cxf-fediz git commit: [FEDIZ-97] Renaming (adding) plugin configuration properties. Improving Exception handling.
Repository: cxf-fediz
Updated Branches:
refs/heads/master 6732b3197 -> 978a89e25
[FEDIZ-97] Renaming (adding) plugin configuration properties. Improving
Exception handling.
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/978a89e2
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/978a89e2
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/978a89e2
Branch: refs/heads/master
Commit: 978a89e259f620c8a3ad232d82d57aa88a80db31
Parents: 6732b31
Author: Jan Bernhardt
Authored: Tue Feb 24 18:01:10 2015 +0100
Committer: Jan Bernhardt
Committed: Fri Feb 27 21:25:45 2015 +0100
--
.../cxf/fediz/core/processor/FedizRequest.java | 14 +-
plugins/websphere/pom.xml | 66 +-
.../websphere/src/main/assembly/assembly.xml| 18 ++
.../org/apache/cxf/fediz/was/Constants.java | 23 +-
.../was/mapper/FileBasedRoleToGroupMapper.java | 83
.../filter/SecurityContextTTLChecker.java | 12 +-
.../cxf/fediz/was/tai/FedizInterceptor.java | 208 ++-
7 files changed, 269 insertions(+), 155 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/978a89e2/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
--
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
index d86b840..66fb396 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.core.processor;
import java.io.Serializable;
import java.security.cert.Certificate;
+import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
@@ -81,5 +82,16 @@ public class FedizRequest implements Serializable {
this.requestState = requestState;
}
-
+@Override
+public String toString() {
+return "FedizRequest{" +
+"action='" + action + '\'' +
+", responseToken='" + (responseToken == null ? null :
responseToken.substring(0,15) + "..." ) + '\'' +
+", state='" + state + '\'' +
+", freshness='" + freshness + '\'' +
+", certs=" + (certs == null ? 0 : certs.length) +
+", request=" + request + '\'' +
+", requestState=" + requestState + '\'' +
+'}';
+}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/978a89e2/plugins/websphere/pom.xml
--
diff --git a/plugins/websphere/pom.xml b/plugins/websphere/pom.xml
index d846fad..415c1ca 100644
--- a/plugins/websphere/pom.xml
+++ b/plugins/websphere/pom.xml
@@ -23,7 +23,7 @@
org.apache.cxf.fediz
plugin
-1.1.0-SNAPSHOT
+1.2.0-SNAPSHOT
../pom.xml
fediz-websphere
@@ -50,18 +50,50 @@
-
-com.ibm.ws
-runtime
-7
-compile
+ -->
+
+ com.ibm.websphere
+ com.ibm.websphere.security
+ 1.0.3
+ jar
+ compile
+
+
+ com.ibm.ws.security
+
com.ibm.ws.security.authentication.tai
+ 1.0.3
+ jar
+ compile
+
+
+ com.ibm.ws.security
+ com.ibm.ws.security.token
+ 1.0.2
+ jar
+ compile
+
+
+
+org.slf4j
+slf4j-simple
+${slf4j.version}
+
+ org.slf4j
+ slf4j-log4j12
+ ${slf4j.version}
+
@@ -92,6 +124,26 @@
true
+
+org.apache.maven.plugins
+maven-assembly-plugin
+2.2.1
+
+
+zip-file
+package
+
+attached
+
+
+
+
src/main/assembly/assembly.xml
+
+
+
+
cxf-fediz git commit: Adding an initial @Ignored test-case for SAML SSO
Repository: cxf-fediz
Updated Branches:
refs/heads/master 113a2f8ba -> 6732b3197
Adding an initial @Ignored test-case for SAML SSO
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6732b319
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6732b319
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6732b319
Branch: refs/heads/master
Commit: 6732b3197df26a158355f5f188331148d848783f
Parents: 113a2f8
Author: Colm O hEigeartaigh
Authored: Fri Feb 27 17:25:41 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Feb 27 17:25:41 2015 +
--
systests/federation/pom.xml | 37 ++
systests/federation/samlsso/pom.xml | 268 +++
.../cxf/fediz/integrationtests/SAMLSSOTest.java | 215 +
.../samlsso/src/test/resources/client.jks | Bin 0 -> 2060 bytes
.../src/test/resources/entities-realma.xml | 465 +++
.../test/resources/fediz_config_saml_sso.xml| 38 ++
.../samlsso/src/test/resources/server.jks | Bin 0 -> 1863 bytes
.../samlsso/src/test/resources/ststrust.jks | Bin 0 -> 2561 bytes
systests/pom.xml| 1 +
9 files changed, 1024 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/pom.xml
--
diff --git a/systests/federation/pom.xml b/systests/federation/pom.xml
new file mode 100644
index 000..b69e6e5
--- /dev/null
+++ b/systests/federation/pom.xml
@@ -0,0 +1,37 @@
+
+
+http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
+4.0.0
+
+org.apache.cxf.fediz
+fediz-systests
+1.2.0-SNAPSHOT
+../pom.xml
+
+org.apache.cxf.fediz.systests
+fediz-systests-federation
+Apache Fediz Federation Systests
+pom
+
+
+samlsso
+
+
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6732b319/systests/federation/samlsso/pom.xml
--
diff --git a/systests/federation/samlsso/pom.xml
b/systests/federation/samlsso/pom.xml
new file mode 100644
index 000..3fd7390
--- /dev/null
+++ b/systests/federation/samlsso/pom.xml
@@ -0,0 +1,268 @@
