cxf-fediz git commit: [FEDIZ-97] Renaming (adding) plugin configuration properties. Improving Exception handling.
Repository: cxf-fediz Updated Branches: refs/heads/master 6732b3197 -> 978a89e25 [FEDIZ-97] Renaming (adding) plugin configuration properties. Improving Exception handling. Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/978a89e2 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/978a89e2 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/978a89e2 Branch: refs/heads/master Commit: 978a89e259f620c8a3ad232d82d57aa88a80db31 Parents: 6732b31 Author: Jan Bernhardt Authored: Tue Feb 24 18:01:10 2015 +0100 Committer: Jan Bernhardt Committed: Fri Feb 27 21:25:45 2015 +0100 -- .../cxf/fediz/core/processor/FedizRequest.java | 14 +- plugins/websphere/pom.xml | 66 +- .../websphere/src/main/assembly/assembly.xml| 18 ++ .../org/apache/cxf/fediz/was/Constants.java | 23 +- .../was/mapper/FileBasedRoleToGroupMapper.java | 83 .../filter/SecurityContextTTLChecker.java | 12 +- .../cxf/fediz/was/tai/FedizInterceptor.java | 208 ++- 7 files changed, 269 insertions(+), 155 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/978a89e2/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java -- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java index d86b840..66fb396 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java @@ -21,6 +21,7 @@ package org.apache.cxf.fediz.core.processor; import java.io.Serializable; import java.security.cert.Certificate; +import java.util.Arrays; import javax.servlet.http.HttpServletRequest; @@ -81,5 +82,16 @@ public class FedizRequest implements Serializable { this.requestState = requestState; } - +@Override +public String toString() { +return "FedizRequest{" + +"action='" + action + '\'' + +", responseToken='" + (responseToken == null ? null : responseToken.substring(0,15) + "..." ) + '\'' + +", state='" + state + '\'' + +", freshness='" + freshness + '\'' + +", certs=" + (certs == null ? 0 : certs.length) + +", request=" + request + '\'' + +", requestState=" + requestState + '\'' + +'}'; +} } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/978a89e2/plugins/websphere/pom.xml -- diff --git a/plugins/websphere/pom.xml b/plugins/websphere/pom.xml index d846fad..415c1ca 100644 --- a/plugins/websphere/pom.xml +++ b/plugins/websphere/pom.xml @@ -23,7 +23,7 @@ org.apache.cxf.fediz plugin -1.1.0-SNAPSHOT +1.2.0-SNAPSHOT ../pom.xml fediz-websphere @@ -50,18 +50,50 @@ - -com.ibm.ws -runtime -7 -compile + --> + + com.ibm.websphere + com.ibm.websphere.security + 1.0.3 + jar + compile + + + com.ibm.ws.security + com.ibm.ws.security.authentication.tai + 1.0.3 + jar + compile + + + com.ibm.ws.security + com.ibm.ws.security.token + 1.0.2 + jar + compile + + + +org.slf4j +slf4j-simple +${slf4j.version} + + org.slf4j + slf4j-log4j12 + ${slf4j.version} + @@ -92,6 +124,26 @@ true + +org.apache.maven.plugins +maven-assembly-plugin +2.2.1 + + +zip-file +package + +attached + + + + src/main/assembly/assembly.xml + + + +
cxf-fediz git commit: Adding an initial @Ignored test-case for SAML SSO
Repository: cxf-fediz Updated Branches: refs/heads/master 113a2f8ba -> 6732b3197 Adding an initial @Ignored test-case for SAML SSO Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6732b319 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6732b319 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6732b319 Branch: refs/heads/master Commit: 6732b3197df26a158355f5f188331148d848783f Parents: 113a2f8 Author: Colm O hEigeartaigh Authored: Fri Feb 27 17:25:41 2015 + Committer: Colm O hEigeartaigh Committed: Fri Feb 27 17:25:41 2015 + -- systests/federation/pom.xml | 37 ++ systests/federation/samlsso/pom.xml | 268 +++ .../cxf/fediz/integrationtests/SAMLSSOTest.java | 215 + .../samlsso/src/test/resources/client.jks | Bin 0 -> 2060 bytes .../src/test/resources/entities-realma.xml | 465 +++ .../test/resources/fediz_config_saml_sso.xml| 38 ++ .../samlsso/src/test/resources/server.jks | Bin 0 -> 1863 bytes .../samlsso/src/test/resources/ststrust.jks | Bin 0 -> 2561 bytes systests/pom.xml| 1 + 9 files changed, 1024 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/pom.xml -- diff --git a/systests/federation/pom.xml b/systests/federation/pom.xml new file mode 100644 index 000..b69e6e5 --- /dev/null +++ b/systests/federation/pom.xml @@ -0,0 +1,37 @@ + + +http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> +4.0.0 + +org.apache.cxf.fediz +fediz-systests +1.2.0-SNAPSHOT +../pom.xml + +org.apache.cxf.fediz.systests +fediz-systests-federation +Apache Fediz Federation Systests +pom + + +samlsso + + + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/pom.xml -- diff --git a/systests/federation/samlsso/pom.xml b/systests/federation/samlsso/pom.xml new file mode 100644 index 000..3fd7390 --- /dev/null +++ b/systests/federation/samlsso/pom.xml @@ -0,0 +1,268 @@ + + +http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> +4.0.0 + +org.apache.cxf.fediz.systests +fediz-systests-federation +1.2.0-SNAPSHOT +../pom.xml + +org.apache.cxf.fediz.systests.federation +fediz-systests-federation-samlsso +Apache Fediz Federation Systests Tomcat 7 SAML SSO +jar + +UTF-8 + UTF-8 + + + +org.apache.tomcat.embed +tomcat-embed-core +${tomcat.version} +test + + +org.apache.tomcat.embed +tomcat-embed-logging-juli +${tomcat.version} +test + + +org.eclipse.jdt.core.compiler +ecj +3.7.1 +test + + +org.apache.tomcat.embed +tomcat-embed-jasper +${tomcat.version} +test + + +junit +junit +${junit.version} +test + + +org.apache.cxf.fediz +fediz-tomcat +${project.version} +test + + +org.apache.cxf.fediz.systests +fediz-systests-tests +${project.version} +test-jar +test + + +org.slf4j +slf4j-api +${slf4j.version} +test + + +org.slf4j +slf4j-jdk14 +${slf4j.version} +test + + +hsqldb +hsqldb +${hsqldb.version} +test + + + + + +src/test/resources +true + +**/fediz_config*.xml + + + +src/test/resources +false + +**/fediz_config*.xml + + + + + +org.codehaus.mojo +build-helper-maven-plugin + + +reserve-network-port +
[2/2] cxf git commit: [CXF-6272] - SCT Renew in Secure Conversation. Thanks to Freddy Exposito for the patch. - Also added a unit test. - Also explicitly removed the token to be renewed from the cache
[CXF-6272] - SCT Renew in Secure Conversation. Thanks to Freddy Exposito for the patch. - Also added a unit test. - Also explicitly removed the token to be renewed from the cache first Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/53c9848b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/53c9848b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/53c9848b Branch: refs/heads/3.0.x-fixes Commit: 53c9848bfcd464f2e2db5449d8f1d1d1ce5a7991 Parents: e57a012 Author: Colm O hEigeartaigh Authored: Fri Feb 27 14:25:03 2015 + Committer: Colm O hEigeartaigh Committed: Fri Feb 27 15:04:50 2015 + -- .../policy/interceptors/STSInvoker.java | 28 --- .../SecureConversationInInterceptor.java| 77 ++-- .../SpnegoContextTokenInInterceptor.java| 14 +++- .../apache/cxf/ws/security/trust/STSUtils.java | 43 ++- .../cxf/systest/ws/wssc/WSSCUnitTest.java | 35 + 5 files changed, 162 insertions(+), 35 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/53c9848b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java index e2ea19a..a4ecd86 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java @@ -84,7 +84,7 @@ abstract class STSInvoker implements Invoker { } String namespace = requestEl.getNamespaceURI(); String prefix = requestEl.getPrefix(); -SecurityToken cancelToken = null; +SecurityToken cancelOrRenewToken = null; if ("RequestSecurityToken".equals(requestEl.getLocalName())) { try { String requestType = null; @@ -96,8 +96,8 @@ abstract class STSInvoker implements Invoker { if (namespace.equals(el.getNamespaceURI())) { if ("RequestType".equals(localName)) { requestType = el.getTextContent(); -} else if ("CancelTarget".equals(localName)) { -cancelToken = findCancelToken(exchange, el); +} else if ("CancelTarget".equals(localName) || "RenewTarget".equals(localName)) { +cancelOrRenewToken = findCancelOrRenewToken(exchange, el); } else if ("BinaryExchange".equals(localName)) { binaryExchange = el; } else if ("TokenType".equals(localName)) { @@ -121,10 +121,10 @@ abstract class STSInvoker implements Invoker { if (requestType.endsWith("/Issue")) { doIssue(requestEl, exchange, binaryExchange, writer, prefix, namespace); } else if (requestType.endsWith("/Cancel")) { -doCancel(exchange, cancelToken, writer, prefix, namespace); -} //else if (requestType.endsWith("/Renew")) { -//REVISIT - implement -//} +doCancel(exchange, cancelOrRenewToken, writer, prefix, namespace); +} else if (requestType.endsWith("/Renew")) { +doRenew(requestEl, exchange, cancelOrRenewToken, binaryExchange, writer, prefix, namespace); +} return new MessageContentsList(new DOMSource(writer.getDocument())); } catch (RuntimeException ex) { @@ -146,9 +146,19 @@ abstract class STSInvoker implements Invoker { String namespace ) throws Exception; +abstract void doRenew( +Element requestEl, +Exchange exchange, +SecurityToken renewToken, +Element binaryExchange, +W3CDOMStreamWriter writer, +String prefix, +String namespace +) throws Exception; + private void doCancel( Exchange exchange, -SecurityToken cancelToken, +SecurityToken cancelToken, W3CDOMStreamWriter writer, String prefix, String namespace @@ -171,7 +181,7 @@ abstract class STSInvoker implements Invoker { } } -private SecurityToken findCancelToken(Exchange exchange, Element el) throws WSSecurityException { +private SecurityToken findCancelOrRenewToken(Exchange exchange, Element el) throws WSSecurityException { Element childElement = DOMUtils.getFirstElement(el); String uri = ""; i
