You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/02/26 17:55:38 UTC
cxf git commit: Making sure JWS b64 is marked as critical if its
value is false (unencoded payload) as per RFC7797
Repository: cxf
Updated Branches:
refs/heads/master 36794b143 -> 66fc0d982
Making sure JWS b64 is marked as critical if its value is false (unencoded payload) as per RFC7797
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/66fc0d98
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/66fc0d98
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/66fc0d98
Branch: refs/heads/master
Commit: 66fc0d9826233103958d5c25edf3ffcc0a3f6076
Parents: 36794b1
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Feb 26 16:55:12 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Feb 26 16:55:12 2016 +0000
----------------------------------------------------------------------
.../apache/cxf/rs/security/jose/jws/JwsHeaders.java | 13 +++++++++++++
.../security/jose/jws/JwsCompactReaderWriterTest.java | 2 +-
.../cxf/rs/security/jose/jws/JwsJsonConsumerTest.java | 5 +++++
.../cxf/rs/security/jose/jws/JwsJsonProducerTest.java | 4 ++--
4 files changed, 21 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/66fc0d98/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
index 9d54b37..e860311 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
@@ -18,6 +18,8 @@
*/
package org.apache.cxf.rs.security.jose.jws;
+import java.util.LinkedList;
+import java.util.List;
import java.util.Map;
import java.util.Properties;
@@ -64,6 +66,17 @@ public class JwsHeaders extends JoseHeaders {
}
public void setPayloadEncodingStatus(Boolean status) {
super.setProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, status);
+ if (!status) {
+ List<String> critical = this.getCritical();
+ if (critical == null) {
+ critical = new LinkedList<String>();
+ setCritical(critical);
+ } else if (critical.contains(JoseConstants.JWS_HEADER_B64_STATUS_HEADER)) {
+ return;
+ }
+ critical.add(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);
+
+ }
}
public Boolean getPayloadEncodingStatus() {
return super.getBooleanProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);
http://git-wip-us.apache.org/repos/asf/cxf/blob/66fc0d98/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index e1855ea..19f9f68 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -47,7 +47,7 @@ import org.junit.Test;
public class JwsCompactReaderWriterTest extends Assert {
public static final String TOKEN_WITH_DETACHED_UNENCODED_PAYLOAD =
- "eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2V9..GsyM6AQJbQHY8aQKCbZSPJHzMRWo3HKIlcDuXof7nqs";
+ "eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY";
public static final String UNSIGNED_PLAIN_DOCUMENT = "$.02";
public static final String ENCODED_TOKEN_SIGNED_BY_MAC =
http://git-wip-us.apache.org/repos/asf/cxf/blob/66fc0d98/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
index 0faed8b..b543ba7 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jws;
import java.io.InputStream;
import java.util.List;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
@@ -60,6 +61,10 @@ public class JwsJsonConsumerTest extends Assert {
assertEquals(JwsJsonProducerTest.UNSIGNED_PLAIN_DOCUMENT, consumer.getDecodedJwsPayload());
assertTrue(consumer.verifySignatureWith(
new HmacJwsSignatureVerifier(JwsJsonProducerTest.ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256)));
+ JwsHeaders headers = consumer.getSignatureEntries().get(0).getProtectedHeader();
+ List<String> critical = headers.getCritical();
+ assertEquals(1, critical.size());
+ assertEquals(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, critical.get(0));
}
@Test
http://git-wip-us.apache.org/repos/asf/cxf/blob/66fc0d98/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
index 5895dcb..b9392c6 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
@@ -54,8 +54,8 @@ public class JwsJsonProducerTest extends Assert {
public static final String SIGNED_JWS_JSON_FLAT_UNENCODED_DOCUMENT = "{"
+ "\"payload\":\"" + UNSIGNED_PLAIN_DOCUMENT + "\","
- + "\"protected\":\"eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2V9\","
- + "\"signature\":" + "\"GsyM6AQJbQHY8aQKCbZSPJHzMRWo3HKIlcDuXof7nqs\"}";
+ + "\"protected\":\"eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19\","
+ + "\"signature\":" + "\"A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY\"}";
public static final String DUAL_SIGNED_JWS_JSON_DOCUMENT = "{"
+ "\"payload\":\""