You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/04 18:54:32 UTC
[01/14] cxf git commit: Minor change
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes cb538a459 -> bee60953d
Minor change
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1870f95d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1870f95d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1870f95d
Branch: refs/heads/3.0.x-fixes
Commit: 1870f95d4f24a6b0e8411ffc18a32662422c3de7
Parents: cb538a4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 11:44:48 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:36 2015 +0000
----------------------------------------------------------------------
.../java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 4 ++--
.../java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/1870f95d/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index af7dd22..a40c619 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -325,7 +325,7 @@ public final class JweUtils {
if (includeCert) {
JwkUtils.includeCertChain(jwk, headers, keyEncryptionAlgo);
}
- if (includeCertSha1 && headers != null) {
+ if (includeCertSha1) {
String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
if (digest != null) {
headers.setX509Thumbprint(digest);
@@ -345,7 +345,7 @@ public final class JweUtils {
if (includeCert) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
- if (includeCertSha1 && headers != null) {
+ if (includeCertSha1) {
String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
if (digest != null) {
headers.setX509Thumbprint(digest);
http://git-wip-us.apache.org/repos/asf/cxf/blob/1870f95d/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 74e3629..a79d124 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -287,7 +287,7 @@ public final class JwsUtils {
if (includeCert) {
JwkUtils.includeCertChain(jwk, headers, signatureAlgo);
}
- if (includeCertSha1 && headers != null) {
+ if (includeCertSha1) {
String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
if (digest != null) {
headers.setX509Thumbprint(digest);
@@ -305,10 +305,10 @@ public final class JwsUtils {
PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
theSigProvider = getPrivateKeySignatureProvider(pk,
SignatureAlgorithm.getAlgorithm(signatureAlgo));
- if (includeCert && headers != null) {
+ if (includeCert) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
- if (includeCertSha1 && headers != null) {
+ if (includeCertSha1) {
String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
if (digest != null) {
headers.setX509Thumbprint(digest);
[06/14] cxf git commit: Separate test classes + resources
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
new file mode 100644
index 0000000..5811506
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml
@@ -0,0 +1,246 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-jwt}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.BookStore"/>
+ <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
+ <bean id="jweOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor"/>
+
+ <bean id="aesWrapEncryptionAlgo" class="org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm">
+ <constructor-arg type="java.lang.String" value="GawgguFyGrWKav7AX4VKUg"/>
+ <constructor-arg value="A128KW"/>
+ </bean>
+ <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption">
+ <constructor-arg value="A128CBC-HS256"/>
+ <constructor-arg ref="aesWrapEncryptionAlgo"/>
+ </bean>
+
+ <bean id="aesWrapDecryptionAlgo" class="org.apache.cxf.rs.security.jose.jwe.AesWrapKeyDecryptionAlgorithm">
+ <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/>
+ </bean>
+ <bean id="aesCbcHmacDecryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption">
+ <constructor-arg ref="aesWrapDecryptionAlgo"/>
+ </bean>
+
+ <bean id="jweInAesCbcHmacFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter">
+ <property name="decryptionProvider" ref="aesCbcHmacDecryption"/>
+ </bean>
+ <bean id="jweOutAesCbcHmacFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor">
+ <property name="encryptionProvider" ref="aesCbcHmacEncryption"/>
+ </bean>
+
+ <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureVerifier">
+ <constructor-arg type="java.lang.String" value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/>
+ <constructor-arg value="HS256"/>
+ </bean>
+ <bean id="jwsHmacInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter">
+ <property name="signatureVerifier" ref="hmacSigVerifier"/>
+ </bean>
+ <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/>
+ <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor"/>
+ <bean id="keyPasswordProvider" class="org.apache.cxf.systest.jaxrs.security.jose.jwejws.PrivateKeyPasswordProviderImpl"/>
+ <bean id="keyPasswordProvider2" class="org.apache.cxf.systest.jaxrs.security.jose.jwejws.PrivateKeyPasswordProviderImpl">
+ <constructor-arg value="Thus from my lips, by yours, my sin is purged."/>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsa">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ <ref bean="jweOutFilter"/>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+ <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
+ <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
+ <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+ <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+ <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsacert">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ <ref bean="jweOutFilter"/>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+ <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+ <entry key="rs.security.keystore.file" value="org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"/>
+ <entry key="rs.security.keystore.alias.jwe.out" value="BobCert"/>
+ <entry key="rs.security.keystore.alias.jws.in" value="BobCert"/>
+ <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+ <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsaCertInHeaders">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ <ref bean="jweOutFilter"/>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.storeonly.properties"/>
+ <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.storeonly.properties"/>
+ <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
+ <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+ <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+ <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <bean id="jackson" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider"/>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkrsa">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ <ref bean="jweOutFilter"/>
+ <ref bean="jackson"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/>
+ <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkaeswrap">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ <ref bean="jweOutFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkaescbchmac">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ <ref bean="jweOutFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties"/>
+ <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider2"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwshmac">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ <ref bean="jweOutFilter"/>
+ <ref bean="jwsHmacInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ <ref bean="jackson"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+ <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
+ <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+ <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+ <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwsjwkhmac">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ <ref bean="jackson"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwsjwkec">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties"/>
+ <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwsjwkrsa">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
+ <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/>
+ <entry key="rs.security.accept.public.key" value="true"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jweaescbchmac">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInAesCbcHmacFilter"/>
+ <ref bean="jweOutAesCbcHmacFilter"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJwsJson.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJwsJson.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJwsJson.xml
new file mode 100644
index 0000000..df233bb
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJwsJson.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-jws-json}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.BookStore"/>
+ <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsJsonContainerRequestFilter"/>
+ <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsJsonWriterInterceptor"/>
+ <bean id="jackson" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider"/>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-json}/jwsjsonhmac">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ <ref bean="jackson"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.list.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
+ <bean id="jweOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor"/>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-json}/jwejwsjsonhmac">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ <ref bean="jweInFilter"/>
+ <ref bean="jweOutFilter"/>
+ <ref bean="jackson"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.list.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
+ <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-json}/jwsjsonhmac2">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ <ref bean="jwsOutFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.list.properties"
+ value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties,org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/client.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/client.xml
new file mode 100644
index 0000000..13eaea1
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/client.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
new file mode 100644
index 0000000..f3f6fbe
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ <cxf:properties>
+ <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
+ </cxf:properties>
+ </cxf:bus>
+ <!-- providers -->
+ <util:list id="busProviders">
+ <ref bean="oauthJson"/>
+ </util:list>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-oauth2}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
+ <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
+ <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.CustomGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+ </bean>
+ <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+ <bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="samlGrantHandler"/>
+ <ref bean="customGrantHandler"/>
+ </list>
+ </property>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:properties>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlAuthHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/client.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/client.xml
new file mode 100644
index 0000000..13eaea1
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/client.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/secureServer.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/secureServer.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/secureServer.xml
new file mode 100644
index 0000000..07dcf6d
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/secureServer.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-saml}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.saml.SecureBookStore"/>
+ <bean id="serviceBeanClaims" class="org.apache.cxf.systest.jaxrs.security.saml.SecureClaimBookStore"/>
+ <bean id="samlEnvHandler" class="org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler"/>
+ <bean id="claimsHandler" class="org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter">
+ <property name="securedObject" ref="serviceBeanClaims"/>
+ </bean>
+ <bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
+ <property name="securedObject" ref="serviceBean"/>
+ </bean>
+ <bean id="rolesHandler" class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
+ <property name="interceptor" ref="authorizationInterceptor"/>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlEnvHandler"/>
+ <ref bean="rolesHandler"/>
+ </jaxrs:providers>
+ <!-- If default role qualifier and format are not supported:
+
+ <jaxrs:properties>
+ <entry key="org.apache.cxf.saml.claims.role.nameformat"
+ value="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
+ <entry key="org.apache.cxf.saml.claims.role.qualifier"
+ value="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"/>
+ </jaxrs:properties>
+ -->
+ </jaxrs:server>
+ <util:map id="userRolesMap">
+ <entry key="bob" value="admin"/>
+ <entry key="fred" value="user"/>
+ </util:map>
+ <bean id="authorizationInterceptorWithUserMap" class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
+ <property name="securedObject" ref="serviceBean"/>
+ <property name="userRolesMap" ref="userRolesMap"/>
+ </bean>
+ <bean id="rolesHandlerWithUserMap" class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
+ <property name="interceptor" ref="authorizationInterceptorWithUserMap"/>
+ </bean>
+ <bean id="samlEnvHandlerWithCustomProvider" class="org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler">
+ <property name="securityContextProvider">
+ <bean class="org.apache.cxf.systest.jaxrs.security.saml.CustomSecurityContextProvider"/>
+ </property>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles2">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlEnvHandlerWithCustomProvider"/>
+ <ref bean="rolesHandlerWithUserMap"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/saml-claims">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBeanClaims"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlEnvHandler"/>
+ <ref bean="claimsHandler"/>
+ </jaxrs:providers>
+ </jaxrs:server>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/server.xml
new file mode 100644
index 0000000..92ffdff
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/saml/server.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-saml}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
+ <bean id="samlHeaderHandler" class="org.apache.cxf.rs.security.saml.SamlHeaderInHandler"/>
+ <bean id="samlFormHandler" class="org.apache.cxf.rs.security.saml.SamlFormInHandler"/>
+ <bean id="samlEnvHandler" class="org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler"/>
+ <bean id="xmlSigHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler"/>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/samlheader">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlHeaderHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/samlform">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="samlFormHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/samlxml">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlSigHandler"/>
+ <ref bean="samlEnvHandler"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml
new file mode 100644
index 0000000..13eaea1
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml
new file mode 100644
index 0000000..e130b3c
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-saml}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <bean id="metadataBean" class="org.apache.cxf.rs.security.saml.sso.MetadataService">
+ <property name="serviceAddress"
+ value="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles"/>
+ <property name="assertionConsumerServiceAddress"
+ value="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles"/>
+ <property name="logoutServiceAddress"
+ value="https://localhost:${testutil.ports.jaxrs-saml}/sso/logout"/>
+ <property name="signatureUsername" value="alice"/>
+ <property name="signaturePropertiesFile"
+ value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <property name="callbackHandlerClass"
+ value="org.apache.cxf.systest.jaxrs.security.samlsso.KeystorePasswordCallback"/>
+ </bean>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/sso"
+ depends-on="port-9095-tls-config" >
+ <jaxrs:serviceBeans>
+ <ref bean="metadataBean"/>
+ </jaxrs:serviceBeans>
+ </jaxrs:server>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/client.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/client.xml
new file mode 100644
index 0000000..13eaea1
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/client.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
new file mode 100644
index 0000000..48ee949
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-xmlsec}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
+ <bean id="sigProps" class="org.apache.cxf.rs.security.xml.SignatureProperties">
+ <property name="signatureAlgo" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <property name="signatureDigestAlgo" value="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <property name="signatureC14nMethod" value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <property name="signatureC14nTransform" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ </bean>
+ <bean id="encProps" class="org.apache.cxf.rs.security.xml.EncryptionProperties">
+ <property name="encryptionKeyTransportAlgo" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+ <property name="encryptionSymmetricKeyAlgo" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ </bean>
+ <bean id="xmlSigInHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
+ </bean>
+ <bean id="xmlSigInHandlerConstraints" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
+ <property name="subjectConstraints">
+ <util:list>
+ <value>.*CN=bob.*</value>
+ </util:list>
+ </property>
+ </bean>
+ <bean id="xmlSigInHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
+ <property name="signatureProperties" ref="sigProps"/>
+ </bean>
+ <bean id="xmlSigInHandlerNoKeyInfo" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
+ <property name="keyInfoMustBeAvailable" value="false"/>
+ </bean>
+ <bean id="xmlSigOutHandler" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor"/>
+ <bean id="xmlSigOutHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor">
+ <property name="signatureProperties" ref="sigProps"/>
+ </bean>
+ <bean id="xmlSigOutHandlerNoKeyInfo" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor">
+ <property name="keyInfoMustBeAvailable" value="false"/>
+ </bean>
+ <bean id="xmlEncInHandler" class="org.apache.cxf.rs.security.xml.XmlEncInHandler"/>
+ <bean id="xmlEncInHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlEncInHandler">
+ <property name="encryptionProperties" ref="encProps"/>
+ </bean>
+ <bean id="xmlEncOutHandler" class="org.apache.cxf.rs.security.xml.XmlEncOutInterceptor">
+ <property name="symmetricEncAlgorithm" value="aes128-cbc"/>
+ </bean>
+ <bean id="xmlEncOutHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlEncOutInterceptor">
+ <property name="encryptionProperties" ref="encProps"/>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsig">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsigconstraints">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlSigInHandlerConstraints"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsignokeyinfo">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlSigInHandlerNoKeyInfo"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandlerNoKeyInfo"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlenc">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlEncInHandler"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlEncOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlEncInHandler"/>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ <ref bean="xmlEncOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec-validate">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlEncInHandlerWithProps"/>
+ <ref bean="xmlSigInHandlerWithProps"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandlerWithProps"/>
+ <ref bean="xmlEncOutHandlerWithProps"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec-useReqSigCert">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlEncInHandler"/>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ <ref bean="xmlEncOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
new file mode 100644
index 0000000..0164e2d
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
@@ -0,0 +1,216 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-xmlsec-stax}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
+ <bean id="sigProps" class="org.apache.cxf.rs.security.xml.SignatureProperties">
+ <property name="signatureAlgo" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <property name="signatureDigestAlgo" value="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <property name="signatureC14nMethod" value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <property name="signatureC14nTransform" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ </bean>
+ <bean id="encProps" class="org.apache.cxf.rs.security.xml.EncryptionProperties">
+ <property name="encryptionKeyTransportAlgo" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+ <property name="encryptionSymmetricKeyAlgo" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ </bean>
+ <bean id="xmlSigInHandler" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
+ <property name="requireSignature" value="true"/>
+ <property name="signatureVerificationAlias" value="alice" />
+ </bean>
+ <bean id="xmlSigInHandlerConstraints" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
+ <property name="requireSignature" value="true"/>
+ <property name="signatureVerificationAlias" value="alice" />
+ <property name="subjectConstraints">
+ <util:list>
+ <value>.*CN=bob.*</value>
+ </util:list>
+ </property>
+ </bean>
+ <bean id="xmlEncInHandler" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
+ <property name="decryptionAlias" value="bob" />
+ <property name="requireEncryption" value="true"/>
+ </bean>
+ <bean id="xmlSecInHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
+ <property name="signatureProperties" ref="sigProps"/>
+ <property name="encryptionProperties" ref="encProps"/>
+ <property name="decryptionAlias" value="bob" />
+ <property name="signatureVerificationAlias" value="alice" />
+ <property name="requireEncryption" value="true"/>
+ <property name="requireSignature" value="true"/>
+ </bean>
+ <bean id="xmlSigOutHandler" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
+ <property name="signRequest" value="true"/>
+ </bean>
+ <bean id="xmlSecOutHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
+ <property name="signRequest" value="true"/>
+ <property name="encryptRequest" value="true"/>
+ <property name="signatureProperties" ref="sigProps"/>
+ <property name="encryptionProperties" ref="encProps"/>
+ </bean>
+ <bean id="xmlSigOutHandlerNoKeyInfo" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
+ <property name="signRequest" value="true"/>
+ </bean>
+ <bean id="xmlSecInHandler" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
+ <property name="requireSignature" value="true"/>
+ <property name="signatureVerificationAlias" value="alice" />
+ <property name="decryptionAlias" value="bob" />
+ <property name="requireEncryption" value="true"/>
+ </bean>
+ <bean id="xmlSecOutHandler" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
+ <property name="signRequest" value="true"/>
+ <property name="encryptRequest" value="true"/>
+ <property name="symmetricEncAlgorithm" value="aes128-cbc"/>
+ </bean>
+ <bean id="xmlEncOutHandler" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
+ <property name="encryptRequest" value="true"/>
+ <property name="symmetricEncAlgorithm" value="aes128-cbc"/>
+ </bean>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsig">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigconstraints">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSigInHandlerConstraints"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsignokeyinfo">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandlerNoKeyInfo"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlenc">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlEncInHandler"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlEncOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsec">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSecInHandler"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSecOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsec-validate">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSecInHandlerWithProps"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSecOutHandlerWithProps"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsec-useReqSigCert">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSecInHandler"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSecOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+</beans>
[10/14] cxf git commit: Separate test classes + resources
Posted by co...@apache.org.
