date:20151027

[2/2] cxf git commit: Picking up WSS4J 2.1.4

2015-10-27 Thread coheigea

Picking up WSS4J 2.1.4


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/70aceaa6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/70aceaa6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/70aceaa6

Branch: refs/heads/master
Commit: 70aceaa6f3b93f2a64abdc219fac242f5f0830ab
Parents: d09c4ea
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 11:54:05 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 11:54:05 2015 +

--
 parent/pom.xml  |  2 +-
 .../grants/saml/Saml2BearerGrantHandler.java|  2 +-
 .../saml/sso/SAMLProtocolResponseValidator.java |  2 +-
 .../saml/sso/CombinedValidatorTest.java |  2 +-
 .../saml/sso/SAMLResponseValidatorTest.java |  2 +-
 .../rs/security/saml/AbstractSamlInHandler.java |  2 +-
 .../ws/security/kerberos/KerberosClient.java|  2 +-
 .../IssuedTokenInterceptorProvider.java |  2 +-
 .../policy/interceptors/NegotiationUtils.java   |  2 +-
 .../SecureConversationInInterceptor.java|  2 +-
 ...ureConversationTokenInterceptorProvider.java |  2 +-
 .../SpnegoContextTokenInInterceptor.java|  2 +-
 .../SpnegoTokenInterceptorProvider.java |  2 +-
 .../ws/security/trust/AbstractSTSClient.java|  4 +-
 .../security/trust/STSStaxTokenValidator.java   |  2 +-
 .../ReceivedTokenCallbackHandler.java   |  2 +-
 ...tUsernameTokenAuthenticatingInterceptor.java |  5 +-
 .../wss4j/AbstractWSS4JStaxInterceptor.java |  2 +-
 .../wss4j/BinarySecurityTokenInterceptor.java   |  4 +-
 .../ws/security/wss4j/CXFCallbackLookup.java|  3 +-
 .../cxf/ws/security/wss4j/CXFRequestData.java   | 18 +++
 .../security/wss4j/CryptoCoverageChecker.java   |  2 +-
 .../wss4j/PolicyBasedWSS4JInInterceptor.java|  2 +-
 .../wss4j/PolicyBasedWSS4JOutInterceptor.java   |  2 +-
 .../PolicyBasedWSS4JStaxInInterceptor.java  |  4 +-
 .../ws/security/wss4j/SamlTokenInterceptor.java |  4 +-
 .../wss4j/UsernameTokenInterceptor.java |  4 +-
 .../ws/security/wss4j/WSS4JInInterceptor.java   |  8 ++--
 .../ws/security/wss4j/WSS4JOutInterceptor.java  |  2 +-
 .../security/wss4j/WSS4JStaxInInterceptor.java  |  6 +--
 .../security/wss4j/WSS4JStaxOutInterceptor.java |  6 +--
 .../cxf/ws/security/wss4j/WSS4JUtils.java   |  2 +-
 .../policyhandlers/AbstractBindingBuilder.java  |  6 +--
 .../AsymmetricBindingHandler.java   |  4 +-
 .../policyhandlers/SymmetricBindingHandler.java |  4 +-
 .../policyhandlers/TransportBindingHandler.java |  2 +-
 .../AbstractBindingPolicyValidator.java |  2 +-
 .../AbstractSamlPolicyValidator.java|  2 +-
 .../AbstractSupportingTokenPolicyValidator.java |  5 +-
 .../AlgorithmSuitePolicyValidator.java  |  2 +-
 .../AsymmetricBindingPolicyValidator.java   |  2 +-
 .../IssuedTokenPolicyValidator.java |  2 +-
 .../KerberosTokenPolicyValidator.java   |  2 +-
 .../policyvalidators/LayoutPolicyValidator.java |  5 +-
 .../PolicyValidatorParameters.java  |  2 +-
 .../SamlTokenPolicyValidator.java   |  2 +-
 .../SecurityContextTokenPolicyValidator.java|  2 +-
 .../SymmetricBindingPolicyValidator.java|  2 +-
 .../UsernameTokenPolicyValidator.java   |  2 +-
 .../policyvalidators/WSS11PolicyValidator.java  |  2 +-
 .../X509TokenPolicyValidator.java   |  2 +-
 .../wss4j/AbstractPolicySecurityTest.java   |  2 +-
 .../cxf/ws/security/wss4j/CustomProcessor.java  |  2 +-
 .../security/wss4j/SecurityActionTokenTest.java |  2 +-
 .../cxf/ws/security/wss4j/WSS4JInOutTest.java   |  2 +-
 .../security/wss4j/saml/DOMToStaxSamlTest.java  | 10 ++--
 .../ws/security/wss4j/saml/SamlTokenTest.java   | 39 ---
 .../security/wss4j/saml/StaxToDOMSamlTest.java  | 50 ++--
 .../org/apache/cxf/sts/StaticSTSProperties.java |  2 +-
 .../cxf/sts/operation/TokenIssueOperation.java  |  2 +-
 .../apache/cxf/sts/request/RequestParser.java   |  4 +-
 .../cxf/sts/token/canceller/SCTCanceller.java   |  2 +-
 .../cxf/sts/token/provider/SCTProvider.java |  2 +-
 .../cxf/sts/token/renewer/SAMLTokenRenewer.java |  4 +-
 .../sts/token/validator/SAMLTokenValidator.java |  2 +-
 .../token/validator/UsernameTokenValidator.java |  2 +-
 .../sts/token/validator/X509TokenValidator.java |  2 +-
 .../cxf/sts/operation/IssueSamlUnitTest.java|  2 +-
 .../cxf/sts/request/RequestParserUnitTest.java  |  2 +-
 .../token/renewer/SAMLTokenRenewerPOPTest.java  |  2 +-
 .../systest/sts/batch/SimpleBatchSTSClient.java |  4 +-
 .../transformation/DoubleItPortTypeImpl.java|  2 +-
 .../systest/sts/issueunit/IssueUnitTest.java|  2 +-
 .../systest/sts/itests/unit/STSUnitTest.java|  2 +-
 .../wssec/kerberos/KerberosTokenTest.java   |  2 +-
 .../kerberos/wssec/spnego/SpnegoTokenTest.java  |  2

