You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/02/12 18:21:32 UTC
cxf git commit: [CXF-6085] Fixing the tests,
adding one more that can run on Java6
Repository: cxf
Updated Branches:
refs/heads/master d3c194bd0 -> 2e701bcd1
[CXF-6085] Fixing the tests, adding one more that can run on Java6
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2e701bcd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2e701bcd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2e701bcd
Branch: refs/heads/master
Commit: 2e701bcd1cabcc7ae4cb69346eacb8ab278e2827
Parents: d3c194b
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Thu Feb 12 17:21:18 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Thu Feb 12 17:21:18 2015 +0000
----------------------------------------------------------------------
.../jose/jwe/AbstractJweEncryption.java | 4 -
.../rs/security/jose/jwe/JweJsonProducer.java | 23 +++---
.../jose/jwe/JweCompactReaderWriterTest.java | 6 +-
.../security/jose/jwe/JweJsonProducerTest.java | 80 ++++++++++++++------
4 files changed, 71 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/2e701bcd/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index ba805938..ac545dc 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -147,10 +147,6 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
throw new SecurityException();
}
theHeaders.asMap().putAll(jweInHeaders.asMap());
- if (jweInHeaders.getProtectedHeaders() != null
- && !jweInHeaders.asMap().entrySet().containsAll(theHeaders.asMap().entrySet())) {
- jweInHeaders.getProtectedHeaders().asMap().putAll(theHeaders.asMap());
- }
protectedHeaders = jweInHeaders.getProtectedHeaders() != null
? jweInHeaders.getProtectedHeaders() : theHeaders;
} else {
http://git-wip-us.apache.org/repos/asf/cxf/blob/2e701bcd/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
index 7dc3357..a53b8fa 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
@@ -92,13 +92,6 @@ public class JweJsonProducer {
List<JweJsonEncryptionEntry> entries = new ArrayList<JweJsonEncryptionEntry>(encryptors.size());
Map<String, Object> jweJsonMap = new LinkedHashMap<String, Object>();
- if (protectedHeader != null) {
- jweJsonMap.put("protected",
- Base64UrlUtility.encode(writer.toJson(protectedHeader)));
- }
- if (unprotectedHeader != null) {
- jweJsonMap.put("unprotected", unprotectedHeader);
- }
byte[] cipherText = null;
byte[] authTag = null;
for (int i = 0; i < encryptors.size(); i++) {
@@ -126,13 +119,14 @@ public class JweJsonProducer {
JweEncryptionState state = encryptor.createJweEncryptionState(input);
try {
byte[] currentCipherOutput = state.getCipher().doFinal(content);
- byte[] currentCipherText = null;
- byte[] currentAuthTag = null;
if (state.getAuthTagProducer() != null) {
- currentCipherText = currentCipherOutput;
+ cipherText = currentCipherOutput;
state.getAuthTagProducer().update(content, 0, content.length);
- currentAuthTag = state.getAuthTagProducer().getTag();
+ authTag = state.getAuthTagProducer().getTag();
} else {
+ byte[] currentCipherText = null;
+ byte[] currentAuthTag = null;
+
final int authTagLengthBits = 128;
final int cipherTextLen = currentCipherOutput.length - authTagLengthBits / 8;
currentCipherText = Arrays.copyOf(currentCipherOutput, cipherTextLen);
@@ -161,6 +155,13 @@ public class JweJsonProducer {
throw new SecurityException(ex);
}
}
+ if (protectedHeader != null) {
+ jweJsonMap.put("protected",
+ Base64UrlUtility.encode(writer.toJson(protectedHeader)));
+ }
+ if (unprotectedHeader != null) {
+ jweJsonMap.put("unprotected", unprotectedHeader);
+ }
if (entries.size() == 1 && canBeFlat) {
JweHeaders unprotectedEntryHeader = entries.get(0).getUnprotectedHeader();