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes e57a012ee -> b098cc6e1 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b098cc6e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b098cc6e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b098cc6e Branch: refs/heads/3.0.x-fixes Commit: b098cc6e15ecd4107bb5f5203664d74423d81a9b Parents: 53c9848 Author: Colm O hEigeartaigh Authored: Fri Feb 27 15:04:50 2015 + Committer: Colm O hEigeartaigh Committed: Fri Feb 27 15:04:50 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b098cc6e/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 8e534d3..b8de21f 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -103,6 +103,7 @@ B 80014cf0e6fb1ba62ffdb3766acffd2130eef9d6 B 857b55796dc7fc2b302e26d99f84df1712ff9c58 B 85c06fc4d6a642627434785a2d228d3c08d68768 B 85d6e1a63c95088917853436fe1adcce4863ce6c +B 85fdb62d0a3bb7c2e1616702204c2bc33f7356e4 B 87e146fd90e8f860eb7f2a8e99ad792e7fba175b B 88adfaf2ad97b4968b0dc47194b29c717b138d7a B 8ac2d4735a9254820ffdb5638f441c4dc051354e
cxf git commit: [CXF-6272] - SCT Renew in Secure Conversation. Thanks to Freddy Exposito for the patch. - Also added a unit test. - Also explicitly removed the token to be renewed from the cache first
Repository: cxf Updated Branches: refs/heads/master 8d2b01805 -> 4c2589ff6 [CXF-6272] - SCT Renew in Secure Conversation. Thanks to Freddy Exposito for the patch. - Also added a unit test. - Also explicitly removed the token to be renewed from the cache first Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4c2589ff Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4c2589ff Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4c2589ff Branch: refs/heads/master Commit: 4c2589ff6d57c8c38f1234044c3e7ce4b9d390da Parents: 8d2b018 Author: Colm O hEigeartaigh Authored: Fri Feb 27 14:25:03 2015 + Committer: Colm O hEigeartaigh Committed: Fri Feb 27 14:41:52 2015 + -- .../policy/interceptors/STSInvoker.java | 28 --- .../SecureConversationInInterceptor.java| 77 ++-- .../SpnegoContextTokenInInterceptor.java| 14 +++- .../apache/cxf/ws/security/trust/STSUtils.java | 43 ++- .../cxf/systest/ws/wssc/WSSCUnitTest.java | 35 + 5 files changed, 162 insertions(+), 35 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4c2589ff/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java index e2ea19a..a4ecd86 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java @@ -84,7 +84,7 @@ abstract class STSInvoker implements Invoker { } String namespace = requestEl.getNamespaceURI(); String prefix = requestEl.getPrefix(); -SecurityToken cancelToken = null; +SecurityToken cancelOrRenewToken = null; if ("RequestSecurityToken".equals(requestEl.getLocalName())) { try { String requestType = null; @@ -96,8 +96,8 @@ abstract class STSInvoker implements Invoker { if (namespace.equals(el.getNamespaceURI())) { if ("RequestType".equals(localName)) { requestType = el.getTextContent(); -} else if ("CancelTarget".equals(localName)) { -cancelToken = findCancelToken(exchange, el); +} else if ("CancelTarget".equals(localName) || "RenewTarget".equals(localName)) { +cancelOrRenewToken = findCancelOrRenewToken(exchange, el); } else if ("BinaryExchange".equals(localName)) { binaryExchange = el; } else if ("TokenType".equals(localName)) { @@ -121,10 +121,10 @@ abstract class STSInvoker implements Invoker { if (requestType.endsWith("/Issue")) { doIssue(requestEl, exchange, binaryExchange, writer, prefix, namespace); } else if (requestType.endsWith("/Cancel")) { -doCancel(exchange, cancelToken, writer, prefix, namespace); -} //else if (requestType.endsWith("/Renew")) { -//REVISIT - implement -//} +doCancel(exchange, cancelOrRenewToken, writer, prefix, namespace); +} else if (requestType.endsWith("/Renew")) { +doRenew(requestEl, exchange, cancelOrRenewToken, binaryExchange, writer, prefix, namespace); +} return new MessageContentsList(new DOMSource(writer.getDocument())); } catch (RuntimeException ex) { @@ -146,9 +146,19 @@ abstract class STSInvoker implements Invoker { String namespace ) throws Exception; +abstract void doRenew( +Element requestEl, +Exchange exchange, +SecurityToken renewToken, +Element binaryExchange, +W3CDOMStreamWriter writer, +String prefix, +String namespace +) throws Exception; + private void doCancel( Exchange exchange, -SecurityToken cancelToken, +SecurityToken cancelToken, W3CDOMStreamWriter writer, String prefix, String namespace @@ -171,7 +181,7 @@ abstract class STSInvoker implements Invoker { } } -private SecurityToken findCancelToken(Exchange exchange, Element el) throws WSSecurityException { +private SecurityToken findCancelOrRenewToken(Exchange exchange, Element el) throws WSSecurityException { Element childEl
