cxf git commit: CXF-6643: Upgraded Apache HTrace to 4.0 release branch. Minor fixes and adding more tests.
Repository: cxf Updated Branches: refs/heads/master a1d59ed7a -> e27ccedf7 CXF-6643: Upgraded Apache HTrace to 4.0 release branch. Minor fixes and adding more tests. Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e27ccedf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e27ccedf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e27ccedf Branch: refs/heads/master Commit: e27ccedf71d44ca5b20296e8401eef302311ebff Parents: a1d59ed Author: reta Authored: Thu Oct 15 21:28:53 2015 -0400 Committer: reta Committed: Thu Oct 15 21:28:53 2015 -0400 -- .../tracing/htrace/AbstractHTraceProvider.java | 2 +- .../cxf/tracing/htrace/HTraceTracerContext.java | 6 +- .../cxf/systest/jaxrs/tracing/BookStore.java| 20 .../jaxrs/tracing/htrace/HTraceTracingTest.java | 16 4 files changed, 42 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e27ccedf/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/AbstractHTraceProvider.java -- diff --git a/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/AbstractHTraceProvider.java b/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/AbstractHTraceProvider.java index 76ca4f3..952b12f 100644 --- a/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/AbstractHTraceProvider.java +++ b/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/AbstractHTraceProvider.java @@ -109,7 +109,7 @@ public abstract class AbstractHTraceProvider extends AbstractTracingProvider { try { return SpanId.fromString(value.get(0)); } catch (NumberFormatException ex) { -LOG.log(Level.FINE, String.format("Unable to parse '%s' header value to long number", header), ex); +LOG.log(Level.FINE, String.format("Unable to parse '%s' header value to Span Id", header), ex); } } return defaultValue; http://git-wip-us.apache.org/repos/asf/cxf/blob/e27ccedf/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/HTraceTracerContext.java -- diff --git a/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/HTraceTracerContext.java b/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/HTraceTracerContext.java index cc8b2c9..52a43f9 100644 --- a/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/HTraceTracerContext.java +++ b/integration/tracing/tracing-htrace/src/main/java/org/apache/cxf/tracing/htrace/HTraceTracerContext.java @@ -47,14 +47,18 @@ public class HTraceTracerContext implements TracerContext { @Override public T continueSpan(final Traceable traceable) throws Exception { +boolean attached = false; if (!isTracing() && continuationScope != null) { continuationScope.reattach(); +attached = true; } try { return traceable.call(new HTraceTracerContext(tracer)); } finally { -continuationScope.detach(); +if (continuationScope != null && attached) { +continuationScope.detach(); +} } } http://git-wip-us.apache.org/repos/asf/cxf/blob/e27ccedf/systests/tracing/src/test/java/org/apache/cxf/systest/jaxrs/tracing/BookStore.java -- diff --git a/systests/tracing/src/test/java/org/apache/cxf/systest/jaxrs/tracing/BookStore.java b/systests/tracing/src/test/java/org/apache/cxf/systest/jaxrs/tracing/BookStore.java index 7df41da..89bdab1 100644 --- a/systests/tracing/src/test/java/org/apache/cxf/systest/jaxrs/tracing/BookStore.java +++ b/systests/tracing/src/test/java/org/apache/cxf/systest/jaxrs/tracing/BookStore.java @@ -114,6 +114,26 @@ public class BookStore { } @GET +@Path("/books/pseudo-async") +@Produces(MediaType.APPLICATION_JSON) +public Collection getBooksPseudoAsync() throws Exception { +return tracer.continueSpan(new Traceable>() { +@Override +public Collection call(final TracerContext context) throws Exception { +return tracer.wrap("Processing books", new Traceable>() { +@Override +public Collection call(final TracerContext context) throws Exception { +return Arrays.asList( +new Book("Apache CXF in Action", UUID.randomUUID().to
cxf git commit: [CXF-6640] Fixing a locale issue
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes c1ec2650d -> ffba6ce5c [CXF-6640] Fixing a locale issue Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ffba6ce5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ffba6ce5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ffba6ce5 Branch: refs/heads/2.7.x-fixes Commit: ffba6ce5ca133043bfb9ab2423ee2fab69307989 Parents: c1ec265 Author: Sergey Beryozkin Authored: Thu Oct 15 17:36:17 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 17:41:10 2015 +0100 -- .../org/apache/cxf/jaxrs/utils/HttpUtils.java | 21 ++-- .../cxf/jaxrs/impl/HttpHeadersImplTest.java | 9 + 2 files changed, 20 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ffba6ce5/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java index 1a7520f..1639d73 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java @@ -196,15 +196,24 @@ public final class HttpUtils { if (value == null) { return null; } - -String[] values = StringUtils.split(value, "-"); -if (values.length == 0 || values.length > 2) { +String language = null; +String locale = null; +int index = value.indexOf('-'); +if (index == 0 || index == value.length() - 1) { throw new IllegalArgumentException("Illegal locale value : " + value); } -if (values.length == 1) { -return new Locale(values[0]); + +if (index > 0) { +language = value.substring(0, index); +locale = value.substring(index + 1); +} else { +language = value; +} + +if (locale == null) { +return new Locale(language); } else { -return new Locale(values[0], values[1]); +return new Locale(language, locale); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/ffba6ce5/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java -- diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java index 46efabd..d484f21 100644 --- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java +++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java @@ -432,15 +432,16 @@ public class HttpHeadersImplTest extends Assert { m.get(Message.PROTOCOL_HEADERS); MetadataMap headers = createHeader(HttpHeaders.ACCEPT_LANGUAGE, - "en;q=0.7, en-gb;q=0.8, da"); + "en;q=0.7, en-gb;q=0.8, da, zh-Hans-SG;q=0.9"); EasyMock.expectLastCall().andReturn(headers); control.replay(); HttpHeaders h = new HttpHeadersImpl(m); List languages = h.getAcceptableLanguages(); -assertEquals(3, languages.size()); +assertEquals(4, languages.size()); assertEquals(new Locale("da"), languages.get(0)); -assertEquals(new Locale("en", "GB"), languages.get(1)); -assertEquals(new Locale("en"), languages.get(2)); +assertEquals(new Locale("zh", "Hans-SG"), languages.get(1)); +assertEquals(new Locale("en", "GB"), languages.get(2)); +assertEquals(new Locale("en"), languages.get(3)); }
cxf git commit: [CXF-6640] Fixing a locale issue
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 12e7132eb -> 07fbca8d5 [CXF-6640] Fixing a locale issue Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/07fbca8d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/07fbca8d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/07fbca8d Branch: refs/heads/3.0.x-fixes Commit: 07fbca8d5e8a8578c273ec1d42f8fea0f54dea98 Parents: 12e7132 Author: Sergey Beryozkin Authored: Thu Oct 15 17:36:17 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 17:40:23 2015 +0100 -- .../org/apache/cxf/jaxrs/utils/HttpUtils.java | 21 ++-- .../cxf/jaxrs/impl/HttpHeadersImplTest.java | 9 + 2 files changed, 20 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/07fbca8d/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java index 76c66e9..c6c8dc1 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java @@ -275,15 +275,24 @@ public final class HttpUtils { if (value == null) { return null; } - -String[] values = StringUtils.split(value, "-"); -if (values.length == 0 || values.length > 2) { +String language = null; +String locale = null; +int index = value.indexOf('-'); +if (index == 0 || index == value.length() - 1) { throw new IllegalArgumentException("Illegal locale value : " + value); } -if (values.length == 1) { -return new Locale(values[0]); + +if (index > 0) { +language = value.substring(0, index); +locale = value.substring(index + 1); +} else { +language = value; +} + +if (locale == null) { +return new Locale(language); } else { -return new Locale(values[0], values[1]); +return new Locale(language, locale); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/07fbca8d/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java -- diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java index c072021..c82af5d 100644 --- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java +++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java @@ -462,15 +462,16 @@ public class HttpHeadersImplTest extends Assert { m.get(Message.PROTOCOL_HEADERS); MetadataMap headers = createHeader(HttpHeaders.ACCEPT_LANGUAGE, - "en;q=0.7, en-gb;q=0.8, da"); + "en;q=0.7, en-gb;q=0.8, da, zh-Hans-SG;q=0.9"); EasyMock.expectLastCall().andReturn(headers); control.replay(); HttpHeaders h = new HttpHeadersImpl(m); List languages = h.getAcceptableLanguages(); -assertEquals(3, languages.size()); +assertEquals(4, languages.size()); assertEquals(new Locale("da"), languages.get(0)); -assertEquals(new Locale("en", "GB"), languages.get(1)); -assertEquals(new Locale("en"), languages.get(2)); +assertEquals(new Locale("zh", "Hans-SG"), languages.get(1)); +assertEquals(new Locale("en", "GB"), languages.get(2)); +assertEquals(new Locale("en"), languages.get(3)); }
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes caa4bc21a -> c1ec2650d Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c1ec2650 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c1ec2650 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c1ec2650 Branch: refs/heads/2.7.x-fixes Commit: c1ec2650d8676268271d2c91016622c23a44c6ac Parents: caa4bc2 Author: Colm O hEigeartaigh Authored: Thu Oct 15 17:37:31 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 17:37:31 2015 +0100 -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c1ec2650/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 3fa4f8f..761251a 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -173,6 +173,7 @@ B 12a73a9486961dce563f25b376626d9ae3453005 B 12c2906a1958a1e669c6dd9ff8b7555719bee898 B 12c910c524c8dd40149b087312763b3d2a4434b0 B 12d19ffe7af4b18472aa571c5bb9531c8a68e9b0 +B 12e7132ebb70c00f3af72cbd06152a882480aa8c B 12e8613a90c00b8d34cf624003e7549423639e2b B 12eda4f03c46507e78ffc78b0fb1b8f4b5726efa B 12ee3fb1475d16010a6df3b0580c0f67b893d511 @@ -884,6 +885,7 @@ B 5dc29c16f921f7dedf604bc082cf9069c11f120c B 5dcb1f334dacda20a5c0d04f131e7a1007c74a40 B 5e40ea351fa45006513f0fbc7d80747d321f12b4 B 5e673228d95f317c2d9f394011a0b6af6d481d0d +B 5e7d0210744661ca3d9225fa972f6754f94d90aa B 5e89d9e9e0d0872547742972af55cb243e1d5718 B 5e94c8035b7912c846d2ff361e318b52b35835bc B 5e9eb6f475603e06962c6b337e1b6301b922
[2/2] cxf git commit: Adding more rs-security tests
Adding more rs-security tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5e7d0210 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5e7d0210 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5e7d0210 Branch: refs/heads/3.0.x-fixes Commit: 5e7d0210744661ca3d9225fa972f6754f94d90aa Parents: 9800ee0 Author: Colm O hEigeartaigh Authored: Thu Oct 15 17:33:50 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 17:35:52 2015 +0100 -- .../systest/jaxrs/security/jwt/BookStore.java | 8 ++ .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 11 +++ .../jaxrs/security/jwt/JAXRSJwsJsonTest.java| 30 +++- .../security/certs/jwkModifiedPrivateSet.txt| 13 + .../jaxrs/security/secret.jwk.bad.properties| 21 ++ 5 files changed, 82 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5e7d0210/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java index b56ce36..dcbeb28 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java @@ -49,6 +49,14 @@ public class BookStore { return book; } +@POST +@Path("/books") +@Produces("application/xml") +@Consumes("application/xml") +public Book echoBook2(Book book) { +return book; +} + } http://git-wip-us.apache.org/repos/asf/cxf/blob/5e7d0210/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index e69191b..e770b3f 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -449,6 +449,17 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { assertEquals("book", text); } +// Test signing and encrypting an XML payload +@Test +public void testJweRsaJwsRsaXML() throws Exception { +String address = "https://localhost:"; + PORT + "/jwejwsrsa"; +BookStore bs = createJweJwsBookStore(address, null, null); +Book book = new Book(); +book.setName("book"); +book = bs.echoBook2(book); +assertEquals("book", book.getName()); +} + private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider { private String password = "password"; public PrivateKeyPasswordProviderImpl() { http://git-wip-us.apache.org/repos/asf/cxf/blob/5e7d0210/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java index 91cc064..a72c6f9 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java @@ -30,6 +30,7 @@ import java.util.List; import java.util.Map; import javax.crypto.Cipher; +import javax.ws.rs.BadRequestException; import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider; @@ -136,10 +137,37 @@ public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase { List properties = new ArrayList(); properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties"); BookStore bs = createBookStore(address, properties, null); -Book book = bs.echoBook(new Book("book", 123L)); +Book book = bs.echoBook2(new Book("book", 123L)); assertEquals("book", book.getName()); assertEquals(123L, book.getId()); } + +// Test signing an XML payload +@Test +public void testJwsJsonPlainTextHmacXML() throws Exception { +String address = "https://localhost:"; + PORT + "/jwsjsonhmac"; +
cxf git commit: [CXF-6640] Fixing a locale issue
Repository: cxf Updated Branches: refs/heads/master f456dd41b -> a1d59ed7a [CXF-6640] Fixing a locale issue Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a1d59ed7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a1d59ed7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a1d59ed7 Branch: refs/heads/master Commit: a1d59ed7af2a7db38d885f52034d2c79b4da332a Parents: f456dd4 Author: Sergey Beryozkin Authored: Thu Oct 15 17:36:17 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 17:36:17 2015 +0100 -- .../org/apache/cxf/jaxrs/utils/HttpUtils.java | 21 ++-- .../cxf/jaxrs/impl/HttpHeadersImplTest.java | 9 + 2 files changed, 20 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a1d59ed7/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java index 76c66e9..c6c8dc1 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/HttpUtils.java @@ -275,15 +275,24 @@ public final class HttpUtils { if (value == null) { return null; } - -String[] values = StringUtils.split(value, "-"); -if (values.length == 0 || values.length > 2) { +String language = null; +String locale = null; +int index = value.indexOf('-'); +if (index == 0 || index == value.length() - 1) { throw new IllegalArgumentException("Illegal locale value : " + value); } -if (values.length == 1) { -return new Locale(values[0]); + +if (index > 0) { +language = value.substring(0, index); +locale = value.substring(index + 1); +} else { +language = value; +} + +if (locale == null) { +return new Locale(language); } else { -return new Locale(values[0], values[1]); +return new Locale(language, locale); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/a1d59ed7/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java -- diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java index c072021..c82af5d 100644 --- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java +++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/HttpHeadersImplTest.java @@ -462,15 +462,16 @@ public class HttpHeadersImplTest extends Assert { m.get(Message.PROTOCOL_HEADERS); MetadataMap headers = createHeader(HttpHeaders.ACCEPT_LANGUAGE, - "en;q=0.7, en-gb;q=0.8, da"); + "en;q=0.7, en-gb;q=0.8, da, zh-Hans-SG;q=0.9"); EasyMock.expectLastCall().andReturn(headers); control.replay(); HttpHeaders h = new HttpHeadersImpl(m); List languages = h.getAcceptableLanguages(); -assertEquals(3, languages.size()); +assertEquals(4, languages.size()); assertEquals(new Locale("da"), languages.get(0)); -assertEquals(new Locale("en", "GB"), languages.get(1)); -assertEquals(new Locale("en"), languages.get(2)); +assertEquals(new Locale("zh", "Hans-SG"), languages.get(1)); +assertEquals(new Locale("en", "GB"), languages.get(2)); +assertEquals(new Locale("en"), languages.get(3)); }
