You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/11/14 17:05:44 UTC
[cxf] 02/03: Make sure the Algorithm sets are unmodifiable
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 97b2491ade84cb39e4c3510af41b1cf2a564c0a5
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Nov 14 17:04:09 2017 +0000
Make sure the Algorithm sets are unmodifiable
(cherry picked from commit 796eff3ccdb50687873f24b67659526bb13605d7)
# Conflicts:
# rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
---
.../cxf/rs/security/jose/jwa/AlgorithmUtils.java | 94 +++++++++++++---------
.../cxf/rs/security/jose/jws/JwsUtilsTest.java | 16 ++++
2 files changed, 74 insertions(+), 36 deletions(-)
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
index d52054b..4b3e292 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
@@ -20,6 +20,7 @@
package org.apache.cxf.rs.security.jose.jwa;
import java.util.Arrays;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -93,41 +94,62 @@ public final class AlgorithmUtils {
public static final String ES_SHA_256_JAVA = "SHA256withECDSA";
public static final String ES_SHA_384_JAVA = "SHA384withECDSA";
public static final String ES_SHA_512_JAVA = "SHA512withECDSA";
-
- public static final Set<String> HMAC_SIGN_SET = new HashSet<String>(Arrays.asList(HMAC_SHA_256_ALGO,
- HMAC_SHA_384_ALGO,
- HMAC_SHA_512_ALGO));
- public static final Set<String> RSA_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(RS_SHA_256_ALGO,
- RS_SHA_384_ALGO,
- RS_SHA_512_ALGO));
- public static final Set<String> RSA_SHA_PS_SIGN_SET = new HashSet<String>(Arrays.asList(PS_SHA_256_ALGO,
- PS_SHA_384_ALGO,
- PS_SHA_512_ALGO));
- public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(ES_SHA_256_ALGO,
- ES_SHA_384_ALGO,
- ES_SHA_512_ALGO));
- public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(RSA_OAEP_ALGO,
- RSA_OAEP_256_ALGO,
- RSA1_5_ALGO));
- public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(A128GCM_ALGO,
- A192GCM_ALGO,
- A256GCM_ALGO));
- public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(A128GCMKW_ALGO,
- A192GCMKW_ALGO,
- A256GCMKW_ALGO));
- public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(A128KW_ALGO,
- A192KW_ALGO,
- A256KW_ALGO));
- public static final Set<String> ACBC_HS_SET = new HashSet<String>(Arrays.asList(A128CBC_HS256_ALGO,
- A192CBC_HS384_ALGO,
- A256CBC_HS512_ALGO));
- public static final Set<String> PBES_HS_SET = new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW_ALGO,
- PBES2_HS384_A192KW_ALGO,
- PBES2_HS512_A256KW_ALGO));
- public static final Set<String> ECDH_ES_WRAP_SET = new HashSet<String>(Arrays.asList(ECDH_ES_A128KW_ALGO,
- ECDH_ES_A192KW_ALGO,
- ECDH_ES_A256KW_ALGO));
-
+
+ public static final Set<String> HMAC_SIGN_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(HMAC_SHA_256_ALGO,
+ HMAC_SHA_384_ALGO,
+ HMAC_SHA_512_ALGO)));
+
+ public static final Set<String> RSA_SHA_SIGN_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(RS_SHA_256_ALGO,
+ RS_SHA_384_ALGO,
+ RS_SHA_512_ALGO)));
+
+ public static final Set<String> RSA_SHA_PS_SIGN_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(PS_SHA_256_ALGO,
+ PS_SHA_384_ALGO,
+ PS_SHA_512_ALGO)));
+
+ public static final Set<String> EC_SHA_SIGN_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(ES_SHA_256_ALGO,
+ ES_SHA_384_ALGO,
+ ES_SHA_512_ALGO)));
+
+ public static final Set<String> RSA_CEK_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(RSA_OAEP_ALGO,
+ RSA_OAEP_256_ALGO,
+ RSA1_5_ALGO)));
+
+ public static final Set<String> AES_GCM_CEK_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(A128GCM_ALGO,
+ A192GCM_ALGO,
+ A256GCM_ALGO)));
+
+ public static final Set<String> AES_GCM_KW_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(A128GCMKW_ALGO,
+ A192GCMKW_ALGO,
+ A256GCMKW_ALGO)));
+
+ public static final Set<String> AES_KW_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(A128KW_ALGO,
+ A192KW_ALGO,
+ A256KW_ALGO)));
+
+ public static final Set<String> ACBC_HS_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(A128CBC_HS256_ALGO,
+ A192CBC_HS384_ALGO,
+ A256CBC_HS512_ALGO)));
+
+ public static final Set<String> PBES_HS_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(PBES2_HS256_A128KW_ALGO,
+ PBES2_HS384_A192KW_ALGO,
+ PBES2_HS512_A256KW_ALGO)));
+
+ public static final Set<String> ECDH_ES_WRAP_SET =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(ECDH_ES_A128KW_ALGO,
+ ECDH_ES_A192KW_ALGO,
+ ECDH_ES_A256KW_ALGO)));
+
private static final Map<String, String> JAVA_TO_JWA_NAMES;
private static final Map<String, String> JWA_TO_JAVA_NAMES;
static {
@@ -286,4 +308,4 @@ public final class AlgorithmUtils {
return javaName;
}
-}
\ No newline at end of file
+}
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
index be81fde..e056b59 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -28,6 +28,8 @@ import org.apache.cxf.message.ExchangeImpl;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageImpl;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jwk.KeyType;
@@ -36,6 +38,20 @@ import org.junit.Assert;
import org.junit.Test;
public class JwsUtilsTest extends Assert {
+
+ @Test
+ public void testSignatureAlgorithm() {
+ assertTrue(AlgorithmUtils.isRsaSign(SignatureAlgorithm.RS256));
+ assertFalse(AlgorithmUtils.isRsaSign(SignatureAlgorithm.NONE));
+
+ try {
+ AlgorithmUtils.RSA_SHA_SIGN_SET.add(SignatureAlgorithm.NONE.getJwaName());
+ fail("Failure expected on trying to modify the algorithm lists");
+ } catch (UnsupportedOperationException ex) {
+ // expected
+ }
+ }
+
@Test
public void testLoadSignatureProviderFromJKS() throws Exception {
Properties p = new Properties();
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.