You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/02/12 17:02:45 UTC
[1/2] cxf git commit: [CXF-6085] Adding basic JwsJsonProducer tests
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 76996bab5 -> d995f24b2
[CXF-6085] Adding basic JwsJsonProducer tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e94a1b63
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e94a1b63
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e94a1b63
Branch: refs/heads/3.0.x-fixes
Commit: e94a1b634185f553b7cacb7a80e018fae919b412
Parents: 76996ba
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Thu Feb 12 12:58:07 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Thu Feb 12 12:59:28 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/jose/JoseHeaders.java | 8 ++
.../rs/security/jose/jwe/JweJsonProducer.java | 42 ++++++--
.../jose/jwe/JweCompactReaderWriterTest.java | 4 +-
.../security/jose/jwe/JweJsonProducerTest.java | 107 +++++++++++++++++--
4 files changed, 141 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e94a1b63/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
index 819e408..a73e7b0 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java
@@ -118,6 +118,14 @@ public class JoseHeaders extends JsonMapObject {
setHeader(headerName, key);
}
+ public void setJsonWebKeysUrl(String url) {
+ setHeader(JoseConstants.HEADER_JSON_WEB_KEY_SET, url);
+ }
+
+ public String getJsonWebKeysUrl() {
+ return (String)getHeader(JoseConstants.HEADER_JSON_WEB_KEY_SET);
+ }
+
public JsonWebKey getJsonWebKey() {
return getJsonWebKey(JoseConstants.HEADER_JSON_WEB_KEY);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e94a1b63/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
index ede3a0a..7dc3357 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
@@ -37,17 +37,25 @@ public class JweJsonProducer {
private JweHeaders unprotectedHeader;
private byte[] content;
private byte[] aad;
+ private boolean canBeFlat;
public JweJsonProducer(JweHeaders protectedHeader, byte[] content) {
- this.protectedHeader = protectedHeader;
- this.content = content;
+ this(protectedHeader, content, false);
+ }
+ public JweJsonProducer(JweHeaders protectedHeader, byte[] content, boolean canBeFlat) {
+ this(protectedHeader, content, null, canBeFlat);
}
- public JweJsonProducer(JweHeaders protectedHeader, byte[] content, byte[] aad) {
- this(protectedHeader, content);
+ public JweJsonProducer(JweHeaders protectedHeader, byte[] content, byte[] aad, boolean canBeFlat) {
+ this.protectedHeader = protectedHeader;
+ this.content = content;
this.aad = aad;
+ this.canBeFlat = canBeFlat;
}
- public JweJsonProducer(JweHeaders protectedHeader, JweHeaders unprotectedHeader,
- byte[] content, byte[] aad) {
- this(protectedHeader, content, aad);
+ public JweJsonProducer(JweHeaders protectedHeader,
+ JweHeaders unprotectedHeader,
+ byte[] content,
+ byte[] aad,
+ boolean canBeFlat) {
+ this(protectedHeader, content, aad, canBeFlat);
this.unprotectedHeader = unprotectedHeader;
}
public String encryptWith(JweEncryptionProvider encryptor) {
@@ -68,8 +76,8 @@ public class JweJsonProducer {
throw new IllegalArgumentException();
}
//TODO: determine the actual cek and iv length based on the algo
- byte[] cek = CryptoUtils.generateSecureRandomBytes(32);
- byte[] iv = CryptoUtils.generateSecureRandomBytes(16);
+ byte[] cek = generateCek();
+ byte[] iv = generateIv();
JweHeaders unionHeaders = new JweHeaders();
if (protectedHeader != null) {
unionHeaders.asMap().putAll(protectedHeader.asMap());
@@ -153,7 +161,15 @@ public class JweJsonProducer {
throw new SecurityException(ex);
}
}
- jweJsonMap.put("recipients", entries);
+ if (entries.size() == 1 && canBeFlat) {
+ JweHeaders unprotectedEntryHeader = entries.get(0).getUnprotectedHeader();
+ if (unprotectedEntryHeader != null) {
+ jweJsonMap.put("header", unprotectedEntryHeader);
+ }
+ jweJsonMap.put("encrypted_key", entries.get(0).getEncodedEncryptedKey());
+ } else {
+ jweJsonMap.put("recipients", entries);
+ }
if (aad != null) {
jweJsonMap.put("aad", Base64UrlUtility.encode(aad));
}
@@ -162,6 +178,12 @@ public class JweJsonProducer {
jweJsonMap.put("tag", Base64UrlUtility.encode(authTag));
return writer.toJson(jweJsonMap);
}
+ protected byte[] generateIv() {
+ return CryptoUtils.generateSecureRandomBytes(16);
+ }
+ protected byte[] generateCek() {
+ return CryptoUtils.generateSecureRandomBytes(32);