Separate test classes + resources
Conflicts:
systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/39d8444b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/39d8444b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/39d8444b
Branch: refs/heads/3.0.x-fixes
Commit: 39d8444b6fbdd2e5e21fd2c6c93f2c8c03c7d9c7
Parents: 6785519
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 15:28:32 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:53 2015 +0000
----------------------------------------------------------------------
.../systest/jaxrs/security/jose/BookStore.java | 62 +++
.../jose/jwejws/BookServerAlgorithms.java | 59 ++
.../security/jose/jwejws/BookServerJwsJson.java | 59 ++
.../security/jose/jwejws/BookServerJwt.java | 59 ++
.../jose/jwejws/BookServerReference.java | 59 ++
.../security/jose/jwejws/JAXRSJweJwsTest.java | 486 +++++++++++++++++
.../security/jose/jwejws/JAXRSJwsJsonTest.java | 194 +++++++
.../jose/jwejws/JweJwsAlgorithmTest.java | 534 +++++++++++++++++++
.../jose/jwejws/JweJwsReferenceTest.java | 385 +++++++++++++
.../jwejws/PrivateKeyPasswordProviderImpl.java | 40 ++
.../security/jwt/BookServerAlgorithms.java | 57 --
.../jaxrs/security/jwt/BookServerJwsJson.java | 57 --
.../jaxrs/security/jwt/BookServerJwt.java | 57 --
.../jaxrs/security/jwt/BookServerReference.java | 57 --
.../systest/jaxrs/security/jwt/BookStore.java | 62 ---
.../jaxrs/security/jwt/JAXRSJweJwsTest.java | 482 -----------------
.../jaxrs/security/jwt/JAXRSJwsJsonTest.java | 193 -------
.../jaxrs/security/jwt/JweJwsAlgorithmTest.java | 534 -------------------
.../jaxrs/security/jwt/JweJwsReferenceTest.java | 385 -------------
.../jwt/PrivateKeyPasswordProviderImpl.java | 40 --
.../jaxrs/security/jwt/algorithms-server.xml | 113 ----
.../cxf/systest/jaxrs/security/jwt/client.xml | 38 --
.../jaxrs/security/jwt/reference-server.xml | 101 ----
.../cxf/systest/jaxrs/security/jwt/server.xml | 246 ---------
.../jaxrs/security/jwt/serverJwsJson.xml | 90 ----
.../jaxrs/security/oauth2/BookServerOAuth2.java | 6 +-
.../systest/jaxrs/security/oauth2/client.xml | 38 --
.../systest/jaxrs/security/oauth2/server.xml | 98 ----
.../jaxrs/security/saml/BookServerSaml.java | 6 +-
.../cxf/systest/jaxrs/security/saml/client.xml | 38 --
.../jaxrs/security/saml/secureServer.xml | 104 ----
.../cxf/systest/jaxrs/security/saml/server.xml | 79 ---
.../jaxrs/security/samlsso/MetadataServer.java | 6 +-
.../systest/jaxrs/security/samlsso/client.xml | 38 --
.../jaxrs/security/samlsso/metadata-server.xml | 62 ---
.../jaxrs/security/xml/BookServerXmlSec.java | 6 +-
.../cxf/systest/jaxrs/security/xml/client.xml | 38 --
.../cxf/systest/jaxrs/security/xml/server.xml | 201 -------
.../systest/jaxrs/security/xml/stax-server.xml | 216 --------
.../security/jose/jwejws/algorithms-server.xml | 113 ++++
.../jaxrs/security/jose/jwejws/client.xml | 38 ++
.../security/jose/jwejws/reference-server.xml | 101 ++++
.../jaxrs/security/jose/jwejws/server.xml | 246 +++++++++
.../security/jose/jwejws/serverJwsJson.xml | 90 ++++
.../systest/jaxrs/security/oauth2/client.xml | 38 ++
.../systest/jaxrs/security/oauth2/server.xml | 98 ++++
.../cxf/systest/jaxrs/security/saml/client.xml | 38 ++
.../jaxrs/security/saml/secureServer.xml | 104 ++++
.../cxf/systest/jaxrs/security/saml/server.xml | 79 +++
.../systest/jaxrs/security/samlsso/client.xml | 38 ++
.../jaxrs/security/samlsso/metadata-server.xml | 62 +++
.../cxf/systest/jaxrs/security/xml/client.xml | 38 ++
.../cxf/systest/jaxrs/security/xml/server.xml | 201 +++++++
.../systest/jaxrs/security/xml/stax-server.xml | 216 ++++++++
54 files changed, 3453 insertions(+), 3432 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/BookStore.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/BookStore.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/BookStore.java
new file mode 100644
index 0000000..9be440e
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/BookStore.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose;
+
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+
+import org.apache.cxf.systest.jaxrs.security.Book;
+
+@Path("/bookstore")
+public class BookStore {
+
+ public BookStore() {
+ }
+
+ @POST
+ @Path("/books")
+ @Produces("text/plain")
+ @Consumes("text/plain")
+ public String echoText(String text) {
+ return text;
+ }
+
+ @POST
+ @Path("/books")
+ @Produces("application/json")
+ @Consumes("application/json")
+ public Book echoBook(Book book) {
+ return book;
+ }
+
+ @POST
+ @Path("/books")
+ @Produces("application/xml")
+ @Consumes("application/xml")
+ public Book echoBook2(Book book) {
+ return book;
+ }
+
+}
+
+
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerAlgorithms.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerAlgorithms.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerAlgorithms.java
new file mode 100644
index 0000000..ff35edd
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerAlgorithms.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerAlgorithms extends AbstractBusTestServerBase {
+ public static final String PORT = TestUtil.getPortNumber("jaxrs-jwejws-algorithms");
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerAlgorithms.class.getResource("algorithms-server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerAlgorithms();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static void main(String[] args) {
+ try {
+ BookServerAlgorithms s = new BookServerAlgorithms();
+ s.start();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ System.exit(-1);
+ } finally {
+ System.out.println("done!");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsJson.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsJson.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsJson.java
new file mode 100644
index 0000000..7d2e605
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsJson.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerJwsJson extends AbstractBusTestServerBase {
+ public static final String PORT = TestUtil.getPortNumber("jaxrs-jws-json");
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerJwsJson.class.getResource("serverJwsJson.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerJwsJson();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static void main(String[] args) {
+ try {
+ BookServerJwsJson s = new BookServerJwsJson();
+ s.start();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ System.exit(-1);
+ } finally {
+ System.out.println("done!");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwt.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwt.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwt.java
new file mode 100644
index 0000000..e4c7117
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwt.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerJwt extends AbstractBusTestServerBase {
+ public static final String PORT = TestUtil.getPortNumber("jaxrs-jwt");
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerJwt.class.getResource("server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerJwt();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static void main(String[] args) {
+ try {
+ BookServerJwt s = new BookServerJwt();
+ s.start();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ System.exit(-1);
+ } finally {
+ System.out.println("done!");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerReference.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerReference.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerReference.java
new file mode 100644
index 0000000..0a9b35b
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerReference.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerReference extends AbstractBusTestServerBase {
+ public static final String PORT = TestUtil.getPortNumber("jaxrs-jwejws-reference");
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerReference.class.getResource("reference-server.xml");
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+ setBus(springBus);
+
+ try {
+ new BookServerReference();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static void main(String[] args) {
+ try {
+ BookServerReference s = new BookServerReference();
+ s.start();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ System.exit(-1);
+ } finally {
+ System.out.println("done!");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
new file mode 100644
index 0000000..69683f8
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
@@ -0,0 +1,486 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.net.URL;
+import java.security.Security;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Properties;
+
+import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider;
+import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter;
+import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter;
+import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
+import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
+import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyDecryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.systest.jaxrs.security.Book;
+<<<<<<< HEAD:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
+=======
+import org.apache.cxf.systest.jaxrs.security.jose.BookStore;
+>>>>>>> ecf6a38... Separate test classes + resources:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
+ public static final String PORT = BookServerJwt.PORT;
+ private static final String CLIENT_JWEJWS_PROPERTIES =
+ "org/apache/cxf/systest/jaxrs/security/bob.rs.properties";
+ private static final String SERVER_JWEJWS_PROPERTIES =
+ "org/apache/cxf/systest/jaxrs/security/alice.rs.properties";
+ private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75"
+ + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
+ private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
+
+ private static boolean isJava6() {
+ String version = System.getProperty("java.version");
+ return 1.6D == Double.parseDouble(version.substring(0, 3));
+ }
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerJwt.class, true));
+ registerBouncyCastleIfNeeded();
+ }
+
+ private static void registerBouncyCastleIfNeeded() throws Exception {
+ // Still need it for Oracle Java 7 and Java 8
+ Security.addProvider(new BouncyCastleProvider());
+ }
+ @AfterClass
+ public static void unregisterBouncyCastleIfNeeded() throws Exception {
+ Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+ }
+ @Test
+ public void testJweJwkPlainTextRSA() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwkrsa";
+ BookStore bs = createJweBookStore(address, null);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJweJwkBookBeanRSA() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwkrsa";
+ BookStore bs = createJweBookStore(address,
+ Collections.singletonList(new JacksonJsonProvider()));
+ Book book = bs.echoBook(new Book("book", 123L));
+ assertEquals("book", book.getName());
+ assertEquals(123L, book.getId());
+ }
+ private BookStore createJweBookStore(String address,
+ List<?> mbProviders) throws Exception {
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+ jweWriter.setUseJweOutputStream(true);
+ providers.add(jweWriter);
+ providers.add(new JweClientResponseFilter());
+ if (mbProviders != null) {
+ providers.addAll(mbProviders);
+ }
+ bean.setProviders(providers);
+ bean.getProperties(true).put("rs.security.encryption.out.properties",
+ "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
+ bean.getProperties(true).put("rs.security.encryption.in.properties",
+ "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
+ return bean.create(BookStore.class);
+ }
+
+ @Test
+ public void testJweJwkAesWrap() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwkaeswrap";
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+ jweWriter.setUseJweOutputStream(true);
+ providers.add(jweWriter);
+ providers.add(new JweClientResponseFilter());
+ bean.setProviders(providers);
+ bean.getProperties(true).put("rs.security.encryption.properties",
+ "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
+ bean.getProperties(true).put("jose.debug", true);
+ BookStore bs = bean.create(BookStore.class);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJweJwkAesCbcHMacInlineSet() throws Exception {
+ doTestJweJwkAesCbcHMac("org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties");
+ }
+ @Test
+ public void testJweJwkAesCbcHMacInlineSingleKey() throws Exception {
+ doTestJweJwkAesCbcHMac("org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties");
+ }
+ private void doTestJweJwkAesCbcHMac(String propFile) throws Exception {
+ String address = "https://localhost:" + PORT + "/jwejwkaescbchmac";
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+ jweWriter.setUseJweOutputStream(true);
+ providers.add(jweWriter);
+ providers.add(new JweClientResponseFilter());
+ bean.setProviders(providers);
+ bean.getProperties(true).put("rs.security.encryption.properties", propFile);
+ PrivateKeyPasswordProvider provider =
+ new PrivateKeyPasswordProviderImpl("Thus from my lips, by yours, my sin is purged.");
+ bean.getProperties(true).put("rs.security.key.password.provider", provider);
+ BookStore bs = bean.create(BookStore.class);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJweRsaJwsRsa() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwsrsa";
+ BookStore bs = createJweJwsBookStore(address, null, null);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJweRsaJwsRsaCert() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwsrsacert";
+
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+ jweWriter.setUseJweOutputStream(true);
+ providers.add(jweWriter);
+ providers.add(new JweClientResponseFilter());
+ JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
+ jwsWriter.setUseJwsOutputStream(true);
+ providers.add(jwsWriter);
+ providers.add(new JwsClientResponseFilter());
+
+ bean.setProviders(providers);
+ bean.getProperties(true).put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+ bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
+ bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
+ PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
+ bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
+ bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
+ BookStore bs = bean.create(BookStore.class);
+
+ WebClient.getConfig(bs).getRequestContext().put("rs.security.keystore.alias.jwe.out", "AliceCert");
+ WebClient.getConfig(bs).getRequestContext().put("rs.security.keystore.alias.jws.in", "AliceCert");
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJweRsaJwsRsaCertInHeaders() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwsrsaCertInHeaders";
+ BookStore bs = createJweJwsBookStore(address, null, null);
+ WebClient.getConfig(bs).getRequestContext().put("rs.security.signature.include.cert", "true");
+ WebClient.getConfig(bs).getRequestContext().put("rs.security.encryption.include.cert", "true");
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJweRsaJwsPlainTextHMac() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwshmac";
+ HmacJwsSignatureProvider hmacProvider =
+ new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256);
+ BookStore bs = createJweJwsBookStore(address, hmacProvider, null);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJweRsaJwsBookHMac() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwshmac";
+ HmacJwsSignatureProvider hmacProvider =
+ new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256);
+ BookStore bs = createJweJwsBookStore(address, hmacProvider,
+ Collections.singletonList(new JacksonJsonProvider()));
+ Book book = bs.echoBook(new Book("book", 123L));
+ assertEquals("book", book.getName());
+ assertEquals(123L, book.getId());
+ }
+
+ @Test
+ public void testJwsJwkPlainTextHMac() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjwkhmac";
+ BookStore bs = createJwsBookStore(address, null);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJwsJwkBookHMac() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjwkhmac";
+ BookStore bs = createJwsBookStore(address,
+ Collections.singletonList(new JacksonJsonProvider()));
+ Book book = bs.echoBook(new Book("book", 123L));
+ assertEquals("book", book.getName());
+ assertEquals(123L, book.getId());
+ }
+ private BookStore createJwsBookStore(String address,
+ List<?> mbProviders) throws Exception {
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
+ jwsWriter.setUseJwsOutputStream(true);
+ providers.add(jwsWriter);
+ providers.add(new JwsClientResponseFilter());
+ if (mbProviders != null) {
+ providers.addAll(mbProviders);
+ }
+ bean.setProviders(providers);
+ bean.getProperties(true).put("rs.security.signature.properties",
+ "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
+ return bean.create(BookStore.class);
+ }
+ @Test
+ public void testJwsJwkEC() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjwkec";
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
+ jwsWriter.setUseJwsOutputStream(true);
+ providers.add(jwsWriter);
+ providers.add(new JwsClientResponseFilter());
+ bean.setProviders(providers);
+ bean.getProperties(true).put("rs.security.signature.out.properties",
+ "org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties");
+ bean.getProperties(true).put("rs.security.signature.in.properties",
+ "org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties");
+ BookStore bs = bean.create(BookStore.class);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJwsJwkRSA() throws Exception {
+ doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", false, false);
+ }
+ @Test
+ public void testJwsJwkInHeadersRSA() throws Exception {
+ doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", true, true);
+ }
+ @Test
+ public void testJwsJwkKidOnlyInHeadersRSA() throws Exception {
+ doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", false, true);
+ }
+ private void doTestJwsJwkRSA(String address,
+ boolean includePublicKey,
+ boolean includeKeyId) throws Exception {
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
+ jwsWriter.setUseJwsOutputStream(true);
+ providers.add(jwsWriter);
+ providers.add(new JwsClientResponseFilter());
+ bean.setProviders(providers);
+ bean.getProperties(true).put("rs.security.signature.out.properties",
+ "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
+ bean.getProperties(true).put("rs.security.signature.in.properties",
+ "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
+ if (includePublicKey) {
+ bean.getProperties(true).put("rs.security.signature.include.public.key", true);
+ }
+ if (includeKeyId) {
+ bean.getProperties(true).put("rs.security.signature.include.key.id", true);
+ }
+ BookStore bs = bean.create(BookStore.class);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ private BookStore createJweJwsBookStore(String address,
+ JwsSignatureProvider jwsSigProvider,
+ List<?> mbProviders) throws Exception {
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+ jweWriter.setUseJweOutputStream(true);
+ providers.add(jweWriter);
+ providers.add(new JweClientResponseFilter());
+ JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
+ if (jwsSigProvider != null) {
+ jwsWriter.setSignatureProvider(jwsSigProvider);
+ }
+ jwsWriter.setUseJwsOutputStream(true);
+ providers.add(jwsWriter);
+ providers.add(new JwsClientResponseFilter());
+ if (mbProviders != null) {
+ providers.addAll(mbProviders);
+ }
+ bean.setProviders(providers);
+ bean.getProperties(true).put("rs.security.encryption.out.properties", SERVER_JWEJWS_PROPERTIES);
+ bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
+ bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
+ bean.getProperties(true).put("rs.security.signature.in.properties", SERVER_JWEJWS_PROPERTIES);
+ PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
+ bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
+ bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
+ return bean.create(BookStore.class);
+ }
+
+ @Test
+ public void testJweAesCbcHmac() throws Exception {
+ String address = "https://localhost:" + PORT + "/jweaescbchmac";
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ // writer
+ JweWriterInterceptor jweWriter = new JweWriterInterceptor();
+ jweWriter.setUseJweOutputStream(true);
+
+ final String cekEncryptionKey = "GawgguFyGrWKav7AX4VKUg";
+ AesWrapKeyEncryptionAlgorithm keyEncryption =
+ new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, KeyAlgorithm.A128KW);
+ jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256,
+ keyEncryption));
+
+ // reader
+ JweClientResponseFilter jweReader = new JweClientResponseFilter();
+ jweReader.setDecryptionProvider(new AesCbcHmacJweDecryption(
+ new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey)));
+
+ providers.add(jweWriter);
+ providers.add(jweReader);
+ bean.setProviders(providers);
+
+ BookStore bs = bean.create(BookStore.class);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+
+ // Test signing and encrypting an XML payload
+ @Test
+ public void testJweRsaJwsRsaXML() throws Exception {
+ if (SKIP_AES_GCM_TESTS || !SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwsrsa";
+ BookStore bs = createJweJwsBookStore(address, null, null);
+ Book book = new Book();
+ book.setName("book");
+ book = bs.echoBook2(book);
+ assertEquals("book", book.getName());
+ }
+
+ private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider {
+ private String password = "password";
+ public PrivateKeyPasswordProviderImpl() {
+
+ }
+ public PrivateKeyPasswordProviderImpl(String password) {
+ this.password = password;
+ }
+ @Override
+ public char[] getPassword(Properties storeProperties) {
+ return password.toCharArray();
+ }
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java
new file mode 100644
index 0000000..32dd05a
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java
@@ -0,0 +1,194 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.net.URL;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.BadRequestException;
+
+import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
+import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter;
+import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jaxrs.JwsJsonClientResponseFilter;
+import org.apache.cxf.rs.security.jose.jaxrs.JwsJsonWriterInterceptor;
+import org.apache.cxf.systest.jaxrs.security.Book;
+import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
+import org.apache.cxf.systest.jaxrs.security.jose.BookStore;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase {
+ public static final String PORT = BookServerJwsJson.PORT;
+ private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
+
+ private static boolean isJava6() {
+ String version = System.getProperty("java.version");
+ return 1.6D == Double.parseDouble(version.substring(0, 3));
+ }
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerJwsJson.class, true));
+ registerBouncyCastle();
+ }
+
+ private static void registerBouncyCastle() throws Exception {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+ @AfterClass
+ public static void unregisterBouncyCastleIfNeeded() throws Exception {
+ Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+ }
+
+ @Test
+ public void testJwsJsonPlainTextHmac() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjsonhmac";
+ BookStore bs = createBookStore(address,
+ "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties",
+ null);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+ @Test
+ public void testJwsJsonBookBeanHmac() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjsonhmac";
+ BookStore bs = createBookStore(address,
+ "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties",
+ Collections.singletonList(new JacksonJsonProvider()));
+ Book book = bs.echoBook(new Book("book", 123L));
+ assertEquals("book", book.getName());
+ assertEquals(123L, book.getId());
+ }
+ @Test
+ public void testJweCompactJwsJsonBookBeanHmac() throws Exception {
+ if (SKIP_AES_GCM_TESTS || !SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
+ return;
+ }
+ String address = "https://localhost:" + PORT + "/jwejwsjsonhmac";
+ List<?> extraProviders = Arrays.asList(new JacksonJsonProvider(),
+ new JweWriterInterceptor(),
+ new JweClientResponseFilter());
+ String jwkStoreProperty = "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties";
+ Map<String, Object> props = new HashMap<String, Object>();
+ props.put("rs.security.signature.list.properties", jwkStoreProperty);
+ props.put("rs.security.encryption.properties", jwkStoreProperty);
+ BookStore bs = createBookStore(address,
+ props,
+ extraProviders);
+ Book book = bs.echoBook(new Book("book", 123L));
+ assertEquals("book", book.getName());
+ assertEquals(123L, book.getId());
+ }
+
+ @Test
+ public void testJwsJsonBookDoubleHmac() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjsonhmac2";
+ List<String> properties = new ArrayList<String>();
+ properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
+ properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties");
+ BookStore bs = createBookStore(address, properties, null);
+ Book book = bs.echoBook(new Book("book", 123L));
+ assertEquals("book", book.getName());
+ assertEquals(123L, book.getId());
+ }
+
+ @Test
+ public void testJwsJsonBookDoubleHmacSinglePropsFile() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjsonhmac2";
+ List<String> properties = new ArrayList<String>();
+ properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties");
+ BookStore bs = createBookStore(address, properties, null);
+ Book book = bs.echoBook2(new Book("book", 123L));
+ assertEquals("book", book.getName());
+ assertEquals(123L, book.getId());
+ }
+
+ // Test signing an XML payload
+ @Test
+ public void testJwsJsonPlainTextHmacXML() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjsonhmac";
+ BookStore bs = createBookStore(address,
+ "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties",
+ null);
+ String text = bs.echoText("book");
+ assertEquals("book", text);
+ }
+
+ // Test signing with a bad signature key
+ @Test
+ public void testJwsJsonPlaintextHMACBadKey() throws Exception {
+ String address = "https://localhost:" + PORT + "/jwsjsonhmac";
+ BookStore bs = createBookStore(address,
+ "org/apache/cxf/systest/jaxrs/security/secret.jwk.bad.properties",
+ null);
+ try {
+ bs.echoText("book");
+ fail("Failure expected on a bad signature key");
+ } catch (BadRequestException ex) {
+ // expected
+ }
+ }
+
+ private BookStore createBookStore(String address, Object properties,
+ List<?> extraProviders) throws Exception {
+ return createBookStore(address,
+ Collections.singletonMap("rs.security.signature.list.properties", properties),
+ extraProviders);
+ }
+ private BookStore createBookStore(String address,
+ Map<String, Object> mapProperties,
+ List<?> extraProviders) throws Exception {
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSJwsJsonTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+ bean.setServiceClass(BookStore.class);
+ bean.setAddress(address);
+ List<Object> providers = new LinkedList<Object>();
+ JwsJsonWriterInterceptor writer = new JwsJsonWriterInterceptor();
+ writer.setUseJwsJsonOutputStream(true);
+ providers.add(writer);
+ providers.add(new JwsJsonClientResponseFilter());
+ if (extraProviders != null) {
+ providers.addAll(extraProviders);
+ }
+ bean.setProviders(providers);
+ bean.getProperties(true).putAll(mapProperties);
+ return bean.create(BookStore.class);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
new file mode 100644
index 0000000..9233043
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
@@ -0,0 +1,534 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.net.URL;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.core.Response;
+
+import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
+import org.apache.cxf.systest.jaxrs.security.Book;
+import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+/**
+ * Some encryption or signature tests, focus on algorithms.