[2/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java index 55ec94e..c02ee70 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -22,26 +22,26 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.Arrays; import org.apache.cxf.common.util.crypto.HmacUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { private byte[] key; private AlgorithmParameterSpec hmacSpec; -private String supportedAlgo; +private SignatureAlgorithm supportedAlgo; public HmacJwsSignatureVerifier(String encodedKey) { -this(JoseUtils.decode(encodedKey), JoseConstants.HMAC_SHA_256_ALGO); +this(JoseUtils.decode(encodedKey), SignatureAlgorithm.HS256); } -public HmacJwsSignatureVerifier(String encodedKey, String supportedAlgo) { +public HmacJwsSignatureVerifier(String encodedKey, SignatureAlgorithm supportedAlgo) { this(JoseUtils.decode(encodedKey), supportedAlgo); } -public HmacJwsSignatureVerifier(byte[] key, String supportedAlgo) { +public HmacJwsSignatureVerifier(byte[] key, SignatureAlgorithm supportedAlgo) { this(key, null, supportedAlgo); } -public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, String supportedAlgo) { +public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) { this.key = key; this.hmacSpec = spec; this.supportedAlgo = supportedAlgo; @@ -56,21 +56,21 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { private byte[] computeMac(JoseHeaders headers, String text) { return HmacUtils.computeHmac(key, - Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())), + AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())), hmacSpec, text); } protected String checkAlgorithm(String algo) { if (algo == null -|| !Algorithm.isHmacSign(algo) -|| !algo.equals(supportedAlgo)) { +|| !AlgorithmUtils.isHmacSign(algo) +|| !algo.equals(supportedAlgo.getJwaName())) { throw new SecurityException(); } return algo; } @Override -public String getAlgorithm() { +public SignatureAlgorithm getAlgorithm() { return supportedAlgo; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index b8f192b..14b654c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -22,9 +22,9 @@ import java.security.interfaces.RSAPrivateKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactProducer { @@ -105,7 +105,7 @@ public class JwsCompactProducer { this.signature = sig; } private boolean isPlainText() { -return JoseConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm()); +return AlgorithmUtils.PLAIN_TEXT_ALGO.equals(getAlgorithm()); } private String getAlgorithm() { return getJoseHeaders().getAlgorithm(); http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/r
[3/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java index a8b5899..522b479 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java @@ -25,21 +25,21 @@ import java.util.Set; import javax.crypto.SecretKey; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm { private static final Set SUPPORTED_ALGORITHMS = new HashSet( -Arrays.asList(Algorithm.A128KW.getJwtName(), - Algorithm.A192KW.getJwtName(), - Algorithm.A256KW.getJwtName())); -public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) { +Arrays.asList(KeyAlgorithm.A128KW.getJwaName(), + KeyAlgorithm.A192KW.getJwaName(), + KeyAlgorithm.A256KW.getJwaName())); +public AesWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) { this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt); } -public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) { -this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)), +public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) { +this(CryptoUtils.createSecretKeySpec(keyBytes, keyAlgoJwt.getJavaName()), keyAlgoJwt); } -public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) { +public AesWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) { super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS); } http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java deleted file mode 100644 index 6f53f53..000 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - - - -public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties { -byte[] getInitVector(); -byte[] getContentEncryptionKey(JweHeaders headers); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java index e75eecc..055d602 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java @@ -20,9 +20,11 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.spec.AlgorithmParameterSpec; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; + public interface ContentEncryptionCipherProperties { -String ge
