Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 99f64eb11 -> 1efedabb4
Updating JOSE password handling Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1efedabb Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1efedabb Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1efedabb Branch: refs/heads/3.0.x-fixes Commit: 1efedabb4ab91b317fa6f222f55c2c45f22ed2bf Parents: 99f64eb Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Fri Feb 20 22:24:16 2015 +0000 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Fri Feb 20 22:25:25 2015 +0000 ---------------------------------------------------------------------- .../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 18 +++++----- .../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 36 +++++++++++++++----- .../rs/security/jose/jwk/JsonWebKeyTest.java | 10 +++--- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 13 +++++-- .../jwt/PrivateKeyPasswordProviderImpl.java | 9 ++++- .../cxf/systest/jaxrs/security/jwt/server.xml | 5 ++- .../security/certs/encryptedJwkPrivateSet.txt | 2 +- .../secret.aescbchmac.inlinejwk.properties | 5 +-- .../secret.aescbchmac.inlineset.properties | 15 +------- 9 files changed, 67 insertions(+), 46 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java index 3fd9992..3ab9623 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java @@ -25,22 +25,22 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor private byte[] password; private String algo; public PbesHmacAesWrapKeyDecryptionAlgorithm(String password) { - this(password, Algorithm.PBES2_HS256_A128KW.getJwtName()); + this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false); } - public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, String algo) { - this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password), algo); + public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, String algo, boolean hashLargePasswords) { + this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password), algo, hashLargePasswords); } public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password) { - this(password, Algorithm.PBES2_HS256_A128KW.getJwtName()); + this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false); } - public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, String algo) { - this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password), algo); + public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, String algo, boolean hashLargePasswords) { + this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password), algo, hashLargePasswords); } public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password) { - this(password, Algorithm.PBES2_HS256_A128KW.getJwtName()); + this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false); } - public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, String algo) { - this.password = password; + public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, String algo, boolean hashLargePasswords) { + this.password = PbesHmacAesWrapKeyEncryptionAlgorithm.validatePassword(password, algo, hashLargePasswords); this.algo = algo; } @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java index 2089859..ecb9aa0 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java @@ -27,6 +27,7 @@ import java.util.Map; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.common.util.crypto.MessageDigestUtils; import org.apache.cxf.rs.security.jose.jwa.Algorithm; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.SHA256Digest; @@ -36,7 +37,6 @@ import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; import org.bouncycastle.crypto.params.KeyParameter; public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm { - private static final Map<String, Integer> PBES_HMAC_MAP; private static final Map<String, String> PBES_AES_MAP; private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP; @@ -64,24 +64,42 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, String keyAlgoJwt) { this(stringToBytes(password), keyAlgoJwt); } - public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, String keyAlgoJwt) { - this(stringToBytes(password), pbesCount, keyAlgoJwt); + public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, String keyAlgoJwt, + boolean hashLargePasswords) { + this(stringToBytes(password), pbesCount, keyAlgoJwt, hashLargePasswords); } public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, String keyAlgoJwt) { - this(password, 4096, keyAlgoJwt); + this(password, 4096, keyAlgoJwt, false); } - public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, String keyAlgoJwt) { - this(charsToBytes(password), pbesCount, keyAlgoJwt); + public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, String keyAlgoJwt, + boolean hashLargePasswords) { + this(charsToBytes(password), pbesCount, keyAlgoJwt, hashLargePasswords); } public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, String keyAlgoJwt) { - this(password, 4096, keyAlgoJwt); + this(password, 4096, keyAlgoJwt, false); } - public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, String keyAlgoJwt) { - this.password = password; + public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, String keyAlgoJwt, + boolean hashLargePasswords) { this.keyAlgoJwt = validateKeyAlgorithm(keyAlgoJwt); + this.password = validatePassword(password, keyAlgoJwt, hashLargePasswords); this.pbesCount = validatePbesCount(pbesCount); } + static byte[] validatePassword(byte[] p, String keyAlgoJwt, boolean hashLargePasswords) { + int minLen = DERIVED_KEY_SIZE_MAP.get(keyAlgoJwt); + if (p.length < minLen || p.length > 128) { + throw new SecurityException(); + } + if (p.length > minLen && hashLargePasswords) { + try { + return