFilter.java
new file mode 100644
index 0000000..2371f2a
--- /dev/null
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/EncrSignJwsContainerRequestFilter.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import javax.annotation.Priority;
+import javax.ws.rs.container.PreMatching;
+
+import org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter;
+import org.apache.cxf.rs.security.jose.jaxrs.Priorities;
+
+// Switch the priorities to have encryption run before signature
+@PreMatching
+@Priority(Priorities.JWE_SERVER_READ_PRIORITY)
+public class EncrSignJwsContainerRequestFilter extends 
JwsContainerRequestFilter {
+
+}
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
index 1a972e8..64b411f 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
@@ -26,6 +26,7 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Properties;
 
+import javax.annotation.Priority;
 import javax.ws.rs.BadRequestException;
 
 import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
@@ -39,6 +40,7 @@ import 
org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter;
 import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
 import org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter;
 import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jaxrs.Priorities;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
@@ -83,6 +85,7 @@ public class JAXRSJweJwsTest extends 
AbstractBusClientServerTestBase {
     public static void unregisterBouncyCastleIfNeeded() throws Exception {
         Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
     }
+
     @Test
     public void testJweJwkPlainTextRSA() throws Exception {
         String address = "https://localhost:"; + PORT + "/jwejwkrsa";
@@ -185,6 +188,35 @@ public class JAXRSJweJwsTest extends 
AbstractBusClientServerTestBase {
         String text = bs.echoText("book");
         assertEquals("book", text);
     }
+
+    @Test
+    public void testJweRsaJwsRsaEncryptThenSign() throws Exception {
+        String address = "https://localhost:"; + PORT + "/jwejwsrsaencrsign";
+
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+        bean.setServiceClass(BookStore.class);
+        bean.setAddress(address);
+        List<Object> providers = new LinkedList<>();
+        JweWriterInterceptor jweWriter = new EncrSignJweWriterInterceptor();
+        jweWriter.setUseJweOutputStream(true);
+        providers.add(jweWriter);
+        JwsWriterInterceptor jwsWriter = new EncrSignJwsWriterInterceptor();
+        jwsWriter.setUseJwsOutputStream(true);
+        providers.add(jwsWriter);
+        bean.setProviders(providers);
+        bean.getProperties(true).put("rs.security.encryption.out.properties", 
SERVER_JWEJWS_PROPERTIES);
+        bean.getProperties(true).put("rs.security.signature.out.properties", 
CLIENT_JWEJWS_PROPERTIES);
+        PrivateKeyPasswordProvider provider = new 
PrivateKeyPasswordProviderImpl();
+        
bean.getProperties(true).put("rs.security.signature.key.password.provider", 
provider);
+        BookStore bs = bean.create(BookStore.class);
+        String text = bs.echoText("book");
+        assertEquals("book", text);
+    }
+
     @Test
     public void testJweRsaJwsRsaCert() throws Exception {
         String address = "https://localhost:"; + PORT + "/jwejwsrsacert";
@@ -509,4 +541,16 @@ public class JAXRSJweJwsTest extends 
AbstractBusClientServerTestBase {
         }
 
     }
+
+    // Switch the priorities to have encryption run before signature
+    @Priority(Priorities.JWS_WRITE_PRIORITY)
+    private static class EncrSignJweWriterInterceptor extends 
JweWriterInterceptor {
+
+    }
+
+    // Switch the priorities to have encryption run before signature
+    @Priority(Priorities.JWE_WRITE_PRIORITY)
+    private static class EncrSignJwsWriterInterceptor extends 
JwsWriterInterceptor {
+
+    }
 }
diff --git 
a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
 
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
index a3cadb1..7e11572 100644
--- 
a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
+++ 
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
@@ -107,6 +107,23 @@ under the License.
             <entry key="rs.security.decryption.key.password.provider" 
value-ref="keyPasswordProvider"/>
         </jaxrs:properties>
     </jaxrs:server>
+    
+    <bean id="encrSignJwsInFilter" 
class="org.apache.cxf.systest.jaxrs.security.jose.jwejws.EncrSignJwsContainerRequestFilter"/>
+    <bean id="encrSignJweInFilter" 
class="org.apache.cxf.systest.jaxrs.security.jose.jwejws.EncrSignJweContainerRequestFilter"/>
+    <jaxrs:server 
address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsaencrsign";>
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="encrSignJweInFilter"/>
+            <ref bean="encrSignJwsInFilter"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.encryption.in.properties" 
value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+            <entry key="rs.security.signature.in.properties" 
value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
+            <entry key="rs.security.decryption.key.password.provider" 
value-ref="keyPasswordProvider"/>
+        </jaxrs:properties>
+    </jaxrs:server>
     <jaxrs:server 
address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsacert";>
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>

Reply via email to