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 9800ee0a5 -> 12e7132eb Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/12e7132e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/12e7132e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/12e7132e Branch: refs/heads/3.0.x-fixes Commit: 12e7132ebb70c00f3af72cbd06152a882480aa8c Parents: 5e7d021 Author: Colm O hEigeartaigh Authored: Thu Oct 15 17:35:52 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 17:35:52 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/12e7132e/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 432757c..1db61a8 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -689,6 +689,7 @@ M efaf05170b4f76ad61ff423e30ece58bdd226ae5 M f02b02934bf78504ffc462c364dc43e386e727b2 M f399b9290e42726e30333f261d8d7f6abc4768cc M f3cfadb6e7bae9233a03fa6bf862ed8eb64ce237 +M f456dd41b6352dd55404272d351b1580b53558f7 M f5bca059c318d6943eb69a1b6c0600c11acef7ff M f74e2e060b93fbbfc05ace263fe7f4f588b63e4d M f7c884a077b7e7dc1b74d6f3bc4240baf0695510
cxf git commit: Adding more rs-security tests
Repository: cxf Updated Branches: refs/heads/master 0430e7756 -> f456dd41b Adding more rs-security tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f456dd41 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f456dd41 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f456dd41 Branch: refs/heads/master Commit: f456dd41b6352dd55404272d351b1580b53558f7 Parents: 0430e77 Author: Colm O hEigeartaigh Authored: Thu Oct 15 17:33:50 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 17:34:07 2015 +0100 -- .../systest/jaxrs/security/jwt/BookStore.java | 8 ++ .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 11 +++ .../jaxrs/security/jwt/JAXRSJwsJsonTest.java| 30 +++- .../security/certs/jwkModifiedPrivateSet.txt| 13 + .../jaxrs/security/secret.jwk.bad.properties| 21 ++ 5 files changed, 82 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f456dd41/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java index b56ce36..dcbeb28 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookStore.java @@ -49,6 +49,14 @@ public class BookStore { return book; } +@POST +@Path("/books") +@Produces("application/xml") +@Consumes("application/xml") +public Book echoBook2(Book book) { +return book; +} + } http://git-wip-us.apache.org/repos/asf/cxf/blob/f456dd41/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index 3d558d5..79f418e 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -419,6 +419,17 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { assertEquals("book", text); } +// Test signing and encrypting an XML payload +@Test +public void testJweRsaJwsRsaXML() throws Exception { +String address = "https://localhost:"; + PORT + "/jwejwsrsa"; +BookStore bs = createJweJwsBookStore(address, null, null); +Book book = new Book(); +book.setName("book"); +book = bs.echoBook2(book); +assertEquals("book", book.getName()); +} + private static class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider { private String password = "password"; PrivateKeyPasswordProviderImpl() { http://git-wip-us.apache.org/repos/asf/cxf/blob/f456dd41/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java index 33f55737..1eded3c 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java @@ -30,6 +30,7 @@ import java.util.List; import java.util.Map; import javax.crypto.Cipher; +import javax.ws.rs.BadRequestException; import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider; @@ -128,10 +129,37 @@ public class JAXRSJwsJsonTest extends AbstractBusClientServerTestBase { List properties = new ArrayList(); properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac2.properties"); BookStore bs = createBookStore(address, properties, null); -Book book = bs.echoBook(new Book("book", 123L)); +Book book = bs.echoBook2(new Book("book", 123L)); assertEquals("book", book.getName()); assertEquals(123L, book.getId()); } + +// Test signing an XML payload +@Test +public void testJwsJsonPlainTextHmacXML() throws Exception { +
cxf-fediz git commit: [FEDIZ-131] Adding a CXF plugin JAX-RS demo, with some updates pending
Repository: cxf-fediz Updated Branches: refs/heads/master f4eeabd85 -> f9b182f07 [FEDIZ-131] Adding a CXF plugin JAX-RS demo, with some updates pending Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f9b182f0 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f9b182f0 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f9b182f0 Branch: refs/heads/master Commit: f9b182f07abf72331720f1c3476cef336144c798 Parents: f4eeabd Author: Sergey Beryozkin Authored: Thu Oct 15 17:28:59 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 17:28:59 2015 +0100 -- examples/jaxrsCxfPluginWebapp/README.txt| 71 +++ examples/jaxrsCxfPluginWebapp/pom.xml | 107 + .../cxf/fediz/example/FederationService.java| 118 +++ .../src/main/resources/fediz_config.xml | 56 + .../src/main/resources/log4j.properties | 22 .../src/main/resources/ststrust.jks | Bin 0 -> 3908 bytes .../WEB-INF/applicationContext-security.xml | 43 +++ .../src/main/webapp/WEB-INF/fediz_config.xml| 56 + .../src/main/webapp/WEB-INF/web.xml | 72 +++ .../src/main/webapp/index.html | 25 .../src/main/webapp/secure/test.html| 25 11 files changed, 595 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/README.txt -- diff --git a/examples/jaxrsCxfPluginWebapp/README.txt b/examples/jaxrsCxfPluginWebapp/README.txt new file mode 100644 index 000..285b6e8 --- /dev/null +++ b/examples/jaxrsCxfPluginWebapp/README.txt @@ -0,0 +1,71 @@ +JAX-RS CXF Plugin Web Application Demo +== + +This demo shows how to build and deploy an SSO protected CXF JAX-RS web application +using Apache CXF Fediz and Fediz CXF Plugin. + + +Running this sample consists of four steps: + +- Configure the Tomcat-IDP and Servlet Container for RP instances +- Building the demo using Maven +- Deploying the demo to the RP instance +- Testing the demo + +Please review the README in the samples main directory before continuing. + +Configure the Tomcat-IDP and Servlet Container for RP instances +--- +First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP +STS has been configured and is running as described here: +http://cxf.apache.org/fediz-idp.html. Confirm the STS is active by +checking that the WSDL is viewable from the browser using the URL given +on that page--don't proceed further unless it is. + + +Demo Web Application + +The main code lives in the class FederationService. This JAX-RS Service is protected +and can be accessed only if the browser user is authenticated. The purpose of +the FederationService is to illustrate the usage of the Java Servlet Security +API to get the authenticated user and to check the roles he has. Further, +the FederationService shows how to access claims data (user data) which were +stored in the SAML token by using the Fediz interface FedizPrincipal. +Beyond that, the FederationService illustrates how to access the SAML token +if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java +can be used to achieve that. You could get this information directly from the +HTTP session. + + +Building the demo using Maven +- +From the base directory of this sample (i.e., where this README file is +located), the pom.xml file is used to build and run the demo. From a +command prompt, enter: + + mvn clean install (builds the demo and creates a WAR file for Servlet deployment) + + +Deploying the demo to Tomcat + +Either manually copy this sample's generated WAR file to the Tomcat-RP's +webapps folder, or use the Tomcat Maven Plugin as described in the README file +in the example folder root. +It's recommended to not deploy this WAR into Servlet Container where Fediz is +integrated into the Security Layer of the Container itself. + + +Test the demo +- +Enter the following URL into the browser (TCP port depends on your HTTP settings): + +https://localhost:10443/fedizhelloworld/secure/fedservlet + +The browser is redirected to the IDP and prompts for username and password. As described +in the IDP installation, the following users are already set up: + +User: alice Password: ecila +User: bob Password: bob +User: ted Password: det + + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f9b182f0/examples/jaxrsCxfPluginWebapp/pom.xml -