MessageDigestUtils.createDigest(p, MessageDigestUtils.ALGO_SHA_256); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } else { + return p; + } + } @Override public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) { int keySize = getKeySize(keyAlgoJwt); http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java index 15ade7d..ba92742 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java @@ -121,18 +121,19 @@ public class JsonWebKeyTest extends Assert { } @Test public void testEncryptDecryptPrivateSet() throws Exception { + final String password = "Thus from my lips, by yours, my sin is purged."; Security.addProvider(new BouncyCastleProvider()); try { JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt"); validatePrivateSet(jwks); - String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, "password".toCharArray()); + String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, password.toCharArray()); JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet); assertEquals("jwk-set+json", c.getJweHeaders().getContentType()); assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm()); assertNotNull(c.getJweHeaders().getHeader("p2s")); assertNotNull(c.getJweHeaders().getHeader("p2c")); - jwks = JwkUtils.decryptJwkSet(encryptedKeySet, "password".toCharArray()); + jwks = JwkUtils.decryptJwkSet(encryptedKeySet, password.toCharArray()); validatePrivateSet(jwks); } finally { Security.removeProvider(BouncyCastleProvider.class.getName()); @@ -140,6 +141,7 @@ public class JsonWebKeyTest extends Assert { } @Test public void testEncryptDecryptPrivateKey() throws Exception { + final String password = "Thus from my lips, by yours, my sin is purged."; final String key = "{\"kty\":\"oct\"," + "\"alg\":\"A128KW\"," + "\"k\":\"GawgguFyGrWKav7AX4VKUg\"," @@ -148,14 +150,14 @@ public class JsonWebKeyTest extends Assert { try { JsonWebKey jwk = readKey(key); validateSecretAesKey(jwk); - String encryptedKey = JwkUtils.encryptJwkKey(jwk, "password".toCharArray()); + String encryptedKey = JwkUtils.encryptJwkKey(jwk, password.toCharArray()); JweCompactConsumer c = new JweCompactConsumer(encryptedKey); assertEquals("jwk+json", c.getJweHeaders().getContentType()); assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm()); assertNotNull(c.getJweHeaders().getHeader("p2s")); assertNotNull(c.getJweHeaders().getHeader("p2c")); - jwk = JwkUtils.decryptJwkKey(encryptedKey, "password".toCharArray()); + jwk = JwkUtils.decryptJwkKey(encryptedKey, password.toCharArray()); validateSecretAesKey(jwk); } finally { Security.removeProvider(BouncyCastleProvider.class.getName()); http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index 0b29b1f..e09d032 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -184,7 +184,8 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { providers.add(new JweClientResponseFilter()); bean.setProviders(providers); bean.getProperties(true).put("rs.security.encryption.properties", propFile); - PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl(); + PrivateKeyPasswordProvider