+ */
+public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase {
+ public static final String PORT = BookServerAlgorithms.PORT;
+ private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
+
+ private static boolean isJava6() {
+ String version = System.getProperty("java.version");
+ return 1.6D == Double.parseDouble(version.substring(0, 3));
+ }
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerAlgorithms.class, true));
+ registerBouncyCastleIfNeeded();
+ }
+
+ private static void registerBouncyCastleIfNeeded() throws Exception {
+ // Still need it for Oracle Java 7 and Java 8
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ @AfterClass
+ public static void unregisterBouncyCastleIfNeeded() throws Exception {
+ Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+ }
+
+ //
+ // Encryption tests
+ //
+ @org.junit.Test
+ public void testEncryptionProperties() throws Exception {
+
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.encryption.properties",
+ "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+
+ Book returnedBook = response.readEntity(Book.class);
+ assertEquals(returnedBook.getName(), "book");
+ assertEquals(returnedBook.getId(), 123L);
+ }
+
+ @org.junit.Test
+ public void testEncryptionDynamic() throws Exception {
+
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+
+ Book returnedBook = response.readEntity(Book.class);
+ assertEquals(returnedBook.getName(), "book");
+ assertEquals(returnedBook.getId(), 123L);
+ }
+
+ @org.junit.Test
+ public void testWrongKeyEncryptionAlgorithm() throws Exception {
+
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA1_5");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA1_5");
+ properties.put("rs.security.encryption.include.public.key", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testWrongContentEncryptionAlgorithm() throws Exception {
+
+ if (SKIP_AES_GCM_TESTS || !SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
+ return;
+ }
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+ properties.put("rs.security.encryption.content.algorithm", "A192GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testBadEncryptingKey() throws Exception {
+
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "AliceCert");
+ properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ // 1024 bits not allowed with RSA according to the spec
+ @org.junit.Test
+ public void testSmallEncryptionKeySize() throws Exception {
+
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jwesmallkey/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "smallkey");
+ properties.put("rs.security.keystore.password", "security");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ //
+ // Signature tests
+ //
+
+ @org.junit.Test
+ public void testSignatureProperties() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.signature.properties",
+ "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+
+ Book returnedBook = response.readEntity(Book.class);
+ assertEquals(returnedBook.getName(), "book");
+ assertEquals(returnedBook.getId(), 123L);
+ }
+
+ @org.junit.Test
+ public void testSignatureDynamic() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+ properties.put("rs.security.signature.algorithm", "RS256");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+
+ Book returnedBook = response.readEntity(Book.class);
+ assertEquals(returnedBook.getName(), "book");
+ assertEquals(returnedBook.getId(), 123L);
+ }
+
+ @org.junit.Test
+ public void testWrongSignatureAlgorithm() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+ properties.put("rs.security.signature.algorithm", "PS256");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testWrongSignatureAlgorithmKeyIncluded() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+ properties.put("rs.security.signature.algorithm", "PS256");
+ properties.put("rs.security.signature.include.public.key", true);
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testBadSigningKey() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.alias", "alice");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+ properties.put("rs.security.signature.algorithm", "RS256");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testSignatureEllipticCurve() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jwsec/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "ECKey");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
+ properties.put("rs.security.signature.algorithm", "ES256");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+
+ Book returnedBook = response.readEntity(Book.class);
+ assertEquals(returnedBook.getName(), "book");
+ assertEquals(returnedBook.getId(), 123L);
+ }
+
+ @org.junit.Test
+ public void testManualSignature() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+
+ String address = "http://localhost:" + PORT + "/jws/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ String header = "eyJhbGciOiJSUzI1NiIsImN0eSI6Impzb24ifQ";
+ String payload = "eyJCb29rIjp7ImlkIjoxMjMsIm5hbWUiOiJib29rIn19";
+ String sig = "mZJVPy83atFNxQMeJqkVbR8t1srr9LgKBGT0hgiymjNepRgqedvFG5B8E8UPAzfzNLsos91gGdneUEKrWauU4GoDPTzngX"
+ + "798aDP6lsn5bUoTMKLfaWp9uzHDIzLMjGkabn92nrIpdK4JKDYNjdSUJIT2L97jggg0aoLhJQHVw2LdF1fpYdM-HCyccNW"
+ + "HQbAR7bDZdITZFnDi8b22QfHCqeLV7m4mBvNDtNX337wtoUKyjPYBMoWc12hHDCwQyu_gfW6zFioF5TGx-Ifg8hrFlnyUr"
+ + "vnSdP-FUtXiGeWBIvE_L6gD7DfM4u9hkK757vTjjMR_pF2CW3pfSH-Ha8v0A";
+
+ // Successful test
+ Response response = client.post(header + "." + payload + "." + sig);
+ assertEquals(response.getStatus(), 200);
+
+ Book returnedBook = response.readEntity(Book.class);
+ assertEquals(returnedBook.getName(), "book");
+ assertEquals(returnedBook.getId(), 123L);
+
+ // No signature
+ response = client.post(header + "." + payload + ".");
+ assertNotEquals(response.getStatus(), 200);
+
+ // Modified signature
+ String sig2 = sig.replace('y', 'z');
+ response = client.post(header + "." + payload + "." + sig2);
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ // 1024 bits not allowed with RSA according to the spec
+ @org.junit.Test
+ public void testSmallSignatureKeySize() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jwssmallkey/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "smallkey");
+ properties.put("rs.security.keystore.password", "security");
+ properties.put("rs.security.key.password", "security");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
+ properties.put("rs.security.signature.algorithm", "RS256");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+}
[11/14] cxf git commit: Reverted AbstractJoseConsumer/Producer with
JwsHeader/JweHeader changes
Posted by co...@apache.org.
Reverted AbstractJoseConsumer/Producer with JwsHeader/JweHeader changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2265c112
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2265c112
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2265c112
Branch: refs/heads/3.0.x-fixes
Commit: 2265c11252519d84a38bb05bfca3f332707fe2ad
Parents: 39d8444
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 15:33:01 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:56 2015 +0000
----------------------------------------------------------------------
.../jose/common/AbstractJoseConsumer.java | 62 ++++++++++++++++++++
.../jose/common/AbstractJoseProducer.java | 53 +++++++++++++++++
.../jose/jwt/AbstractJoseJwtConsumer.java | 38 +-----------
.../jose/jwt/AbstractJoseJwtProducer.java | 30 +---------
4 files changed, 119 insertions(+), 64 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/2265c112/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
new file mode 100644
index 0000000..b8454b0
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.common;
+
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+
+public abstract class AbstractJoseConsumer {
+ private JweDecryptionProvider jweDecryptor;
+ private JwsSignatureVerifier jwsVerifier;
+
+ public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
+ this.jweDecryptor = jweDecryptor;
+ }
+
+ public JweDecryptionProvider getJweDecryptor() {
+ return jweDecryptor;
+ }
+
+ public void setJwsVerifier(JwsSignatureVerifier theJwsVerifier) {
+ this.jwsVerifier = theJwsVerifier;
+ }
+
+ public JwsSignatureVerifier getJwsVerifier() {
+ return jwsVerifier;
+ }
+
+ protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) {
+ if (jweDecryptor != null) {
+ return jweDecryptor;
+ }
+ return JweUtils.loadDecryptionProvider(jweHeaders, false);
+ }
+ protected JwsSignatureVerifier getInitializedSignatureVerifier(JwsHeaders jwsHeaders) {
+ if (jwsVerifier != null) {
+ return jwsVerifier;
+ }
+
+ return JwsUtils.loadSignatureVerifier(jwsHeaders, false);
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/2265c112/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
new file mode 100644
index 0000000..bad28f1
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.common;
+
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+
+public abstract class AbstractJoseProducer {
+ private JwsSignatureProvider sigProvider;
+ private JweEncryptionProvider encryptionProvider;
+
+ protected JwsSignatureProvider getInitializedSignatureProvider(JwsHeaders jwsHeaders) {
+ if (sigProvider != null) {
+ return sigProvider;
+ }
+
+ return JwsUtils.loadSignatureProvider(jwsHeaders, false);
+ }
+ protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders jweHeaders) {
+ if (encryptionProvider != null) {
+ return encryptionProvider;
+ }
+ return JweUtils.loadEncryptionProvider(jweHeaders, false);
+ }
+
+ public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
+ this.encryptionProvider = encryptionProvider;
+ }
+
+ public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+ this.sigProvider = signatureProvider;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/2265c112/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
index 0eb4a8e..1623b6a 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
@@ -18,19 +18,15 @@
*/
package org.apache.cxf.rs.security.jose.jwt;
+import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-public abstract class AbstractJoseJwtConsumer {
- private JweDecryptionProvider jweDecryptor;
- private JwsSignatureVerifier jwsVerifier;
+public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
private boolean jwsRequired = true;
private boolean jweRequired;
@@ -85,20 +81,6 @@ public abstract class AbstractJoseJwtConsumer {
validateToken(jwt);
return jwt;
}
- protected JwsSignatureVerifier getInitializedSignatureVerifier(JwsHeaders jwsHeaders) {
- if (jwsVerifier != null) {
- return jwsVerifier;
- }
-
- return JwsUtils.loadSignatureVerifier(jwsHeaders, false);
- }
-
- protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) {
- if (jweDecryptor != null) {
- return jweDecryptor;
- }
- return JweUtils.loadDecryptionProvider(jweHeaders, false);
- }
protected void validateToken(JwtToken jwt) {
}
@@ -118,20 +100,4 @@ public abstract class AbstractJoseJwtConsumer {
this.jweRequired = jweRequired;
}
- public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
- this.jweDecryptor = jweDecryptor;
- }
-
- public JweDecryptionProvider getJweDecryptor() {
- return jweDecryptor;
- }
-
- public void setJwsVerifier(JwsSignatureVerifier theJwsVerifier) {
- this.jwsVerifier = theJwsVerifier;
- }
-
- public JwsSignatureVerifier getJwsVerifier() {
- return jwsVerifier;
- }
-
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2265c112/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
index 0f72bbe..f65ca2c 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
@@ -19,18 +19,13 @@
package org.apache.cxf.rs.security.jose.jwt;
import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.jose.common.AbstractJoseProducer;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-public abstract class AbstractJoseJwtProducer {
- private JwsSignatureProvider sigProvider;
- private JweEncryptionProvider encryptionProvider;
+public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
private boolean jwsRequired = true;
private boolean jweRequired;
@@ -76,20 +71,6 @@ public abstract class AbstractJoseJwtProducer {
}
return data;
}
-
- protected JwsSignatureProvider getInitializedSignatureProvider(JwsHeaders jwsHeaders) {
- if (sigProvider != null) {
- return sigProvider;
- }
-
- return JwsUtils.loadSignatureProvider(jwsHeaders, false);
- }
- protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders jweHeaders) {
- if (encryptionProvider != null) {
- return encryptionProvider;
- }
- return JweUtils.loadEncryptionProvider(jweHeaders, false);
- }
public boolean isJwsRequired() {
return jwsRequired;
@@ -107,11 +88,4 @@ public abstract class AbstractJoseJwtProducer {
this.jweRequired = jweRequired;
}
- public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
- this.encryptionProvider = encryptionProvider;
- }
-
- public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
- this.sigProvider = signatureProvider;
- }
}
[13/14] cxf git commit: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
Recording .gitmergeinfo Changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ca469680
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ca469680
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ca469680
Branch: refs/heads/3.0.x-fixes
Commit: ca4696805f235cc38a279fcec5038602f601146c
Parents: e136446
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 17:53:58 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:58 2015 +0000
----------------------------------------------------------------------
.gitmergeinfo | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/ca469680/.gitmergeinfo
----------------------------------------------------------------------
diff --git a/.gitmergeinfo b/.gitmergeinfo
index cc6205a..803d89f 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -737,6 +737,7 @@ M cf879076498614de7424fc4ec63e62324e0055a6
M d25e4c94c518cb79af1e05a32fb8ded52a951324
M d2d8f6d6e2773025e0dd1c51c6b5e5d2e721def8
M d2dec5b87788b8cb5059d3719cf3dfd7135a1280
+M d356ec692ca58de0b6dd4922d7067cb3d69918a8
M d4a35c40d53fde17fec3d08c25215c7533dcb667
M d5315e072b8dd5222ede6f8e47c1e3e645209f59
M d5585c4c352803bfdf43e91d3c5dd2bea2abeb86
@@ -763,6 +764,7 @@ M eafa719cd9db973694307efad63adf218e6fcdeb
M eb3dd938052b3e853b0cf85dacf31ef7f802af38
M eb9e13e2dd4a22b1d777095a5d92139829d550b8
M ebe72ab23a48cc9f6a85b290f305f04b1ed75785
+M ecf6a384aa09062515afd8759fc093cb6117495f
M efaf05170b4f76ad61ff423e30ece58bdd226ae5
M f02b02934bf78504ffc462c364dc43e386e727b2
M f1a015924d53e5e253aad55a49ef9a1853b6c26f
[14/14] cxf git commit: Fixing merge
Posted by co...@apache.org.
