You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/11/15 18:00:16 UTC
[cxf] branch 3.1.x-fixes updated (2bc345f -> 5cd8d6d)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from 2bc345f Merge pull request #335 from andymc12/selectVariant
new 35ffd86 Adding some encryption tests for tampering
new 5cd8d6d Recording .gitmergeinfo Changes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 1 +
.../security/jose/jwejws/JweJwsAlgorithmTest.java | 55 +++++++++++++++++++++-
2 files changed, 55 insertions(+), 1 deletion(-)
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].
[cxf] 02/02: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 5cd8d6d2302a75e75a25ea989000a3bdb3f82e40
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Nov 15 17:48:03 2017 +0000
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index b807dc8..e301fc5 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -1003,3 +1003,4 @@ M fe55813cc934667664863117921ff8ea08b9ff24
M fe89bf0fb8379428667f66312e6942e906142d6f
M ff839064e8904634eaab8edee44c537c075d94cd
M ff9e62a46c4491d6c5fc8d07b2813fa0224e61c3
+M ffca1ae7d06ec471e95a65966662a41b05a53709
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.
[cxf] 01/02: Adding some encryption tests for tampering
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 35ffd86a41420cd510500373943c72f098c1e1a3
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Nov 15 17:09:03 2017 +0000
Adding some encryption tests for tampering
(cherry picked from commit ffca1ae7d06ec471e95a65966662a41b05a53709)
# Conflicts:
# systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
---
.../security/jose/jwejws/JweJwsAlgorithmTest.java | 55 +++++++++++++++++++++-
1 file changed, 54 insertions(+), 1 deletion(-)
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
index 25c4db6..7762317 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java
@@ -67,6 +67,7 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase {
//
// Encryption tests
//
+
@org.junit.Test
public void testEncryptionProperties() throws Exception {
@@ -260,10 +261,62 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase {
assertNotEquals(response.getStatus(), 200);
}
+ @org.junit.Test
+ public void testManualEncryption() throws Exception {
+
+ URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<>();
+ providers.add(new JacksonJsonProvider());
+
+ String address = "http://localhost:" + PORT + "/jweoaepgcm/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put("rs.security.encryption.properties",
+ "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties");
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ String header = "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00iLCJjdHkiOiJqc29uIn0";
+ String encryptedKey = "f_Njrwn8fLxvIfftV27lSqEgvyIvkfx5tcI6xJdzXqxSL-Xssaq9TFwbhiJIU6k23i1uLFDd3r7rL"
+ + "V9THMcAo80C-m_SIbA6X4daeIm7ANmREZ9sw9QkD0URis6MAuZkoYIRB6z9g7TDmPTdrpTUWJbwYaBAe-_VYaoVBwRv_A"
+ + "ikPdKJEUWSMxouJEq4TZUVveNjI_tflZpudz1mYXKv9Lw_5byYpwgIB9crI9BR0kfCK9x3BXVFMZHJAg0yIuAKDkcs9Ts"
+ + "TIV0jLXRnb50Uc62OuJ6VFGQw-AL3tNHLRKYXjwDnE492wAZmsaxefql9wbv7b8BLmRUNeKER-26tdA";
+ String iv = "rqUxWbEenVnC3QFx";
+ String cipherText = "8iE2vM79BkXVJ0afH6fbig5uFpQ71nxc-i2SbokQtZO7";
+ String authnTag = "bZk8RwVMZgawyFNSOkMLaw";
+
+
+ // Successful test
+ Response response = client.post(header + "." + encryptedKey + "." + iv + "." + cipherText + "." + authnTag);
+ assertEquals(response.getStatus(), 200);
+
+ // Tamper with the values
+ response = client.post(header + "xyz." + encryptedKey + "." + iv + "." + cipherText + "." + authnTag);
+ assertNotEquals(response.getStatus(), 200);
+
+ response = client.post(header + "." + encryptedKey + "xyz." + iv + "." + cipherText + "." + authnTag);
+ assertNotEquals(response.getStatus(), 200);
+
+ response = client.post(header + "." + encryptedKey + "." + iv + "xyz." + cipherText + "." + authnTag);
+ assertNotEquals(response.getStatus(), 200);
+
+ response = client.post(header + "." + encryptedKey + "." + iv + "." + cipherText + "xyz." + authnTag);
+ assertNotEquals(response.getStatus(), 200);
+
+ response = client.post(header + "." + encryptedKey + "." + iv + "." + cipherText + "." + authnTag + "xyz");
+ assertNotEquals(response.getStatus(), 200);
+
+ response = client.post(header + "." + encryptedKey + "." + iv + "." + cipherText + ".");
+ assertNotEquals(response.getStatus(), 200);
+ }
+
//
// Signature tests
//
-
+
@org.junit.Test
public void testSignatureProperties() throws Exception {
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.