[1/2] cxf git commit: Picking up WSS4J 2.1.4

2015-10-27 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/master d09c4eafb -> 70aceaa6f


http://git-wip-us.apache.org/repos/asf/cxf/blob/70aceaa6/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
--
diff --git 
a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
 
b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
index a6a5406..701b8eb 100644
--- 
a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
+++ 
b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
@@ -45,7 +45,7 @@ import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
@@ -67,8 +67,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest {
 inProperties.put(WSHandlerConstants.ACTION, 
WSHandlerConstants.SAML_TOKEN_UNSIGNED);
 final Map customMap = new HashMap();
 CustomSamlValidator validator = new CustomSamlValidator();
-customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
-customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+customMap.put(WSConstants.SAML_TOKEN, validator);
+customMap.put(WSConstants.SAML2_TOKEN, validator);
 inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
 inProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, 
"false");
 
@@ -104,8 +104,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest 
{
 inProperties.put(WSHandlerConstants.ACTION, 
WSHandlerConstants.SAML_TOKEN_UNSIGNED);
 final Map customMap = new HashMap();
 CustomSamlValidator validator = new CustomSamlValidator();
-customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
-customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+customMap.put(WSConstants.SAML_TOKEN, validator);
+customMap.put(WSConstants.SAML2_TOKEN, validator);
 inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
 inProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, 
"false");
 
@@ -143,8 +143,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest 
{
 inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, 
"insecurity.properties");
 final Map customMap = new HashMap();
 CustomSamlValidator validator = new CustomSamlValidator();
-customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
-customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+customMap.put(WSConstants.SAML_TOKEN, validator);
+customMap.put(WSConstants.SAML2_TOKEN, validator);
 inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
 
 WSS4JInInterceptor inInterceptor = new 
WSS4JInInterceptor(inProperties);
@@ -187,8 +187,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest 
{
 inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, 
"insecurity.properties");
 final Map customMap = new HashMap();
 CustomSamlValidator validator = new CustomSamlValidator();
-customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
-customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+customMap.put(WSConstants.SAML_TOKEN, validator);
+customMap.put(WSConstants.SAML2_TOKEN, validator);
 inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
 
 WSS4JInInterceptor inInterceptor = new 
WSS4JInInterceptor(inProperties);
@@ -223,8 +223,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest 
{
 final Map customMap = new HashMap();
 CustomSamlValidator validator = new CustomSamlValidator();
 validator.setRequireSAML1Assertion(false);
-customMap.put(WSSecurityEngine.SAML_TOKEN, validator);
-customMap.put(WSSecurityEngine.SAML2_TOKEN, validator);
+customMap.put(WSConstants.SAML_TOKEN, validator);
+customMap.put(WSConstants.SAML2_TOKEN, validator);
 inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
 inProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, 
"false");
 
@@ -261,8 +261,8 @@ public class StaxToDOMSamlTest extends AbstractSecurityTest 
{
 final Map customMap = new

[2/2] cxf git commit: Picking up WSS4J 2.0.6

2015-10-27 Thread coheigea

Picking up WSS4J 2.0.6


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e8549171
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e8549171
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e8549171