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bee60953
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bee60953
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bee60953
Branch: refs/heads/3.0.x-fixes
Commit: bee60953d5f24318765676a2ca6a0805be8f13b8
Parents: ca46968
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 17:54:23 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:54:23 2015 +0000
----------------------------------------------------------------------
.../cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java | 3 ---
1 file changed, 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/bee60953/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
index 69683f8..b4a8eee 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
@@ -47,11 +47,8 @@ import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.systest.jaxrs.security.Book;
-<<<<<<< HEAD:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
-=======
import org.apache.cxf.systest.jaxrs.security.jose.BookStore;
->>>>>>> ecf6a38... Separate test classes + resources:systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
[09/14] cxf git commit: Separate test classes + resources
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsReferenceTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsReferenceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsReferenceTest.java
new file mode 100644
index 0000000..b4a7447
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsReferenceTest.java
@@ -0,0 +1,385 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.net.URL;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.core.Response;
+
+import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
+import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
+import org.apache.cxf.systest.jaxrs.security.Book;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+/**
+ * Some encryption or signature tests, focus on how keys and certs are referenced and included.
+ */
+public class JweJwsReferenceTest extends AbstractBusClientServerTestBase {
+ public static final String PORT = BookServerReference.PORT;
+ private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerReference.class, true));
+ registerBouncyCastleIfNeeded();
+ }
+
+ private static void registerBouncyCastleIfNeeded() throws Exception {
+ // Still need it for Oracle Java 7 and Java 8
+ Security.addProvider(new BouncyCastleProvider());
+ }
+ private static boolean isJava6() {
+ String version = System.getProperty("java.version");
+ return 1.6D == Double.parseDouble(version.substring(0, 3));
+ }
+ @AfterClass
+ public static void unregisterBouncyCastleIfNeeded() throws Exception {
+ Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+ }
+
+ //
+ // Encryption tests
+ //
+ // TODO
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testEncryptionIncludePublicKey() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweincludekey/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jwk");
+ properties.put("rs.security.keystore.alias", "2011-04-29");
+ properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ properties.put("rs.security.encryption.include.public.key", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testEncryptionIncludeCert() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweincludecert/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "bob");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/bob.jks");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ // First test that it fails without adding a cert (reference). This is because
+ // the service side does not have an alias configured
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+
+ // Now it should work
+ properties.put("rs.security.encryption.include.cert", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+ response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testEncryptionIncludeCertNegativeTest() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweincludecert/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "alice");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ properties.put("rs.security.encryption.include.cert", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ // Failure expected as we are encrypting to "alice" instead of "bob"
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testEncryptionIncludeCertSha1() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweincludecert/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "bob");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/bob.jks");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ // First test that it fails without adding a cert (reference). This is because
+ // the service side does not have an alias configured
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+
+ // Now it should work
+ properties.put("rs.security.encryption.include.cert.sha1", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+ response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testEncryptionIncludeCertSha1NegativeTest() throws Exception {
+ if (SKIP_AES_GCM_TESTS) {
+ return;
+ }
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JweWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jweincludecert/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "alice");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+ properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+ properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
+ properties.put("rs.security.encryption.include.cert.sha1", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ // Failure expected as we are encrypting to "alice" instead of "bob"
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ //
+ // Signature tests
+ //
+
+ @org.junit.Test
+ public void testSignatureIncludeCert() throws Exception {
+
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jwsincludecert/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "alice");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ // First test that it fails without adding a cert (reference). This is because
+ // the service side does not have an alias configured
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+
+ // Now it should work
+ properties.put("rs.security.signature.include.cert", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+ response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testSignatureIncludeCertNegativeTest() throws Exception {
+
+
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jwsincludecert/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "morpit");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/Morpit.jks");
+ properties.put("rs.security.signature.include.cert", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ // Failure expected as we are signing using a cert not trusted by cxfca.jks
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+ @org.junit.Test
+ public void testSignatureIncludeCertSha1() throws Exception {
+
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jwsincludecertsha1/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "alice");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ // First test that it fails without adding a cert (reference). This is because
+ // the service side does not have an alias configured
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+
+ // Now it should work
+ properties.put("rs.security.signature.include.cert.sha1", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+ response = client.post(new Book("book", 123L));
+ assertEquals(response.getStatus(), 200);
+ }
+
+
+ @org.junit.Test
+ public void testSignatureIncludeCertSha1NegativeTest() throws Exception {
+
+ URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<Object>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwsWriterInterceptor());
+
+ String address = "http://localhost:" + PORT + "/jwsincludecertsha1/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.alias", "morpit");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.file",
+ "org/apache/cxf/systest/jaxrs/security/certs/Morpit.jks");
+ properties.put("rs.security.signature.include.cert.sha1", "true");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ // Failure expected as we are signing using a cert not trusted by cxfca.jks
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/PrivateKeyPasswordProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/PrivateKeyPasswordProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/PrivateKeyPasswordProviderImpl.java
new file mode 100644
index 0000000..cf219a8
--- /dev/null
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/PrivateKeyPasswordProviderImpl.java
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.jose.jwejws;
+
+import java.util.Properties;
+
+import org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider;
+
+public class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider {
+
+ private String password = "password";
+ public PrivateKeyPasswordProviderImpl() {
+
+ }
+ public PrivateKeyPasswordProviderImpl(String password) {
+ this.password = password;
+ }
+ @Override
+ public char[] getPassword(Properties storeProperties) {
+ return password.toCharArray();
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerAlgorithms.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerAlgorithms.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerAlgorithms.java
deleted file mode 100644
index ced0fc1..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerAlgorithms.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-import org.apache.cxf.testutil.common.TestUtil;
-
-public class BookServerAlgorithms extends AbstractBusTestServerBase {
- public static final String PORT = TestUtil.getPortNumber("jaxrs-jwejws-algorithms");
- private static final String SERVER_CONFIG_FILE =
- "org/apache/cxf/systest/jaxrs/security/jwt/algorithms-server.xml";
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerAlgorithms();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- public static void main(String[] args) {
- try {
- BookServerAlgorithms s = new BookServerAlgorithms();
- s.start();
- } catch (Exception ex) {
- ex.printStackTrace();
- System.exit(-1);
- } finally {
- System.out.println("done!");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwsJson.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwsJson.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwsJson.java
deleted file mode 100644
index 3b451e1..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwsJson.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-import org.apache.cxf.testutil.common.TestUtil;
-
-public class BookServerJwsJson extends AbstractBusTestServerBase {
- public static final String PORT = TestUtil.getPortNumber("jaxrs-jws-json");
- private static final String SERVER_CONFIG_FILE =
- "org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml";
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerJwsJson();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- public static void main(String[] args) {
- try {
- BookServerJwsJson s = new BookServerJwsJson();
- s.start();
- } catch (Exception ex) {
- ex.printStackTrace();
- System.exit(-1);
- } finally {
- System.out.println("done!");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwt.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwt.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwt.java
deleted file mode 100644
index 20a0346..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerJwt.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-import org.apache.cxf.testutil.common.TestUtil;
-
-public class BookServerJwt extends AbstractBusTestServerBase {
- public static final String PORT = TestUtil.getPortNumber("jaxrs-jwt");
- private static final String SERVER_CONFIG_FILE =
- "org/apache/cxf/systest/jaxrs/security/jwt/server.xml";
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerJwt();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- public static void main(String[] args) {
- try {
- BookServerJwt s = new BookServerJwt();
- s.start();
- } catch (Exception ex) {
- ex.printStackTrace();
- System.exit(-1);
- } finally {
- System.out.println("done!");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
deleted file mode 100644
index aae5a23..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-import org.apache.cxf.testutil.common.TestUtil;
-
-public class BookServerReference extends AbstractBusTestServerBase {
- public static final String PORT = TestUtil.getPortNumber("jaxrs-jwejws-reference");
- private static final String SERVER_CONFIG_FILE =
- "org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml";
-
- protected void run() {
- SpringBusFactory bf = new SpringBusFactory();
- Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
- BusFactory.setDefaultBus(springBus);
- setBus(springBus);
-
- try {
- new BookServerReference();
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- public static void main(String[] args) {
- try {
- BookServerReference s = new BookServerReference();
- s.start();
- } catch (Exception ex) {
- ex.printStackTrace();
- System.exit(-1);
- } finally {
- System.out.println("done!");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java
deleted file mode 100644
index dcbeb28..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-
-import org.apache.cxf.systest.jaxrs.security.Book;
-
-@Path("/bookstore")
-public class BookStore {
-
- public BookStore() {
- }
-
- @POST
- @Path("/books")
- @Produces("text/plain")
- @Consumes("text/plain")
- public String echoText(String text) {
- return text;
- }
-
- @POST
- @Path("/books")
- @Produces("application/json")
- @Consumes("application/json")
- public Book echoBook(Book book) {
- return book;
- }
-
- @POST
- @Path("/books")
- @Produces("application/xml")
- @Consumes("application/xml")
- public Book echoBook2(Book book) {
- return book;
- }
-
-}
-
-
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
deleted file mode 100644
index ded9d2a..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ /dev/null
@@ -1,482 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import java.net.URL;
-import java.security.Security;
-import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Properties;
-
-import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
-import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider;
-import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter;
-import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
-import org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter;
-import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
-import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
-import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyDecryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.systest.jaxrs.security.Book;
-import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
- public static final String PORT = BookServerJwt.PORT;
- private static final String CLIENT_JWEJWS_PROPERTIES =
- "org/apache/cxf/systest/jaxrs/security/bob.rs.properties";
- private static final String SERVER_JWEJWS_PROPERTIES =
- "org/apache/cxf/systest/jaxrs/security/alice.rs.properties";
- private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75"
- + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
- private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
-
- private static boolean isJava6() {
- String version = System.getProperty("java.version");
- return 1.6D == Double.parseDouble(version.substring(0, 3));
- }
- @BeforeClass
- public static void startServers() throws Exception {
- assertTrue("server did not launch correctly",
- launchServer(BookServerJwt.class, true));
- registerBouncyCastleIfNeeded();
- }
-
- private static void registerBouncyCastleIfNeeded() throws Exception {
- // Still need it for Oracle Java 7 and Java 8
- Security.addProvider(new BouncyCastleProvider());
- }
- @AfterClass
- public static void unregisterBouncyCastleIfNeeded() throws Exception {
- Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
- }
- @Test
- public void testJweJwkPlainTextRSA() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwkrsa";
- BookStore bs = createJweBookStore(address, null);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJweJwkBookBeanRSA() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwkrsa";
- BookStore bs = createJweBookStore(address,
- Collections.singletonList(new JacksonJsonProvider()));
- Book book = bs.echoBook(new Book("book", 123L));
- assertEquals("book", book.getName());
- assertEquals(123L, book.getId());
- }
- private BookStore createJweBookStore(String address,
- List<?> mbProviders) throws Exception {
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JweWriterInterceptor jweWriter = new JweWriterInterceptor();
- jweWriter.setUseJweOutputStream(true);
- providers.add(jweWriter);
- providers.add(new JweClientResponseFilter());
- if (mbProviders != null) {
- providers.addAll(mbProviders);
- }
- bean.setProviders(providers);
- bean.getProperties(true).put("rs.security.encryption.out.properties",
- "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
- bean.getProperties(true).put("rs.security.encryption.in.properties",
- "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
- return bean.create(BookStore.class);
- }
-
- @Test
- public void testJweJwkAesWrap() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwkaeswrap";
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JweWriterInterceptor jweWriter = new JweWriterInterceptor();
- jweWriter.setUseJweOutputStream(true);
- providers.add(jweWriter);
- providers.add(new JweClientResponseFilter());
- bean.setProviders(providers);
- bean.getProperties(true).put("rs.security.encryption.properties",
- "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
- bean.getProperties(true).put("jose.debug", true);
- BookStore bs = bean.create(BookStore.class);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJweJwkAesCbcHMacInlineSet() throws Exception {
- doTestJweJwkAesCbcHMac("org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties");
- }
- @Test
- public void testJweJwkAesCbcHMacInlineSingleKey() throws Exception {
- doTestJweJwkAesCbcHMac("org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties");
- }
- private void doTestJweJwkAesCbcHMac(String propFile) throws Exception {
- String address = "https://localhost:" + PORT + "/jwejwkaescbchmac";
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JweWriterInterceptor jweWriter = new JweWriterInterceptor();
- jweWriter.setUseJweOutputStream(true);
- providers.add(jweWriter);
- providers.add(new JweClientResponseFilter());
- bean.setProviders(providers);
- bean.getProperties(true).put("rs.security.encryption.properties", propFile);
- PrivateKeyPasswordProvider provider =
- new PrivateKeyPasswordProviderImpl("Thus from my lips, by yours, my sin is purged.");
- bean.getProperties(true).put("rs.security.key.password.provider", provider);
- BookStore bs = bean.create(BookStore.class);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJweRsaJwsRsa() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwsrsa";
- BookStore bs = createJweJwsBookStore(address, null, null);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJweRsaJwsRsaCert() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwsrsacert";
-
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JweWriterInterceptor jweWriter = new JweWriterInterceptor();
- jweWriter.setUseJweOutputStream(true);
- providers.add(jweWriter);
- providers.add(new JweClientResponseFilter());
- JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
- jwsWriter.setUseJwsOutputStream(true);
- providers.add(jwsWriter);
- providers.add(new JwsClientResponseFilter());
-
- bean.setProviders(providers);
- bean.getProperties(true).put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
- bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
- bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
- PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
- bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
- bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
- BookStore bs = bean.create(BookStore.class);
-
- WebClient.getConfig(bs).getRequestContext().put("rs.security.keystore.alias.jwe.out", "AliceCert");
- WebClient.getConfig(bs).getRequestContext().put("rs.security.keystore.alias.jws.in", "AliceCert");
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJweRsaJwsRsaCertInHeaders() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwsrsaCertInHeaders";
- BookStore bs = createJweJwsBookStore(address, null, null);
- WebClient.getConfig(bs).getRequestContext().put("rs.security.signature.include.cert", "true");
- WebClient.getConfig(bs).getRequestContext().put("rs.security.encryption.include.cert", "true");
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJweRsaJwsPlainTextHMac() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwshmac";
- HmacJwsSignatureProvider hmacProvider =
- new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256);
- BookStore bs = createJweJwsBookStore(address, hmacProvider, null);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJweRsaJwsBookHMac() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwshmac";
- HmacJwsSignatureProvider hmacProvider =
- new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256);
- BookStore bs = createJweJwsBookStore(address, hmacProvider,
- Collections.singletonList(new JacksonJsonProvider()));
- Book book = bs.echoBook(new Book("book", 123L));
- assertEquals("book", book.getName());
- assertEquals(123L, book.getId());
- }
-
- @Test
- public void testJwsJwkPlainTextHMac() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjwkhmac";
- BookStore bs = createJwsBookStore(address, null);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJwsJwkBookHMac() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjwkhmac";
- BookStore bs = createJwsBookStore(address,
- Collections.singletonList(new JacksonJsonProvider()));
- Book book = bs.echoBook(new Book("book", 123L));
- assertEquals("book", book.getName());
- assertEquals(123L, book.getId());
- }
- private BookStore createJwsBookStore(String address,
- List<?> mbProviders) throws Exception {
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
- jwsWriter.setUseJwsOutputStream(true);
- providers.add(jwsWriter);
- providers.add(new JwsClientResponseFilter());
- if (mbProviders != null) {
- providers.addAll(mbProviders);
- }
- bean.setProviders(providers);
- bean.getProperties(true).put("rs.security.signature.properties",
- "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
- return bean.create(BookStore.class);
- }
- @Test
- public void testJwsJwkEC() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjwkec";
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
- jwsWriter.setUseJwsOutputStream(true);
- providers.add(jwsWriter);
- providers.add(new JwsClientResponseFilter());
