You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/12 13:14:38 UTC
[1/3] cxf git commit: Strip out any query parameters when sending the
applies to address
Repository: cxf
Updated Branches:
refs/heads/master ecc3acd1b -> 8cc10f615
Strip out any query parameters when sending the applies to address
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8cc10f61
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8cc10f61
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8cc10f61
Branch: refs/heads/master
Commit: 8cc10f615c37521d2943b8a8003529eeadef671b
Parents: c0d5427
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 12 12:14:01 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 12 12:14:30 2015 +0000
----------------------------------------------------------------------
.../cxf/ws/security/trust/STSTokenRetriever.java | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8cc10f61/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
index 3b57bda..41556a7 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
@@ -136,9 +136,16 @@ public final class STSTokenRetriever {
Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.STS_APPLIES_TO, message);
String appliesTo = o == null ? null : o.toString();
- appliesTo = appliesTo == null
- ? message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString()
- : appliesTo;
+ if (appliesTo == null) {
+ String endpointAddress =
+ message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+ // Strip out any query parameters if they exist
+ int query = endpointAddress.indexOf('?');
+ if (query > 0) {
+ endpointAddress = endpointAddress.substring(0, query);
+ }
+ appliesTo = endpointAddress;
+ }
boolean enableAppliesTo = client.isEnableAppliesTo();
client.setMessage(message);
[2/3] cxf git commit: [CXF-6673] - StaticService
setEndpoints(List) doesn't work correctly
Posted by co...@apache.org.
[CXF-6673] - StaticService setEndpoints(List<String>) doesn't work correctly
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c0d54277
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c0d54277
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c0d54277
Branch: refs/heads/master
Commit: c0d5427734f71bf06e726a57933ec222be8acf36
Parents: 3c69d7d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 12 11:08:23 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 12 12:14:30 2015 +0000
----------------------------------------------------------------------
.../src/main/java/org/apache/cxf/sts/service/StaticService.java | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/c0d54277/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java
index 0180939..3d18550 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java
@@ -104,6 +104,7 @@ public class StaticService implements ServiceMBean {
* Set the list of endpoint addresses that correspond to this service
*/
public void setEndpoints(List<String> endpoints) {
+ endpointPatterns.clear();
if (endpoints != null) {
for (String endpoint : endpoints) {
try {
[3/3] cxf git commit: Adding more sig/enc tests for JWT tokens in the
STS
Posted by co...@apache.org.
Adding more sig/enc tests for JWT tokens in the STS
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3c69d7de
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3c69d7de
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3c69d7de
Branch: refs/heads/master
Commit: 3c69d7de2a914ba88ee2d7c1728499aeaaf5d95f
Parents: ecc3acd
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Nov 12 10:40:12 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Nov 12 12:14:30 2015 +0000
----------------------------------------------------------------------
.../token/provider/JWTTokenProviderTest.java | 93 ++++++++++++++++++++
1 file changed, 93 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/3c69d7de/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
index 2af75c2..51ef210 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -27,6 +27,7 @@ import org.apache.cxf.jaxws.context.WebServiceContextImpl;
import org.apache.cxf.jaxws.context.WrappedMessageContext;
import org.apache.cxf.message.MessageImpl;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
@@ -35,6 +36,7 @@ import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.sts.SignatureProperties;
import org.apache.cxf.sts.StaticSTSProperties;
import org.apache.cxf.sts.cache.DefaultInMemoryTokenStore;
import org.apache.cxf.sts.common.PasswordCallbackHandler;
@@ -128,6 +130,46 @@ public class JWTTokenProviderTest extends org.junit.Assert {
}
@org.junit.Test
+ public void testCreateSignedPSJWT() throws Exception {
+ TokenProvider jwtTokenProvider = new JWTTokenProvider();
+ ((JWTTokenProvider)jwtTokenProvider).setSignToken(true);
+
+ TokenProviderParameters providerParameters = createProviderParameters();
+ SignatureProperties sigProps = new SignatureProperties();
+ sigProps.setSignatureAlgorithm(SignatureAlgorithm.PS256.name());
+ providerParameters.getStsProperties().setSignatureProperties(sigProps);
+
+ assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+ TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+ String token = (String)providerResponse.getToken();
+ assertNotNull(token);
+ assertTrue(token.split("\\.").length == 3);
+
+ // Validate the token
+ JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+ Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+ Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
+ Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+ jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+ Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+ jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+
+ // Verify Signature
+ Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto();
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername());
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ assertNotNull(certs);
+
+ assertFalse(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256));
+ assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.PS256));
+ }
+
+ @org.junit.Test
public void testCachedSignedJWT() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider)jwtTokenProvider).setSignToken(true);
@@ -206,6 +248,57 @@ public class JWTTokenProviderTest extends org.junit.Assert {
}
@org.junit.Test
+ public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
+ TokenProvider jwtTokenProvider = new JWTTokenProvider();
+ ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);
+
+ TokenProviderParameters providerParameters = createProviderParameters();
+ providerParameters.setEncryptToken(true);
+ providerParameters.getEncryptionProperties().setEncryptionAlgorithm(
+ ContentAlgorithm.A128CBC_HS256.name()
+ );
+
+ assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+ TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+ String token = (String)providerResponse.getToken();
+ assertNotNull(token);
+ assertTrue(token.split("\\.").length == 5);
+
+ if (unrestrictedPoliciesInstalled) {
+ // Validate the token
+ JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
+ Properties decProperties = new Properties();
+ Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
+ KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
+ decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
+ decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
+ decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
+ decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM,
+ ContentAlgorithm.A128CBC_HS256.name());
+
+ JweDecryptionProvider decProvider =
+ JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders(), false);
+
+ JweDecryptionOutput decOutput = decProvider.decrypt(token);
+ String decToken = decOutput.getContentText();
+
+ JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
+ JwtToken jwt = jwtJwsConsumer.getJwtToken();
+
+ Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+ Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
+ Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+ jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+ Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+ jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+ }
+
+ }
+
+ @org.junit.Test
public void testCreateSignedEncryptedJWT() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();