+
+
+http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
+4.0.0
+
+org.apache.cxf.fediz.systests
+fediz-systests-federation
+1.2.0-SNAPSHOT
+../pom.xml
+
+org.apache.cxf.fediz.systests.federation
+fediz-systests-federation-samlsso
+Apache Fediz Federation Systests Tomcat 7 SAML SSO
+jar
+
+UTF-8
+
UTF-8
+
+
+
+org.apache.tomcat.embed
+tomcat-embed-core
+${tomcat.version}
+test
+
+
+org.apache.tomcat.embed
+tomcat-embed-logging-juli
+${tomcat.version}
+test
+
+
+org.eclipse.jdt.core.compiler
+ecj
+3.7.1
+test
+
+
+org.apache.tomcat.embed
+tomcat-embed-jasper
+${tomcat.version}
+test
+
+
+junit
+junit
+${junit.version}
+test
+
+
+org.apache.cxf.fediz
+fediz-tomcat
+${project.version}
+test
+
+
+org.apache.cxf.fediz.systests
+fediz-systests-tests
+${project.version}
+test-jar
+test
+
+
+org.slf4j
+slf4j-api
+${slf4j.version}
+test
+
+
+org.slf4j
+slf4j-jdk14
+${slf4j.version}
+test
+
+
+hsqldb
+hsqldb
+${hsqldb.version}
+test
+
+
+
+
+
+src/test/resources
+true
+
+**/fediz_config*.xml
+
+
+
+src/test/resources
+false
+
+**/fediz_config*.xml
+
+
+
+
+
+org.codehaus.mojo
+build-helper-maven-plugin
+
+
+reserve-network-port
+
[2/2] cxf git commit: [CXF-6272] - SCT Renew in Secure Conversation. Thanks to Freddy Exposito for the patch. - Also added a unit test. - Also explicitly removed the token to be renewed from the cache
[CXF-6272] - SCT Renew in Secure Conversation. Thanks to Freddy Exposito for
the patch.
- Also added a unit test.
- Also explicitly removed the token to be renewed from the cache first
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/53c9848b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/53c9848b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/53c9848b
Branch: refs/heads/3.0.x-fixes
Commit: 53c9848bfcd464f2e2db5449d8f1d1d1ce5a7991
Parents: e57a012
Author: Colm O hEigeartaigh
Authored: Fri Feb 27 14:25:03 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Feb 27 15:04:50 2015 +
--
.../policy/interceptors/STSInvoker.java | 28 ---
.../SecureConversationInInterceptor.java| 77 ++--
.../SpnegoContextTokenInInterceptor.java| 14 +++-
.../apache/cxf/ws/security/trust/STSUtils.java | 43 ++-
.../cxf/systest/ws/wssc/WSSCUnitTest.java | 35 +
5 files changed, 162 insertions(+), 35 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/53c9848b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index e2ea19a..a4ecd86 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -84,7 +84,7 @@ abstract class STSInvoker implements Invoker {
}
String namespace = requestEl.getNamespaceURI();
String prefix = requestEl.getPrefix();
-SecurityToken cancelToken = null;
+SecurityToken cancelOrRenewToken = null;
if ("RequestSecurityToken".equals(requestEl.getLocalName())) {
try {
String requestType = null;
@@ -96,8 +96,8 @@ abstract class STSInvoker implements Invoker {
if (namespace.equals(el.getNamespaceURI())) {
if ("RequestType".equals(localName)) {
requestType = el.getTextContent();
-} else if ("CancelTarget".equals(localName)) {
-cancelToken = findCancelToken(exchange, el);
+} else if ("CancelTarget".equals(localName) ||
"RenewTarget".equals(localName)) {
+cancelOrRenewToken =
findCancelOrRenewToken(exchange, el);
} else if ("BinaryExchange".equals(localName)) {
binaryExchange = el;
} else if ("TokenType".equals(localName)) {
@@ -121,10 +121,10 @@ abstract class STSInvoker implements Invoker {
if (requestType.endsWith("/Issue")) {
doIssue(requestEl, exchange, binaryExchange, writer,
prefix, namespace);
} else if (requestType.endsWith("/Cancel")) {
-doCancel(exchange, cancelToken, writer, prefix, namespace);
-} //else if (requestType.endsWith("/Renew")) {
-//REVISIT - implement
-//}
+doCancel(exchange, cancelOrRenewToken, writer, prefix,
namespace);
+} else if (requestType.endsWith("/Renew")) {
+doRenew(requestEl, exchange, cancelOrRenewToken,
binaryExchange, writer, prefix, namespace);
+}
return new MessageContentsList(new
DOMSource(writer.getDocument()));
} catch (RuntimeException ex) {
@@ -146,9 +146,19 @@ abstract class STSInvoker implements Invoker {
String namespace
) throws Exception;
+abstract void doRenew(
+Element requestEl,
+Exchange exchange,
+SecurityToken renewToken,
+Element binaryExchange,
+W3CDOMStreamWriter writer,
+String prefix,
+String namespace
+) throws Exception;
+
private void doCancel(
Exchange exchange,
-SecurityToken cancelToken,
+SecurityToken cancelToken,
W3CDOMStreamWriter writer,
String prefix,
String namespace
@@ -171,7 +181,7 @@ abstract class STSInvoker implements Invoker {
}
}
-private SecurityToken findCancelToken(Exchange exchange, Element el)
throws WSSecurityException {
+private SecurityToken findCancelOrRenewToken(Exchange exchange, Element
el) throws WSSecurityException {
Element childElement = DOMUtils.getFirstElement(el);
String uri = "";
i
