[2/2] cxf git commit: Picking up WSS4J 2.1.4
Picking up WSS4J 2.1.4 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/70aceaa6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/70aceaa6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/70aceaa6 Branch: refs/heads/master Commit: 70aceaa6f3b93f2a64abdc219fac242f5f0830ab Parents: d09c4ea Author: Colm O hEigeartaighAuthored: Tue Oct 27 11:54:05 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 11:54:05 2015 + -- parent/pom.xml | 2 +- .../grants/saml/Saml2BearerGrantHandler.java| 2 +- .../saml/sso/SAMLProtocolResponseValidator.java | 2 +- .../saml/sso/CombinedValidatorTest.java | 2 +- .../saml/sso/SAMLResponseValidatorTest.java | 2 +- .../rs/security/saml/AbstractSamlInHandler.java | 2 +- .../ws/security/kerberos/KerberosClient.java| 2 +- .../IssuedTokenInterceptorProvider.java | 2 +- .../policy/interceptors/NegotiationUtils.java | 2 +- .../SecureConversationInInterceptor.java| 2 +- ...ureConversationTokenInterceptorProvider.java | 2 +- .../SpnegoContextTokenInInterceptor.java| 2 +- .../SpnegoTokenInterceptorProvider.java | 2 +- .../ws/security/trust/AbstractSTSClient.java| 4 +- .../security/trust/STSStaxTokenValidator.java | 2 +- .../ReceivedTokenCallbackHandler.java | 2 +- ...tUsernameTokenAuthenticatingInterceptor.java | 5 +- .../wss4j/AbstractWSS4JStaxInterceptor.java | 2 +- .../wss4j/BinarySecurityTokenInterceptor.java | 4 +- .../ws/security/wss4j/CXFCallbackLookup.java| 3 +- .../cxf/ws/security/wss4j/CXFRequestData.java | 18 +++ .../security/wss4j/CryptoCoverageChecker.java | 2 +- .../wss4j/PolicyBasedWSS4JInInterceptor.java| 2 +- .../wss4j/PolicyBasedWSS4JOutInterceptor.java | 2 +- .../PolicyBasedWSS4JStaxInInterceptor.java | 4 +- .../ws/security/wss4j/SamlTokenInterceptor.java | 4 +- .../wss4j/UsernameTokenInterceptor.java | 4 +- .../ws/security/wss4j/WSS4JInInterceptor.java | 8 ++-- .../ws/security/wss4j/WSS4JOutInterceptor.java | 2 +- .../security/wss4j/WSS4JStaxInInterceptor.java | 6 +-- .../security/wss4j/WSS4JStaxOutInterceptor.java | 6 +-- .../cxf/ws/security/wss4j/WSS4JUtils.java | 2 +- .../policyhandlers/AbstractBindingBuilder.java | 6 +-- .../AsymmetricBindingHandler.java | 4 +- .../policyhandlers/SymmetricBindingHandler.java | 4 +- .../policyhandlers/TransportBindingHandler.java | 2 +- .../AbstractBindingPolicyValidator.java | 2 +- .../AbstractSamlPolicyValidator.java| 2 +- .../AbstractSupportingTokenPolicyValidator.java | 5 +- .../AlgorithmSuitePolicyValidator.java | 2 +- .../AsymmetricBindingPolicyValidator.java | 2 +- .../IssuedTokenPolicyValidator.java | 2 +- .../KerberosTokenPolicyValidator.java | 2 +- .../policyvalidators/LayoutPolicyValidator.java | 5 +- .../PolicyValidatorParameters.java | 2 +- .../SamlTokenPolicyValidator.java | 2 +- .../SecurityContextTokenPolicyValidator.java| 2 +- .../SymmetricBindingPolicyValidator.java| 2 +- .../UsernameTokenPolicyValidator.java | 2 +- .../policyvalidators/WSS11PolicyValidator.java | 2 +- .../X509TokenPolicyValidator.java | 2 +- .../wss4j/AbstractPolicySecurityTest.java | 2 +- .../cxf/ws/security/wss4j/CustomProcessor.java | 2 +- .../security/wss4j/SecurityActionTokenTest.java | 2 +- .../cxf/ws/security/wss4j/WSS4JInOutTest.java | 2 +- .../security/wss4j/saml/DOMToStaxSamlTest.java | 10 ++-- .../ws/security/wss4j/saml/SamlTokenTest.java | 39 --- .../security/wss4j/saml/StaxToDOMSamlTest.java | 50 ++-- .../org/apache/cxf/sts/StaticSTSProperties.java | 2 +- .../cxf/sts/operation/TokenIssueOperation.java | 2 +- .../apache/cxf/sts/request/RequestParser.java | 4 +- .../cxf/sts/token/canceller/SCTCanceller.java | 2 +- .../cxf/sts/token/provider/SCTProvider.java | 2 +- .../cxf/sts/token/renewer/SAMLTokenRenewer.java | 4 +- .../sts/token/validator/SAMLTokenValidator.java | 2 +- .../token/validator/UsernameTokenValidator.java | 2 +- .../sts/token/validator/X509TokenValidator.java | 2 +- .../cxf/sts/operation/IssueSamlUnitTest.java| 2 +- .../cxf/sts/request/RequestParserUnitTest.java | 2 +- .../token/renewer/SAMLTokenRenewerPOPTest.java | 2 +- .../systest/sts/batch/SimpleBatchSTSClient.java | 4 +- .../transformation/DoubleItPortTypeImpl.java| 2 +- .../systest/sts/issueunit/IssueUnitTest.java| 2 +- .../systest/sts/itests/unit/STSUnitTest.java| 2 +- .../wssec/kerberos/KerberosTokenTest.java | 2 +- .../kerberos/wssec/spnego/SpnegoTokenTest.java | 2