- bean.setProviders(providers);
- bean.getProperties(true).put("rs.security.signature.out.properties",
- "org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties");
- bean.getProperties(true).put("rs.security.signature.in.properties",
- "org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties");
- BookStore bs = bean.create(BookStore.class);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJwsJwkRSA() throws Exception {
- doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", false, false);
- }
- @Test
- public void testJwsJwkInHeadersRSA() throws Exception {
- doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", true, true);
- }
- @Test
- public void testJwsJwkKidOnlyInHeadersRSA() throws Exception {
- doTestJwsJwkRSA("https://localhost:" + PORT + "/jwsjwkrsa", false, true);
- }
- private void doTestJwsJwkRSA(String address,
- boolean includePublicKey,
- boolean includeKeyId) throws Exception {
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
- jwsWriter.setUseJwsOutputStream(true);
- providers.add(jwsWriter);
- providers.add(new JwsClientResponseFilter());
- bean.setProviders(providers);
- bean.getProperties(true).put("rs.security.signature.out.properties",
- "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
- bean.getProperties(true).put("rs.security.signature.in.properties",
- "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
- if (includePublicKey) {
- bean.getProperties(true).put("rs.security.signature.include.public.key", true);
- }
- if (includeKeyId) {
- bean.getProperties(true).put("rs.security.signature.include.key.id", true);
- }
- BookStore bs = bean.create(BookStore.class);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- private BookStore createJweJwsBookStore(String address,
- JwsSignatureProvider jwsSigProvider,
- List<?> mbProviders) throws Exception {
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JweWriterInterceptor jweWriter = new JweWriterInterceptor();
- jweWriter.setUseJweOutputStream(true);
- providers.add(jweWriter);
- providers.add(new JweClientResponseFilter());
- JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor();
- if (jwsSigProvider != null) {
- jwsWriter.setSignatureProvider(jwsSigProvider);
- }
- jwsWriter.setUseJwsOutputStream(true);
- providers.add(jwsWriter);
- providers.add(new JwsClientResponseFilter());
- if (mbProviders != null) {
- providers.addAll(mbProviders);
- }
- bean.setProviders(providers);
- bean.getProperties(true).put("rs.security.encryption.out.properties", SERVER_JWEJWS_PROPERTIES);
- bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
- bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
- bean.getProperties(true).put("rs.security.signature.in.properties", SERVER_JWEJWS_PROPERTIES);
- PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
- bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
- bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
- return bean.create(BookStore.class);
- }
-
- @Test
- public void testJweAesCbcHmac() throws Exception {
- String address = "https://localhost:" + PORT + "/jweaescbchmac";
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJweJwsTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- // writer
- JweWriterInterceptor jweWriter = new JweWriterInterceptor();
- jweWriter.setUseJweOutputStream(true);
-
- final String cekEncryptionKey = "GawgguFyGrWKav7AX4VKUg";
- AesWrapKeyEncryptionAlgorithm keyEncryption =
- new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, KeyAlgorithm.A128KW);
- jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256,
- keyEncryption));
-
- // reader
- JweClientResponseFilter jweReader = new JweClientResponseFilter();
- jweReader.setDecryptionProvider(new AesCbcHmacJweDecryption(
- new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey)));
-
- providers.add(jweWriter);
- providers.add(jweReader);
- bean.setProviders(providers);
-
- BookStore bs = bean.create(BookStore.class);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
-
- // Test signing and encrypting an XML payload
- @Test
- public void testJweRsaJwsRsaXML() throws Exception {
- if (SKIP_AES_GCM_TESTS || !SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwsrsa";
- BookStore bs = createJweJwsBookStore(address, null, null);
- Book book = new Book();
- book.setName("book");
- book = bs.echoBook2(book);
- assertEquals("book", book.getName());
- }
-
- private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider {
- private String password = "password";
- public PrivateKeyPasswordProviderImpl() {
-
- }
- public PrivateKeyPasswordProviderImpl(String password) {
- this.password = password;
- }
- @Override
- public char[] getPassword(Properties storeProperties) {
- return password.toCharArray();
- }
-
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java
deleted file mode 100644
index 90ad37d..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java
+++ /dev/null
@@ -1,193 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import java.net.URL;
-import java.security.Security;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-
-import javax.ws.rs.BadRequestException;
-
-import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
-import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter;
-import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
-import org.apache.cxf.rs.security.jose.jaxrs.JwsJsonClientResponseFilter;
-import org.apache.cxf.rs.security.jose.jaxrs.JwsJsonWriterInterceptor;
-import org.apache.cxf.systest.jaxrs.security.Book;
-import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase {
- public static final String PORT = BookServerJwsJson.PORT;
- private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
-
- private static boolean isJava6() {
- String version = System.getProperty("java.version");
- return 1.6D == Double.parseDouble(version.substring(0, 3));
- }
- @BeforeClass
- public static void startServers() throws Exception {
- assertTrue("server did not launch correctly",
- launchServer(BookServerJwsJson.class, true));
- registerBouncyCastle();
- }
-
- private static void registerBouncyCastle() throws Exception {
- Security.addProvider(new BouncyCastleProvider());
- }
- @AfterClass
- public static void unregisterBouncyCastleIfNeeded() throws Exception {
- Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
- }
-
- @Test
- public void testJwsJsonPlainTextHmac() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjsonhmac";
- BookStore bs = createBookStore(address,
- "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties",
- null);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
- @Test
- public void testJwsJsonBookBeanHmac() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjsonhmac";
- BookStore bs = createBookStore(address,
- "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties",
- Collections.singletonList(new JacksonJsonProvider()));
- Book book = bs.echoBook(new Book("book", 123L));
- assertEquals("book", book.getName());
- assertEquals(123L, book.getId());
- }
- @Test
- public void testJweCompactJwsJsonBookBeanHmac() throws Exception {
- if (SKIP_AES_GCM_TESTS || !SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
- return;
- }
- String address = "https://localhost:" + PORT + "/jwejwsjsonhmac";
- List<?> extraProviders = Arrays.asList(new JacksonJsonProvider(),
- new JweWriterInterceptor(),
- new JweClientResponseFilter());
- String jwkStoreProperty = "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties";
- Map<String, Object> props = new HashMap<String, Object>();
- props.put("rs.security.signature.list.properties", jwkStoreProperty);
- props.put("rs.security.encryption.properties", jwkStoreProperty);
- BookStore bs = createBookStore(address,
- props,
- extraProviders);
- Book book = bs.echoBook(new Book("book", 123L));
- assertEquals("book", book.getName());
- assertEquals(123L, book.getId());
- }
-
- @Test
- public void testJwsJsonBookDoubleHmac() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjsonhmac2";
- List<String> properties = new ArrayList<String>();
- properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
- properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties");
- BookStore bs = createBookStore(address, properties, null);
- Book book = bs.echoBook(new Book("book", 123L));
- assertEquals("book", book.getName());
- assertEquals(123L, book.getId());
- }
-
- @Test
- public void testJwsJsonBookDoubleHmacSinglePropsFile() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjsonhmac2";
- List<String> properties = new ArrayList<String>();
- properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties");
- BookStore bs = createBookStore(address, properties, null);
- Book book = bs.echoBook2(new Book("book", 123L));
- assertEquals("book", book.getName());
- assertEquals(123L, book.getId());
- }
-
- // Test signing an XML payload
- @Test
- public void testJwsJsonPlainTextHmacXML() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjsonhmac";
- BookStore bs = createBookStore(address,
- "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties",
- null);
- String text = bs.echoText("book");
- assertEquals("book", text);
- }
-
- // Test signing with a bad signature key
- @Test
- public void testJwsJsonPlaintextHMACBadKey() throws Exception {
- String address = "https://localhost:" + PORT + "/jwsjsonhmac";
- BookStore bs = createBookStore(address,
- "org/apache/cxf/systest/jaxrs/security/secret.jwk.bad.properties",
- null);
- try {
- bs.echoText("book");
- fail("Failure expected on a bad signature key");
- } catch (BadRequestException ex) {
- // expected
- }
- }
-
- private BookStore createBookStore(String address, Object properties,
- List<?> extraProviders) throws Exception {
- return createBookStore(address,
- Collections.singletonMap("rs.security.signature.list.properties", properties),
- extraProviders);
- }
- private BookStore createBookStore(String address,
- Map<String, Object> mapProperties,
- List<?> extraProviders) throws Exception {
- JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = JAXRSJwsJsonTest.class.getResource("client.xml");
- Bus springBus = bf.createBus(busFile.toString());
- bean.setBus(springBus);
- bean.setServiceClass(BookStore.class);
- bean.setAddress(address);
- List<Object> providers = new LinkedList<Object>();
- JwsJsonWriterInterceptor writer = new JwsJsonWriterInterceptor();
- writer.setUseJwsJsonOutputStream(true);
- providers.add(writer);
- providers.add(new JwsJsonClientResponseFilter());
- if (extraProviders != null) {
- providers.addAll(extraProviders);
- }
- bean.setProviders(providers);
- bean.getProperties(true).putAll(mapProperties);
- return bean.create(BookStore.class);
- }
-
-}
[07/14] cxf git commit: Separate test classes + resources
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
deleted file mode 100644
index f3f6fbe..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/server.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
- xmlns:sec="http://cxf.apache.org/configuration/security"
- xmlns:cxf="http://cxf.apache.org/core"
- xmlns:jaxrs="http://cxf.apache.org/jaxrs"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
- http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
- http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
- http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
- http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- <cxf:properties>
- <entry key="org.apache.cxf.jaxrs.bus.providers" value-ref="busProviders"/>
- </cxf:properties>
- </cxf:bus>
- <!-- providers -->
- <util:list id="busProviders">
- <ref bean="oauthJson"/>
- </util:list>
- <httpj:engine-factory id="port-9095-tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-oauth2}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- <sec:clientAuthentication want="true" required="true"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
- <bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
- <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
- <property name="dataProvider" ref="dataProvider"/>
- </bean>
- <bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
- <bean id="customGrantHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.CustomGrantHandler">
- <property name="dataProvider" ref="dataProvider"/>
- </bean>
- <bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
- <bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
- <property name="dataProvider" ref="dataProvider"/>
- <property name="grantHandlers">
- <list>
- <ref bean="samlGrantHandler"/>
- <ref bean="customGrantHandler"/>
- </list>
- </property>
- </bean>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:properties>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="samlAuthHandler"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
index 6354e6c..eda4bf7 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/BookServerSaml.java
@@ -19,6 +19,8 @@
package org.apache.cxf.systest.jaxrs.security.saml;
+import java.net.URL;
+
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -27,8 +29,8 @@ import org.apache.cxf.testutil.common.TestUtil;
public class BookServerSaml extends AbstractBusTestServerBase {
public static final String PORT = TestUtil.getPortNumber("jaxrs-saml");
- private static final String SERVER_CONFIG_FILE =
- "org/apache/cxf/systest/jaxrs/security/saml/server.xml";
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerSaml.class.getResource("server.xml");
protected void run() {
SpringBusFactory bf = new SpringBusFactory();
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/client.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/client.xml
deleted file mode 100644
index 13eaea1..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/client.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <http:conduit name="https://localhost.*">
- <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
- <http:tlsClientParameters disableCNCheck="true">
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- </http:tlsClientParameters>
- </http:conduit>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/secureServer.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/secureServer.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/secureServer.xml
deleted file mode 100644
index 07dcf6d..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/secureServer.xml
+++ /dev/null
@@ -1,104 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd ">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <httpj:engine-factory id="port-9095-tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-saml}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- <sec:clientAuthentication want="true" required="true"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
- <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.saml.SecureBookStore"/>
- <bean id="serviceBeanClaims" class="org.apache.cxf.systest.jaxrs.security.saml.SecureClaimBookStore"/>
- <bean id="samlEnvHandler" class="org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler"/>
- <bean id="claimsHandler" class="org.apache.cxf.rs.security.saml.authorization.ClaimsAuthorizingFilter">
- <property name="securedObject" ref="serviceBeanClaims"/>
- </bean>
- <bean id="authorizationInterceptor" class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
- <property name="securedObject" ref="serviceBean"/>
- </bean>
- <bean id="rolesHandler" class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
- <property name="interceptor" ref="authorizationInterceptor"/>
- </bean>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="samlEnvHandler"/>
- <ref bean="rolesHandler"/>
- </jaxrs:providers>
- <!-- If default role qualifier and format are not supported:
-
- <jaxrs:properties>
- <entry key="org.apache.cxf.saml.claims.role.nameformat"
- value="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
- <entry key="org.apache.cxf.saml.claims.role.qualifier"
- value="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"/>
- </jaxrs:properties>
- -->
- </jaxrs:server>
- <util:map id="userRolesMap">
- <entry key="bob" value="admin"/>
- <entry key="fred" value="user"/>
- </util:map>
- <bean id="authorizationInterceptorWithUserMap" class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
- <property name="securedObject" ref="serviceBean"/>
- <property name="userRolesMap" ref="userRolesMap"/>
- </bean>
- <bean id="rolesHandlerWithUserMap" class="org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter">
- <property name="interceptor" ref="authorizationInterceptorWithUserMap"/>
- </bean>
- <bean id="samlEnvHandlerWithCustomProvider" class="org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler">
- <property name="securityContextProvider">
- <bean class="org.apache.cxf.systest.jaxrs.security.saml.CustomSecurityContextProvider"/>
- </property>
- </bean>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles2">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="samlEnvHandlerWithCustomProvider"/>
- <ref bean="rolesHandlerWithUserMap"/>
- </jaxrs:providers>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/saml-claims">
- <jaxrs:serviceBeans>
- <ref bean="serviceBeanClaims"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="samlEnvHandler"/>
- <ref bean="claimsHandler"/>
- </jaxrs:providers>
- </jaxrs:server>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/server.xml
deleted file mode 100644
index 92ffdff..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/server.xml
+++ /dev/null
@@ -1,79 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <httpj:engine-factory id="port-9095-tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-saml}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- <sec:clientAuthentication want="true" required="true"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
- <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
- <bean id="samlHeaderHandler" class="org.apache.cxf.rs.security.saml.SamlHeaderInHandler"/>
- <bean id="samlFormHandler" class="org.apache.cxf.rs.security.saml.SamlFormInHandler"/>
- <bean id="samlEnvHandler" class="org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler"/>
- <bean id="xmlSigHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler"/>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/samlheader">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="samlHeaderHandler"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/samlform">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="samlFormHandler"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/samlxml">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="xmlSigHandler"/>
- <ref bean="samlEnvHandler"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java
index 83cc84a..da7209a 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java
@@ -19,6 +19,8 @@
package org.apache.cxf.systest.jaxrs.security.samlsso;
+import java.net.URL;
+
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -27,8 +29,8 @@ import org.apache.cxf.testutil.common.TestUtil;
public class MetadataServer extends AbstractBusTestServerBase {
public static final String PORT = TestUtil.getPortNumber("jaxrs-saml");
- private static final String SERVER_CONFIG_FILE =
- "org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml";
+ private static final URL SERVER_CONFIG_FILE =
+ MetadataServer.class.getResource("metadata-server.xml");
protected void run() {
SpringBusFactory bf = new SpringBusFactory();
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml
deleted file mode 100644
index 13eaea1..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <http:conduit name="https://localhost.*">
- <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
- <http:tlsClientParameters disableCNCheck="true">
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- </http:tlsClientParameters>
- </http:conduit>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml
deleted file mode 100644
index e130b3c..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd ">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <httpj:engine-factory id="port-9095-tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-saml}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- <sec:clientAuthentication want="true" required="true"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
-
- <bean id="metadataBean" class="org.apache.cxf.rs.security.saml.sso.MetadataService">
- <property name="serviceAddress"
- value="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles"/>
- <property name="assertionConsumerServiceAddress"
- value="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles"/>
- <property name="logoutServiceAddress"
- value="https://localhost:${testutil.ports.jaxrs-saml}/sso/logout"/>
- <property name="signatureUsername" value="alice"/>
- <property name="signaturePropertiesFile"
- value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- <property name="callbackHandlerClass"
- value="org.apache.cxf.systest.jaxrs.security.samlsso.KeystorePasswordCallback"/>
- </bean>
-
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/sso"
- depends-on="port-9095-tls-config" >
- <jaxrs:serviceBeans>
- <ref bean="metadataBean"/>
- </jaxrs:serviceBeans>
- </jaxrs:server>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
index 5a8dbcd..bfaa4ab 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
@@ -19,6 +19,8 @@
package org.apache.cxf.systest.jaxrs.security.xml;
+import java.net.URL;
+
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -27,8 +29,8 @@ import org.apache.cxf.testutil.common.TestUtil;
public class BookServerXmlSec extends AbstractBusTestServerBase {
public static final String PORT = TestUtil.getPortNumber("jaxrs-xmlsec");
- private static final String SERVER_CONFIG_FILE =
- "org/apache/cxf/systest/jaxrs/security/xml/server.xml";
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerXmlSec.class.getResource("server.xml");
protected void run() {
SpringBusFactory bf = new SpringBusFactory();
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
deleted file mode 100644
index 13eaea1..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <http:conduit name="https://localhost.*">
- <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
- <http:tlsClientParameters disableCNCheck="true">
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- </http:tlsClientParameters>
- </http:conduit>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
deleted file mode 100644
index 48ee949..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
+++ /dev/null
@@ -1,201 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <httpj:engine-factory id="port-9095-tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-xmlsec}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- <sec:clientAuthentication want="true" required="true"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
- <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
- <bean id="sigProps" class="org.apache.cxf.rs.security.xml.SignatureProperties">