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes e57a012ee -> b098cc6e1 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b098cc6e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b098cc6e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b098cc6e Branch: refs/heads/3.0.x-fixes Commit: b098cc6e15ecd4107bb5f5203664d74423d81a9b Parents: 53c9848 Author: Colm O hEigeartaigh Authored: Fri Feb 27 15:04:50 2015 + Committer: Colm O hEigeartaigh Committed: Fri Feb 27 15:04:50 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b098cc6e/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 8e534d3..b8de21f 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -103,6 +103,7 @@ B 80014cf0e6fb1ba62ffdb3766acffd2130eef9d6 B 857b55796dc7fc2b302e26d99f84df1712ff9c58 B 85c06fc4d6a642627434785a2d228d3c08d68768 B 85d6e1a63c95088917853436fe1adcce4863ce6c +B 85fdb62d0a3bb7c2e1616702204c2bc33f7356e4 B 87e146fd90e8f860eb7f2a8e99ad792e7fba175b B 88adfaf2ad97b4968b0dc47194b29c717b138d7a B 8ac2d4735a9254820ffdb5638f441c4dc051354e
cxf git commit: [CXF-6272] - SCT Renew in Secure Conversation. Thanks to Freddy Exposito for the patch. - Also added a unit test. - Also explicitly removed the token to be renewed from the cache first
Repository: cxf
Updated Branches:
refs/heads/master 8d2b01805 -> 4c2589ff6
[CXF-6272] - SCT Renew in Secure Conversation. Thanks to Freddy Exposito for
the patch.
- Also added a unit test.
- Also explicitly removed the token to be renewed from the cache first
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4c2589ff
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4c2589ff
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4c2589ff
Branch: refs/heads/master
Commit: 4c2589ff6d57c8c38f1234044c3e7ce4b9d390da
Parents: 8d2b018
Author: Colm O hEigeartaigh
Authored: Fri Feb 27 14:25:03 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Feb 27 14:41:52 2015 +
--
.../policy/interceptors/STSInvoker.java | 28 ---
.../SecureConversationInInterceptor.java| 77 ++--
.../SpnegoContextTokenInInterceptor.java| 14 +++-
.../apache/cxf/ws/security/trust/STSUtils.java | 43 ++-
.../cxf/systest/ws/wssc/WSSCUnitTest.java | 35 +
5 files changed, 162 insertions(+), 35 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/4c2589ff/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index e2ea19a..a4ecd86 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -84,7 +84,7 @@ abstract class STSInvoker implements Invoker {
}
String namespace = requestEl.getNamespaceURI();
String prefix = requestEl.getPrefix();
-SecurityToken cancelToken = null;
+SecurityToken cancelOrRenewToken = null;
if ("RequestSecurityToken".equals(requestEl.getLocalName())) {
try {
String requestType = null;
@@ -96,8 +96,8 @@ abstract class STSInvoker implements Invoker {
if (namespace.equals(el.getNamespaceURI())) {
if ("RequestType".equals(localName)) {
requestType = el.getTextContent();
-} else if ("CancelTarget".equals(localName)) {
-cancelToken = findCancelToken(exchange, el);
+} else if ("CancelTarget".equals(localName) ||
"RenewTarget".equals(localName)) {
+cancelOrRenewToken =
findCancelOrRenewToken(exchange, el);
} else if ("BinaryExchange".equals(localName)) {
binaryExchange = el;
} else if ("TokenType".equals(localName)) {
@@ -121,10 +121,10 @@ abstract class STSInvoker implements Invoker {
if (requestType.endsWith("/Issue")) {
doIssue(requestEl, exchange, binaryExchange, writer,
prefix, namespace);
} else if (requestType.endsWith("/Cancel")) {
-doCancel(exchange, cancelToken, writer, prefix, namespace);
-} //else if (requestType.endsWith("/Renew")) {
-//REVISIT - implement
-//}
+doCancel(exchange, cancelOrRenewToken, writer, prefix,
namespace);
+} else if (requestType.endsWith("/Renew")) {
+doRenew(requestEl, exchange, cancelOrRenewToken,
binaryExchange, writer, prefix, namespace);
+}
return new MessageContentsList(new
DOMSource(writer.getDocument()));
} catch (RuntimeException ex) {
@@ -146,9 +146,19 @@ abstract class STSInvoker implements Invoker {
String namespace
) throws Exception;
+abstract void doRenew(
+Element requestEl,
+Exchange exchange,
+SecurityToken renewToken,
+Element binaryExchange,
+W3CDOMStreamWriter writer,
+String prefix,
+String namespace
+) throws Exception;
+
private void doCancel(
Exchange exchange,
-SecurityToken cancelToken,
+SecurityToken cancelToken,
W3CDOMStreamWriter writer,
String prefix,
String namespace
@@ -171,7 +181,7 @@ abstract class STSInvoker implements Invoker {
}
}
-private SecurityToken findCancelToken(Exchange exchange, Element el)
throws WSSecurityException {
+private SecurityToken findCancelOrRenewToken(Exchange exchange, Element
el) throws WSSecurityException {
Element childEl
[2/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
index 55ec94e..c02ee70 100644
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
+++