cxf-fediz git commit: Minor update to CXF plugin to use ResourceUtils (ResourceResolver extension) to load a config file, and using a default config file name if none is set
Repository: cxf-fediz Updated Branches: refs/heads/1.2.x-fixes 7f2045010 -> 8acd00d2a Minor update to CXF plugin to use ResourceUtils (ResourceResolver extension) to load a config file, and using a default config file name if none is set Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8acd00d2 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8acd00d2 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8acd00d2 Branch: refs/heads/1.2.x-fixes Commit: 8acd00d2a55243c3d198b1c284eb2f4a39fc7294 Parents: 7f20450 Author: Sergey Beryozkin Authored: Thu Oct 15 11:33:30 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 15:21:58 2015 +0100 -- .../plugin/AbstractServiceProviderFilter.java | 21 ++-- 1 file changed, 15 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8acd00d2/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java -- diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java index 43cd8d3..b9e89a9 100644 --- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java +++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java @@ -37,7 +37,8 @@ import javax.ws.rs.core.HttpHeaders; import javax.xml.bind.JAXBException; import org.w3c.dom.Element; -import org.apache.cxf.common.classloader.ClassLoaderUtils; + +import org.apache.cxf.BusFactory; import org.apache.cxf.common.i18n.BundleUtils; import org.apache.cxf.fediz.core.SecurityTokenThreadLocal; import org.apache.cxf.fediz.core.config.FedizConfigurator; @@ -48,6 +49,7 @@ import org.apache.cxf.fediz.cxf.plugin.state.ResponseState; import org.apache.cxf.fediz.cxf.plugin.state.SPStateManager; import org.apache.cxf.jaxrs.impl.HttpHeadersImpl; import org.apache.cxf.jaxrs.impl.UriInfoImpl; +import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.staxutils.StaxUtils; @@ -85,15 +87,19 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF } @PostConstruct -public synchronized void configure() throws JAXBException, MalformedURLException { +public synchronized void configure() throws JAXBException, IOException { if (configurator == null) { +String actualConfigFile = configFile; +if (actualConfigFile == null) { +actualConfigFile = "fediz_config.xml"; +} try { -File f = new File(configFile); +File f = new File(actualConfigFile); if (!f.exists()) { -URL url = ClassLoaderUtils.getResource(configFile, - AbstractServiceProviderFilter.class); +URL url = ResourceUtils.getResourceURL(actualConfigFile, + BusFactory.getThreadDefaultBus()); if (url == null) { -url = new URL(configFile); +url = new URL(actualConfigFile); } if (url != null) { f = new File(url.getPath()); @@ -108,6 +114,9 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF } catch (MalformedURLException e) { LOG.error("Error in loading configuration file", e); throw e; +} catch (Exception e) { +LOG.error("Error in loading configuration file", e); +throw new IOException(e); } }
cxf git commit: [CXF-6642] Making sure TL storage is cleaned up when Response.readEntity is called directly
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 7a02829e6 -> 9800ee0a5 [CXF-6642] Making sure TL storage is cleaned up when Response.readEntity is called directly Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9800ee0a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9800ee0a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9800ee0a Branch: refs/heads/3.0.x-fixes Commit: 9800ee0a5cca34e422090520a5789723e6efd88a Parents: 7a02829 Author: Sergey Beryozkin Authored: Thu Oct 15 15:00:05 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 15:06:59 2015 +0100 -- .../src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9800ee0a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java index 681142a..f172737 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java @@ -376,6 +376,11 @@ public final class ResponseImpl extends Response { } catch (Exception ex) { autoClose(cls, true); reportMessageHandlerProblem("MSG_READER_PROBLEM", cls, mediaType, ex); +} finally { +ProviderFactory pf = ProviderFactory.getInstance(outMessage); +if (pf != null) { +pf.clearThreadLocalProxies(); +} } } else if (entity != null && cls.isAssignableFrom(entity.getClass())) { lastEntity = entity;
cxf git commit: [CXF-6642] Making sure TL storage is cleaned up when Response.readEntity is called directly
Repository: cxf Updated Branches: refs/heads/master 6d6302720 -> 0430e7756 [CXF-6642] Making sure TL storage is cleaned up when Response.readEntity is called directly Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0430e775 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0430e775 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0430e775 Branch: refs/heads/master Commit: 0430e7756e89e6402ec6a59256523725e81aba88 Parents: 6d63027 Author: Sergey Beryozkin Authored: Thu Oct 15 15:00:05 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 15:00:05 2015 +0100 -- .../src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0430e775/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java index 681142a..f172737 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/impl/ResponseImpl.java @@ -376,6 +376,11 @@ public final class ResponseImpl extends Response { } catch (Exception ex) { autoClose(cls, true); reportMessageHandlerProblem("MSG_READER_PROBLEM", cls, mediaType, ex); +} finally { +ProviderFactory pf = ProviderFactory.getInstance(outMessage); +if (pf != null) { +pf.clearThreadLocalProxies(); +} } } else if (entity != null && cls.isAssignableFrom(entity.getClass())) { lastEntity = entity;
[2/3] cxf git commit: Avoid having to specify a JwsHeader at all when submitting a JwtToken
Avoid having to specify a JwsHeader at all when submitting a JwtToken Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e139b837 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e139b837 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e139b837 Branch: refs/heads/3.0.x-fixes Commit: e139b837d60f78d201c2066964f082f15d556273 Parents: e898a0a Author: Colm O hEigeartaigh Authored: Thu Oct 15 14:33:36 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 14:49:30 2015 +0100 -- .../security/jose/jws/JwsCompactProducer.java | 16 ++ .../cxf/rs/security/jose/jws/JwsUtils.java | 2 +- .../jaxrs/JwtAuthenticationClientFilter.java| 22 +--- 3 files changed, 18 insertions(+), 22 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e139b837/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index a74960a..06e1dbd 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -19,10 +19,15 @@ package org.apache.cxf.rs.security.jose.jws; import java.security.PrivateKey; +import java.util.Properties; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.PhaseInterceptorChain; +import org.apache.cxf.rs.security.jose.common.JoseConstants; +import org.apache.cxf.rs.security.jose.common.KeyManagementUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; @@ -131,6 +136,17 @@ public class JwsCompactProducer { } private void checkAlgorithm() { if (getAlgorithm() == null) { +Message m = PhaseInterceptorChain.getCurrentMessage(); +Properties props = KeyManagementUtils.loadStoreProperties(m, false, + JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, + JoseConstants.RSSEC_SIGNATURE_PROPS); +String signatureAlgo = JwsUtils.getSignatureAlgo(m, props, null, null); +if (signatureAlgo != null) { + getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(signatureAlgo)); +} +} + +if (getAlgorithm() == null) { throw new JwsException(JwsException.Error.INVALID_ALGORITHM); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/e139b837/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index e4d7df1..82dbb49 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -359,7 +359,7 @@ public final class JwsUtils { } @SuppressWarnings("deprecation") -private static String getSignatureAlgo(Message m, Properties props, String algo, String defaultAlgo) { +public static String getSignatureAlgo(Message m, Properties props, String algo, String defaultAlgo) { if (algo == null) { if (defaultAlgo == null) { defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO; http://git-wip-us.apache.org/repos/asf/cxf/blob/e139b837/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java -- diff --git a/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java index 16622ef..a0946ce 100644 --- a/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.jav
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes a8c3b28f5 -> caa4bc21a Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/caa4bc21 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/caa4bc21 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/caa4bc21 Branch: refs/heads/2.7.x-fixes Commit: caa4bc21ad03b4c8ec18f054e15224aa4428cc30 Parents: a8c3b28 Author: Colm O hEigeartaigh Authored: Thu Oct 15 14:53:38 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 14:53:38 2015 +0100 -- .gitmergeinfo | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/caa4bc21/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 1921474..3fa4f8f 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1143,6 +1143,7 @@ B 79a1d5ae953de1d6e3e55501097a8224ab64948a B 79b95e94bbfa19e53fadfaffc91153a5976e02ad B 79bd4f37f7fea32346195180566d1c2562d79871 B 79be65ac292c636427922f61e85de6737c7b4975 +B 7a02829e62aa273db3e0966ee961ae6f0c25183a B 7a2608611dd2a1702ea161601fd609ff7bab491c B 7a5d8184f175e461a508270b5620a9702adda18f B 7a9039c7a6d001974b70cbd1df064991c8f291a1 @@ -2074,6 +2075,7 @@ B e0b7f35566bdcb2f364f85caa70c4b100433ed8a B e0ff63e15b4d016f887307ec02c7f1a079988da6 B e1079067f58abda2a80ccc309e762ea9f064fc3d B e10f669c0085b797d2e8b25514405569f6f48924 +B e139b837d60f78d201c2066964f082f15d556273 B e163f8a5d347abf183d8fe406db826118838fa1e B e17409d6b63fd8d2bf225edda74cd55da191db3e B e1885f1a25cbfb199b58da407e5c07a174401635 @@ -2158,6 +2160,7 @@ B e7fe2b7ec6a4df1e0b9d27ebdd9ff74ac8ad267d B e80db09d37d99d540cdbef7114efeb26317e3a52 B e82847091d5a4776ce2cd9d6ebf3d98f4ebc3558 B e87711abf86054a8fee51d1a33399ad26c878a67 +B e898a0a4f6ef29922f0f286af8a670bcfaab9df9 B e8a265088255cf4d04f6dbed64dccfb6c0f31c28 B e8abc3beb291e979fe9a6b932ad3fcbe0b08b64f B e8aced67f49eaefc5868ae5bc1a59f69a7b777fb
[1/3] cxf git commit: Give priority to the signature/decryption provider over the generic one, rather than the one way around
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 779acfaa4 -> 7a02829e6 Give priority to the signature/decryption provider over the generic one, rather than the one way around Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e898a0a4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e898a0a4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e898a0a4 Branch: refs/heads/3.0.x-fixes Commit: e898a0a4f6ef29922f0f286af8a670bcfaab9df9 Parents: 779acfa Author: Colm O hEigeartaigh Authored: Thu Oct 15 11:58:13 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 14:49:29 2015 +0100 -- .../rs/security/jose/common/JoseConstants.java | 26 ++-- .../jose/common/KeyManagementUtils.java | 12 + 2 files changed, 20 insertions(+), 18 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e898a0a4/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index b85d1ce..89dd079 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -53,7 +53,7 @@ public final class JoseConstants { // // -// Keys/keystore configuration +// Shared Keys/keystore configuration // /** @@ -92,18 +92,6 @@ public final class JoseConstants { public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; /** - * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys - * for signature. - */ -public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; - -/** - * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys - * for decryption. - */ -public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; - -/** * TODO documentation for these */ public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms"; @@ -118,6 +106,12 @@ public final class JoseConstants { // /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys + * for signature. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER. + */ +public static final String RSSEC_SIGNATURE_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; + +/** * The signature algorithm to use. For example 'RS256'. */ public static final String RSSEC_SIGNATURE_ALGORITHM = "rs.security.signature.algorithm"; @@ -159,6 +153,12 @@ public final class JoseConstants { // /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys + * for decryption. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER. + */ +public static final String RSSEC_DECRYPTION_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; + +/** * The encryption content algorithm to use. */ public static final String RSSEC_ENCRYPTION_CONTENT_ALGORITHM = "rs.security.encryption.content.algorithm"; http://git-wip-us.apache.org/repos/asf/cxf/blob/e898a0a4/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 917c856..23370ef 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -166,16 +166,18 @@ public final class KeyManagementUtils { return kid; } public static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties props, KeyOperation keyOper) { -PrivateKeyPasswordProvider cb = - (PrivateKeyPasswordProvider)m.getContextualProperty(JoseConstants.RSSEC_KEY_PSWD_PROVIDER);
[3/3] cxf git commit: Unregister BouncyCastle properly
Unregister BouncyCastle properly Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7a02829e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7a02829e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7a02829e Branch: refs/heads/3.0.x-fixes Commit: 7a02829e62aa273db3e0966ee961ae6f0c25183a Parents: e139b83 Author: Colm O hEigeartaigh Authored: Thu Oct 15 14:47:27 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 14:49:32 2015 +0100 -- .../cxf/rs/security/jose/jwe/AbstractJweEncryption.java | 1 + .../cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java | 8 .../cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java | 2 +- .../apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java | 2 +- .../apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java | 2 +- .../cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java | 2 +- .../org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java | 4 ++-- .../cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java | 2 +- .../cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java | 2 +- .../cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java | 2 +- 10 files changed, 14 insertions(+), 13 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7a02829e/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 561df8d..acc9933 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -128,6 +128,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { try { return CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps); } catch (SecurityException ex) { +LOG.fine(ex.getMessage()); if (ex.getCause() instanceof NoSuchAlgorithmException) { LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo()); throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM); http://git-wip-us.apache.org/repos/asf/cxf/blob/7a02829e/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java -- diff --git a/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java b/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java index 1c1bb04..40fb210 100644 --- a/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java +++ b/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java @@ -434,7 +434,7 @@ public class JwsJoseCookBookTest { jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384)); -Security.removeProvider(BouncyCastleProvider.class.getName()); +Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } @Test public void testECDSASignature() throws Exception { @@ -468,7 +468,7 @@ public class JwsJoseCookBookTest { JsonWebKey ecPublicKey = publicKeys.get(0); assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512)); } finally { -Security.removeProvider(BouncyCastleProvider.class.getName()); +Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } } @Test @@ -654,7 +654,7 @@ public class JwsJoseCookBookTest { assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512)); assertTrue(jsonConsumer.verifySignatureWith(hmacKey, SignatureAlgorithm.HS256)); } finally { -Security.removeProvider(BouncyCastleProvider.class.getName()); +Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } } public JsonWebKeys readKeySet(String fileName) throws Exception { @@ -662,4 +662,4 @@ public class JwsJoseCookBookTest { String s = IOUtils.readStringFromStream(is); return JwkUtils.readJwkSet(s); } -} \ No newline at end of file +}
[2/3] cxf git commit: Avoid having to specify a JwsHeader at all when submitting a JwtToken
Avoid having to specify a JwsHeader at all when submitting a JwtToken Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2f9874b4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2f9874b4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2f9874b4 Branch: refs/heads/master Commit: 2f9874b4a02f5dfe90c55f97bc6570d92331dd7d Parents: 1c16f52 Author: Colm O hEigeartaigh Authored: Thu Oct 15 14:33:36 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 14:33:36 2015 +0100 -- .../security/jose/jws/JwsCompactProducer.java | 16 ++ .../cxf/rs/security/jose/jws/JwsUtils.java | 2 +- .../jaxrs/JwtAuthenticationClientFilter.java| 22 +--- 3 files changed, 18 insertions(+), 22 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2f9874b4/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index a74960a..06e1dbd 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -19,10 +19,15 @@ package org.apache.cxf.rs.security.jose.jws; import java.security.PrivateKey; +import java.util.Properties; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.PhaseInterceptorChain; +import org.apache.cxf.rs.security.jose.common.JoseConstants; +import org.apache.cxf.rs.security.jose.common.KeyManagementUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; @@ -131,6 +136,17 @@ public class JwsCompactProducer { } private void checkAlgorithm() { if (getAlgorithm() == null) { +Message m = PhaseInterceptorChain.getCurrentMessage(); +Properties props = KeyManagementUtils.loadStoreProperties(m, false, + JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, + JoseConstants.RSSEC_SIGNATURE_PROPS); +String signatureAlgo = JwsUtils.getSignatureAlgo(m, props, null, null); +if (signatureAlgo != null) { + getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(signatureAlgo)); +} +} + +if (getAlgorithm() == null) { throw new JwsException(JwsException.Error.INVALID_ALGORITHM); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/2f9874b4/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index 914f315..7142ffc 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -358,7 +358,7 @@ public final class JwsUtils { } @SuppressWarnings("deprecation") -private static String getSignatureAlgo(Message m, Properties props, String algo, String defaultAlgo) { +public static String getSignatureAlgo(Message m, Properties props, String algo, String defaultAlgo) { if (algo == null) { if (defaultAlgo == null) { defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO; http://git-wip-us.apache.org/repos/asf/cxf/blob/2f9874b4/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java -- diff --git a/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java index dfb5223..8fd87ab 100644 --- a/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java +++
[3/3] cxf git commit: Unregister BouncyCastle properly
Unregister BouncyCastle properly Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6d630272 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6d630272 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6d630272 Branch: refs/heads/master Commit: 6d6302720706434c10b8581bc2d06b19db8fb7ed Parents: 2f9874b Author: Colm O hEigeartaigh Authored: Thu Oct 15 14:47:27 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 14:47:27 2015 +0100 -- .../cxf/rs/security/jose/jwe/AbstractJweEncryption.java | 1 + .../cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java | 8 .../cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java | 2 +- .../apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java | 2 +- .../apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java | 2 +- .../cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java | 2 +- .../org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java | 4 ++-- .../cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java | 2 +- .../cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java | 2 +- .../cxf/systest/jaxrs/security/jwt/JAXRSJwsJsonTest.java | 2 +- 10 files changed, 14 insertions(+), 13 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6d630272/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 561df8d..acc9933 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -128,6 +128,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { try { return CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps); } catch (SecurityException ex) { +LOG.fine(ex.getMessage()); if (ex.getCause() instanceof NoSuchAlgorithmException) { LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo()); throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM); http://git-wip-us.apache.org/repos/asf/cxf/blob/6d630272/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java -- diff --git a/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java b/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java index 1c1bb04..40fb210 100644 --- a/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java +++ b/rt/rs/security/jose/jose-core/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java @@ -434,7 +434,7 @@ public class JwsJoseCookBookTest { jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384)); -Security.removeProvider(BouncyCastleProvider.class.getName()); +Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } @Test public void testECDSASignature() throws Exception { @@ -468,7 +468,7 @@ public class JwsJoseCookBookTest { JsonWebKey ecPublicKey = publicKeys.get(0); assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512)); } finally { -Security.removeProvider(BouncyCastleProvider.class.getName()); +Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } } @Test @@ -654,7 +654,7 @@ public class JwsJoseCookBookTest { assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512)); assertTrue(jsonConsumer.verifySignatureWith(hmacKey, SignatureAlgorithm.HS256)); } finally { -Security.removeProvider(BouncyCastleProvider.class.getName()); +Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } } public JsonWebKeys readKeySet(String fileName) throws Exception { @@ -662,4 +662,4 @@ public class JwsJoseCookBookTest { String s = IOUtils.readStringFromStream(is); return JwkUtils.readJwkSet(s); } -} \ No newline at end of file +} htt