provider = + new PrivateKeyPasswordProviderImpl("Thus from my lips, by yours, my sin is purged."); bean.getProperties(true).put("rs.security.key.password.provider", provider); BookStore bs = bean.create(BookStore.class); String text = bs.echoText("book"); @@ -436,10 +437,16 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { } private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider { - + private String password = "password"; + public PrivateKeyPasswordProviderImpl() { + + } + public PrivateKeyPasswordProviderImpl(String password) { + this.password = password; + } @Override public char[] getPassword(Properties storeProperties) { - return "password".toCharArray(); + return password.toCharArray(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java index 9fbdc81..f86417f 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java @@ -24,9 +24,16 @@ import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider; public class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider { + private String password = "password"; + public PrivateKeyPasswordProviderImpl() { + + } + public PrivateKeyPasswordProviderImpl(String password) { + this.password = password; + } @Override public char[] getPassword(Properties storeProperties) { - return "password".toCharArray(); + return password.toCharArray(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml index 155cf69..bd81abb 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml @@ -74,6 +74,9 @@ under the License. <bean id="jwsInFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter"/> <bean id="jwsOutFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor"/> <bean id="keyPasswordProvider" class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl"/> + <bean id="keyPasswordProvider2" class="org.apache.cxf.systest.jaxrs.security.jwt.PrivateKeyPasswordProviderImpl"> + <constructor-arg value="Thus from my lips, by yours, my sin is purged."/> + </bean> <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwsrsa"> <jaxrs:serviceBeans> <ref bean="serviceBean"/> @@ -170,7 +173,7 @@ under the License. </jaxrs:providers> <jaxrs:properties> <entry key="rs.security.encryption.properties" value="org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties"/> - <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/> + <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider2"/> </jaxrs:properties> </jaxrs:server> <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jwejwshmac"> http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt index 0865b39..1848c11 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt @@ -1 +1 @@ -eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiSmZmRmp6YzhGUHhRVlFPSlVYbXZuZyIsInAyYyI6NDA5NiwiY3R5IjoiandrLXNldCtqc29uIn0.osOgt-dpiYVRkJO_jYkrC7wIzAUi_HMRzW-XjvwHJbXECJGlmzFeMw.lYcyfoR4xxkHscyZ8--p9g.x0QTLYtwBtMmfRjH_wxUTsUiR2DIHFbY4SwZGKXW9E5hIfz0YJn2syO5c7ozIJrL3Al4OeCVRTg--aif0WXtLW728KdU1qDrQ3Pj8GW0J8eCUonLDJZEMssWFdroyhBvHIu-Jlpx0lnsjTStdMwwx9pL8OM4jtsOziDMjpuUqKCqfii8UfG1dKaH6FPRKsRe4K08D02XXKDopyZ1XUXNCj3ov4kgo2o_sUWcVcy8Oo56_77IvIL5CY-Itclv0EUWfI_Sd0Q9_n6m14ZyVbcU1r9NMwcruGTj-6ef5-dST58rPg_D-0ngp9zJg5cfzsI9_UWAw1xQtTKQQ07vQhvIHjRDc-M58_dZ3xp__hTjrZtqAufnGrYLK-ZaQO5-5VYZglbtDtPbNA6WAUxxBBsI6FMo0y5nM0ZFo2JV1vnwoQKLERn91IwVUJbtOr1_y2osWWvwxF7iRuClKaV1XJ3Zg_F8bawstSe-gzdKMmv9AYMMrAh2TSbTvOxi5s4bvWX_vjbFN5vINzVLj-o40BT36o-V6LXylxXFOToBBuRNUrHg8bhLGxZR3zVE_0panv1ruebnpWNGCwgpBK0NYornbV-i1RfreFhzWcOyHbE8hmFqMQhsuGvyrbszuxJ9rpryJsKjAxrsPb_SuhzVb-2WFsNynpTciAcGp6xjb_pm2-25u4iBjOfL9PlQcaEcrIxzihb9PGzJFOfBIvteAqCOJx4iiNfutcGxBEcnV1VOLGSp8uJPoWE3n6dROYu5pqO -ztLH-mfU9IjC6K7J5ulRtbZU2_qxVpcNTClRjT5BPWMgVElfvUIkHry-X6CjUUm3dh6B-zH5hTT3NTPOL7EwtebAtkiK509GOvO6pDOuqtn8-Dn92RDlh2fecDJOycjRInyt71SkrI6WhiVylhRNiZvt720Nesg41OqMweWxpgu4TGZflX9fB8sG-RBO0I1hP00Zk_c4t7t4k0-qKtV56zt3LJVE6K-hGBCB_0HtPDRbWUdkKbqkJ51JUda6RnXYBe7tLlVIzcLubd1YrikKeg0JnrFNafXqMoOWmUm2Q11EHuAZUiIJkBejgSEnbgfCjUc9gckQ0vOBP7ERhQJ4scpDCrG4fE5SPKo484qLxZuLhZBAntPdLCfKIav6WUg_Vbd0M7pP1vb53LdsZAsPidk_AB7_3TQdCct4xvK5C6MdHNQArlKzE9oMahQdyDWcYe7YbAu2ROwoz6xU3jKsrzJv-XI-Svw10eaE-KTlQwi8GaWw168-0Jnv23nSk5jGHh681iK8R0zbCIO2TNGZLe_jnJjiOlM-F3N-li73YEl8p30y2i0BUYTrPZYkwLUhFedlSX0hwR1jQpIoV0njzGeyf-pfySAUHXOhHRA00O3BzPZAXNBDTYCi54d6ng8QtlvG_IrhLbGkVTKJt8S6bfbsdvZvK8VW8_D0zf8uMoWBTAAoOkEz2a3x-UJ120LYq8LwzksuEFPRJ56m-YRLMO39vfMnQZbOxHsjzGsIZPgcaMhsYQugCMfU_TIJLc4zQx0DCC5VVnOwumXBz8lV0LHUOx79TXFzYMF0-VhzO0I.P-GdQKruCwb8-iDagtZIqQ \ No newline at end of file +eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiTWJlR0VTekk2MURJaHFncnc4ZG9TZyIsInAyYyI6NDA5Nn0.MVJlK1vV0lWLt2ySU2WB_nphsWZqf6jhVfb2mGuf05mXnxqistGBng.x6itAzrmrAn9KetfUl1ZPg.2if8qkLqADwsF0li0BzhPX8Q9LLYrUE_uHfv-qo23BwOryGm_cOSj01_TVZnO58N30wYBMJZ_mgYIQTYGL_6VUJJv8_qzP_wmBUkV99VPWOrEYLf75VWvJSMwyFjGljzpYoWONvrp6QwfrKjdum8_xEOs1dgurq8Spct-y1Ueqk9YCO_6fvklAzLPxgyyPXw5HwSIw1f4wtDN9XVHfmphvuNLNXrzxI-b1Xi4t1FIZBgX6LephgwL3LpJeP0MrKQlPpe4RI3fXfoe6yo432gH72kGCui6WgoIAZUrX2ShaS_ephxIrB3s24-QcG4pcfRcaHuIc1VhnsFSgC1IvNh1QnDnlxQ7PCVhBifXaf_7Vy9LZQYhRJ8Wj_NClPJT8NNYQOZTcXEjzLYRMxCUI8C-KZBUaZd14oZhWgTVi9xre6EyUq5lQbMl55x_f_5FXzO-dJB9EG3MtRLm1CSmPaH4slUKhk45fKTzowqYgD0ueVcqvT8JtnlxRSj2NPC0vPy4r_3H3HzKvvtICQeaR6ZP5g_UMyvLju08tZMYSqeFzYxDKuExzC8l00tc8GlFM_K15A-J7TGQXGGDZtcn8raNOMgCzq4ijr5z6hyniNzu1j8sjKZH9FX3okfINRy6kW6W168r4GSvRAFf01sCNBvcSi3gsC0djTZdeyzbcEq_oqYHdBS3Ur4bXFw_5fLVKi4oaYG4AdWgAYiPp7uATO1k3VPoxIjJyRaUt4ZG-RX3eMULUF31OAV2owfthhyFzdOhg2RBPHhpiH5lbldTHRuP3PtQKt