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
@@ -22,26 +22,26 @@ import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import org.apache.cxf.common.util.crypto.HmacUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
private byte[] key;
private AlgorithmParameterSpec hmacSpec;
-private String supportedAlgo;
+private SignatureAlgorithm supportedAlgo;
public HmacJwsSignatureVerifier(String encodedKey) {
-this(JoseUtils.decode(encodedKey), JoseConstants.HMAC_SHA_256_ALGO);
+this(JoseUtils.decode(encodedKey), SignatureAlgorithm.HS256);
}
-public HmacJwsSignatureVerifier(String encodedKey, String supportedAlgo) {
+public HmacJwsSignatureVerifier(String encodedKey, SignatureAlgorithm
supportedAlgo) {
this(JoseUtils.decode(encodedKey), supportedAlgo);
}
-public HmacJwsSignatureVerifier(byte[] key, String supportedAlgo) {
+public HmacJwsSignatureVerifier(byte[] key, SignatureAlgorithm
supportedAlgo) {
this(key, null, supportedAlgo);
}
-public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec,
String supportedAlgo) {
+public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec,
SignatureAlgorithm supportedAlgo) {
this.key = key;
this.hmacSpec = spec;
this.supportedAlgo = supportedAlgo;
@@ -56,21 +56,21 @@ public class HmacJwsSignatureVerifier implements
JwsSignatureVerifier {
private byte[] computeMac(JoseHeaders headers, String text) {
return HmacUtils.computeHmac(key,
-
Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())),
+
AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())),
hmacSpec,
text);
}
protected String checkAlgorithm(String algo) {
if (algo == null
-|| !Algorithm.isHmacSign(algo)
-|| !algo.equals(supportedAlgo)) {
+|| !AlgorithmUtils.isHmacSign(algo)
+|| !algo.equals(supportedAlgo.getJwaName())) {
throw new SecurityException();
}
return algo;
}
@Override
-public String getAlgorithm() {
+public SignatureAlgorithm getAlgorithm() {
return supportedAlgo;
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index b8f192b..14b654c 100644
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -22,9 +22,9 @@ import java.security.interfaces.RSAPrivateKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
public class JwsCompactProducer {
@@ -105,7 +105,7 @@ public class JwsCompactProducer {
this.signature = sig;
}
private boolean isPlainText() {
-return JoseConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm());
+return AlgorithmUtils.PLAIN_TEXT_ALGO.equals(getAlgorithm());
}
private String getAlgorithm() {
return getJoseHeaders().getAlgorithm();
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/r
[3/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
index a8b5899..522b479 100644
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
@@ -25,21 +25,21 @@ import java.util.Set;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
public class AesWrapKeyEncryptionAlgorithm extends
AbstractWrapKeyEncryptionAlgorithm {
private static final Set SUPPORTED_ALGORITHMS = new
HashSet(
-Arrays.asList(Algorithm.A128KW.getJwtName(),
- Algorithm.A192KW.getJwtName(),
- Algorithm.A256KW.getJwtName()));
-public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt)
{
+Arrays.asList(KeyAlgorithm.A128KW.getJwaName(),
+ KeyAlgorithm.A192KW.getJwaName(),
+ KeyAlgorithm.A256KW.getJwaName()));
+public AesWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm
keyAlgoJwt) {
this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
}
-public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-this(CryptoUtils.createSecretKeySpec(keyBytes,
Algorithm.toJavaName(keyAlgoJwt)),
+public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm
keyAlgoJwt) {
+this(CryptoUtils.createSecretKeySpec(keyBytes,
keyAlgoJwt.getJavaName()),
keyAlgoJwt);
}
-public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
+public AesWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm
keyAlgoJwt) {
super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
deleted file mode 100644
index 6f53f53..000
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface ContentEncryptionAlgorithm extends
ContentEncryptionCipherProperties {
-byte[] getInitVector();
-byte[] getContentEncryptionKey(JweHeaders headers);
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
index e75eecc..055d602 100644
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
+++
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
@@ -20,9 +20,11 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.security.spec.AlgorithmParameterSpec;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+
public interface ContentEncryptionCipherProperties {
-String ge
[4/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
[CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e57a012e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e57a012e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e57a012e Branch: refs/heads/3.0.x-fixes Commit: e57a012ee821901b9e1cb438c42e77bbf50e0c30 Parents: 6821aca Author: Sergey Beryozkin Authored: Fri Feb 27 13:55:04 2015 + Committer: Sergey Beryozkin Committed: Fri Feb 27 14:08:56 2015 + -- .../cxf/rs/security/jose/JoseConstants.java | 42 --- .../jose/jaxrs/JwsJsonWriterInterceptor.java| 2 +- .../cxf/rs/security/jose/jwa/Algorithm.java | 291 --- .../rs/security/jose/jwa/AlgorithmUtils.java| 268 + .../rs/security/jose/jwa/ContentAlgorithm.java | 67 + .../cxf/rs/security/jose/jwa/KeyAlgorithm.java | 74 + .../security/jose/jwa/SignatureAlgorithm.java | 77 + .../jwe/AbstractContentEncryptionAlgorithm.java | 13 +- ...stractContentEncryptionCipherProperties.java | 7 +- .../jose/jwe/AbstractJweDecryption.java | 10 +- .../jose/jwe/AbstractJweEncryption.java | 41 +-- .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 23 +- .../jose/jwe/AesCbcHmacJweDecryption.java | 11 +- .../jose/jwe/AesCbcHmacJweEncryption.java | 33 ++- .../jwe/AesGcmContentDecryptionAlgorithm.java | 7 +- .../jwe/AesGcmContentEncryptionAlgorithm.java | 15 +- .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 17 +- .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 14 +- .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 16 +- .../jose/jwe/ContentEncryptionAlgorithm.java| 26 -- .../jwe/ContentEncryptionCipherProperties.java | 4 +- .../jose/jwe/ContentEncryptionProvider.java | 26 ++ .../jose/jwe/DirectKeyDecryptionAlgorithm.java | 4 +- .../jose/jwe/DirectKeyEncryptionAlgorithm.java | 6 +- .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 26 +- .../jose/jwe/EcdhDirectKeyJweDecryption.java| 8 +- .../jose/jwe/EcdhDirectKeyJweEncryption.java| 16 +- .../cxf/rs/security/jose/jwe/JweEncryption.java | 4 +- .../rs/security/jose/jwe/JweJsonConsumer.java | 2 +- .../rs/security/jose/jwe/JweJsonProducer.java | 2 +- .../rs/security/jose/jwe/JweKeyProperties.java | 7 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 139 - .../jose/jwe/KeyDecryptionAlgorithm.java| 4 +- .../jose/jwe/KeyEncryptionAlgorithm.java| 25 -- .../jose/jwe/KeyEncryptionProvider.java | 27 ++ .../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 24 +- .../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 58 ++-- .../jose/jwe/RSAKeyDecryptionAlgorithm.java | 9 +- .../jose/jwe/RSAKeyEncryptionAlgorithm.java | 9 +- .../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 17 +- .../cxf/rs/security/jose/jwk/JwkUtils.java | 18 +- .../jose/jws/AbstractJwsSignatureProvider.java | 11 +- .../jose/jws/EcDsaJwsSignatureProvider.java | 13 +- .../jose/jws/EcDsaJwsSignatureVerifier.java | 17 +- .../jose/jws/HmacJwsSignatureProvider.java | 13 +- .../jose/jws/HmacJwsSignatureVerifier.java | 22 +- .../security/jose/jws/JwsCompactProducer.java | 4 +- .../rs/security/jose/jws/JwsJsonConsumer.java | 4 +- .../rs/security/jose/jws/JwsJsonProducer.java | 2 +- .../security/jose/jws/JwsSignatureProvider.java | 3 +- .../security/jose/jws/JwsSignatureVerifier.java | 3 +- .../cxf/rs/security/jose/jws/JwsUtils.java | 30 +- .../jose/jws/NoneJwsSignatureProvider.java | 5 +- .../jose/jws/NoneJwsSignatureVerifier.java | 5 +- .../jws/PrivateKeyJwsSignatureProvider.java | 13 +- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 17 +- .../jose/cookbook/JwkJoseCookBookTest.java | 7 +- .../jose/cookbook/JwsJoseCookBookTest.java | 110 +++ .../jose/jwe/JweCompactReaderWriterTest.java| 50 ++-- .../security/jose/jwe/JweJsonConsumerTest.java | 29 +- .../security/jose/jwe/JweJsonProducerTest.java | 47 ++- .../jose/jwe/JwePbeHmacAesWrapTest.java | 23 +- .../rs/security/jose/jwk/JsonWebKeyTest.java| 21 +- .../security/jose/jws/JwsCompactHeaderTest.java | 26 +- .../jose/jws/JwsCompactReaderWriterTest.java| 47 ++- .../security/jose/jws/JwsJsonProducerTest.java | 21 +- .../grants/code/JwtRequestCodeFilter.java | 8 +- .../oauth2/grants/code/JwtRequestCodeGrant.java | 6 +- .../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 12 +- .../oidc/idp/AbstractJwsJweProducer.java| 10 +- .../apache/cxf/systest/jaxrs/BookServer.java| 3 +- .../jaxrs/JAXRSClientServerBookTest.java| 1 + .../jaxrs/security/jw
[1/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 6821aca48 -> e57a012ee
http://git-wip-us.apache.org/repos/asf/cxf/blob/e57a012e/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
--
diff --git
a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
index a6fc066..55b448a 100644
---
a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
+++
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
@@ -21,8 +21,8 @@ package org.apache.cxf.rs.security.jose.jws;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.junit.Assert;
import org.junit.Test;
@@ -121,7 +121,7 @@ public class JwsCompactHeaderTest extends Assert {
JwsCompactConsumer jwsConsumer = new