[4/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
[CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e57a012e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e57a012e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e57a012e Branch: refs/heads/3.0.x-fixes Commit: e57a012ee821901b9e1cb438c42e77bbf50e0c30 Parents: 6821aca Author: Sergey Beryozkin Authored: Fri Feb 27 13:55:04 2015 + Committer: Sergey Beryozkin Committed: Fri Feb 27 14:08:56 2015 + -- .../cxf/rs/security/jose/JoseConstants.java | 42 --- .../jose/jaxrs/JwsJsonWriterInterceptor.java| 2 +- .../cxf/rs/security/jose/jwa/Algorithm.java | 291 --- .../rs/security/jose/jwa/AlgorithmUtils.java| 268 + .../rs/security/jose/jwa/ContentAlgorithm.java | 67 + .../cxf/rs/security/jose/jwa/KeyAlgorithm.java | 74 + .../security/jose/jwa/SignatureAlgorithm.java | 77 + .../jwe/AbstractContentEncryptionAlgorithm.java | 13 +- ...stractContentEncryptionCipherProperties.java | 7 +- .../jose/jwe/AbstractJweDecryption.java | 10 +- .../jose/jwe/AbstractJweEncryption.java | 41 +-- .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 23 +- .../jose/jwe/AesCbcHmacJweDecryption.java | 11 +- .../jose/jwe/AesCbcHmacJweEncryption.java | 33 ++- .../jwe/AesGcmContentDecryptionAlgorithm.java | 7 +- .../jwe/AesGcmContentEncryptionAlgorithm.java | 15 +- .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 17 +- .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 14 +- .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 16 +- .../jose/jwe/ContentEncryptionAlgorithm.java| 26 -- .../jwe/ContentEncryptionCipherProperties.java | 4 +- .../jose/jwe/ContentEncryptionProvider.java | 26 ++ .../jose/jwe/DirectKeyDecryptionAlgorithm.java | 4 +- .../jose/jwe/DirectKeyEncryptionAlgorithm.java | 6 +- .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 26 +- .../jose/jwe/EcdhDirectKeyJweDecryption.java| 8 +- .../jose/jwe/EcdhDirectKeyJweEncryption.java| 16 +- .../cxf/rs/security/jose/jwe/JweEncryption.java | 4 +- .../rs/security/jose/jwe/JweJsonConsumer.java | 2 +- .../rs/security/jose/jwe/JweJsonProducer.java | 2 +- .../rs/security/jose/jwe/JweKeyProperties.java | 7 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 139 - .../jose/jwe/KeyDecryptionAlgorithm.java| 4 +- .../jose/jwe/KeyEncryptionAlgorithm.java| 25 -- .../jose/jwe/KeyEncryptionProvider.java | 27 ++ .../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 24 +- .../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 58 ++-- .../jose/jwe/RSAKeyDecryptionAlgorithm.java | 9 +- .../jose/jwe/RSAKeyEncryptionAlgorithm.java | 9 +- .../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 17 +- .../cxf/rs/security/jose/jwk/JwkUtils.java | 18 +- .../jose/jws/AbstractJwsSignatureProvider.java | 11 +- .../jose/jws/EcDsaJwsSignatureProvider.java | 13 +- .../jose/jws/EcDsaJwsSignatureVerifier.java | 17 +- .../jose/jws/HmacJwsSignatureProvider.java | 13 +- .../jose/jws/HmacJwsSignatureVerifier.java | 22 +- .../security/jose/jws/JwsCompactProducer.java | 4 +- .../rs/security/jose/jws/JwsJsonConsumer.java | 4 +- .../rs/security/jose/jws/JwsJsonProducer.java | 2 +- .../security/jose/jws/JwsSignatureProvider.java | 3 +- .../security/jose/jws/JwsSignatureVerifier.java | 3 +- .../cxf/rs/security/jose/jws/JwsUtils.java | 30 +- .../jose/jws/NoneJwsSignatureProvider.java | 5 +- .../jose/jws/NoneJwsSignatureVerifier.java | 5 +- .../jws/PrivateKeyJwsSignatureProvider.java | 13 +- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 17 +- .../jose/cookbook/JwkJoseCookBookTest.java | 7 +- .../jose/cookbook/JwsJoseCookBookTest.java | 110 +++ .../jose/jwe/JweCompactReaderWriterTest.java| 50 ++-- .../security/jose/jwe/JweJsonConsumerTest.java | 29 +- .../security/jose/jwe/JweJsonProducerTest.java | 47 ++- .../jose/jwe/JwePbeHmacAesWrapTest.java | 23 +- .../rs/security/jose/jwk/JsonWebKeyTest.java| 21 +- .../security/jose/jws/JwsCompactHeaderTest.java | 26 +- .../jose/jws/JwsCompactReaderWriterTest.java| 47 ++- .../security/jose/jws/JwsJsonProducerTest.java | 21 +- .../grants/code/JwtRequestCodeFilter.java | 8 +- .../oauth2/grants/code/JwtRequestCodeGrant.java | 6 +- .../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 12 +- .../oidc/idp/AbstractJwsJweProducer.java| 10 +- .../apache/cxf/systest/jaxrs/BookServer.java| 3 +- .../jaxrs/JAXRSClientServerBookTest.java| 1 + .../jaxrs/security/jw