if (unprotectedEntryHeader != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/2e701bcd/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index e48e423..0f32318 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -66,14 +66,14 @@ public class JweCompactReaderWriterTest extends Assert {
(byte)233, 68, (byte)180, (byte)225, 77, (byte)219};
// A3 example
- private static final byte[] CONTENT_ENCRYPTION_KEY_A3 = {
+ static final byte[] CONTENT_ENCRYPTION_KEY_A3 = {
4, (byte)211, 31, (byte)197, 84, (byte)157, (byte)252, (byte)254, 11, 100,
(byte)157, (byte)250, 63, (byte)170, 106, (byte)206, 107, 124, (byte)212,
45, 111, 107, 9, (byte)219, (byte)200, (byte)177, 0, (byte)240, (byte)143,
(byte)156, 44, (byte)207};
- private static final byte[] INIT_VECTOR_A3 = {
+ static final byte[] INIT_VECTOR_A3 = {
3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101};
- private static final String KEY_ENCRYPTION_KEY_A3 = "GawgguFyGrWKav7AX4VKUg";
+ static final String KEY_ENCRYPTION_KEY_A3 = "GawgguFyGrWKav7AX4VKUg";
private static final String JWE_OUTPUT_A3 =
"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0"
+ ".6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"
http://git-wip-us.apache.org/repos/asf/cxf/blob/2e701bcd/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index 9fb7b3f..a17b24f 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -23,6 +23,7 @@ import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
+import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.JoseConstants;
@@ -35,25 +36,26 @@ import org.junit.BeforeClass;
import org.junit.Test;
public class JweJsonProducerTest extends Assert {
- private static final byte[] SECRET_BYTES = {91, 96, 105, 38, 99, 108, 110, 8, -93, 50, -15, 62, 0, -115, 73, -39};
+ private static final byte[] WRAPPER_BYTES = {91, 96, 105, 38, 99, 108, 110, 8, -93, 50, -15, 62, 0, -115, 73, -39};
+ private static final byte[] CEK_BYTES = {-43, 123, 77, 115, 40, 49, -4, -9, -48, -74, 62, 59, 60, 102, -22, -100};
private static final String SINGLE_RECIPIENT_OUTPUT =
"{"
+ "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0\","
+ "\"recipients\":"
+ "["
- + "{\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\"}"
+ + "{\"encrypted_key\":\"b3-M9_CRgT3wEBhhXlpb-BoY7vtA4W_N\"}"
+ "],"
+ "\"iv\":\"48V1_ALb6US04U3b\","
- + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
- + "\"tag\":\"5UuOareuoUxY2iCS50WJgg\""
+ + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\","
+ + "\"tag\":\"GxWlwvTPmHi4ZnQgafiHew\""
+ "}";
private static final String SINGLE_RECIPIENT_FLAT_OUTPUT =
"{"
+ "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0\","
- + "\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\","
+ + "\"encrypted_key\":\"b3-M9_CRgT3wEBhhXlpb-BoY7vtA4W_N\","
+ "\"iv\":\"48V1_ALb6US04U3b\","
- + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
- + "\"tag\":\"5UuOareuoUxY2iCS50WJgg\""
+ + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\","
+ + "\"tag\":\"GxWlwvTPmHi4ZnQgafiHew\""
+ "}";
private static final String SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT =
"{"
@@ -63,15 +65,15 @@ public class JweJsonProducerTest extends Assert {
+ "["
+ "{"
+ "\"header\":{\"alg\":\"A128KW\"},"
- + "\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\""
+ + "\"encrypted_key\":\"b3-M9_CRgT3wEBhhXlpb-BoY7vtA4W_N\""
+ "}"
+ "],"
+ "\"aad\":\"WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y"
+ "2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0"
+ "IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d\","
+ "\"iv\":\"48V1_ALb6US04U3b\","
- + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
- + "\"tag\":\"4UXkQQGddmRB_df95kvhzA\""
+ + "\"ciphertext\":\"KTuJBMk9QG59xPB-c_YLM5-J7VG40_eMPvyHDD7eB-WHj_34YiWgpBOydTBm4RW0zUCJZ09xqorhWJME-DcQ\","
+ + "\"tag\":\"oVUQGS9608D-INq61-vOaA\""
+ "}";
private static final String EXTRA_AAD_SOURCE =
"[\"vcard\",["
@@ -81,7 +83,17 @@ public class JweJsonProducerTest extends Assert {