M6J0wbOoKwHdNSQUuRFJ3Ypqol2kxFl7e6NCTlvJrPX93b4JLYMpGeK43IXqnGzdUKCUEwsqz5m_x-eawlp34VHugxrAyW23hWXivbM_2p0nBYURd-DhdEErpzv6abGo89HQ_cOocI9JNIrfJejdMvVF1SxWPfwV9xvGqYcOvECUAJ_DRs3BxHEE83gLVEvs16JvLb-UVbNul7M-2R6McfH1tLc3GXOxtIIimpz0pu0PIEf_ptwSpsXPuhUo-GzJSqN_XOqS1FAn7ELOAuxTzw4P8fQpMB3IChwEJQDo4fApstbg9hsQrW8oOO1puFFYscuNYKgFGu_fVroZtgxPveoEYsB8JvPXgAGeiblaCYcUZiuOfj14B6GAsoqzCETxmNDe5ouHWjJ10QxdPWRjQUmlS0Pe_sjXWfYuian-WodiNDpVtDhBdWI7klifiJpRUL2xyOvMODJRSLVQck5ifHXAjb05Us6JTdDJU4MjNhPsNnnuy92I0JWW6MIV-DFfkSgt8J1kxaltyhyPdNBDSgTTSEZQjRmvbt93opbejkRT8yTL96Q59Cw32SK3cKwiaDJsVctcgpsHcHK7ImcoqvzcPFwwb3v32o14oqC4KS0WZw7wW-FlYhUjkh-orlka90_rw1687nKx0D5EV8wtMpQ69n8vTSme3hjoDIBxIxUrI0k3sv6UvjfH7qQLey0eIckPtRGDzR0ydFBVfKcj2BJQPCeTj08aOzU1f26dovhO9XKbOAYvtkOYO5Q2Sp4TvcC8fezQGYqRNX-k.BIKOj0XbCIfOv_qePGSEcg \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties index 1c172a1..2455204 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties @@ -15,9 +15,6 @@ # specific language governing permissions and limitations # under the License. rs.security.keystore.type=jwk -rs.security.keystore.jwkkey=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoi\ -dk5QZzk4emFVT2RxZEJRbzhfZU5OUSIsInAyYyI6NDA5NiwiY3R5IjoiandrK2pzb24ifQ.8RodwuWBWWZp9fj5FB93D5Qf9y27eyQiqR\ -Hq0sbezF8m8ZIWjFqdgA.E5r-EbVtVttblREyU2mMVg.xI7gboooFhAcbnhBfsJD8-lbmf0sp0ZABNGLOf7ETs1TbHtRJ1qZlxczfwP2WG0\ -YggD9PsYMTllG7JeVU6xG2mF4t8kpquMiC3e4JlGJlvM.-XoyywZ0D2D9hk5w4RjnmA +rs.security.keystore.jwkkey=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiaXVHOExqSkNrN3FtcnVGRUdyMHVuUSIsInAyYyI6NDA5Nn0.TuUE2NnCsl3ZWJY7sl0uqEWxFV2ZHw5tw-0ri8Qyst5Gn6YzuPGKJw.aaesJ4e-rLFYIdxA6gMdMw.lnncuqaZ2o3lPRX9bfFh4huW5llDWXC0Gg5987pNSte0SyY7gJcg4EFPHrPdO1YSAZJmPC3hEEmcwqh42w8g2rWiyUqcJ8Z4PqEj7HkNUdE.NccysFtj5AoMMSEk2Sa6oQ rs.security.keystore.alias.jwe=AesWrapKey rs.security.jwe.content.encryption.algorithm=A128CBC-HS256 http://git-wip-us.apache.org/repos/asf/cxf/blob/1efedabb/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties index 3968284..e00378f 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties @@ -15,19 +15,6 @@ # specific language governing permissions and limitations # under the License. rs.security.keystore.type=jwk -rs.security.keystore.jwkset=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiSmZmRmp6YzhGUHhRVlFPSlVYbXZuZ\ -yIsInAyYyI6NDA5NiwiY3R5IjoiandrLXNldCtqc29uIn0.osOgt-dpiYVRkJO_jYkrC7wIzAUi_HMRzW-XjvwHJbXECJGlmzFeMw.lYcyfoR4xxkHscyZ8--p9g.x0QTLYtwB\ -tMmfRjH_wxUTsUiR2DIHFbY4SwZGKXW9E5hIfz0YJn2syO5c7ozIJrL3Al4OeCVRTg--aif0WXtLW728KdU1qDrQ3Pj8GW0J8eCUonLDJZEMssWFdroyhBvHIu-Jlpx0lnsjTSt\ -dMwwx9pL8OM4jtsOziDMjpuUqKCqfii8UfG1dKaH6FPRKsRe4K08D02XXKDopyZ1XUXNCj3ov4kgo2o_sUWcVcy8Oo56_77IvIL5CY-Itclv0EUWfI_Sd0Q9_n6m14ZyVbcU1r9\ -NMwcruGTj-6ef5-dST58rPg_D-0ngp9zJg5cfzsI9_UWAw1xQtTKQQ07vQhvIHjRDc-M58_dZ3xp__hTjrZtqAufnGrYLK-ZaQO5-5VYZglbtDtPbNA6WAUxxBBsI6FMo0y5nM0Z\ -Fo2JV1vnwoQKLERn91IwVUJbtOr1_y2osWWvwxF7iRuClKaV1XJ3Zg_F8bawstSe-gzdKMmv9AYMMrAh2TSbTvOxi5s4bvWX_vjbFN5vINzVLj-o40BT36o-V6LXylxXFOToBBuRN\ -UrHg8bhLGxZR3zVE_0panv1ruebnpWNGCwgpBK0NYornbV-i1RfreFhzWcOyHbE8hmFqMQhsuGvyrbszuxJ9rpryJsKjAxrsPb_SuhzVb-2WFsNynpTciAcGp6xjb_pm2-25u4iB\ -jOfL9PlQcaEcrIxzihb9PGzJFOfBIvteAqCOJx4iiNfutcGxBEcnV1VOLGSp8uJPoWE3n6dROYu5pqO-ztLH-mfU9IjC6K7J5ulRtbZU2_qxVpcNTClRjT5BPWMgVElfvUIkHry-X\ -6CjUUm3dh6B-zH5hTT3NTPOL7EwtebAtkiK509GOvO6pDOuqtn8-Dn92RDlh2fecDJOycjRInyt71SkrI6WhiVylhRNiZvt720Nesg41OqMweWxpgu4TGZflX9fB8sG-RBO0I1hP00\ -Zk_c4t7t4k0-qKtV56zt3LJVE6K-hGBCB_0HtPDRbWUdkKbqkJ51JUda6RnXYBe7tLlVIzcLubd1YrikKeg0JnrFNafXqMoOWmUm2Q11EHuAZUiIJkBejgSEnbgfCjUc9gckQ0vOBP\ -7ERhQJ4scpDCrG4fE5SPKo484qLxZuLhZBAntPdLCfKIav6WUg_Vbd0M7pP1vb53LdsZAsPidk_AB7_3TQdCct4xvK5C6MdHNQArlKzE9oMahQdyDWcYe7YbAu2ROwoz6xU3jKsrzJ\ -v-XI-Svw10eaE-KTlQwi8GaWw168-0Jnv23nSk5jGHh681iK8R0zbCIO2TNGZLe_jnJjiOlM-F3N-li73YEl8p30y2i0BUYTrPZYkwLUhFedlSX0hwR1jQpIoV0njzGeyf-pfySAUH\ -XOhHRA00O3BzPZAXNBDTYCi54d6ng8QtlvG_IrhLbGkVTKJt8S6bfbsdvZvK8VW8_D0zf8uMoWBTAAoOkEz2a3x-UJ120LYq8LwzksuEFPRJ56m-YRLMO39vfMnQZbOxHsjzGsIZPg\ -caMhsYQugCMfU_TIJLc4zQx0DCC5VVnOwumXBz8lV0LHUOx79TXFzYMF0-VhzO0I.P-GdQKruCwb8-iDagtZIqQ +rs.security.keystore.jwkset=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiTWJlR0VTekk2MURJaHFncnc4ZG9TZyIsInAyYyI6NDA5Nn0.MVJlK1vV0lWLt2ySU2WB_nphsWZqf6jhVfb2mGuf05mXnxqistGBng.x6itAzrmrAn9KetfUl1ZPg.2if8qkLqADwsF0li0BzhPX8Q9LLYrUE_uHfv-qo23BwOryGm_cOSj01_TVZnO58N30wYBMJZ_mgYIQTYGL_6VUJJv8_qzP_wmBUkV99VPWOrEYLf75VWvJSMwyFjGljzpYoWONvrp6QwfrKjdum8_xEOs1dgurq8Spct-y1Ueqk9YCO_6fvklAzLPxgyyPXw5HwSIw1f4wtDN9XVHfmphvuNLNXrzxI-b1Xi4t1FIZBgX6LephgwL3LpJeP0MrKQlPpe4RI3fXfoe6yo432gH72kGCui6WgoIAZUrX2ShaS_ephxIrB3s24-QcG4pcfRcaHuIc1VhnsFSgC1IvNh1QnDnlxQ7PCVhBifXaf_7Vy9LZQYhRJ8Wj_NClPJT8NNYQOZTcXEjzLYRMxCUI8C-KZBUaZd14oZhWgTVi9xre6EyUq5lQbMl55x_f_5FXzO-dJB9EG3MtRLm1CSmPaH4slUKhk45fKTzowqYgD0ueVcqvT8JtnlxRSj2NPC0vPy4r_3H3HzKvvtICQeaR6ZP5g_UMyvLju08tZMYSqeFzYxDKuExzC8l00tc8GlFM_K15A-J7TGQXGGDZtcn8raNOMgCzq4ijr5z6hyniNzu1j8sjKZH9FX3okfINRy6kW6W168r4GSvRAFf01sCNBvcSi3gsC0djTZdeyzbcEq_oqYHdBS3Ur4bXFw_5fLVKi4oaYG4AdWgAYiPp7uATO1k3VPoxIjJyRaUt4ZG-RX3eMULUF31OAV2owfthhyFzd Ohg2RBPHhpiH5lbldTHRuP3PtQKtM6J0wbOoKwHdNSQUuRFJ3Ypqol2kxFl7e6NCTlvJrPX93b4JLYMpGeK43IXqnGzdUKCUEwsqz5m_x-eawlp34VHugxrAyW23hWXivbM_2p0nBYURd-DhdEErpzv6abGo89HQ_cOocI9JNIrfJejdMvVF1SxWPfwV9xvGqYcOvECUAJ_DRs3BxHEE83gLVEvs16JvLb-UVbNul7M-2R6McfH1tLc3GXOxtIIimpz0pu0PIEf_ptwSpsXPuhUo-GzJSqN_XOqS1FAn7ELOAuxTzw4P8fQpMB3IChwEJQDo4fApstbg9hsQrW8oOO1puFFYscuNYKgFGu_fVroZtgxPveoEYsB8JvPXgAGeiblaCYcUZiuOfj14B6GAsoqzCETxmNDe5ouHWjJ10QxdPWRjQUmlS0Pe_sjXWfYuian-WodiNDpVtDhBdWI7klifiJpRUL2xyOvMODJRSLVQck5ifHXAjb05Us6JTdDJU4MjNhPsNnnuy92I0JWW6MIV-DFfkSgt8J1kxaltyhyPdNBDSgTTSEZQjRmvbt93opbejkRT8yTL96Q59Cw32SK3cKwiaDJsVctcgpsHcHK7ImcoqvzcPFwwb3v32o14oqC4KS0WZw7wW-FlYhUjkh-orlka90_rw1687nKx0D5EV8wtMpQ69n8vTSme3hjoDIBxIxUrI0k3sv6UvjfH7qQLey0eIckPtRGDzR0ydFBVfKcj2BJQPCeTj08aOzU1f26dovhO9XKbOAYvtkOYO5Q2Sp4TvcC8fezQGYqRNX-k.BIKOj0XbCIfOv_qePGSEcg rs.security.keystore.alias.jwe=AesWrapKey rs.security.jwe.content.encryption.algorithm=A128CBC-HS256