You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/02/26 17:55:38 UTC

cxf git commit: Making sure JWS b64 is marked as critical if its value is false (unencoded payload) as per RFC7797

Repository: cxf
Updated Branches:
  refs/heads/master 36794b143 -> 66fc0d982


Making sure JWS b64 is marked as critical if its value is false (unencoded payload) as per RFC7797


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/66fc0d98
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/66fc0d98
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/66fc0d98

Branch: refs/heads/master
Commit: 66fc0d9826233103958d5c25edf3ffcc0a3f6076
Parents: 36794b1
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Feb 26 16:55:12 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Feb 26 16:55:12 2016 +0000

----------------------------------------------------------------------
 .../apache/cxf/rs/security/jose/jws/JwsHeaders.java    | 13 +++++++++++++
 .../security/jose/jws/JwsCompactReaderWriterTest.java  |  2 +-
 .../cxf/rs/security/jose/jws/JwsJsonConsumerTest.java  |  5 +++++
 .../cxf/rs/security/jose/jws/JwsJsonProducerTest.java  |  4 ++--
 4 files changed, 21 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/66fc0d98/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
index 9d54b37..e860311 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
@@ -64,6 +66,17 @@ public class JwsHeaders extends JoseHeaders {
     }
     public void setPayloadEncodingStatus(Boolean status) {
         super.setProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, status);
+        if (!status) {
+            List<String> critical = this.getCritical();
+            if (critical == null) {
+                critical = new LinkedList<String>();
+                setCritical(critical);
+            } else if (critical.contains(JoseConstants.JWS_HEADER_B64_STATUS_HEADER)) {
+                return;
+            }
+            critical.add(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);
+            
+        }
     }
     public Boolean getPayloadEncodingStatus() {
         return super.getBooleanProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);

http://git-wip-us.apache.org/repos/asf/cxf/blob/66fc0d98/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index e1855ea..19f9f68 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -47,7 +47,7 @@ import org.junit.Test;
 public class JwsCompactReaderWriterTest extends Assert {
     
     public static final String TOKEN_WITH_DETACHED_UNENCODED_PAYLOAD =
-        "eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2V9..GsyM6AQJbQHY8aQKCbZSPJHzMRWo3HKIlcDuXof7nqs";
+        "eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY";
     public static final String UNSIGNED_PLAIN_DOCUMENT = "$.02";
     
     public static final String ENCODED_TOKEN_SIGNED_BY_MAC = 

http://git-wip-us.apache.org/repos/asf/cxf/blob/66fc0d98/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
index 0faed8b..b543ba7 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumerTest.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jws;
 import java.io.InputStream;
 import java.util.List;
 
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
@@ -60,6 +61,10 @@ public class JwsJsonConsumerTest extends Assert {
         assertEquals(JwsJsonProducerTest.UNSIGNED_PLAIN_DOCUMENT, consumer.getDecodedJwsPayload());
         assertTrue(consumer.verifySignatureWith(
             new HmacJwsSignatureVerifier(JwsJsonProducerTest.ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256)));
+        JwsHeaders headers = consumer.getSignatureEntries().get(0).getProtectedHeader();
+        List<String> critical = headers.getCritical();
+        assertEquals(1, critical.size());
+        assertEquals(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, critical.get(0));
     }
     
     @Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/66fc0d98/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
index 5895dcb..b9392c6 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducerTest.java
@@ -54,8 +54,8 @@ public class JwsJsonProducerTest extends Assert {
        
     public static final String SIGNED_JWS_JSON_FLAT_UNENCODED_DOCUMENT = "{"
         + "\"payload\":\"" + UNSIGNED_PLAIN_DOCUMENT + "\","
-        + "\"protected\":\"eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2V9\","
-        + "\"signature\":" + "\"GsyM6AQJbQHY8aQKCbZSPJHzMRWo3HKIlcDuXof7nqs\"}";
+        + "\"protected\":\"eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19\","
+        + "\"signature\":" + "\"A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY\"}";
     
     public static final String DUAL_SIGNED_JWS_JSON_DOCUMENT = "{"
                        + "\"payload\":\""