- <property name="signatureAlgo" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
- <property name="signatureDigestAlgo" value="http://www.w3.org/2000/09/xmldsig#sha1"/>
- <property name="signatureC14nMethod" value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
- <property name="signatureC14nTransform" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </bean>
- <bean id="encProps" class="org.apache.cxf.rs.security.xml.EncryptionProperties">
- <property name="encryptionKeyTransportAlgo" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
- <property name="encryptionSymmetricKeyAlgo" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
- </bean>
- <bean id="xmlSigInHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
- </bean>
- <bean id="xmlSigInHandlerConstraints" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
- <property name="subjectConstraints">
- <util:list>
- <value>.*CN=bob.*</value>
- </util:list>
- </property>
- </bean>
- <bean id="xmlSigInHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
- <property name="signatureProperties" ref="sigProps"/>
- </bean>
- <bean id="xmlSigInHandlerNoKeyInfo" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
- <property name="keyInfoMustBeAvailable" value="false"/>
- </bean>
- <bean id="xmlSigOutHandler" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor"/>
- <bean id="xmlSigOutHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor">
- <property name="signatureProperties" ref="sigProps"/>
- </bean>
- <bean id="xmlSigOutHandlerNoKeyInfo" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor">
- <property name="keyInfoMustBeAvailable" value="false"/>
- </bean>
- <bean id="xmlEncInHandler" class="org.apache.cxf.rs.security.xml.XmlEncInHandler"/>
- <bean id="xmlEncInHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlEncInHandler">
- <property name="encryptionProperties" ref="encProps"/>
- </bean>
- <bean id="xmlEncOutHandler" class="org.apache.cxf.rs.security.xml.XmlEncOutInterceptor">
- <property name="symmetricEncAlgorithm" value="aes128-cbc"/>
- </bean>
- <bean id="xmlEncOutHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlEncOutInterceptor">
- <property name="encryptionProperties" ref="encProps"/>
- </bean>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsig">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="xmlSigInHandler"/>
- </jaxrs:providers>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsigconstraints">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="xmlSigInHandlerConstraints"/>
- </jaxrs:providers>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsignokeyinfo">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="xmlSigInHandlerNoKeyInfo"/>
- </jaxrs:providers>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandlerNoKeyInfo"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlenc">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="xmlEncInHandler"/>
- </jaxrs:providers>
- <jaxrs:outInterceptors>
- <ref bean="xmlEncOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="xmlEncInHandler"/>
- <ref bean="xmlSigInHandler"/>
- </jaxrs:providers>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandler"/>
- <ref bean="xmlEncOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec-validate">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="xmlEncInHandlerWithProps"/>
- <ref bean="xmlSigInHandlerWithProps"/>
- </jaxrs:providers>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandlerWithProps"/>
- <ref bean="xmlEncOutHandlerWithProps"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec-useReqSigCert">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="xmlEncInHandler"/>
- <ref bean="xmlSigInHandler"/>
- </jaxrs:providers>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandler"/>
- <ref bean="xmlEncOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- <entry key="ws-security.encryption.username" value="useReqSigCert"/>
- </jaxrs:properties>
- </jaxrs:server>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
deleted file mode 100644
index 0164e2d..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
+++ /dev/null
@@ -1,216 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <httpj:engine-factory id="port-9095-tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-xmlsec-stax}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- <sec:clientAuthentication want="true" required="true"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
- <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
- <bean id="sigProps" class="org.apache.cxf.rs.security.xml.SignatureProperties">
- <property name="signatureAlgo" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
- <property name="signatureDigestAlgo" value="http://www.w3.org/2000/09/xmldsig#sha1"/>
- <property name="signatureC14nMethod" value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
- <property name="signatureC14nTransform" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- </bean>
- <bean id="encProps" class="org.apache.cxf.rs.security.xml.EncryptionProperties">
- <property name="encryptionKeyTransportAlgo" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
- <property name="encryptionSymmetricKeyAlgo" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
- </bean>
- <bean id="xmlSigInHandler" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
- <property name="requireSignature" value="true"/>
- <property name="signatureVerificationAlias" value="alice" />
- </bean>
- <bean id="xmlSigInHandlerConstraints" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
- <property name="requireSignature" value="true"/>
- <property name="signatureVerificationAlias" value="alice" />
- <property name="subjectConstraints">
- <util:list>
- <value>.*CN=bob.*</value>
- </util:list>
- </property>
- </bean>
- <bean id="xmlEncInHandler" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
- <property name="decryptionAlias" value="bob" />
- <property name="requireEncryption" value="true"/>
- </bean>
- <bean id="xmlSecInHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
- <property name="signatureProperties" ref="sigProps"/>
- <property name="encryptionProperties" ref="encProps"/>
- <property name="decryptionAlias" value="bob" />
- <property name="signatureVerificationAlias" value="alice" />
- <property name="requireEncryption" value="true"/>
- <property name="requireSignature" value="true"/>
- </bean>
- <bean id="xmlSigOutHandler" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
- <property name="signRequest" value="true"/>
- </bean>
- <bean id="xmlSecOutHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
- <property name="signRequest" value="true"/>
- <property name="encryptRequest" value="true"/>
- <property name="signatureProperties" ref="sigProps"/>
- <property name="encryptionProperties" ref="encProps"/>
- </bean>
- <bean id="xmlSigOutHandlerNoKeyInfo" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
- <property name="signRequest" value="true"/>
- </bean>
- <bean id="xmlSecInHandler" class="org.apache.cxf.rs.security.xml.XmlSecInInterceptor">
- <property name="requireSignature" value="true"/>
- <property name="signatureVerificationAlias" value="alice" />
- <property name="decryptionAlias" value="bob" />
- <property name="requireEncryption" value="true"/>
- </bean>
- <bean id="xmlSecOutHandler" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
- <property name="signRequest" value="true"/>
- <property name="encryptRequest" value="true"/>
- <property name="symmetricEncAlgorithm" value="aes128-cbc"/>
- </bean>
- <bean id="xmlEncOutHandler" class="org.apache.cxf.rs.security.xml.XmlSecOutInterceptor">
- <property name="encryptRequest" value="true"/>
- <property name="symmetricEncAlgorithm" value="aes128-cbc"/>
- </bean>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsig">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:inInterceptors>
- <ref bean="xmlSigInHandler"/>
- </jaxrs:inInterceptors>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigconstraints">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:inInterceptors>
- <ref bean="xmlSigInHandlerConstraints"/>
- </jaxrs:inInterceptors>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsignokeyinfo">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:inInterceptors>
- <ref bean="xmlSigInHandler"/>
- </jaxrs:inInterceptors>
- <jaxrs:outInterceptors>
- <ref bean="xmlSigOutHandlerNoKeyInfo"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlenc">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:inInterceptors>
- <ref bean="xmlEncInHandler"/>
- </jaxrs:inInterceptors>
- <jaxrs:outInterceptors>
- <ref bean="xmlEncOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsec">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:inInterceptors>
- <ref bean="xmlSecInHandler"/>
- </jaxrs:inInterceptors>
- <jaxrs:outInterceptors>
- <ref bean="xmlSecOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsec-validate">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:inInterceptors>
- <ref bean="xmlSecInHandlerWithProps"/>
- </jaxrs:inInterceptors>
- <jaxrs:outInterceptors>
- <ref bean="xmlSecOutHandlerWithProps"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsec-useReqSigCert">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:inInterceptors>
- <ref bean="xmlSecInHandler"/>
- </jaxrs:inInterceptors>
- <jaxrs:outInterceptors>
- <ref bean="xmlSecOutHandler"/>
- </jaxrs:outInterceptors>
- <jaxrs:properties>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
- <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
- <entry key="ws-security.encryption.username" value="useReqSigCert"/>
- </jaxrs:properties>
- </jaxrs:server>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/algorithms-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/algorithms-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/algorithms-server.xml
new file mode 100644
index 0000000..08fbb88
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/algorithms-server.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.BookStore"/>
+
+ <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jweoaepgcm">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.encryption.in.properties"
+ value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jwesmallkey">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks"/>
+ <entry key="rs.security.keystore.alias" value="smallkey"/>
+ <entry key="rs.security.keystore.password" value="security"/>
+ <entry key="rs.security.key.password" value="security"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks"/>
+ <entry key="rs.security.encryption.content.algorithm" value="A128GCM"/>
+ <entry key="rs.security.encryption.key.algorithm" value="RSA-OAEP"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jws">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.in.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jwsec">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jwk"/>
+ <entry key="rs.security.keystore.alias" value="ECKey"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"/>
+ <entry key="rs.security.signature.algorithm" value="ES256"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jwssmallkey">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks"/>
+ <entry key="rs.security.keystore.alias" value="smallkey"/>
+ <entry key="rs.security.keystore.password" value="security"/>
+ <entry key="rs.security.key.password" value="security"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks"/>
+ <entry key="rs.security.signature.algorithm" value="RS256"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/client.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/client.xml
new file mode 100644
index 0000000..13eaea1
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/client.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <http:conduit name="https://localhost.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/reference-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/reference-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/reference-server.xml
new file mode 100644
index 0000000..0d33cbc
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/reference-server.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jose.BookStore"/>
+
+ <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-reference}/jweincludekey">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jwk"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"/>
+ <entry key="rs.security.encryption.content.algorithm" value="A128GCM"/>
+ <entry key="rs.security.encryption.key.algorithm" value="RSA-OAEP"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="passwordProvider"
+ class="org.apache.cxf.systest.jaxrs.security.jose.jwejws.PrivateKeyPasswordProviderImpl"/>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-reference}/jweincludecert">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jweInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/bob.jks"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ <entry key="rs.security.decryption.key.password.provider" value-ref="passwordProvider"/>
+ <entry key="rs.security.encryption.content.algorithm" value="A128GCM"/>
+ <entry key="rs.security.encryption.key.algorithm" value="RSA-OAEP"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-reference}/jwsincludecert">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/cxfca.jks"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-reference}/jwsincludecertsha1">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="jwsInFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.keystore.type" value="jks"/>
+ <entry key="rs.security.keystore.file"
+ value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks"/>
+ <entry key="rs.security.keystore.password" value="password"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+</beans>
[08/14] cxf git commit: Separate test classes + resources
Posted by co...@apache.org.
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
deleted file mode 100644
index 2742477..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
+++ /dev/null
@@ -1,534 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import java.net.URL;
-import java.security.Security;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.ws.rs.core.Response;
-
-import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
-
-import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
-import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
-import org.apache.cxf.systest.jaxrs.security.Book;
-import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-/**
- * Some encryption or signature tests, focus on algorithms.
- */
-public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase {
- public static final String PORT = BookServerAlgorithms.PORT;
- private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
-
- private static boolean isJava6() {
- String version = System.getProperty("java.version");
- return 1.6D == Double.parseDouble(version.substring(0, 3));
- }
-
- @BeforeClass
- public static void startServers() throws Exception {
- assertTrue("server did not launch correctly",
- launchServer(BookServerAlgorithms.class, true));
- registerBouncyCastleIfNeeded();
- }
-
- private static void registerBouncyCastleIfNeeded() throws Exception {
- // Still need it for Oracle Java 7 and Java 8
- Security.addProvider(new BouncyCastleProvider());
- }
-
- @AfterClass
- public static void unregisterBouncyCastleIfNeeded() throws Exception {
- Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
- }
-
- //
- // Encryption tests
- //
- @org.junit.Test
- public void testEncryptionProperties() throws Exception {
-
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.encryption.properties",
- "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
-
- Book returnedBook = response.readEntity(Book.class);
- assertEquals(returnedBook.getName(), "book");
- assertEquals(returnedBook.getId(), 123L);
- }
-
- @org.junit.Test
- public void testEncryptionDynamic() throws Exception {
-
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "2011-04-29");
- properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
-
- Book returnedBook = response.readEntity(Book.class);
- assertEquals(returnedBook.getName(), "book");
- assertEquals(returnedBook.getId(), 123L);
- }
-
- @org.junit.Test
- public void testWrongKeyEncryptionAlgorithm() throws Exception {
-
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "2011-04-29");
- properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA1_5");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "2011-04-29");
- properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA1_5");
- properties.put("rs.security.encryption.include.public.key", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testWrongContentEncryptionAlgorithm() throws Exception {
-
- if (SKIP_AES_GCM_TESTS || !SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
- return;
- }
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "2011-04-29");
- properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
- properties.put("rs.security.encryption.content.algorithm", "A192GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testBadEncryptingKey() throws Exception {
-
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "AliceCert");
- properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- // 1024 bits not allowed with RSA according to the spec
- @org.junit.Test
- public void testSmallEncryptionKeySize() throws Exception {
-
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jwesmallkey/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "smallkey");
- properties.put("rs.security.keystore.password", "security");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- //
- // Signature tests
- //
-
- @org.junit.Test
- public void testSignatureProperties() throws Exception {
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jws/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.signature.properties",
- "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
-
- Book returnedBook = response.readEntity(Book.class);
- assertEquals(returnedBook.getName(), "book");
- assertEquals(returnedBook.getId(), 123L);
- }
-
- @org.junit.Test
- public void testSignatureDynamic() throws Exception {
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jws/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "2011-04-29");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
- properties.put("rs.security.signature.algorithm", "RS256");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
-
- Book returnedBook = response.readEntity(Book.class);
- assertEquals(returnedBook.getName(), "book");
- assertEquals(returnedBook.getId(), 123L);
- }
-
- @org.junit.Test
- public void testWrongSignatureAlgorithm() throws Exception {
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jws/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "2011-04-29");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
- properties.put("rs.security.signature.algorithm", "PS256");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testWrongSignatureAlgorithmKeyIncluded() throws Exception {
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jws/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "2011-04-29");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
- properties.put("rs.security.signature.algorithm", "PS256");
- properties.put("rs.security.signature.include.public.key", true);
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testBadSigningKey() throws Exception {
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jws/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.alias", "alice");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
- properties.put("rs.security.signature.algorithm", "RS256");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testSignatureEllipticCurve() throws Exception {
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jwsec/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "ECKey");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt");
- properties.put("rs.security.signature.algorithm", "ES256");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
-
- Book returnedBook = response.readEntity(Book.class);
- assertEquals(returnedBook.getName(), "book");
- assertEquals(returnedBook.getId(), 123L);
- }
-
- @org.junit.Test
- public void testManualSignature() throws Exception {
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
-
- String address = "http://localhost:" + PORT + "/jws/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- String header = "eyJhbGciOiJSUzI1NiIsImN0eSI6Impzb24ifQ";
- String payload = "eyJCb29rIjp7ImlkIjoxMjMsIm5hbWUiOiJib29rIn19";
- String sig = "mZJVPy83atFNxQMeJqkVbR8t1srr9LgKBGT0hgiymjNepRgqedvFG5B8E8UPAzfzNLsos91gGdneUEKrWauU4GoDPTzngX"
- + "798aDP6lsn5bUoTMKLfaWp9uzHDIzLMjGkabn92nrIpdK4JKDYNjdSUJIT2L97jggg0aoLhJQHVw2LdF1fpYdM-HCyccNW"
- + "HQbAR7bDZdITZFnDi8b22QfHCqeLV7m4mBvNDtNX337wtoUKyjPYBMoWc12hHDCwQyu_gfW6zFioF5TGx-Ifg8hrFlnyUr"
- + "vnSdP-FUtXiGeWBIvE_L6gD7DfM4u9hkK757vTjjMR_pF2CW3pfSH-Ha8v0A";
-
- // Successful test
- Response response = client.post(header + "." + payload + "." + sig);
- assertEquals(response.getStatus(), 200);
-
- Book returnedBook = response.readEntity(Book.class);
- assertEquals(returnedBook.getName(), "book");
- assertEquals(returnedBook.getId(), 123L);
-
- // No signature
- response = client.post(header + "." + payload + ".");
- assertNotEquals(response.getStatus(), 200);
-
- // Modified signature
- String sig2 = sig.replace('y', 'z');
- response = client.post(header + "." + payload + "." + sig2);
- assertNotEquals(response.getStatus(), 200);
- }
-
- // 1024 bits not allowed with RSA according to the spec
- @org.junit.Test
- public void testSmallSignatureKeySize() throws Exception {
-
- URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jwssmallkey/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "smallkey");
- properties.put("rs.security.keystore.password", "security");
- properties.put("rs.security.key.password", "security");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
- properties.put("rs.security.signature.algorithm", "RS256");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
deleted file mode 100644
index e7f6857..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
+++ /dev/null
@@ -1,385 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import java.net.URL;
-import java.security.Security;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.ws.rs.core.Response;
-
-import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
-
-import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor;
-import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor;
-import org.apache.cxf.systest.jaxrs.security.Book;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-
-/**
- * Some encryption or signature tests, focus on how keys and certs are referenced and included.