JwsCompactConsumer(MISSING_ALG_HEADER_FIELD_IN_JWS);
assertFalse(jwsConsumer.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
}
@Test
@@ -129,7 +129,7 @@ public class JwsCompactHeaderTest extends Assert {
JwsCompactConsumer jwsConsumer = new
JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST);
assertFalse(jwsConsumer.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
}
@Test
@@ -137,7 +137,7 @@ public class JwsCompactHeaderTest extends Assert {
JwsCompactConsumer jwsConsumer = new
JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST);
assertFalse(jwsConsumer.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
}
@Test
@@ -147,10 +147,10 @@ public class JwsCompactHeaderTest extends Assert {
JwsCompactConsumer jwsConsumerAltered = new
JwsCompactConsumer(ALG_HEADER_VALUE_NONE_IN_JWS);
assertTrue(jwsConsumerOriginal.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
assertFalse(jwsConsumerAltered.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
}
@Test
@@ -165,11 +165,11 @@ public class JwsCompactHeaderTest extends Assert {
String criticalValue2 = "criticalValue2";
String criticalValue3 = "criticalValue3";
JwsCompactProducer producer = new JwsCompactProducer(payload);
-
producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO);
+
producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO);
List criticalHeader = new ArrayList();
criticalHeader.add(criticalParameter1);
producer.getJoseHeaders().setCritical(criticalHeader);
-producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY,
Algorithm.HmacSHA256.getJwtName()));
+producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256));
String signedJws = producer.getSignedEncodedJws();
JwsCompactConsumer consumer = new JwsCompactConsumer(signedJws);
assertFalse(consumer.validateCriticalHeaders());
@@ -177,12 +177,12 @@ public class JwsCompactHeaderTest extends Assert {
criticalHeader.add(criticalParameter2);
criticalHeader.add(criticalParameter3);
producer = new JwsCompactProducer(payload);
-
producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO);
+
producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO);
producer.getJoseHeaders().setCritical(criticalHeader);
producer.getJoseHeaders().setHeader(criticalParameter1,
critic
[2/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
index 55ec94e..c02ee70 100644
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
+++
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
@@ -22,26 +22,26 @@ import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import org.apache.cxf.common.util.crypto.HmacUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
private byte[] key;
private AlgorithmParameterSpec hmacSpec;
-private String supportedAlgo;
+private SignatureAlgorithm supportedAlgo;
public HmacJwsSignatureVerifier(String encodedKey) {
-this(JoseUtils.decode(encodedKey), JoseConstants.HMAC_SHA_256_ALGO);
+this(JoseUtils.decode(encodedKey), SignatureAlgorithm.HS256);
}
-public HmacJwsSignatureVerifier(String encodedKey, String supportedAlgo) {
+public HmacJwsSignatureVerifier(String encodedKey, SignatureAlgorithm
supportedAlgo) {
this(JoseUtils.decode(encodedKey), supportedAlgo);
}
-public HmacJwsSignatureVerifier(byte[] key, String supportedAlgo) {
+public HmacJwsSignatureVerifier(byte[] key, SignatureAlgorithm
supportedAlgo) {
this(key, null, supportedAlgo);
}
-public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec,
String supportedAlgo) {
+public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec,
SignatureAlgorithm supportedAlgo) {
this.key = key;
this.hmacSpec = spec;
this.supportedAlgo = supportedAlgo;
@@ -56,21 +56,21 @@ public class HmacJwsSignatureVerifier implements
JwsSignatureVerifier {
private byte[] computeMac(JoseHeaders headers, String text) {
return HmacUtils.computeHmac(key,
-
Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())),
+
AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())),
hmacSpec,
text);
}
protected String checkAlgorithm(String algo) {
if (algo == null
-|| !Algorithm.isHmacSign(algo)
-|| !algo.equals(supportedAlgo)) {
+|| !AlgorithmUtils.isHmacSign(algo)
+|| !algo.equals(supportedAlgo.getJwaName())) {
throw new SecurityException();
}
return algo;
}
@Override
-public String getAlgorithm() {
+public SignatureAlgorithm getAlgorithm() {
return supportedAlgo;
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index b8f192b..14b654c 100644
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -22,9 +22,9 @@ import java.security.interfaces.RSAPrivateKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
public class JwsCompactProducer {
@@ -105,7 +105,7 @@ public class JwsCompactProducer {
this.signature = sig;
}
private boolean isPlainText() {
-return JoseConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm());
+return AlgorithmUtils.PLAIN_TEXT_ALGO.equals(getAlgorithm());