[1/2] cxf git commit: Picking up WSS4J 2.1.4
Repository: cxf Updated Branches: refs/heads/master d09c4eafb -> 70aceaa6f http://git-wip-us.apache.org/repos/asf/cxf/blob/70aceaa6/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java -- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java index a6a5406..701b8eb 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java @@ -45,7 +45,7 @@ import org.apache.wss4j.common.ConfigurationConstants; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.saml.builder.SAML1Constants; import org.apache.wss4j.common.saml.builder.SAML2Constants; -import org.apache.wss4j.dom.WSSecurityEngine; +import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.ext.WSSSecurityProperties; @@ -67,8 +67,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest { inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); final MapcustomMap = new HashMap (); CustomSamlValidator validator = new CustomSamlValidator(); -customMap.put(WSSecurityEngine.SAML_TOKEN, validator); -customMap.put(WSSecurityEngine.SAML2_TOKEN, validator); +customMap.put(WSConstants.SAML_TOKEN, validator); +customMap.put(WSConstants.SAML2_TOKEN, validator); inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap); inProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false"); @@ -104,8 +104,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest { inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); final Map customMap = new HashMap (); CustomSamlValidator validator = new CustomSamlValidator(); -customMap.put(WSSecurityEngine.SAML_TOKEN, validator); -customMap.put(WSSecurityEngine.SAML2_TOKEN, validator); +customMap.put(WSConstants.SAML_TOKEN, validator); +customMap.put(WSConstants.SAML2_TOKEN, validator); inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap); inProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false"); @@ -143,8 +143,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest { inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties"); final Map customMap = new HashMap (); CustomSamlValidator validator = new CustomSamlValidator(); -customMap.put(WSSecurityEngine.SAML_TOKEN, validator); -customMap.put(WSSecurityEngine.SAML2_TOKEN, validator); +customMap.put(WSConstants.SAML_TOKEN, validator); +customMap.put(WSConstants.SAML2_TOKEN, validator); inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap); WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties); @@ -187,8 +187,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest { inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties"); final Map customMap = new HashMap (); CustomSamlValidator validator = new CustomSamlValidator(); -customMap.put(WSSecurityEngine.SAML_TOKEN, validator); -customMap.put(WSSecurityEngine.SAML2_TOKEN, validator); +customMap.put(WSConstants.SAML_TOKEN, validator); +customMap.put(WSConstants.SAML2_TOKEN, validator); inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap); WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties); @@ -223,8 +223,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest { final Map customMap = new HashMap (); CustomSamlValidator validator = new CustomSamlValidator(); validator.setRequireSAML1Assertion(false); -customMap.put(WSSecurityEngine.SAML_TOKEN, validator); -customMap.put(WSSecurityEngine.SAML2_TOKEN, validator); +customMap.put(WSConstants.SAML_TOKEN, validator); +customMap.put(WSConstants.SAML2_TOKEN, validator); inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap); inProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false"); @@ -261,8 +261,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest { final Map customMap = new
[2/2] cxf git commit: Picking up WSS4J 2.0.6
Picking up WSS4J 2.0.6 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e8549171 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e8549171 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e8549171 Branch: refs/heads/3.0.x-fixes Commit: e854917164f4655479f6183511d44ab285ddf04c Parents: 2249565 Author: Colm O hEigeartaighAuthored: Tue Oct 27 11:55:22 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 11:55:22 2015 + -- parent/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e8549171/parent/pom.xml -- diff --git a/parent/pom.xml b/parent/pom.xml index b3f1539..2bddce9 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -164,7 +164,7 @@ 4.4.1 3.1.4 1.6.3 -2.0.5 +2.0.6 2.11.0 2.6.0 2.2.1
