You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/16 13:01:46 UTC
[2/2] cxf git commit: Fix some failing tests with WSS4J SNAPSHOT
Fix some failing tests with WSS4J SNAPSHOT
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7b762968
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7b762968
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7b762968
Branch: refs/heads/master
Commit: 7b7629682d15345518e66d46e575bf1ac334cf00
Parents: 591a3ac
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 16 10:55:33 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 16 11:35:08 2015 +0000
----------------------------------------------------------------------
.../token/provider/JWTTokenProviderTest.java | 167 ++++++++++---------
1 file changed, 90 insertions(+), 77 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/7b762968/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
index c81f746..f49e6eb 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -19,6 +19,7 @@
package org.apache.cxf.sts.token.provider;
import java.security.KeyStore;
+import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Properties;
@@ -53,6 +54,7 @@ import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Assert;
/**
@@ -131,42 +133,48 @@ public class JWTTokenProviderTest extends org.junit.Assert {
@org.junit.Test
public void testCreateSignedPSJWT() throws Exception {
- TokenProvider jwtTokenProvider = new JWTTokenProvider();
- ((JWTTokenProvider)jwtTokenProvider).setSignToken(true);
-
- TokenProviderParameters providerParameters = createProviderParameters();
- SignatureProperties sigProps = new SignatureProperties();
- sigProps.setSignatureAlgorithm(SignatureAlgorithm.PS256.name());
- providerParameters.getStsProperties().setSignatureProperties(sigProps);
-
- assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
- TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
- assertTrue(providerResponse != null);
- assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-
- String token = (String)providerResponse.getToken();
- assertNotNull(token);
- assertTrue(token.split("\\.").length == 3);
-
- // Validate the token
- JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
- JwtToken jwt = jwtConsumer.getJwtToken();
- Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
- Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
- Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
- jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
- Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
- jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+ try {
+ Security.addProvider(new BouncyCastleProvider());
- // Verify Signature
- Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto();
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername());
- X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
- assertNotNull(certs);
-
- assertFalse(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256));
- assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.PS256));
+ TokenProvider jwtTokenProvider = new JWTTokenProvider();
+ ((JWTTokenProvider)jwtTokenProvider).setSignToken(true);
+
+ TokenProviderParameters providerParameters = createProviderParameters();
+ SignatureProperties sigProps = new SignatureProperties();
+ sigProps.setSignatureAlgorithm(SignatureAlgorithm.PS256.name());
+ providerParameters.getStsProperties().setSignatureProperties(sigProps);
+
+ assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+ TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+ String token = (String)providerResponse.getToken();
+ assertNotNull(token);
+ assertTrue(token.split("\\.").length == 3);
+
+ // Validate the token
+ JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+ Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+ Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
+ Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+ jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+ Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+ jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+
+ // Verify Signature
+ Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto();
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername());
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ assertNotNull(certs);
+
+ assertFalse(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256));
+ assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.PS256));
+ } finally {
+ Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+ }
}
@org.junit.Test
@@ -249,53 +257,58 @@ public class JWTTokenProviderTest extends org.junit.Assert {
@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
- TokenProvider jwtTokenProvider = new JWTTokenProvider();
- ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);
-
- TokenProviderParameters providerParameters = createProviderParameters();
- providerParameters.setEncryptToken(true);
- providerParameters.getEncryptionProperties().setEncryptionAlgorithm(
- ContentAlgorithm.A128CBC_HS256.name()
- );
-
- assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
- TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
- assertTrue(providerResponse != null);
- assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-
- String token = (String)providerResponse.getToken();
- assertNotNull(token);
- assertTrue(token.split("\\.").length == 5);
-
- if (unrestrictedPoliciesInstalled) {
- // Validate the token
- JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
- Properties decProperties = new Properties();
- Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
- KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
- decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
- decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
- decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
- decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM,
- ContentAlgorithm.A128CBC_HS256.name());
+ try {
+ Security.addProvider(new BouncyCastleProvider());
- JweDecryptionProvider decProvider =
- JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders(), false);
+ TokenProvider jwtTokenProvider = new JWTTokenProvider();
+ ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);
- JweDecryptionOutput decOutput = decProvider.decrypt(token);
- String decToken = decOutput.getContentText();
+ TokenProviderParameters providerParameters = createProviderParameters();
+ providerParameters.setEncryptToken(true);
+ providerParameters.getEncryptionProperties().setEncryptionAlgorithm(
+ ContentAlgorithm.A128CBC_HS256.name()
+ );
- JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
- JwtToken jwt = jwtJwsConsumer.getJwtToken();
+ assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+ TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
+ assertTrue(providerResponse != null);
+ assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+ String token = (String)providerResponse.getToken();
+ assertNotNull(token);
+ assertTrue(token.split("\\.").length == 5);
- Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
- Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
- Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
- jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
- Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
- jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+ if (unrestrictedPoliciesInstalled) {
+ // Validate the token
+ JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
+ Properties decProperties = new Properties();
+ Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
+ KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
+ decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
+ decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
+ decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
+ decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM,
+ ContentAlgorithm.A128CBC_HS256.name());
+
+ JweDecryptionProvider decProvider =
+ JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders(), false);
+
+ JweDecryptionOutput decOutput = decProvider.decrypt(token);
+ String decToken = decOutput.getContentText();
+
+ JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
+ JwtToken jwt = jwtJwsConsumer.getJwtToken();
+
+ Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+ Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
+ Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+ jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+ Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+ jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+ }
+ } finally {
+ Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
-
}
@org.junit.Test