[1/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 6821aca48 -> e57a012ee http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java -- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java index a6fc066..55b448a 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java @@ -21,8 +21,8 @@ package org.apache.cxf.rs.security.jose.jws; import java.util.ArrayList; import java.util.List; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.junit.Assert; import org.junit.Test; @@ -121,7 +121,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(MISSING_ALG_HEADER_FIELD_IN_JWS); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); } @Test @@ -129,7 +129,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); } @Test @@ -137,7 +137,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); } @Test @@ -147,10 +147,10 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumerAltered = new JwsCompactConsumer(ALG_HEADER_VALUE_NONE_IN_JWS); assertTrue(jwsConsumerOriginal.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); assertFalse(jwsConsumerAltered.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); } @Test @@ -165,11 +165,11 @@ public class JwsCompactHeaderTest extends Assert { String criticalValue2 = "criticalValue2"; String criticalValue3 = "criticalValue3"; JwsCompactProducer producer = new JwsCompactProducer(payload); - producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO); + producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO); List criticalHeader = new ArrayList(); criticalHeader.add(criticalParameter1); producer.getJoseHeaders().setCritical(criticalHeader); -producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); +producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); String signedJws = producer.getSignedEncodedJws(); JwsCompactConsumer consumer = new JwsCompactConsumer(signedJws); assertFalse(consumer.validateCriticalHeaders()); @@ -177,12 +177,12 @@ public class JwsCompactHeaderTest extends Assert { criticalHeader.add(criticalParameter2); criticalHeader.add(criticalParameter3); producer = new JwsCompactProducer(payload); - producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO); + producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO); producer.getJoseHeaders().setCritical(criticalHeader); producer.getJoseHeaders().setHeader(criticalParameter1, critic
[2/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java index 55ec94e..c02ee70 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -22,26 +22,26 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.Arrays; import org.apache.cxf.common.util.crypto.HmacUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { private byte[] key; private AlgorithmParameterSpec hmacSpec; -private String supportedAlgo; +private SignatureAlgorithm supportedAlgo; public HmacJwsSignatureVerifier(String encodedKey) { -this(JoseUtils.decode(encodedKey), JoseConstants.HMAC_SHA_256_ALGO); +this(JoseUtils.decode(encodedKey), SignatureAlgorithm.HS256); } -public HmacJwsSignatureVerifier(String encodedKey, String supportedAlgo) { +public HmacJwsSignatureVerifier(String encodedKey, SignatureAlgorithm supportedAlgo) { this(JoseUtils.decode(encodedKey), supportedAlgo); } -public HmacJwsSignatureVerifier(byte[] key, String supportedAlgo) { +public HmacJwsSignatureVerifier(byte[] key, SignatureAlgorithm supportedAlgo) { this(key, null, supportedAlgo); } -public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, String supportedAlgo) { +public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) { this.key = key; this.hmacSpec = spec; this.supportedAlgo = supportedAlgo; @@ -56,21 +56,21 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { private byte[] computeMac(JoseHeaders headers, String text) { return HmacUtils.computeHmac(key, - Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())), + AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())), hmacSpec, text); } protected String checkAlgorithm(String algo) { if (algo == null -|| !Algorithm.isHmacSign(algo) -|| !algo.equals(supportedAlgo)) { +|| !AlgorithmUtils.isHmacSign(algo) +|| !algo.equals(supportedAlgo.getJwaName())) { throw new SecurityException(); } return algo; } @Override -public String getAlgorithm() { +public SignatureAlgorithm getAlgorithm() { return supportedAlgo; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index b8f192b..14b654c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -22,9 +22,9 @@ import java.security.interfaces.RSAPrivateKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactProducer { @@ -105,7 +105,7 @@ public class JwsCompactProducer { this.signature = sig; } private boolean isPlainText() { -return JoseConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm()); +return AlgorithmUtils.PLAIN_TEXT_ALGO.equals(getAlgorithm()); } private String getAlgorithm() { return getJoseHeaders().getAlgorithm(); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/r