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes f181f1e75 -> e85491716 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22495652 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22495652 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22495652 Branch: refs/heads/3.0.x-fixes Commit: 224956525b5ccea679529896b3c89631c0aa19ec Parents: f181f1e Author: Colm O hEigeartaighAuthored: Tue Oct 27 11:55:14 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 11:55:14 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/22495652/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 7479c33..e385832 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -213,6 +213,7 @@ B 6efe475ad57f042ffc9547f1bb258ab4e16a3f3e B 6f3f4c1f873d8d30a4c30165280dd0ff46e03d5d B 6fb880420de545f7ed09199674b7fec3d0ba4d7c B 702f27bc4a334b2d117262252632bf580f20f711 +B 70aceaa6f3b93f2a64abdc219fac242f5f0830ab B 712e96428c926bf8aedce8eb91c33d79801dd636 B 71488c6fa7635c88285214a0479379aafef9ed3c B 716531d62eaa8b1dde566e59e2a5ff0be1b2b33c
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 6951f4391 -> 51137c44f Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/51137c44 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/51137c44 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/51137c44 Branch: refs/heads/2.7.x-fixes Commit: 51137c44fec619fc91c2f43e8c76f6c569038f15 Parents: 6951f43 Author: Colm O hEigeartaighAuthored: Tue Oct 27 12:41:52 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 12:41:52 2015 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/51137c44/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index beea0dd..d22271f 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -359,6 +359,7 @@ B 2209258ce1246f3f48d23d51c4d981dd47b3d600 B 221efc02f90eef7f319ba39b8aefd14922901d70 B 22279cf58a2c00af83524fe123f2aab670b6168a B 2246e1393aa56ff8411efabf2d49c3ef75ffdfec +B 224956525b5ccea679529896b3c89631c0aa19ec B 224fa3c6412db10a451558e67bf0a6913035fa5d B 226906c48bb2c71b70172d33ea528916f8c62dff B 227bf19947e2888b8ceee53287bfbe78a1d824b8 @@ -2199,6 +2200,7 @@ B e7b4edb1f402b1fe398e94767e14cd0b8d13b906 B e7fe2b7ec6a4df1e0b9d27ebdd9ff74ac8ad267d B e80db09d37d99d540cdbef7114efeb26317e3a52 B e82847091d5a4776ce2cd9d6ebf3d98f4ebc3558 +B e854917164f4655479f6183511d44ab285ddf04c B e87711abf86054a8fee51d1a33399ad26c878a67 B e898a0a4f6ef29922f0f286af8a670bcfaab9df9 B e8a265088255cf4d04f6dbed64dccfb6c0f31c28
cxf git commit: Misc minor enhancements to HandlerChain builders and resolver
Repository: cxf Updated Branches: refs/heads/master 6fd3ada7a -> 0985e79ab Misc minor enhancements to HandlerChain builders and resolver Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0985e79a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0985e79a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0985e79a Branch: refs/heads/master Commit: 0985e79ab47124fbe0a08b9653ae7d4d1c2b5b97 Parents: 6fd3ada Author: Alessio SoldanoAuthored: Tue Oct 27 18:04:18 2015 +0100 Committer: Alessio Soldano Committed: Tue Oct 27 18:16:12 2015 +0100 -- .../handler/AnnotationHandlerChainBuilder.java | 7 +++--- .../cxf/jaxws/handler/HandlerChainBuilder.java | 24 .../cxf/jaxws/handler/HandlerResolverImpl.java | 5 3 files changed, 19 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0985e79a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java -- diff --git a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java index d8d62f4..b72a721 100644 --- a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java +++ b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java @@ -211,14 +211,15 @@ public class AnnotationHandlerChainBuilder extends HandlerChainBuilder { if ("*".equals(namePattern)) { return true; } -if (!namePattern.contains(":")) { +final int idx = namePattern.indexOf(':'); +if (idx < 0) { String xml = StaxUtils.toString(el); throw new WebServiceException( BundleUtils.getFormattedString(BUNDLE, "NOT_A_QNAME_PATTER", namePattern, xml)); } -String