- */
-public class JweJwsReferenceTest extends AbstractBusClientServerTestBase {
- public static final String PORT = BookServerReference.PORT;
- private static final Boolean SKIP_AES_GCM_TESTS = isJava6();
- @BeforeClass
- public static void startServers() throws Exception {
- assertTrue("server did not launch correctly",
- launchServer(BookServerReference.class, true));
- registerBouncyCastleIfNeeded();
- }
-
- private static void registerBouncyCastleIfNeeded() throws Exception {
- // Still need it for Oracle Java 7 and Java 8
- Security.addProvider(new BouncyCastleProvider());
- }
- private static boolean isJava6() {
- String version = System.getProperty("java.version");
- return 1.6D == Double.parseDouble(version.substring(0, 3));
- }
- @AfterClass
- public static void unregisterBouncyCastleIfNeeded() throws Exception {
- Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
- }
-
- //
- // Encryption tests
- //
- // TODO
- @org.junit.Test
- @org.junit.Ignore
- public void testEncryptionIncludePublicKey() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweincludekey/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jwk");
- properties.put("rs.security.keystore.alias", "2011-04-29");
- properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- properties.put("rs.security.encryption.include.public.key", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- Response response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testEncryptionIncludeCert() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweincludecert/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "bob");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/bob.jks");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- // First test that it fails without adding a cert (reference). This is because
- // the service side does not have an alias configured
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
-
- // Now it should work
- properties.put("rs.security.encryption.include.cert", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
- response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testEncryptionIncludeCertNegativeTest() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweincludecert/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "alice");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- properties.put("rs.security.encryption.include.cert", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- // Failure expected as we are encrypting to "alice" instead of "bob"
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testEncryptionIncludeCertSha1() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweincludecert/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "bob");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/bob.jks");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- // First test that it fails without adding a cert (reference). This is because
- // the service side does not have an alias configured
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
-
- // Now it should work
- properties.put("rs.security.encryption.include.cert.sha1", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
- response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testEncryptionIncludeCertSha1NegativeTest() throws Exception {
- if (SKIP_AES_GCM_TESTS) {
- return;
- }
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JweWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jweincludecert/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "alice");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
- properties.put("rs.security.encryption.content.algorithm", "A128GCM");
- properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
- properties.put("rs.security.encryption.include.cert.sha1", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- // Failure expected as we are encrypting to "alice" instead of "bob"
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- //
- // Signature tests
- //
-
- @org.junit.Test
- public void testSignatureIncludeCert() throws Exception {
-
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jwsincludecert/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "alice");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- // First test that it fails without adding a cert (reference). This is because
- // the service side does not have an alias configured
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
-
- // Now it should work
- properties.put("rs.security.signature.include.cert", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
- response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testSignatureIncludeCertNegativeTest() throws Exception {
-
-
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jwsincludecert/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "morpit");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/Morpit.jks");
- properties.put("rs.security.signature.include.cert", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- // Failure expected as we are signing using a cert not trusted by cxfca.jks
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
- @org.junit.Test
- public void testSignatureIncludeCertSha1() throws Exception {
-
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jwsincludecertsha1/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "alice");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- // First test that it fails without adding a cert (reference). This is because
- // the service side does not have an alias configured
-
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
-
- // Now it should work
- properties.put("rs.security.signature.include.cert.sha1", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
- response = client.post(new Book("book", 123L));
- assertEquals(response.getStatus(), 200);
- }
-
-
- @org.junit.Test
- public void testSignatureIncludeCertSha1NegativeTest() throws Exception {
-
- URL busFile = JweJwsReferenceTest.class.getResource("client.xml");
-
- List<Object> providers = new ArrayList<Object>();
- providers.add(new JacksonJsonProvider());
- providers.add(new JwsWriterInterceptor());
-
- String address = "http://localhost:" + PORT + "/jwsincludecertsha1/bookstore/books";
- WebClient client =
- WebClient.create(address, providers, busFile.toString());
- client.type("application/json").accept("application/json");
-
- Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("rs.security.keystore.type", "jks");
- properties.put("rs.security.keystore.alias", "morpit");
- properties.put("rs.security.keystore.password", "password");
- properties.put("rs.security.key.password", "password");
- properties.put("rs.security.keystore.file",
- "org/apache/cxf/systest/jaxrs/security/certs/Morpit.jks");
- properties.put("rs.security.signature.include.cert.sha1", "true");
- WebClient.getConfig(client).getRequestContext().putAll(properties);
-
- // Failure expected as we are signing using a cert not trusted by cxfca.jks
- Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
deleted file mode 100644
index d9d7153..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.jaxrs.security.jwt;
-
-import java.util.Properties;
-
-import org.apache.cxf.rs.security.jose.common.PrivateKeyPasswordProvider;
-
-public class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider {
-
- private String password = "password";
- public PrivateKeyPasswordProviderImpl() {
-
- }
- public PrivateKeyPasswordProviderImpl(String password) {
- this.password = password;
- }
- @Override
- public char[] getPassword(Properties storeProperties) {
- return password.toCharArray();
- }
-
-}
-
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/algorithms-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/algorithms-server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/algorithms-server.xml
deleted file mode 100644
index faa2e35..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/algorithms-server.xml
+++ /dev/null
@@ -1,113 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
-
- <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jwt.BookStore"/>
-
- <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jweoaepgcm">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.encryption.in.properties"
- value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jwesmallkey">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.keystore.type" value="jks"/>
- <entry key="rs.security.keystore.alias" value="smallkey"/>
- <entry key="rs.security.keystore.password" value="security"/>
- <entry key="rs.security.key.password" value="security"/>
- <entry key="rs.security.keystore.file"
- value="org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks"/>
- <entry key="rs.security.encryption.content.algorithm" value="A128GCM"/>
- <entry key="rs.security.encryption.key.algorithm" value="RSA-OAEP"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jws">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.signature.in.properties"
- value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jwsec">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.keystore.type" value="jwk"/>
- <entry key="rs.security.keystore.alias" value="ECKey"/>
- <entry key="rs.security.keystore.file"
- value="org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"/>
- <entry key="rs.security.signature.algorithm" value="ES256"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-algorithms}/jwssmallkey">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.keystore.type" value="jks"/>
- <entry key="rs.security.keystore.alias" value="smallkey"/>
- <entry key="rs.security.keystore.password" value="security"/>
- <entry key="rs.security.key.password" value="security"/>
- <entry key="rs.security.keystore.file"
- value="org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks"/>
- <entry key="rs.security.signature.algorithm" value="RS256"/>
- </jaxrs:properties>
- </jaxrs:server>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/client.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/client.xml
deleted file mode 100644
index 13eaea1..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/client.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <http:conduit name="https://localhost.*">
- <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
- <http:tlsClientParameters disableCNCheck="true">
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- </http:tlsClientParameters>
- </http:conduit>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml
deleted file mode 100644
index a488f4e..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml
+++ /dev/null
@@ -1,101 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
-
- <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jwt.BookStore"/>
-
- <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-reference}/jweincludekey">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.keystore.type" value="jwk"/>
- <entry key="rs.security.keystore.file"
- value="org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"/>
- <entry key="rs.security.encryption.content.algorithm" value="A128GCM"/>
- <entry key="rs.security.encryption.key.algorithm" value="RSA-OAEP"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <bean id="passwordProvider"
- class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl"/>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-reference}/jweincludecert">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.keystore.type" value="jks"/>
- <entry key="rs.security.keystore.file"
- value="org/apache/cxf/systest/jaxrs/security/certs/bob.jks"/>
- <entry key="rs.security.keystore.password" value="password"/>
- <entry key="rs.security.decryption.key.password.provider" value-ref="passwordProvider"/>
- <entry key="rs.security.encryption.content.algorithm" value="A128GCM"/>
- <entry key="rs.security.encryption.key.algorithm" value="RSA-OAEP"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-reference}/jwsincludecert">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.keystore.type" value="jks"/>
- <entry key="rs.security.keystore.file"
- value="org/apache/cxf/systest/jaxrs/security/certs/cxfca.jks"/>
- <entry key="rs.security.keystore.password" value="password"/>
- </jaxrs:properties>
- </jaxrs:server>
-
- <jaxrs:server address="http://localhost:${testutil.ports.jaxrs-jwejws-reference}/jwsincludecertsha1">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.keystore.type" value="jks"/>
- <entry key="rs.security.keystore.file"
- value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks"/>
- <entry key="rs.security.keystore.password" value="password"/>
- </jaxrs:properties>
- </jaxrs:server>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
deleted file mode 100644
index 9923948..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ /dev/null
@@ -1,246 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <httpj:engine-factory id="port-9095-tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-jwt}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- <sec:clientAuthentication want="true" required="true"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
- <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jwt.BookStore"/>
- <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
- <bean id="jweOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor"/>
-
- <bean id="aesWrapEncryptionAlgo" class="org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm">
- <constructor-arg type="java.lang.String" value="GawgguFyGrWKav7AX4VKUg"/>
- <constructor-arg value="A128KW"/>
- </bean>
- <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption">
- <constructor-arg value="A128CBC-HS256"/>
- <constructor-arg ref="aesWrapEncryptionAlgo"/>
- </bean>
-
- <bean id="aesWrapDecryptionAlgo" class="org.apache.cxf.rs.security.jose.jwe.AesWrapKeyDecryptionAlgorithm">
- <constructor-arg value="GawgguFyGrWKav7AX4VKUg"/>
- </bean>
- <bean id="aesCbcHmacDecryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption">
- <constructor-arg ref="aesWrapDecryptionAlgo"/>
- </bean>
-
- <bean id="jweInAesCbcHmacFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter">
- <property name="decryptionProvider" ref="aesCbcHmacDecryption"/>
- </bean>
- <bean id="jweOutAesCbcHmacFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor">
- <property name="encryptionProvider" ref="aesCbcHmacEncryption"/>
- </bean>
-
- <bean id="hmacSigVerifier" class="org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureVerifier">
- <constructor-arg type="java.lang.String" value="AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"/>
- <constructor-arg value="HS256"/>
- </bean>
- <bean id="jwsHmacInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter">
- <property name="signatureVerifier" ref="hmacSigVerifier"/>
- </bean>
- <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/>
- <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor"/>
- <bean id="keyPasswordProvider" class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl"/>
- <bean id="keyPasswordProvider2" class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl">
- <constructor-arg value="Thus from my lips, by yours, my sin is purged."/>
- </bean>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsa">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- <ref bean="jweOutFilter"/>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
- <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
- <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
- <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
- <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
- <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsacert">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- <ref bean="jweOutFilter"/>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
- <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
- <entry key="rs.security.keystore.file" value="org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"/>
- <entry key="rs.security.keystore.alias.jwe.out" value="BobCert"/>
- <entry key="rs.security.keystore.alias.jws.in" value="BobCert"/>
- <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
- <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsaCertInHeaders">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- <ref bean="jweOutFilter"/>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.storeonly.properties"/>
- <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.storeonly.properties"/>
- <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
- <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
- <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
- <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
- </jaxrs:properties>
- </jaxrs:server>
- <bean id="jackson" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider"/>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkrsa">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- <ref bean="jweOutFilter"/>
- <ref bean="jackson"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/>
- <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkaeswrap">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- <ref bean="jweOutFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwkaescbchmac">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- <ref bean="jweOutFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties"/>
- <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider2"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwshmac">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInFilter"/>
- <ref bean="jweOutFilter"/>
- <ref bean="jwsHmacInFilter"/>
- <ref bean="jwsOutFilter"/>
- <ref bean="jackson"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
- <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
- <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
- <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
- <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwsjwkhmac">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- <ref bean="jackson"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwsjwkec">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties"/>
- <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwsjwkrsa">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
- <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/>
- <entry key="rs.security.accept.public.key" value="true"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jweaescbchmac">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jweInAesCbcHmacFilter"/>
- <ref bean="jweOutAesCbcHmacFilter"/>
- </jaxrs:providers>
- </jaxrs:server>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml
deleted file mode 100644
index 1d2dd37..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/serverJwsJson.xml
+++ /dev/null
@@ -1,90 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation=" http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <httpj:engine-factory id="port-9095-tls-config">
- <httpj:engine port="${testutil.ports.jaxrs-jws-json}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- <sec:clientAuthentication want="true" required="true"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
-
- <bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.jwt.BookStore"/>
- <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsJsonContainerRequestFilter"/>
- <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsJsonWriterInterceptor"/>
- <bean id="jackson" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider"/>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-json}/jwsjsonhmac">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- <ref bean="jackson"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.signature.list.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <bean id="jweInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweContainerRequestFilter"/>
- <bean id="jweOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor"/>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-json}/jwejwsjsonhmac">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- <ref bean="jweInFilter"/>
- <ref bean="jweOutFilter"/>
- <ref bean="jackson"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.signature.list.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
- <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jws-json}/jwsjsonhmac2">
- <jaxrs:serviceBeans>
- <ref bean="serviceBean"/>
- </jaxrs:serviceBeans>
- <jaxrs:providers>
- <ref bean="jwsInFilter"/>
- <ref bean="jwsOutFilter"/>
- </jaxrs:providers>
- <jaxrs:properties>
- <entry key="rs.security.signature.list.properties"
- value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties,org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties"/>
- </jaxrs:properties>
- </jaxrs:server>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/BookServerOAuth2.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/BookServerOAuth2.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/BookServerOAuth2.java
index 9f2565d..a658e35 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/BookServerOAuth2.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/BookServerOAuth2.java
@@ -19,6 +19,8 @@
package org.apache.cxf.systest.jaxrs.security.oauth2;
+import java.net.URL;
+
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -27,8 +29,8 @@ import org.apache.cxf.testutil.common.TestUtil;
public class BookServerOAuth2 extends AbstractBusTestServerBase {
public static final String PORT = TestUtil.getPortNumber("jaxrs-oauth2");
- private static final String SERVER_CONFIG_FILE =
- "org/apache/cxf/systest/jaxrs/security/oauth2/server.xml";
+ private static final URL SERVER_CONFIG_FILE =
+ BookServerOAuth2.class.getResource("server.xml");
protected void run() {
SpringBusFactory bf = new SpringBusFactory();
http://git-wip-us.apache.org/repos/asf/cxf/blob/39d8444b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/client.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/client.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/client.xml
deleted file mode 100644
index 13eaea1..0000000
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/client.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <http:conduit name="https://localhost.*">
- <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
- <http:tlsClientParameters disableCNCheck="true">
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- </http:tlsClientParameters>
- </http:conduit>
-</beans>
[03/14] cxf git commit: Use the JWS/JWE headers properly for JWT
tokens.
Posted by co...@apache.org.
Use the JWS/JWE headers properly for JWT tokens.
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/042c5142
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/042c5142
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/042c5142
Branch: refs/heads/3.0.x-fixes
Commit: 042c514207a82b58e693116e740d8aa855a38b4a
Parents: 3dbe932
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 12:36:46 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:38 2015 +0000
----------------------------------------------------------------------
.../jose/common/AbstractJoseConsumer.java | 60 --------------------
.../jose/common/AbstractJoseProducer.java | 51 -----------------
.../jose/jwe/JweJwtCompactConsumer.java | 4 ++
.../jose/jwt/AbstractJoseJwtConsumer.java | 57 ++++++++++++++-----
.../jose/jwt/AbstractJoseJwtProducer.java | 35 ++++++++++--
5 files changed, 78 insertions(+), 129 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/042c5142/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
deleted file mode 100644
index ddf1d4f..0000000
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.common;
-
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-
-public abstract class AbstractJoseConsumer {
- private JweDecryptionProvider jweDecryptor;
- private JwsSignatureVerifier jwsVerifier;
-
- public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
- this.jweDecryptor = jweDecryptor;
- }
-
- public JweDecryptionProvider getJweDecryptor() {
- return jweDecryptor;
- }
-
- public void setJwsVerifier(JwsSignatureVerifier theJwsVerifier) {
- this.jwsVerifier = theJwsVerifier;
- }
-
- public JwsSignatureVerifier getJwsVerifier() {
- return jwsVerifier;
- }
-
- protected JweDecryptionProvider getInitializedDecryptionProvider() {
- if (jweDecryptor != null) {
- return jweDecryptor;
- }
- return JweUtils.loadDecryptionProvider(false);
- }
- protected JwsSignatureVerifier getInitializedSignatureVerifier() {
- if (jwsVerifier != null) {
- return jwsVerifier;
- }
-
- return JwsUtils.loadSignatureVerifier(false);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/042c5142/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
deleted file mode 100644
index fe9832f..0000000
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.common;
-
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-
-public abstract class AbstractJoseProducer {
- private JwsSignatureProvider sigProvider;
- private JweEncryptionProvider encryptionProvider;
-
- protected JwsSignatureProvider getInitializedSignatureProvider() {
- if (sigProvider != null) {
- return sigProvider;
- }
-
- return JwsUtils.loadSignatureProvider(false);
- }
- protected JweEncryptionProvider getInitializedEncryptionProvider() {
- if (encryptionProvider != null) {
- return encryptionProvider;
- }
- return JweUtils.loadEncryptionProvider(false);
- }
-
- public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
- this.encryptionProvider = encryptionProvider;
- }
-
- public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
- this.sigProvider = signatureProvider;
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/042c5142/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
index d7a76b9..247f84b 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
@@ -53,6 +53,10 @@ public class JweJwtCompactConsumer {
JwtClaims claims = new JwtTokenReaderWriter().fromJsonClaims(toString(bytes));
return new JwtToken(headers, claims);
}
+
+ public JweHeaders getHeaders() {
+ return headers;
+ }
private static String toString(byte[] bytes) {
try {
return new String(bytes, "UTF-8");
http://git-wip-us.apache.org/repos/asf/cxf/blob/042c5142/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
index df482b8..0eb4a8e 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
@@ -18,25 +18,27 @@
*/
package org.apache.cxf.rs.security.jose.jwt;
-import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
+public abstract class AbstractJoseJwtConsumer {
+ private JweDecryptionProvider jweDecryptor;
+ private JwsSignatureVerifier jwsVerifier;
private boolean jwsRequired = true;
private boolean jweRequired;
-
protected JwtToken getJwtToken(String wrappedJwtToken) {
return getJwtToken(wrappedJwtToken, null, null);
}
protected JwtToken getJwtToken(String wrappedJwtToken,
- JweDecryptionProvider jweDecryptor,
+ JweDecryptionProvider theDecryptor,
JwsSignatureVerifier theSigVerifier) {
if (!isJwsRequired() && !isJweRequired()) {
throw new JwtException("Unable to process JWT");
@@ -44,17 +46,20 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
- if (jweDecryptor == null) {
- jweDecryptor = getInitializedDecryptionProvider();
+ JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(wrappedJwtToken);
+
+ if (theDecryptor == null) {
+ theDecryptor = getInitializedDecryptionProvider(jwtConsumer.getHeaders());
}
- if (jweDecryptor == null) {
+ if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
- return new JweJwtCompactConsumer(wrappedJwtToken).decryptWith(jweDecryptor);
+ return jwtConsumer.decryptWith(theDecryptor);
}
- JweDecryptionOutput decOutput = jweDecryptor.decrypt(wrappedJwtToken);
+
+ JweDecryptionOutput decOutput = theDecryptor.decrypt(wrappedJwtToken);
wrappedJwtToken = decOutput.getContentText();
jweHeaders = decOutput.getHeaders();
}
@@ -66,7 +71,7 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
if (isJwsRequired()) {
if (theSigVerifier == null) {
- theSigVerifier = getInitializedSignatureVerifier(jwt);
+ theSigVerifier = getInitializedSignatureVerifier(jwt.getJwsHeaders());
}
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
@@ -80,13 +85,21 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
validateToken(jwt);
return jwt;
}
- protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
- if (super.getJwsVerifier() != null) {
- return super.getJwsVerifier();
+ protected JwsSignatureVerifier getInitializedSignatureVerifier(JwsHeaders jwsHeaders) {
+ if (jwsVerifier != null) {
+ return jwsVerifier;
}
- return JwsUtils.loadSignatureVerifier(jwt.getJwsHeaders(), false);
+ return JwsUtils.loadSignatureVerifier(jwsHeaders, false);
}
+
+ protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) {
+ if (jweDecryptor != null) {
+ return jweDecryptor;
+ }
+ return JweUtils.loadDecryptionProvider(jweHeaders, false);
+ }
+
protected void validateToken(JwtToken jwt) {
}
public boolean isJwsRequired() {
@@ -105,4 +118,20 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
this.jweRequired = jweRequired;
}
+ public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
+ this.jweDecryptor = jweDecryptor;
+ }
+
+ public JweDecryptionProvider getJweDecryptor() {
+ return jweDecryptor;
+ }
+
+ public void setJwsVerifier(JwsSignatureVerifier theJwsVerifier) {
+ this.jwsVerifier = theJwsVerifier;
+ }
+
+ public JwsSignatureVerifier getJwsVerifier() {
+ return jwsVerifier;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/042c5142/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
index a5f5c37..0f72bbe 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
@@ -19,13 +19,18 @@
package org.apache.cxf.rs.security.jose.jwt;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.common.AbstractJoseProducer;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
+public abstract class AbstractJoseJwtProducer {
+ private JwsSignatureProvider sigProvider;
+ private JweEncryptionProvider encryptionProvider;
private boolean jwsRequired = true;
private boolean jweRequired;
@@ -41,7 +46,7 @@ public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
String data = null;
if (isJweRequired() && theEncProvider == null) {
- theEncProvider = getInitializedEncryptionProvider();
+ theEncProvider = getInitializedEncryptionProvider(jwt.getJweHeaders());
if (theEncProvider == null) {
throw new JwtException("Unable to encrypt JWT");
}
@@ -53,7 +58,7 @@ public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
data = jws.getSignedEncodedJws();
} else {
if (theSigProvider == null) {
- theSigProvider = getInitializedSignatureProvider();
+ theSigProvider = getInitializedSignatureProvider(jwt.getJwsHeaders());
}
if (theSigProvider == null) {
@@ -71,6 +76,20 @@ public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
}
return data;
}
+
+ protected JwsSignatureProvider getInitializedSignatureProvider(JwsHeaders jwsHeaders) {
+ if (sigProvider != null) {
+ return sigProvider;
+ }
+
+ return JwsUtils.loadSignatureProvider(jwsHeaders, false);
+ }
+ protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders jweHeaders) {
+ if (encryptionProvider != null) {
+ return encryptionProvider;
+ }
+ return JweUtils.loadEncryptionProvider(jweHeaders, false);
+ }
public boolean isJwsRequired() {
return jwsRequired;
@@ -87,4 +106,12 @@ public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
public void setJweRequired(boolean jweRequired) {
this.jweRequired = jweRequired;
}
+
+ public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
+ this.encryptionProvider = encryptionProvider;
+ }
+
+ public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+ this.sigProvider = signatureProvider;
+ }
}
[12/14] cxf git commit: Fixing OIDC demo
Posted by co...@apache.org.