}
private String getAlgorithm() {
return getJoseHeaders().getAlgorithm();
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/r
[4/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
[CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8d2b0180 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8d2b0180 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8d2b0180 Branch: refs/heads/master Commit: 8d2b0180518fcec6274ac2f288e74ed1ff5ce76a Parents: 85fdb62 Author: Sergey Beryozkin Authored: Fri Feb 27 13:55:04 2015 + Committer: Sergey Beryozkin Committed: Fri Feb 27 13:55:04 2015 + -- .../cxf/rs/security/jose/JoseConstants.java | 42 --- .../jose/jaxrs/JwsJsonWriterInterceptor.java| 2 +- .../cxf/rs/security/jose/jwa/Algorithm.java | 291 --- .../rs/security/jose/jwa/AlgorithmUtils.java| 268 + .../rs/security/jose/jwa/ContentAlgorithm.java | 67 + .../cxf/rs/security/jose/jwa/KeyAlgorithm.java | 74 + .../security/jose/jwa/SignatureAlgorithm.java | 77 + .../jwe/AbstractContentEncryptionAlgorithm.java | 13 +- ...stractContentEncryptionCipherProperties.java | 7 +- .../jose/jwe/AbstractJweDecryption.java | 10 +- .../jose/jwe/AbstractJweEncryption.java | 41 +-- .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 23 +- .../jose/jwe/AesCbcHmacJweDecryption.java | 11 +- .../jose/jwe/AesCbcHmacJweEncryption.java | 33 ++- .../jwe/AesGcmContentDecryptionAlgorithm.java | 7 +- .../jwe/AesGcmContentEncryptionAlgorithm.java | 15 +- .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 17 +- .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 14 +- .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 16 +- .../jose/jwe/ContentEncryptionAlgorithm.java| 26 -- .../jwe/ContentEncryptionCipherProperties.java | 4 +- .../jose/jwe/ContentEncryptionProvider.java | 26 ++ .../jose/jwe/DirectKeyDecryptionAlgorithm.java | 4 +- .../jose/jwe/DirectKeyEncryptionAlgorithm.java | 6 +- .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 26 +- .../jose/jwe/EcdhDirectKeyJweDecryption.java| 8 +- .../jose/jwe/EcdhDirectKeyJweEncryption.java| 16 +- .../cxf/rs/security/jose/jwe/JweEncryption.java | 4 +- .../rs/security/jose/jwe/JweJsonConsumer.java | 2 +- .../rs/security/jose/jwe/JweJsonProducer.java | 2 +- .../rs/security/jose/jwe/JweKeyProperties.java | 7 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 139 - .../jose/jwe/KeyDecryptionAlgorithm.java| 4 +- .../jose/jwe/KeyEncryptionAlgorithm.java| 25 -- .../jose/jwe/KeyEncryptionProvider.java | 27 ++ .../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 24 +- .../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 58 ++-- .../jose/jwe/RSAKeyDecryptionAlgorithm.java | 9 +- .../jose/jwe/RSAKeyEncryptionAlgorithm.java | 9 +- .../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 17 +- .../cxf/rs/security/jose/jwk/JwkUtils.java | 18 +- .../jose/jws/AbstractJwsSignatureProvider.java | 11 +- .../jose/jws/EcDsaJwsSignatureProvider.java | 13 +- .../jose/jws/EcDsaJwsSignatureVerifier.java | 17 +- .../jose/jws/HmacJwsSignatureProvider.java | 13 +- .../jose/jws/HmacJwsSignatureVerifier.java | 22 +- .../security/jose/jws/JwsCompactProducer.java | 4 +- .../rs/security/jose/jws/JwsJsonConsumer.java | 4 +- .../rs/security/jose/jws/JwsJsonProducer.java | 2 +- .../security/jose/jws/JwsSignatureProvider.java | 3 +- .../security/jose/jws/JwsSignatureVerifier.java | 3 +- .../cxf/rs/security/jose/jws/JwsUtils.java | 30 +- .../jose/jws/NoneJwsSignatureProvider.java | 5 +- .../jose/jws/NoneJwsSignatureVerifier.java | 5 +- .../jws/PrivateKeyJwsSignatureProvider.java | 13 +- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 17 +- .../jose/cookbook/JwkJoseCookBookTest.java | 7 +- .../jose/cookbook/JwsJoseCookBookTest.java | 110 +++ .../jose/jwe/JweCompactReaderWriterTest.java| 50 ++-- .../security/jose/jwe/JweJsonConsumerTest.java | 27 +- .../security/jose/jwe/JweJsonProducerTest.java | 45 ++- .../jose/jwe/JwePbeHmacAesWrapTest.java | 23 +- .../rs/security/jose/jwk/JsonWebKeyTest.java| 21 +- .../security/jose/jws/JwsCompactHeaderTest.java | 26 +- .../jose/jws/JwsCompactReaderWriterTest.java| 47 ++- .../security/jose/jws/JwsJsonProducerTest.java | 21 +- .../grants/code/JwtRequestCodeFilter.java | 8 +- .../oauth2/grants/code/JwtRequestCodeGrant.java | 6 +- .../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 12 +- .../oidc/idp/AbstractJwsJweProducer.java| 10 +- .../apache/cxf/systest/jaxrs/BookServer.java| 3 +- .../jaxrs/JAXRSClientServerBookTest.java| 1 + .../jaxrs/security/jwt/JAX
[1/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Repository: cxf
Updated Branches:
refs/heads/master 85fdb62d0 -> 8d2b01805
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
--
diff --git
a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
index a6fc066..55b448a 100644
---
a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