pfx = namePattern.substring(0, namePattern.indexOf(':')); +String pfx = namePattern.substring(0, idx); String ns = el.lookupNamespaceURI(pfx); if (ns == null) { ns = pfx; @@ -226,7 +227,7 @@ public class AnnotationHandlerChainBuilder extends HandlerChainBuilder { if (!ns.equals(comp.getNamespaceURI())) { return false; } -String localPart = namePattern.substring(namePattern.indexOf(':') + 1, +String localPart = namePattern.substring(idx + 1, namePattern.length()); if (localPart.contains("*")) { //wildcard pattern matching http://git-wip-us.apache.org/repos/asf/cxf/blob/0985e79a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java -- diff --git a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java index c8ba542..7e733b8 100644 --- a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java +++ b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java @@ -93,21 +93,22 @@ public class HandlerChainBuilder { */ public List sortHandlers(List handlers) { -List logicalHandlers = new ArrayList (); -List protocolHandlers = new ArrayList (); +final int size = handlers.size(); +List logicalHandlers = new ArrayList(size); +List protocolHandlers = new ArrayList(Math.min(10, size)); for (Handler handler : handlers) { if (handler instanceof LogicalHandler) { -logicalHandlers.add((LogicalHandler)handler); +logicalHandlers.add(handler); } else { protocolHandlers.add(handler); } } -List sortedHandlers = new ArrayList(); -sortedHandlers.addAll(logicalHandlers); -sortedHandlers.addAll(protocolHandlers); -return sortedHandlers; +if (!protocolHandlers.isEmpty()) { +logicalHandlers.addAll(protocolHandlers); +} +return logicalHandlers; } protected ClassLoader getHandlerClassLoader() { @@ -117,7 +118,10 @@ public class HandlerChainBuilder { protected List buildHandlerChain(PortComponentHandlerType ht, ClassLoader classLoader) { List handlerChain = new ArrayList(); try { -
[5/5] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6424b876 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6424b876 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6424b876 Branch: refs/heads/3.0.x-fixes Commit: 6424b876c32f5ea83a439515add2f1801c733796 Parents: 618ee78 Author: Colm O hEigeartaighAuthored: Tue Oct 27 17:11:16 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 17:11:16 2015 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6424b876/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index e385832..ea84691 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -588,6 +588,7 @@ M 6909358dee4beaa00b493b728dd7689331173d2a M 6d7ab22d5adcd15bfa3a086345a0b5851fe3e2b2 M 6d830354143f91f317d9faf2463c9ceeab44 M 6e3224606ecf56b821dac537241f18a59b44e3e3 +M 6fd3ada7af5af1fcb0de337c379e34e7bdb44a56 M 702a4c1759263d25ab62c0804ed61a1f099a M 70b568a3390bec3498c427264a5f3f4cbcb7f1cc M 717018e84f3ed41f0c9ca5ca550593c6c3352866 @@ -638,6 +639,7 @@ M 9f18da888e37f203b1aa9a3240ed7b6aab3a4ef9 M a088c793efd923a52f68044b02221f8b47569ef9 M a2c4be5e99472fc23b1740fc594e5d4c64961ca4 M a3bf2a80bafa95ec2ccdd2b28ead26c13866acd7 +M a5258a4a853ac7ba9d93e9dba37329f9ee482788 M a5b1c33534d83b4d0696263439d0d1a906b1afe6 M a614b75389c2758d6d27e598b679ba013bcb72f0 M a64265c29be124e9bffb46eb35a68b3504860c3a
[1/5] cxf git commit: Adding some more JOSE tests
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes e85491716 -> 6424b876c Adding some more JOSE tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3a726365 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3a726365 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3a726365 Branch: refs/heads/3.0.x-fixes Commit: 3a72636542ec1cc92c4d5884f34a15b51f9f9f7e Parents: e854917 Author: Colm O hEigeartaighAuthored: Tue Oct 27 12:54:31 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 17:11:11 2015 + -- .../cxf/rs/security/jose/jwe/JweUtils.java | 1 - .../jaxrs/security/jwt/JweJwsAlgorithmTest.java | 55 +++- 2 files changed, 54 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3a726365/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index e23f605..0c86142 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -364,7 +364,6 @@ public final class JweUtils { SecretKey ctDecryptionKey = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) { -//TODO: optionally validate inHeaders.getAlgorithm against a property in props // Supporting loading a private key via a certificate for now List chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); KeyManagementUtils.validateCertificateChain(props, chain); http://git-wip-us.apache.org/repos/asf/cxf/blob/3a726365/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java index 4bbc765..cb1f3b2 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java @@ -168,6 +168,33 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase { } @org.junit.Test +public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception { + +URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml"); + +List providers = new ArrayList(); +providers.add(new JacksonJsonProvider()); +providers.add(new JweWriterInterceptor()); + +String address = "http://localhost:; + PORT + "/jweoaepgcm/bookstore/books"; +WebClient client = +WebClient.create(address, providers, busFile.toString()); +client.type("application/json").accept("application/json"); + +Map properties = new HashMap (); +properties.put("rs.security.keystore.type", "jwk"); +properties.put("rs.security.keystore.alias", "2011-04-29"); +properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); +properties.put("rs.security.encryption.content.algorithm", "A128GCM"); +properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); +properties.put("rs.security.encryption.include.public.key", "true"); +WebClient.getConfig(client).getRequestContext().putAll(properties); + +Response response = client.post(new Book("book", 123L)); +assertNotEquals(response.getStatus(), 200); +} + +@org.junit.Test public void testWrongContentEncryptionAlgorithm() throws Exception { if (SKIP_AES_GCM_TESTS || !SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) { @@ -260,7 +287,6 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase { assertNotEquals(response.getStatus(), 200); } - // // Signature tests // @@ -349,6 +375,33 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase { } @org.junit.Test +public void
[3/5] cxf git commit: NPE fix
NPE fix Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/01bcdb5e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/01bcdb5e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/01bcdb5e Branch: refs/heads/3.0.x-fixes Commit: 01bcdb5e3b527b90b3c2103103fe351385e41f14 Parents: 34eb4b1 Author: Colm O hEigeartaighAuthored: Tue Oct 27 15:51:52 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 17:11:15 2015 + -- .../main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/01bcdb5e/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 0c86142..e936359 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -388,6 +388,11 @@ public final class JweUtils { } else { if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT); +if (jwk == null) { +LOG.warning("Extracting the JsonWebKey failed"); +throw new JweException(JweException.Error.KEY_DECRYPTION_FAILURE); +} + if ("direct".equals(keyEncryptionAlgo)) { contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm()); ctDecryptionKey = getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);
[4/5] cxf git commit: Adding JWTUtils unit tests + fixing a bug with the TTL validation
Adding JWTUtils unit tests + fixing a bug with the TTL validation Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/618ee782 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/618ee782 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/618ee782 Branch: refs/heads/3.0.x-fixes Commit: 618ee7821a4db7d8e98cf7ab42459b6eb10f287e Parents: 01bcdb5 Author: Colm O hEigeartaighAuthored: Tue Oct 27 17:09:07 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 17:11:16 2015 + -- .../cxf/rs/security/jose/jwt/JwtUtils.java | 24 ++-- .../cxf/rs/security/jose/jwt/JwtUtilsTest.java | 144 +++ 2 files changed, 159 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/618ee782/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java index c2f9a83..4a54f49 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java @@ -87,21 +87,27 @@ public final class JwtUtils { } Date createdDate = new Date(issuedAtInSecs * 1000L); -if (clockOffset != 0) { -// Calculate the time that is