+ }
private String checkAndGetContentAlgorithm(List<JweEncryptionProvider> encryptors) {
Set<String> set = new HashSet<String>();
for (JweEncryptionProvider encryptor : encryptors) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e94a1b63/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index 5577e14..0b918fc 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -54,7 +54,7 @@ public class JweCompactReaderWriterTest extends Assert {
+ "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"
+ "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw";
static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB";
- private static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 =
+ static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 =
"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"
+ "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"
+ "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"
@@ -62,7 +62,7 @@ public class JweCompactReaderWriterTest extends Assert {
+ "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"
+ "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ";
- private static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219,
+ static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219,
(byte)233, 68, (byte)180, (byte)225, 77, (byte)219};
// A3 example
http://git-wip-us.apache.org/repos/asf/cxf/blob/e94a1b63/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index 166c326..9fb7b3f 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -19,9 +19,9 @@
package org.apache.cxf.rs.security.jose.jwe;
import java.security.Security;
-import java.security.interfaces.RSAPublicKey;
import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.common.util.crypto.CryptoUtils;
@@ -35,6 +35,53 @@ import org.junit.BeforeClass;
import org.junit.Test;
public class JweJsonProducerTest extends Assert {
+ private static final byte[] SECRET_BYTES = {91, 96, 105, 38, 99, 108, 110, 8, -93, 50, -15, 62, 0, -115, 73, -39};
+ private static final String SINGLE_RECIPIENT_OUTPUT =
+ "{"
+ + "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0\","
+ + "\"recipients\":"
+ + "["
+ + "{\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\"}"
+ + "],"
+ + "\"iv\":\"48V1_ALb6US04U3b\","
+ + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
+ + "\"tag\":\"5UuOareuoUxY2iCS50WJgg\""
+ + "}";
+ private static final String SINGLE_RECIPIENT_FLAT_OUTPUT =
+ "{"
+ + "\"protected\":\"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIn0\","
+ + "\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\","
+ + "\"iv\":\"48V1_ALb6US04U3b\","
+ + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
+ + "\"tag\":\"5UuOareuoUxY2iCS50WJgg\""
+ + "}";
+ private static final String SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT =
+ "{"
+ + "\"protected\":\"eyJlbmMiOiJBMTI4R0NNIn0\","
+ + "\"unprotected\":{\"jku\":\"https://server.example.com/keys.jwks\"},"
+ + "\"recipients\":"
+ + "["
+ + "{"
+ + "\"header\":{\"alg\":\"A128KW\"},"
+ + "\"encrypted_key\":\"fO3KxJioD3Hj1V5E1pjWNNt-3vNl23oc2xgVI1Zu-82fsZ83hQLXrg\""
+ + "}"
+ + "],"
+ + "\"aad\":\"WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y"
+ + "2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0"
+ + "IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d\","
+ + "\"iv\":\"48V1_ALb6US04U3b\","
+ + "\"ciphertext\":\"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A\","
+ + "\"tag\":\"4UXkQQGddmRB_df95kvhzA\""
+ + "}";
+ private static final String EXTRA_AAD_SOURCE =
+ "[\"vcard\",["
+ + "[\"version\",{},\"text\",\"4.0\"],"
+ + "[\"fn\",{},\"text\",\"Meriadoc Brandybuck\"],"
+ + "[\"n\",{},\"text\",[\"Brandybuck\",\"Meriadoc\",\"Mr.\",\"\"]],"
+ + "[\"bday\",{},\"text\",\"TA 2982\"],"
+ + "[\"gender\",{},\"text\",\"M\"]"
+ + "]]";
+
@BeforeClass
public static void registerBouncyCastleIfNeeded() throws Exception {
try {
@@ -51,16 +98,60 @@ public class JweJsonProducerTest extends Assert {
@Test
public void testSingleRecipient() throws Exception {
+ doTestSingleRecipientFlat(SINGLE_RECIPIENT_OUTPUT, false);
+
+ }
+ @Test
+ public void testSingleRecipientFlat() throws Exception {
+ doTestSingleRecipientFlat(SINGLE_RECIPIENT_FLAT_OUTPUT, true);
+ }
+
+ private void doTestSingleRecipientFlat(String expectedOutput, boolean canBeFlat) throws Exception {
final String text = "The true sign of intelligence is not knowledge but imagination.";
- RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(JweCompactReaderWriterTest.RSA_MODULUS_ENCODED_A1,
- JweCompactReaderWriterTest.RSA_PUBLIC_EXPONENT_ENCODED_A1);
- JweHeaders headers = new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
+ SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(SECRET_BYTES, "AES");
+ JweHeaders headers = new JweHeaders(JoseConstants.A128KW_ALGO,
JoseConstants.A128GCM_ALGO);
- JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(publicKey, headers);
- JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text));
- String jweJws = p.encryptWith(jwe);
- assertNotNull(jweJws);
+ JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers);
+ JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text), canBeFlat) {
+ protected byte[] generateIv() {
+ return JweCompactReaderWriterTest.INIT_VECTOR_A1;
+ }
+ protected byte[] generateCek() {
+ return JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A1;
+ }
+ };
+ String jweJson = p.encryptWith(jwe);
+ assertEquals(expectedOutput, jweJson);
+ }
+ @Test
+ public void testSingleRecipientAllTypeOfHeadersAndAad() {
+ final String text = "The true sign of intelligence is not knowledge but imagination.";
+ SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(SECRET_BYTES, "AES");
+
+ JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO);
+ JweHeaders sharedUnprotectedHeaders = new JweHeaders();
+ sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
+ JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey,
+ JoseConstants.A128KW_ALGO,
+ JoseConstants.A128GCM_ALGO,
+ null);
+ JweJsonProducer p = new JweJsonProducer(protectedHeaders,
+ sharedUnprotectedHeaders,
+ StringUtils.toBytesUTF8(text),
+ StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
+ false) {
+ protected byte[] generateIv() {
+ return JweCompactReaderWriterTest.INIT_VECTOR_A1;
+ }
+ protected byte[] generateCek() {
+ return JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A1;
+ }
+ };
+ JweHeaders recepientUnprotectedHeaders = new JweHeaders();
+ recepientUnprotectedHeaders.setKeyEncryptionAlgorithm(JoseConstants.A128KW_ALGO);
+ String jweJson = p.encryptWith(jwe, recepientUnprotectedHeaders);
+ assertEquals(SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT, jweJson);
}
}
[2/2] cxf git commit: [CXF-6085] Adding basic JwsJsonProducer tests
Posted by se...@apache.org.
[CXF-6085] Adding basic JwsJsonProducer tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d995f24b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d995f24b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d995f24b
Branch: refs/heads/3.0.x-fixes
Commit: d995f24b2bb47cea8d218f4aabb240ecba82dba4
Parents: e94a1b6
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Thu Feb 12 16:02:14 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Thu Feb 12 16:02:14 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/jose/jwe/JweJsonProducerTest.java | 13 +++++++++++++
1 file changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/d995f24b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index 9fb7b3f..43c5062 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -82,6 +82,13 @@ public class JweJsonProducerTest extends Assert {
+ "[\"gender\",{},\"text\",\"M\"]"
+ "]]";
+ private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
+
+ private static boolean isJava6() {
+ String version = System.getProperty("java.version");
+ return 1.6D == Double.parseDouble(version.substring(0, 3));
+ }
+
@BeforeClass
public static void registerBouncyCastleIfNeeded() throws Exception {
try {
@@ -107,6 +114,9 @@ public class JweJsonProducerTest extends Assert {
}
private void doTestSingleRecipientFlat(String expectedOutput, boolean canBeFlat) throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
final String text = "The true sign of intelligence is not knowledge but imagination.";
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(SECRET_BYTES, "AES");
JweHeaders headers = new JweHeaders(JoseConstants.A128KW_ALGO,
@@ -125,6 +135,9 @@ public class JweJsonProducerTest extends Assert {
}
@Test
public void testSingleRecipientAllTypeOfHeadersAndAad() {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
final String text = "The true sign of intelligence is not knowledge but imagination.";
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(SECRET_BYTES, "AES");