[1/3] cxf git commit: Give priority to the signature/decryption provider over the generic one, rather than the one way around
Repository: cxf Updated Branches: refs/heads/master c17f40d5a -> 6d6302720 Give priority to the signature/decryption provider over the generic one, rather than the one way around Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1c16f520 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1c16f520 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1c16f520 Branch: refs/heads/master Commit: 1c16f5205d2ba22dba1897db14f051bcd0d0e23a Parents: c17f40d Author: Colm O hEigeartaigh Authored: Thu Oct 15 11:58:13 2015 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 15 11:58:13 2015 +0100 -- .../rs/security/jose/common/JoseConstants.java | 26 ++-- .../jose/common/KeyManagementUtils.java | 12 + 2 files changed, 20 insertions(+), 18 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/1c16f520/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index b85d1ce..89dd079 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -53,7 +53,7 @@ public final class JoseConstants { // // -// Keys/keystore configuration +// Shared Keys/keystore configuration // /** @@ -92,18 +92,6 @@ public final class JoseConstants { public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; /** - * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys - * for signature. - */ -public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; - -/** - * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys - * for decryption. - */ -public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; - -/** * TODO documentation for these */ public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms"; @@ -118,6 +106,12 @@ public final class JoseConstants { // /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys + * for signature. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER. + */ +public static final String RSSEC_SIGNATURE_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; + +/** * The signature algorithm to use. For example 'RS256'. */ public static final String RSSEC_SIGNATURE_ALGORITHM = "rs.security.signature.algorithm"; @@ -159,6 +153,12 @@ public final class JoseConstants { // /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys + * for decryption. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER. + */ +public static final String RSSEC_DECRYPTION_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; + +/** * The encryption content algorithm to use. */ public static final String RSSEC_ENCRYPTION_CONTENT_ALGORITHM = "rs.security.encryption.content.algorithm"; http://git-wip-us.apache.org/repos/asf/cxf/blob/1c16f520/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 917c856..23370ef 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -166,16 +166,18 @@ public final class KeyManagementUtils { return kid; } public static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties props, KeyOperation keyOper) { -PrivateKeyPasswordProvider cb = - (PrivateKeyPasswordProvider)m.getContextualProperty(JoseConstants.RSSEC_KEY_PSWD_PROVIDER); -
cxf-fediz git commit: Minor update to CXF plugin to use ResourceUtils (ResourceResolver extension) to load a config file, and using a default config file name if none is set
Repository: cxf-fediz Updated Branches: refs/heads/master c875b8adf -> f4eeabd85 Minor update to CXF plugin to use ResourceUtils (ResourceResolver extension) to load a config file, and using a default config file name if none is set Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f4eeabd8 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f4eeabd8 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f4eeabd8 Branch: refs/heads/master Commit: f4eeabd85a803a962493847be96f33e0021eb905 Parents: c875b8a Author: Sergey Beryozkin Authored: Thu Oct 15 11:33:30 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 11:33:30 2015 +0100 -- .../plugin/AbstractServiceProviderFilter.java | 21 ++-- 1 file changed, 15 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f4eeabd8/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java -- diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java index 43cd8d3..b9e89a9 100644 --- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java +++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java @@ -37,7 +37,8 @@ import javax.ws.rs.core.HttpHeaders; import javax.xml.bind.JAXBException; import org.w3c.dom.Element; -import org.apache.cxf.common.classloader.ClassLoaderUtils; + +import org.apache.cxf.BusFactory; import org.apache.cxf.common.i18n.BundleUtils; import org.apache.cxf.fediz.core.SecurityTokenThreadLocal; import org.apache.cxf.fediz.core.config.FedizConfigurator; @@ -48,6 +49,7 @@ import org.apache.cxf.fediz.cxf.plugin.state.ResponseState; import org.apache.cxf.fediz.cxf.plugin.state.SPStateManager; import org.apache.cxf.jaxrs.impl.HttpHeadersImpl; import org.apache.cxf.jaxrs.impl.UriInfoImpl; +import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.staxutils.StaxUtils; @@ -85,15 +87,19 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF } @PostConstruct -public synchronized void configure() throws JAXBException, MalformedURLException { +public synchronized void configure() throws JAXBException, IOException { if (configurator == null) { +String actualConfigFile = configFile; +if (actualConfigFile == null) { +actualConfigFile = "fediz_config.xml"; +} try { -File f = new File(configFile); +File f = new File(actualConfigFile); if (!f.exists()) { -URL url = ClassLoaderUtils.getResource(configFile, - AbstractServiceProviderFilter.class); +URL url = ResourceUtils.getResourceURL(actualConfigFile, + BusFactory.getThreadDefaultBus()); if (url == null) { -url = new URL(configFile); +url = new URL(actualConfigFile); } if (url != null) { f = new File(url.getPath()); @@ -108,6 +114,9 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF } catch (MalformedURLException e) { LOG.error("Error in loading configuration file", e); throw e; +} catch (Exception e) { +LOG.error("Error in loading configuration file", e); +throw new IOException(e); } }
cxf-fediz git commit: [FEDIZ-131] Adding first 2 demos - they can be run with any JAX-RS impl with the minimum amount of updates
Repository: cxf-fediz Updated Branches: refs/heads/master ee4556c78 -> c875b8adf [FEDIZ-131] Adding first 2 demos - they can be run with any JAX-RS impl with the minimum amount of updates Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c875b8ad Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c875b8ad Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c875b8ad Branch: refs/heads/master Commit: c875b8adf8c306d615436a7cb62816df903b75e8 Parents: ee4556c Author: Sergey Beryozkin Authored: Thu Oct 15 11:20:28 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 11:20:28 2015 +0100 -- examples/jaxrsSimpleWebapp/README.txt | 81 ++ examples/jaxrsSimpleWebapp/pom.xml | 98 .../fediz/example/FederationApplication.java| 30 .../cxf/fediz/example/FederationService.java| 118 +++ .../src/main/resources/log4j.properties | 22 +++ .../src/main/resources/ststrust.jks | Bin 0 -> 3908 bytes .../src/main/webapp/META-INF/context.xml| 22 +++ .../src/main/webapp/WEB-INF/web.xml | 135 + .../src/main/webapp/index.html | 25 +++ .../src/main/webapp/secure/test.html| 25 +++ examples/jaxrsSpringSecurityWebapp/README.txt | 74 + examples/jaxrsSpringSecurityWebapp/pom.xml | 151 +++ .../cxf/fediz/example/FederationService.java| 125 +++ .../src/main/resources/log4j.properties | 22 +++ .../src/main/resources/ststrust.jks | Bin 0 -> 3908 bytes .../WEB-INF/applicationContext-security.xml | 101 + .../src/main/webapp/WEB-INF/fediz_config.xml| 56 +++ .../src/main/webapp/WEB-INF/web.xml | 87 +++ .../src/main/webapp/index.html | 25 +++ .../src/main/webapp/secure/test.html| 25 +++ examples/pom.xml| 2 + 21 files changed, 1224 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c875b8ad/examples/jaxrsSimpleWebapp/README.txt -- diff --git a/examples/jaxrsSimpleWebapp/README.txt b/examples/jaxrsSimpleWebapp/README.txt new file mode 100644 index 000..900de36 --- /dev/null +++ b/examples/jaxrsSimpleWebapp/README.txt @@ -0,0 +1,81 @@ +JAX-RS Simple Web Application Demo +== + +This demo shows how to build and deploy an SSO protected JAX-RS web application +using Apache CXF Fediz. + +The demo uses Apache CXF CXFServlet. +If you work with Jersey or RESTEasy - please replace CXF specific declarations with your +preferred JAX-RS implementation's Servlet declaration. The application code +is a portable JAX-RS code. + +Running this sample consists of four steps: + +- Configure the Tomcat-IDP and Servlet Container for RP instances +- Building the demo using Maven +- Deploying the demo to the RP instance +- Testing the demo + +Please review the README in the samples main directory before continuing. + +Configure the Tomcat-IDP and Servlet Container for RP instances +--- +First, make sure the separate Tomcat instance hosting the Fediz IDP and IDP +STS has been configured and is running as described here: +http://cxf.apache.org/fediz-idp.html. Confirm the STS is active by +checking that the WSDL is viewable from the browser using the URL given +on that page--don't proceed further unless it is. + +The benefit of using Spring Security which is packaged with the demo application +there are no plugin deployments required for the RP Servlet Container. +See this wiki page for instructions: +http://cxf.apache.org/fediz-spring.html -- the "HTTPS Configuration" sections +are the only parts that need configuration for this sample. + + +Demo Web Application + +The main code lives in the class FederationService. This JAX-RS Service is protected +and can be accessed only if the browser user is authenticated. The purpose of +the FederationServlet is to illustrate the usage of the Spring Security API and +Configuration to get the authenticated user and to check the roles he has. Further, +the FederationServlet shows how to access claims data (user data) which were +stored in the SAML token by using the Fediz interface FedizPrincipal. +Beyond that, the FederationService illustrates how to access the SAML token +if required. The classes SecurityTokenThreadLocal.java and FederationFilter.java +can be used to achieve that. You could get this information directly from the +HTTP session. + + +Building the demo using Maven +- +From the base
cxf git commit: [CXF-6641] Making EcdhAesWrapKeyEncryptionAlgorithm constructors to accept Content algo as recommended by Colm
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 2cd0081cf -> 779acfaa4 [CXF-6641] Making EcdhAesWrapKeyEncryptionAlgorithm constructors to accept Content algo as recommended by Colm Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/779acfaa Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/779acfaa Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/779acfaa Branch: refs/heads/3.0.x-fixes Commit: 779acfaa4e067a72497032509fb7ec3653147346 Parents: 2cd0081 Author: Sergey Beryozkin Authored: Thu Oct 15 10:50:12 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 10:51:03 2015 +0100 -- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 17 - 1 file changed, 12 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/779acfaa/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java index 9ad7ac9..6ebf791 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java @@ -42,24 +42,31 @@ public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, KeyAlgorithm keyAlgo) { -//TODO: figure out the curve *name* given ECPublicKey -this(peerPublicKey, JsonWebKey.EC_CURVE_P256, null, null, keyAlgo); +this(peerPublicKey, JsonWebKey.EC_CURVE_P256, keyAlgo); } public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, String curve, KeyAlgorithm keyAlgo) { -this(peerPublicKey, curve, null, null, keyAlgo); +this(peerPublicKey, curve, null, null, keyAlgo, ContentAlgorithm.A128GCM); +} +public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, + String curve, + KeyAlgorithm keyAlgo, + ContentAlgorithm ctAlgo) { + +this(peerPublicKey, curve, null, null, keyAlgo, ctAlgo); } public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, String curve, String apuString, String apvString, - KeyAlgorithm keyAlgo) { + KeyAlgorithm keyAlgo, + ContentAlgorithm ctAlgo) { this.keyAlgo = keyAlgo; helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, -ContentAlgorithm.A128GCM.getJwaName()); +ctAlgo.getJwaName()); } @Override
cxf git commit: [CXF-6641] Making EcdhAesWrapKeyEncryptionAlgorithm constructors to accept Content algo as recommended by Colm
Repository: cxf Updated Branches: refs/heads/master c5c21d5b6 -> c17f40d5a [CXF-6641] Making EcdhAesWrapKeyEncryptionAlgorithm constructors to accept Content algo as recommended by Colm Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c17f40d5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c17f40d5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c17f40d5 Branch: refs/heads/master Commit: c17f40d5a58c71fa3f0eccae5eb1ca16b8b9f23a Parents: c5c21d5 Author: Sergey Beryozkin Authored: Thu Oct 15 10:50:12 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 10:50:12 2015 +0100 -- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 17 - 1 file changed, 12 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c17f40d5/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java index 9ad7ac9..6ebf791 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java @@ -42,24 +42,31 @@ public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, KeyAlgorithm keyAlgo) { -//TODO: figure out the curve *name* given ECPublicKey -this(peerPublicKey, JsonWebKey.EC_CURVE_P256, null, null, keyAlgo); +this(peerPublicKey, JsonWebKey.EC_CURVE_P256, keyAlgo); } public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, String curve, KeyAlgorithm keyAlgo) { -this(peerPublicKey, curve, null, null, keyAlgo); +this(peerPublicKey, curve, null, null, keyAlgo, ContentAlgorithm.A128GCM); +} +public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, + String curve, + KeyAlgorithm keyAlgo, + ContentAlgorithm ctAlgo) { + +this(peerPublicKey, curve, null, null, keyAlgo, ctAlgo); } public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, String curve, String apuString, String apvString, - KeyAlgorithm keyAlgo) { + KeyAlgorithm keyAlgo, + ContentAlgorithm ctAlgo) { this.keyAlgo = keyAlgo; helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, -ContentAlgorithm.A128GCM.getJwaName()); +ctAlgo.getJwaName()); } @Override
cxf git commit: [CXF-6641] Using ContentAlgorithm.A128GCM.getJwaName()
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 06698761a -> 2cd0081cf [CXF-6641] Using ContentAlgorithm.A128GCM.getJwaName() Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2cd0081c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2cd0081c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2cd0081c Branch: refs/heads/3.0.x-fixes Commit: 2cd0081cfd37c5ba6aa4d46038b64682aedfc631 Parents: 0669876 Author: Sergey Beryozkin Authored: Wed Oct 14 16:22:51 2015 +0100 Committer: Sergey Beryozkin Committed: Thu Oct 15 09:54:59 2015 +0100 -- .../rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2cd0081c/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java -- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java index 2c19541..9ad7ac9 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java @@ -23,6 +23,7 @@ import java.util.HashMap; import java.util.Map; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.EcdhDirectKeyJweEncryption.EcdhHelper; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; @@ -57,7 +58,8 @@ public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider KeyAlgorithm keyAlgo) { this.keyAlgo = keyAlgo; -helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, keyAlgo.getJwaName()); +helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, +ContentAlgorithm.A128GCM.getJwaName()); } @Override