allowed for the message to travel -createdDate.setTime(createdDate.getTime() - (long)clockOffset * 1000L); -} - Date validCreation = new Date(); -if (timeToLive != 0) { -long currentTime = validCreation.getTime(); -currentTime -= (long)timeToLive * 1000L; -validCreation.setTime(currentTime); +long currentTime = validCreation.getTime(); +if (clockOffset > 0) { +validCreation.setTime(currentTime + (long)clockOffset * 1000L); } +// Check to see if the IssuedAt time is in the future if (createdDate.after(validCreation)) { throw new JwtException("Invalid issuedAt"); } + +if (timeToLive > 0) { +// Calculate the time that is allowed for the message to travel +currentTime -= (long)timeToLive * 1000L; +validCreation.setTime(currentTime); + +// Validate the time it took the message to travel +if (createdDate.before(validCreation)) { +throw new JwtException("Invalid issuedAt"); +} +} } public static void validateJwtTimeClaims(JwtClaims claims, int clockOffset, http://git-wip-us.apache.org/repos/asf/cxf/blob/618ee782/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java -- diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java new file mode 100644 index 000..9a2050e --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java @@ -0,0 +1,144 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwt; + +import java.util.Calendar; +import java.util.Date; + +import org.junit.Assert; + +/** + * Some tests for JwtUtils + */ +public class JwtUtilsTest extends Assert { + +@org.junit.Test +public void testExpiredToken() throws Exception { +// Create the JWT Token +JwtClaims claims = new JwtClaims(); +claims.setSubject("alice"); +claims.setIssuer("DoubleItSTSIssuer"); + +//
[2/5] cxf git commit: More JOSE tests
More JOSE tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/34eb4b1a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/34eb4b1a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/34eb4b1a Branch: refs/heads/3.0.x-fixes Commit: 34eb4b1ad613fb04076cd1cfbe9f6e626a6e230e Parents: 3a72636 Author: Colm O hEigeartaighAuthored: Tue Oct 27 15:47:49 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 17:11:12 2015 + -- .../jaxrs/security/jwt/BookServerReference.java | 57 +++ .../jaxrs/security/jwt/JweJwsReferenceTest.java | 370 +++ .../jaxrs/security/jwt/reference-server.xml | 101 + .../cxf/systest/jaxrs/security/certs/Morpit.jks | Bin 0 -> 2221 bytes 4 files changed, 528 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/34eb4b1a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java new file mode 100644 index 000..aae5a23 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.jwt; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +public class BookServerReference extends AbstractBusTestServerBase { +public static final String PORT = TestUtil.getPortNumber("jaxrs-jwejws-reference"); +private static final String SERVER_CONFIG_FILE = +"org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml"; + +protected void run() { +SpringBusFactory bf = new SpringBusFactory(); +Bus springBus = bf.createBus(SERVER_CONFIG_FILE); +BusFactory.setDefaultBus(springBus); +setBus(springBus); + +try { +new BookServerReference(); +} catch (Exception e) { +throw new RuntimeException(e); +} +} + +public static void main(String[] args) { +try { +BookServerReference s = new BookServerReference(); +s.start(); +} catch (Exception ex) { +ex.printStackTrace(); +System.exit(-1); +} finally { +System.out.println("done!"); +} +} +} http://git-wip-us.apache.org/repos/asf/cxf/blob/34eb4b1a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java new file mode 100644 index 000..39cec16 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java @@ -0,0 +1,370 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is
[1/4] cxf git commit: Adding some more JOSE tests