[4/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
[CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8d2b0180 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8d2b0180 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8d2b0180 Branch: refs/heads/master Commit: 8d2b0180518fcec6274ac2f288e74ed1ff5ce76a Parents: 85fdb62 Author: Sergey Beryozkin Authored: Fri Feb 27 13:55:04 2015 + Committer: Sergey Beryozkin Committed: Fri Feb 27 13:55:04 2015 + -- .../cxf/rs/security/jose/JoseConstants.java | 42 --- .../jose/jaxrs/JwsJsonWriterInterceptor.java| 2 +- .../cxf/rs/security/jose/jwa/Algorithm.java | 291 --- .../rs/security/jose/jwa/AlgorithmUtils.java| 268 + .../rs/security/jose/jwa/ContentAlgorithm.java | 67 + .../cxf/rs/security/jose/jwa/KeyAlgorithm.java | 74 + .../security/jose/jwa/SignatureAlgorithm.java | 77 + .../jwe/AbstractContentEncryptionAlgorithm.java | 13 +- ...stractContentEncryptionCipherProperties.java | 7 +- .../jose/jwe/AbstractJweDecryption.java | 10 +- .../jose/jwe/AbstractJweEncryption.java | 41 +-- .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 23 +- .../jose/jwe/AesCbcHmacJweDecryption.java | 11 +- .../jose/jwe/AesCbcHmacJweEncryption.java | 33 ++- .../jwe/AesGcmContentDecryptionAlgorithm.java | 7 +- .../jwe/AesGcmContentEncryptionAlgorithm.java | 15 +- .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 17 +- .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 14 +- .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 16 +- .../jose/jwe/ContentEncryptionAlgorithm.java| 26 -- .../jwe/ContentEncryptionCipherProperties.java | 4 +- .../jose/jwe/ContentEncryptionProvider.java | 26 ++ .../jose/jwe/DirectKeyDecryptionAlgorithm.java | 4 +- .../jose/jwe/DirectKeyEncryptionAlgorithm.java | 6 +- .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 26 +- .../jose/jwe/EcdhDirectKeyJweDecryption.java| 8 +- .../jose/jwe/EcdhDirectKeyJweEncryption.java| 16 +- .../cxf/rs/security/jose/jwe/JweEncryption.java | 4 +- .../rs/security/jose/jwe/JweJsonConsumer.java | 2 +- .../rs/security/jose/jwe/JweJsonProducer.java | 2 +- .../rs/security/jose/jwe/JweKeyProperties.java | 7 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 139 - .../jose/jwe/KeyDecryptionAlgorithm.java| 4 +- .../jose/jwe/KeyEncryptionAlgorithm.java| 25 -- .../jose/jwe/KeyEncryptionProvider.java | 27 ++ .../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 24 +- .../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 58 ++-- .../jose/jwe/RSAKeyDecryptionAlgorithm.java | 9 +- .../jose/jwe/RSAKeyEncryptionAlgorithm.java | 9 +- .../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 17 +- .../cxf/rs/security/jose/jwk/JwkUtils.java | 18 +- .../jose/jws/AbstractJwsSignatureProvider.java | 11 +- .../jose/jws/EcDsaJwsSignatureProvider.java | 13 +- .../jose/jws/EcDsaJwsSignatureVerifier.java | 17 +- .../jose/jws/HmacJwsSignatureProvider.java | 13 +- .../jose/jws/HmacJwsSignatureVerifier.java | 22 +- .../security/jose/jws/JwsCompactProducer.java | 4 +- .../rs/security/jose/jws/JwsJsonConsumer.java | 4 +- .../rs/security/jose/jws/JwsJsonProducer.java | 2 +- .../security/jose/jws/JwsSignatureProvider.java | 3 +- .../security/jose/jws/JwsSignatureVerifier.java | 3 +- .../cxf/rs/security/jose/jws/JwsUtils.java | 30 +- .../jose/jws/NoneJwsSignatureProvider.java | 5 +- .../jose/jws/NoneJwsSignatureVerifier.java | 5 +- .../jws/PrivateKeyJwsSignatureProvider.java | 13 +- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 17 +- .../jose/cookbook/JwkJoseCookBookTest.java | 7 +- .../jose/cookbook/JwsJoseCookBookTest.java | 110 +++ .../jose/jwe/JweCompactReaderWriterTest.java| 50 ++-- .../security/jose/jwe/JweJsonConsumerTest.java | 27 +- .../security/jose/jwe/JweJsonProducerTest.java | 45 ++- .../jose/jwe/JwePbeHmacAesWrapTest.java | 23 +- .../rs/security/jose/jwk/JsonWebKeyTest.java| 21 +- .../security/jose/jws/JwsCompactHeaderTest.java | 26 +- .../jose/jws/JwsCompactReaderWriterTest.java| 47 ++- .../security/jose/jws/JwsJsonProducerTest.java | 21 +- .../grants/code/JwtRequestCodeFilter.java | 8 +- .../oauth2/grants/code/JwtRequestCodeGrant.java | 6 +- .../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 12 +- .../oidc/idp/AbstractJwsJweProducer.java| 10 +- .../apache/cxf/systest/jaxrs/BookServer.java| 3 +- .../jaxrs/JAXRSClientServerBookTest.java| 1 + .../jaxrs/security/jwt/JAX