+ "[\"bday\",{},\"text\",\"TA 2982\"],"
+ "[\"gender\",{},\"text\",\"M\"]"
+ "]]";
-
+ private static final String SINGLE_RECIPIENT_A128CBCHS256_OUTPUT =
+ "{"
+ + "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0\","
+ + "\"recipients\":"
+ + "["
+ + "{\"encrypted_key\":\"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ\"}"
+ + "],"
+ + "\"iv\":\"AxY8DCtDaGlsbGljb3RoZQ\","
+ + "\"ciphertext\":\"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY\","
+ + "\"tag\":\"vmz4ZlGcZHWBlSMbwtP_Jg\""
+ + "}";
@BeforeClass
public static void registerBouncyCastleIfNeeded() throws Exception {
try {
@@ -97,36 +109,56 @@ public class JweJsonProducerTest extends Assert {
}
@Test
- public void testSingleRecipient() throws Exception {
- doTestSingleRecipientFlat(SINGLE_RECIPIENT_OUTPUT, false);
-
+ public void testSingleRecipientGcm() throws Exception {
+ final String text = "The true sign of intelligence is not knowledge but imagination.";
+ doTestSingleRecipient(text, SINGLE_RECIPIENT_OUTPUT, JoseConstants.A128GCM_ALGO,
+ WRAPPER_BYTES, JweCompactReaderWriterTest.INIT_VECTOR_A1,
+ CEK_BYTES, false);
+ }
+ @Test
+ public void testSingleRecipientFlatGcm() throws Exception {
+ final String text = "The true sign of intelligence is not knowledge but imagination.";
+ doTestSingleRecipient(text, SINGLE_RECIPIENT_FLAT_OUTPUT, JoseConstants.A128GCM_ALGO,
+ WRAPPER_BYTES, JweCompactReaderWriterTest.INIT_VECTOR_A1,
+ CEK_BYTES, true);
}
@Test
- public void testSingleRecipientFlat() throws Exception {
- doTestSingleRecipientFlat(SINGLE_RECIPIENT_FLAT_OUTPUT, true);
+ public void testSingleRecipientA128CBCHS256() throws Exception {
+ String text = "Live long and prosper.";
+ doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, JoseConstants.A128CBC_HS256_ALGO,
+ Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3),
+ JweCompactReaderWriterTest.INIT_VECTOR_A3,
+ JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3,
+ false);
}
- private void doTestSingleRecipientFlat(String expectedOutput, boolean canBeFlat) throws Exception {
- final String text = "The true sign of intelligence is not knowledge but imagination.";
- SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(SECRET_BYTES, "AES");
+ private String doTestSingleRecipient(String text,
+ String expectedOutput,
+ String contentEncryptionAlgo,
+ byte[] wrapperKeyBytes,
+ final byte[] iv,
+ final byte[] cek,
+ boolean canBeFlat) throws Exception {
+ SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
JweHeaders headers = new JweHeaders(JoseConstants.A128KW_ALGO,
- JoseConstants.A128GCM_ALGO);
+ contentEncryptionAlgo);
JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers);
JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text), canBeFlat) {
protected byte[] generateIv() {
- return JweCompactReaderWriterTest.INIT_VECTOR_A1;
+ return iv;
}
protected byte[] generateCek() {
- return JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A1;
+ return cek;
}
};
String jweJson = p.encryptWith(jwe);
assertEquals(expectedOutput, jweJson);
+ return jweJson;
}
@Test
public void testSingleRecipientAllTypeOfHeadersAndAad() {
final String text = "The true sign of intelligence is not knowledge but imagination.";
- SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(SECRET_BYTES, "AES");
+ SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES, "AES");
JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO);
JweHeaders sharedUnprotectedHeaders = new JweHeaders();
@@ -145,7 +177,7 @@ public class JweJsonProducerTest extends Assert {
return JweCompactReaderWriterTest.INIT_VECTOR_A1;
}
protected byte[] generateCek() {
- return JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A1;
+ return CEK_BYTES;
}
};
JweHeaders recepientUnprotectedHeaders = new JweHeaders();