Repository: cxf Updated Branches: refs/heads/master 70aceaa6f -> 6fd3ada7a Adding some more JOSE tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a5258a4a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a5258a4a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a5258a4a Branch: refs/heads/master Commit: a5258a4a853ac7ba9d93e9dba37329f9ee482788 Parents: 70aceaa Author: Colm O hEigeartaighAuthored: Tue Oct 27 12:54:31 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 12:54:31 2015 + -- .../cxf/rs/security/jose/jwe/JweUtils.java | 1 - .../jaxrs/security/jwt/JweJwsAlgorithmTest.java | 55 +++- 2 files changed, 54 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a5258a4a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index e23f605..0c86142 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -364,7 +364,6 @@ public final class JweUtils { SecretKey ctDecryptionKey = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) { -//TODO: optionally validate inHeaders.getAlgorithm against a property in props // Supporting loading a private key via a certificate for now List chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); KeyManagementUtils.validateCertificateChain(props, chain); http://git-wip-us.apache.org/repos/asf/cxf/blob/a5258a4a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java index fcdaafb..b728d66 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java @@ -150,6 +150,33 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase { } @org.junit.Test +public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception { + +URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml"); + +List providers = new ArrayList(); +providers.add(new JacksonJsonProvider()); +providers.add(new JweWriterInterceptor()); + +String address = "http://localhost:; + PORT + "/jweoaepgcm/bookstore/books"; +WebClient client = +WebClient.create(address, providers, busFile.toString()); +client.type("application/json").accept("application/json"); + +Map properties = new HashMap (); +properties.put("rs.security.keystore.type", "jwk"); +properties.put("rs.security.keystore.alias", "2011-04-29"); +properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); +properties.put("rs.security.encryption.content.algorithm", "A128GCM"); +properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); +properties.put("rs.security.encryption.include.public.key", "true"); +WebClient.getConfig(client).getRequestContext().putAll(properties); + +Response response = client.post(new Book("book", 123L)); +assertNotEquals(response.getStatus(), 200); +} + +@org.junit.Test public void testWrongContentEncryptionAlgorithm() throws Exception { if (!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) { return; @@ -232,7 +259,6 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase { assertNotEquals(response.getStatus(), 200); } - // // Signature tests // @@ -321,6 +347,33 @@ public class JweJwsAlgorithmTest extends AbstractBusClientServerTestBase { } @org.junit.Test +public void testWrongSignatureAlgorithmKeyIncluded() throws
[4/4] cxf git commit: Adding JWTUtils unit tests + fixing a bug with the TTL validation
Adding JWTUtils unit tests + fixing a bug with the TTL validation Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6fd3ada7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6fd3ada7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6fd3ada7 Branch: refs/heads/master Commit: 6fd3ada7af5af1fcb0de337c379e34e7bdb44a56 Parents: 67e48ee Author: Colm O hEigeartaighAuthored: Tue Oct 27 17:09:07 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 17:09:07 2015 + -- .../cxf/rs/security/jose/jwt/JwtUtils.java | 24 ++-- .../cxf/rs/security/jose/jwt/JwtUtilsTest.java | 144 +++ 2 files changed, 159 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6fd3ada7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java index 3f0a27e..9f1c1d6 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java @@ -87,21 +87,27 @@ public final class JwtUtils { } Date createdDate = new Date(issuedAtInSecs * 1000L); -if (clockOffset != 0) { -// Calculate the time that is allowed for the message to travel -createdDate.setTime(createdDate.getTime() - (long)clockOffset * 1000L); -} - Date validCreation = new Date(); -if (timeToLive != 0) { -long currentTime = validCreation.getTime(); -currentTime -= (long)timeToLive * 1000L; -validCreation.setTime(currentTime); +long currentTime = validCreation.getTime(); +if (clockOffset > 0) { +validCreation.setTime(currentTime + (long)clockOffset * 1000L); } +// Check to see if the IssuedAt time is in the future if (createdDate.after(validCreation)) { throw new JwtException("Invalid issuedAt"); } + +if (timeToLive > 0) { +// Calculate the time that is allowed for the message to travel +currentTime -= (long)timeToLive * 1000L; +validCreation.setTime(currentTime); + +// Validate the time it took the message to travel +if (createdDate.before(validCreation)) { +throw new JwtException("Invalid issuedAt"); +} +} } } http://git-wip-us.apache.org/repos/asf/cxf/blob/6fd3ada7/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java -- diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java new file mode 100644 index 000..9a2050e --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java @@ -0,0 +1,144 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwt; + +import java.util.Calendar; +import java.util.Date; + +import org.junit.Assert; + +/** + * Some tests for JwtUtils + */ +public class JwtUtilsTest extends Assert { + +@org.junit.Test +public void testExpiredToken() throws Exception { +// Create the JWT Token +JwtClaims claims = new JwtClaims(); +claims.setSubject("alice"); +claims.setIssuer("DoubleItSTSIssuer"); + +// Set the expiry date to be yesterday +Calendar cal =
[2/4] cxf git commit: More JOSE tests
More JOSE tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6c96aa32 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6c96aa32 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6c96aa32 Branch: refs/heads/master Commit: 6c96aa3247891af50b9f3f63a5e21368b2b5bd0d Parents: a5258a4 Author: Colm O hEigeartaighAuthored: Tue Oct 27 15:47:49 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 15:47:49 2015 + -- .../jaxrs/security/jwt/BookServerReference.java | 57 +++ .../jaxrs/security/jwt/JweJwsReferenceTest.java | 370 +++ .../jaxrs/security/jwt/reference-server.xml | 101 + .../cxf/systest/jaxrs/security/certs/Morpit.jks | Bin 0 -> 2221 bytes 4 files changed, 528 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6c96aa32/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java new file mode 100644 index 000..aae5a23 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.jwt; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +public class BookServerReference extends AbstractBusTestServerBase { +public static final String PORT = TestUtil.getPortNumber("jaxrs-jwejws-reference"); +private static final String SERVER_CONFIG_FILE = +"org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml"; + +protected void run() { +SpringBusFactory bf = new SpringBusFactory(); +Bus springBus = bf.createBus(SERVER_CONFIG_FILE); +BusFactory.setDefaultBus(springBus); +setBus(springBus); + +try { +new BookServerReference(); +} catch (Exception e) { +throw new RuntimeException(e); +} +} + +public static void main(String[] args) { +try { +BookServerReference s = new BookServerReference(); +s.start(); +} catch (Exception ex) { +ex.printStackTrace(); +System.exit(-1); +} finally { +System.out.println("done!"); +} +} +} http://git-wip-us.apache.org/repos/asf/cxf/blob/6c96aa32/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java new file mode 100644 index 000..39cec16 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java @@ -0,0 +1,370 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is
[3/4] cxf git commit: NPE fix
NPE fix Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/67e48ee0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/67e48ee0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/67e48ee0 Branch: refs/heads/master Commit: 67e48ee00b55cb0780b01f91fd08716f8d953592 Parents: 6c96aa3 Author: Colm O hEigeartaighAuthored: Tue Oct 27 15:51:52 2015 + Committer: Colm O hEigeartaigh Committed: Tue Oct 27 15:51:52 2015 + -- .../main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/67e48ee0/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 0c86142..e936359 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -388,6 +388,11 @@ public final class JweUtils { } else { if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT); +if (jwk == null) { +LOG.warning("Extracting the JsonWebKey failed"); +throw new JweException(JweException.Error.KEY_DECRYPTION_FAILURE); +} + if ("direct".equals(keyEncryptionAlgo)) { contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm()); ctDecryptionKey = getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);