Fixing OIDC demo
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e136446c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e136446c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e136446c
Branch: refs/heads/3.0.x-fixes
Commit: e136446cc6a2e2d3c6430ad35b8088f88b6088f6
Parents: 2265c11
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 17:51:58 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:57 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java | 6 +++++-
.../apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java | 1 +
2 files changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e136446c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
index 1623b6a..a2c358c 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
@@ -67,7 +67,7 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
if (isJwsRequired()) {
if (theSigVerifier == null) {
- theSigVerifier = getInitializedSignatureVerifier(jwt.getJwsHeaders());
+ theSigVerifier = getInitializedSignatureVerifier(jwt);
}
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
@@ -82,6 +82,10 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
return jwt;
}
+ protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
+ return super.getInitializedSignatureVerifier(jwt.getJwsHeaders());
+ }
+
protected void validateToken(JwtToken jwt) {
}
public boolean isJwsRequired() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e136446c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index c88130c..6ee14ac 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -97,6 +97,7 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
this.jwkSetClient = jwkSetClient;
}
+ @Override
protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
JsonWebKey key = null;
if (supportSelfIssuedProvider && SELF_ISSUED_ISSUER.equals(jwt.getClaim("issuer"))) {
[04/14] cxf git commit: Update BouncyCastle
Posted by co...@apache.org.
Update BouncyCastle
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/68c1ddf8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/68c1ddf8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/68c1ddf8
Branch: refs/heads/3.0.x-fixes
Commit: 68c1ddf87380e9d5076484d1d3c0feee3cf5763e
Parents: 042c514
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 12:37:15 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:40 2015 +0000
----------------------------------------------------------------------
parent/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/68c1ddf8/parent/pom.xml
----------------------------------------------------------------------
diff --git a/parent/pom.xml b/parent/pom.xml
index 2a8f2ca..373b1d3 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -79,7 +79,7 @@
<cxf.atmosphere.version>2.2.7</cxf.atmosphere.version>
<cxf.atmosphere.version.range>[2.0,3.0)</cxf.atmosphere.version.range>
<cxf.axiom.version>1.2.14</cxf.axiom.version>
- <cxf.bcprov.version>1.52</cxf.bcprov.version>
+ <cxf.bcprov.version>1.53</cxf.bcprov.version>
<cxf.cglib.bundle.version>2.2_2</cxf.cglib.bundle.version>
<cxf.cglib.osgi.version>[2.1.3,3.0.0)</cxf.cglib.osgi.version>
<cxf.commons-codec.version>1.10</cxf.commons-codec.version>
[02/14] cxf git commit: Split JWT headers into signature and
encryption headers
Posted by co...@apache.org.
Split JWT headers into signature and encryption headers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3dbe9321
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3dbe9321
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3dbe9321
Branch: refs/heads/3.0.x-fixes
Commit: 3dbe932107e08bfc01403d8e5ca8dc77cee6dd20
Parents: 1870f95
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 12:19:35 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:37 2015 +0000
----------------------------------------------------------------------
.../jaxrs/JwtAuthenticationClientFilter.java | 3 --
.../jose/jaxrs/JwtAuthenticationFilter.java | 4 +-
.../jose/jwe/JweJwtCompactProducer.java | 2 +-
.../jose/jws/JwsJwtCompactProducer.java | 3 +-
.../jose/jwt/AbstractJoseJwtConsumer.java | 18 +++++----
.../cxf/rs/security/jose/jwt/JwtToken.java | 39 ++++++++++++++------
.../jose/jws/JwsCompactReaderWriterTest.java | 15 ++++----
.../grants/jwt/JwtBearerGrantHandler.java | 2 +-
.../oidc/rp/AbstractTokenValidator.java | 2 +-
.../cxf/rs/security/oidc/utils/OidcUtils.java | 4 +-
10 files changed, 53 insertions(+), 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
index a0946ce..a2ce5d1 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -33,7 +33,6 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.jose.common.JoseException;
-import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
@@ -64,8 +63,6 @@ public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer
if (jwt == null) {
throw new JoseException("JWT token is not available");
}
- JoseUtils.setJoseMessageContextProperty(jwt.getHeaders(),
- getContextPropertyValue());
String data = super.processJwt(jwt);
requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION,
authScheme + " " + data);
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index 0a7c98f..4f590c9 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -34,7 +34,6 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.common.JoseException;
-import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -60,7 +59,6 @@ public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements
throw new JoseException(expectedAuthScheme + " scheme is expected");
}
JwtToken token = super.getJwtToken(parts[1]);
- JoseUtils.setMessageContextProperty(token.getHeaders());
SecurityContext securityContext = configureSecurityContext(token);
if (securityContext != null) {
@@ -83,7 +81,7 @@ public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements
private boolean isVerifiedWithAPublicKey(JwtToken jwt) {
if (isJwsRequired()) {
- String alg = (String)jwt.getHeader(JoseConstants.HEADER_ALGORITHM);
+ String alg = (String)jwt.getJwsHeader(JoseConstants.HEADER_ALGORITHM);
SignatureAlgorithm sigAlg = SignatureAlgorithm.getAlgorithm(alg);
return SignatureAlgorithm.isPublicKeyAlgorithm(sigAlg);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
index f52f9e2..d35cd0a 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
@@ -32,7 +32,7 @@ public class JweJwtCompactProducer {
private JweHeaders headers;
private String claimsJson;
public JweJwtCompactProducer(JwtToken token) {
- this(new JweHeaders(token.getHeaders()), token.getClaims());
+ this(new JweHeaders(token.getJweHeaders()), token.getClaims());
}
public JweJwtCompactProducer(JwtClaims claims) {
this(new JweHeaders(), claims);
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
index 3ac6021..8b73b02 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
@@ -17,6 +17,7 @@
* under the License.
*/
package org.apache.cxf.rs.security.jose.jws;
+
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
@@ -35,7 +36,7 @@ public class JwsJwtCompactProducer extends JwsCompactProducer {
this(new JwtToken(headers, claims), null);
}
protected JwsJwtCompactProducer(JwtToken token, JwtTokenReaderWriter w) {
- super(new JwsHeaders(token.getHeaders()), w,
+ super(new JwsHeaders(token.getJwsHeaders()), w,
JwtUtils.claimsToJson(token.getClaims(), w));
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
index daea97b..df482b8 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
@@ -19,9 +19,10 @@
package org.apache.cxf.rs.security.jose.jwt;
import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
@@ -41,6 +42,7 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
throw new JwtException("Unable to process JWT");
}
+ JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
if (jweDecryptor == null) {
jweDecryptor = getInitializedDecryptionProvider();
@@ -52,12 +54,16 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
if (!isJwsRequired()) {
return new JweJwtCompactConsumer(wrappedJwtToken).decryptWith(jweDecryptor);
}
- wrappedJwtToken = jweDecryptor.decrypt(wrappedJwtToken).getContentText();
+ JweDecryptionOutput decOutput = jweDecryptor.decrypt(wrappedJwtToken);
+ wrappedJwtToken = decOutput.getContentText();
+ jweHeaders = decOutput.getHeaders();
}
-
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
JwtToken jwt = jwtConsumer.getJwtToken();
+ // Store the encryption headers as well
+ jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims());
+
if (isJwsRequired()) {
if (theSigVerifier == null) {
theSigVerifier = getInitializedSignatureVerifier(jwt);
@@ -79,11 +85,7 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
return super.getJwsVerifier();
}
- if (jwt.getHeaders() instanceof JwsHeaders) {
- return JwsUtils.loadSignatureVerifier((JwsHeaders)jwt.getHeaders(), false);
- }
-
- return super.getInitializedSignatureVerifier();
+ return JwsUtils.loadSignatureVerifier(jwt.getJwsHeaders(), false);
}
protected void validateToken(JwtToken jwt) {
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
index 069b8f2..6780e78 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
@@ -18,39 +18,56 @@
*/
package org.apache.cxf.rs.security.jose.jwt;
-import org.apache.cxf.rs.security.jose.common.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
public class JwtToken {
- private JoseHeaders headers;
+ private JwsHeaders jwsHeaders;
+ private JweHeaders jweHeaders;
private JwtClaims claims;
+
public JwtToken(JwtClaims claims) {
- this(new JoseHeaders() { }, claims);
+ this(new JwsHeaders() { }, new JweHeaders() { }, claims);
+ }
+ public JwtToken(JwsHeaders jwsHeaders, JwtClaims claims) {
+ this(jwsHeaders, new JweHeaders() { }, claims);
+ }
+ public JwtToken(JweHeaders jweHeaders, JwtClaims claims) {
+ this(new JwsHeaders() { }, jweHeaders, claims);
}
- public JwtToken(JoseHeaders headers, JwtClaims claims) {
- this.headers = headers;
+ public JwtToken(JwsHeaders jwsHeaders, JweHeaders jweHeaders, JwtClaims claims) {
+ this.jwsHeaders = jwsHeaders;
+ this.jweHeaders = jweHeaders;
this.claims = claims;
}
- public JoseHeaders getHeaders() {
- return headers;
+ public JwsHeaders getJwsHeaders() {
+ return jwsHeaders;
+ }
+ public JweHeaders getJweHeaders() {
+ return jweHeaders;
}
public JwtClaims getClaims() {
return claims;
}
- public Object getHeader(String name) {
- return headers.getHeader(name);
+ public Object getJwsHeader(String name) {
+ return jwsHeaders.getHeader(name);
+ }
+ public Object getJweHeader(String name) {
+ return jweHeaders.getHeader(name);
}
public Object getClaim(String name) {
return claims.getClaim(name);
}
public int hashCode() {
- return headers.hashCode() + 37 * claims.hashCode();
+ return jwsHeaders.hashCode() + 37 * claims.hashCode() + 37 * jweHeaders.hashCode();
}
public boolean equals(Object obj) {
return obj instanceof JwtToken
- && ((JwtToken)obj).headers.equals(this.headers)
+ && ((JwtToken)obj).jwsHeaders.equals(this.jwsHeaders)
+ && ((JwtToken)obj).jweHeaders.equals(this.jweHeaders)
&& ((JwtToken)obj).claims.equals(this.claims);
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 4624dd4..0e6c7ba 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -29,7 +29,6 @@ import java.util.List;
import java.util.Map;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
-import org.apache.cxf.rs.security.jose.common.JoseHeaders;
import org.apache.cxf.rs.security.jose.common.JoseType;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
@@ -170,7 +169,7 @@ public class JwsCompactReaderWriterTest extends Assert {
assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256)));
JwtToken token = jws.getJwtToken();
- JwsHeaders headers = new JwsHeaders(token.getHeaders());
+ JwsHeaders headers = new JwsHeaders(token.getJwsHeaders());
assertEquals(JoseType.JWT, headers.getType());
assertEquals(SignatureAlgorithm.HS256, headers.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
@@ -218,7 +217,7 @@ public class JwsCompactReaderWriterTest extends Assert {
assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256)));
JwtToken token = jws.getJwtToken();
- JwsHeaders headers = new JwsHeaders(token.getHeaders());
+ JwsHeaders headers = new JwsHeaders(token.getJwsHeaders());
assertEquals(JoseType.JWT, headers.getType());
assertEquals(SignatureAlgorithm.HS256, headers.getSignatureAlgorithm());
@@ -263,7 +262,7 @@ public class JwsCompactReaderWriterTest extends Assert {
RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.PS256)));
JwtToken token = jws.getJwtToken();
- JwsHeaders inHeaders = new JwsHeaders(token.getHeaders());
+ JwsHeaders inHeaders = new JwsHeaders(token.getJwsHeaders());
assertEquals(SignatureAlgorithm.PS256,
inHeaders.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
@@ -293,7 +292,7 @@ public class JwsCompactReaderWriterTest extends Assert {
assertTrue(jwsConsumer.verifySignatureWith(new EcDsaJwsSignatureVerifier(publicKey,
SignatureAlgorithm.ES256)));
JwtToken token = jwsConsumer.getJwtToken();
- JwsHeaders headersReceived = new JwsHeaders(token.getHeaders());
+ JwsHeaders headersReceived = new JwsHeaders(token.getJwsHeaders());
assertEquals(SignatureAlgorithm.ES256, headersReceived.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
}
@@ -304,19 +303,19 @@ public class JwsCompactReaderWriterTest extends Assert {
RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.RS256)));
JwtToken token = jws.getJwtToken();
- JwsHeaders headers = new JwsHeaders(token.getHeaders());
+ JwsHeaders headers = new JwsHeaders(token.getJwsHeaders());
assertEquals(SignatureAlgorithm.RS256, headers.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
}
- private JwsCompactProducer initSpecJwtTokenWriter(JoseHeaders headers) throws Exception {
+ private JwsCompactProducer initSpecJwtTokenWriter(JwsHeaders jwsHeaders) throws Exception {
JwtClaims claims = new JwtClaims();
claims.setIssuer("joe");
claims.setExpiryTime(1300819380L);
claims.setClaim("http://example.com/is_root", Boolean.TRUE);
- JwtToken token = new JwtToken(headers, claims);
+ JwtToken token = new JwtToken(jwsHeaders, claims);
return new JwsJwtCompactProducer(token, getWriter());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java
index a5935b0..5bef103 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java
@@ -58,7 +58,7 @@ public class JwtBearerGrantHandler extends AbstractJwtHandler {
try {
JwsJwtCompactConsumer jwsReader = getJwsReader(assertion);
JwtToken jwtToken = jwsReader.getJwtToken();
- validateSignature(new JwsHeaders(jwtToken.getHeaders()),
+ validateSignature(new JwsHeaders(jwtToken.getJwsHeaders()),
jwsReader.getUnsignedEncodedSequence(),
jwsReader.getDecodedSignature());
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index 40e1c80..3ff74e9 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -113,7 +113,7 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
throw new SecurityException("Self-issued JWK key is invalid or not available");
}
} else {
- String keyId = jwt.getHeaders().getKeyId();
+ String keyId = jwt.getJwsHeaders().getKeyId();
key = keyId != null ? keyMap.get(keyId) : null;
if (key == null && jwkSetClient != null) {
JsonWebKeys keys = jwkSetClient.get(JsonWebKeys.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/3dbe9321/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index ccad6d7..7ced717 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -95,7 +95,7 @@ public final class OidcUtils {
if (required) {
validateHash(at.getTokenKey(),
(String)jwt.getClaims().getClaim("at_hash"),
- jwt.getHeaders().getAlgorithm());
+ jwt.getJwsHeaders().getAlgorithm());
}
}
public static void validateCodeHash(String code, JwtToken jwt) {
@@ -105,7 +105,7 @@ public final class OidcUtils {
if (required) {
validateHash(code,
(String)jwt.getClaims().getClaim("c_hash"),
- jwt.getHeaders().getAlgorithm());
+ jwt.getJwsHeaders().getAlgorithm());
}
}
private static void validateHash(String value, String theHash, String joseAlgo) {
[05/14] cxf git commit: Fixing build
Posted by co...@apache.org.
Fixing build
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/67855198
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/67855198
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/67855198
Branch: refs/heads/3.0.x-fixes
Commit: 67855198a27d61f25ab8254f5796aea8ae9c5e01
Parents: 68c1ddf
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 14:29:29 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 17:53:43 2015 +0000
----------------------------------------------------------------------
.../apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/67855198/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index 3ff74e9..c88130c 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -97,7 +97,6 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
this.jwkSetClient = jwkSetClient;
}
- @Override
protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
JsonWebKey key = null;
if (supportSelfIssuedProvider && SELF_ISSUED_ISSUER.equals(jwt.getClaim("issuer"))) {
@@ -129,7 +128,7 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
if (key != null) {
theJwsVerifier = JwsUtils.getSignatureVerifier(key);
} else {
- theJwsVerifier = super.getInitializedSignatureVerifier(jwt);
+ theJwsVerifier = super.getInitializedSignatureVerifier(jwt.getJwsHeaders());
}
if (theJwsVerifier == null) {
throw new SecurityException("JWS Verifier is not available");