[1/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Repository: cxf Updated Branches: refs/heads/master 85fdb62d0 -> 8d2b01805 http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java -- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java index a6fc066..55b448a 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java @@ -21,8 +21,8 @@ package org.apache.cxf.rs.security.jose.jws; import java.util.ArrayList; import java.util.List; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.junit.Assert; import org.junit.Test; @@ -121,7 +121,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(MISSING_ALG_HEADER_FIELD_IN_JWS); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); } @Test @@ -129,7 +129,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); } @Test @@ -137,7 +137,7 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST); assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); } @Test @@ -147,10 +147,10 @@ public class JwsCompactHeaderTest extends Assert { JwsCompactConsumer jwsConsumerAltered = new JwsCompactConsumer(ALG_HEADER_VALUE_NONE_IN_JWS); assertTrue(jwsConsumerOriginal.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); assertFalse(jwsConsumerAltered.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - Algorithm.HmacSHA256.getJwtName(; + SignatureAlgorithm.HS256))); } @Test @@ -165,11 +165,11 @@ public class JwsCompactHeaderTest extends Assert { String criticalValue2 = "criticalValue2"; String criticalValue3 = "criticalValue3"; JwsCompactProducer producer = new JwsCompactProducer(payload); - producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO); + producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO); List criticalHeader = new ArrayList(); criticalHeader.add(criticalParameter1); producer.getJoseHeaders().setCritical(criticalHeader); -producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, Algorithm.HmacSHA256.getJwtName())); +producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); String signedJws = producer.getSignedEncodedJws(); JwsCompactConsumer consumer = new JwsCompactConsumer(signedJws); assertFalse(consumer.validateCriticalHeaders()); @@ -177,12 +177,12 @@ public class JwsCompactHeaderTest extends Assert { criticalHeader.add(criticalParameter2); criticalHeader.add(criticalParameter3); producer = new JwsCompactProducer(payload); - producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO); + producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO); producer.getJoseHeaders().setCritical(criticalHeader); producer.getJoseHeaders().setHeader(criticalParameter1, criticalVal
[3/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java index a8b5899..522b479 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java @@ -25,21 +25,21 @@ import java.util.Set; import javax.crypto.SecretKey; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm { private static final Set SUPPORTED_ALGORITHMS = new HashSet( -Arrays.asList(Algorithm.A128KW.getJwtName(), - Algorithm.A192KW.getJwtName(), - Algorithm.A256KW.getJwtName())); -public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) { +Arrays.asList(KeyAlgorithm.A128KW.getJwaName(), + KeyAlgorithm.A192KW.getJwaName(), + KeyAlgorithm.A256KW.getJwaName())); +public AesWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) { this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt); } -public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) { -this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)), +public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) { +this(CryptoUtils.createSecretKeySpec(keyBytes, keyAlgoJwt.getJavaName()), keyAlgoJwt); } -public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) { +public AesWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) { super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java deleted file mode 100644 index 6f53f53..000 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - - - -public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties { -byte[] getInitVector(); -byte[] getContentEncryptionKey(JweHeaders headers); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java -- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java index e75eecc..055d602 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java @@ -20,9 +20,11 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.spec.AlgorithmParameterSpec; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; + public interface ContentEncryptionCipherProperties { -String ge