You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/11/13 14:28:39 UTC
[cxf] branch master updated: Adding JWT test
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new d75b938 Adding JWT test
d75b938 is described below
commit d75b938427a83de373576ffe44bf6a8913f42015
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Nov 13 14:28:01 2019 +0000
Adding JWT test
---
.../jaxrs/security/jose/jwt/JWTAlgorithmTest.java | 40 +++++++++++++++++++++-
1 file changed, 39 insertions(+), 1 deletion(-)
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
index 5d46e0f..690b8f4 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
@@ -48,7 +48,6 @@ import org.junit.BeforeClass;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertTrue;
-
/**
* Some tests for JWT tokens.
*/
@@ -668,6 +667,45 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase {
assertEquals(returnedBook.getId(), 123L);
}
+ // Include the cert in the "x5c" header
+ @org.junit.Test
+ public void testBadSignatureCertificateTest() throws Exception {
+
+ URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
+
+ List<Object> providers = new ArrayList<>();
+ providers.add(new JacksonJsonProvider());
+ providers.add(new JwtAuthenticationClientFilter());
+
+ String address = "https://localhost:" + PORT + "/signedjwtincludecert/bookstore/books";
+ WebClient client =
+ WebClient.create(address, providers, busFile.toString());
+ client.type("application/json").accept("application/json");
+
+ // Create the JWT Token
+ JwtClaims claims = new JwtClaims();
+ claims.setSubject("alice");
+ claims.setIssuer("DoubleItSTSIssuer");
+ claims.setIssuedAt(Instant.now().getEpochSecond());
+ claims.setAudiences(toList(address));
+
+ JwtToken token = new JwtToken(claims);
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put("rs.security.keystore.type", "jks");
+ properties.put("rs.security.keystore.password", "password");
+ properties.put("rs.security.key.password", "password");
+ properties.put("rs.security.keystore.alias", "bethal");
+ properties.put("rs.security.keystore.file", "keys/Bethal.jks");
+ properties.put("rs.security.signature.algorithm", "RS256");
+ properties.put("rs.security.signature.include.cert", "true");
+ properties.put(JwtConstants.JWT_TOKEN, token);
+ WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+ Response response = client.post(new Book("book", 123L));
+ assertNotEquals(response.getStatus(), 200);
+ }
+
@org.junit.Test
public void testHMACSignature() throws Exception {