+++
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java
@@ -21,8 +21,8 @@ package org.apache.cxf.rs.security.jose.jws;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.junit.Assert;
import org.junit.Test;
@@ -121,7 +121,7 @@ public class JwsCompactHeaderTest extends Assert {
JwsCompactConsumer jwsConsumer = new
JwsCompactConsumer(MISSING_ALG_HEADER_FIELD_IN_JWS);
assertFalse(jwsConsumer.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
}
@Test
@@ -129,7 +129,7 @@ public class JwsCompactHeaderTest extends Assert {
JwsCompactConsumer jwsConsumer = new
JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST);
assertFalse(jwsConsumer.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
}
@Test
@@ -137,7 +137,7 @@ public class JwsCompactHeaderTest extends Assert {
JwsCompactConsumer jwsConsumer = new
JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST);
assertFalse(jwsConsumer.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
}
@Test
@@ -147,10 +147,10 @@ public class JwsCompactHeaderTest extends Assert {
JwsCompactConsumer jwsConsumerAltered = new
JwsCompactConsumer(ALG_HEADER_VALUE_NONE_IN_JWS);
assertTrue(jwsConsumerOriginal.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
assertFalse(jwsConsumerAltered.verifySignatureWith(new
HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
-
Algorithm.HmacSHA256.getJwtName(;
+
SignatureAlgorithm.HS256)));
}
@Test
@@ -165,11 +165,11 @@ public class JwsCompactHeaderTest extends Assert {
String criticalValue2 = "criticalValue2";
String criticalValue3 = "criticalValue3";
JwsCompactProducer producer = new JwsCompactProducer(payload);
-
producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO);
+
producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO);
List criticalHeader = new ArrayList();
criticalHeader.add(criticalParameter1);
producer.getJoseHeaders().setCritical(criticalHeader);
-producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY,
Algorithm.HmacSHA256.getJwtName()));
+producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256));
String signedJws = producer.getSignedEncodedJws();
JwsCompactConsumer consumer = new JwsCompactConsumer(signedJws);
assertFalse(consumer.validateCriticalHeaders());
@@ -177,12 +177,12 @@ public class JwsCompactHeaderTest extends Assert {
criticalHeader.add(criticalParameter2);
criticalHeader.add(criticalParameter3);
producer = new JwsCompactProducer(payload);
-
producer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_512_ALGO);
+
producer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_512_ALGO);
producer.getJoseHeaders().setCritical(criticalHeader);
producer.getJoseHeaders().setHeader(criticalParameter1,
criticalVal
[3/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
index a8b5899..522b479 100644
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
@@ -25,21 +25,21 @@ import java.util.Set;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
public class AesWrapKeyEncryptionAlgorithm extends
AbstractWrapKeyEncryptionAlgorithm {
private static final Set SUPPORTED_ALGORITHMS = new
HashSet(
-Arrays.asList(Algorithm.A128KW.getJwtName(),
- Algorithm.A192KW.getJwtName(),
- Algorithm.A256KW.getJwtName()));
-public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt)
{
+Arrays.asList(KeyAlgorithm.A128KW.getJwaName(),
+ KeyAlgorithm.A192KW.getJwaName(),
+ KeyAlgorithm.A256KW.getJwaName()));
+public AesWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm
keyAlgoJwt) {
this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
}
-public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
-this(CryptoUtils.createSecretKeySpec(keyBytes,
Algorithm.toJavaName(keyAlgoJwt)),
+public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm
keyAlgoJwt) {
+this(CryptoUtils.createSecretKeySpec(keyBytes,
keyAlgoJwt.getJavaName()),
keyAlgoJwt);
}
-public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
+public AesWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm
keyAlgoJwt) {
super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
deleted file mode 100644
index 6f53f53..000
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-
-
-public interface ContentEncryptionAlgorithm extends
ContentEncryptionCipherProperties {
-byte[] getInitVector();
-byte[] getContentEncryptionKey(JweHeaders headers);
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
--
diff --git
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
index e75eecc..055d602 100644
---
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
+++
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
@@ -20,9 +20,11 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.security.spec.AlgorithmParameterSpec;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+
public interface ContentEncryptionCipherProperties {
-String ge