Branch: refs/heads/3.0.x-fixes
Commit: e854917164f4655479f6183511d44ab285ddf04c
Parents: 2249565
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 11:55:22 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 11:55:22 2015 +

--
 parent/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/e8549171/parent/pom.xml
--
diff --git a/parent/pom.xml b/parent/pom.xml
index b3f1539..2bddce9 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -164,7 +164,7 @@
 4.4.1
 3.1.4
 1.6.3
-2.0.5
+2.0.6
 2.11.0
 2.6.0
 2.2.1

[1/2] cxf git commit: Recording .gitmergeinfo Changes

2015-10-27 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes f181f1e75 -> e85491716


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22495652
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22495652
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22495652

Branch: refs/heads/3.0.x-fixes
Commit: 224956525b5ccea679529896b3c89631c0aa19ec
Parents: f181f1e
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 11:55:14 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 11:55:14 2015 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/22495652/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 7479c33..e385832 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -213,6 +213,7 @@ B 6efe475ad57f042ffc9547f1bb258ab4e16a3f3e
 B 6f3f4c1f873d8d30a4c30165280dd0ff46e03d5d
 B 6fb880420de545f7ed09199674b7fec3d0ba4d7c
 B 702f27bc4a334b2d117262252632bf580f20f711
+B 70aceaa6f3b93f2a64abdc219fac242f5f0830ab
 B 712e96428c926bf8aedce8eb91c33d79801dd636
 B 71488c6fa7635c88285214a0479379aafef9ed3c
 B 716531d62eaa8b1dde566e59e2a5ff0be1b2b33c

cxf git commit: Recording .gitmergeinfo Changes

2015-10-27 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 6951f4391 -> 51137c44f


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/51137c44
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/51137c44
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/51137c44

Branch: refs/heads/2.7.x-fixes
Commit: 51137c44fec619fc91c2f43e8c76f6c569038f15
Parents: 6951f43
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 12:41:52 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 12:41:52 2015 +

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/51137c44/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index beea0dd..d22271f 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -359,6 +359,7 @@ B 2209258ce1246f3f48d23d51c4d981dd47b3d600
 B 221efc02f90eef7f319ba39b8aefd14922901d70
 B 22279cf58a2c00af83524fe123f2aab670b6168a
 B 2246e1393aa56ff8411efabf2d49c3ef75ffdfec
+B 224956525b5ccea679529896b3c89631c0aa19ec
 B 224fa3c6412db10a451558e67bf0a6913035fa5d
 B 226906c48bb2c71b70172d33ea528916f8c62dff
 B 227bf19947e2888b8ceee53287bfbe78a1d824b8
@@ -2199,6 +2200,7 @@ B e7b4edb1f402b1fe398e94767e14cd0b8d13b906
 B e7fe2b7ec6a4df1e0b9d27ebdd9ff74ac8ad267d
 B e80db09d37d99d540cdbef7114efeb26317e3a52
 B e82847091d5a4776ce2cd9d6ebf3d98f4ebc3558
+B e854917164f4655479f6183511d44ab285ddf04c
 B e87711abf86054a8fee51d1a33399ad26c878a67
 B e898a0a4f6ef29922f0f286af8a670bcfaab9df9
 B e8a265088255cf4d04f6dbed64dccfb6c0f31c28

cxf git commit: Misc minor enhancements to HandlerChain builders and resolver

2015-10-27 Thread asoldano

Repository: cxf
Updated Branches:
  refs/heads/master 6fd3ada7a -> 0985e79ab


Misc minor enhancements to HandlerChain builders and resolver


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0985e79a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0985e79a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0985e79a

Branch: refs/heads/master
Commit: 0985e79ab47124fbe0a08b9653ae7d4d1c2b5b97
Parents: 6fd3ada
Author: Alessio Soldano 
Authored: Tue Oct 27 18:04:18 2015 +0100
Committer: Alessio Soldano 
Committed: Tue Oct 27 18:16:12 2015 +0100

--
 .../handler/AnnotationHandlerChainBuilder.java  |  7 +++---
 .../cxf/jaxws/handler/HandlerChainBuilder.java  | 24 
 .../cxf/jaxws/handler/HandlerResolverImpl.java  |  5 
 3 files changed, 19 insertions(+), 17 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/0985e79a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
--
diff --git 
a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
 
b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
index d8d62f4..b72a721 100644
--- 
a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
+++ 
b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
@@ -211,14 +211,15 @@ public class AnnotationHandlerChainBuilder extends 
HandlerChainBuilder {
 if ("*".equals(namePattern)) {
 return true;
 }
-if (!namePattern.contains(":")) {
+final int idx = namePattern.indexOf(':');
+if (idx < 0) {
 String xml = StaxUtils.toString(el);
 throw new WebServiceException(
 BundleUtils.getFormattedString(BUNDLE,
"NOT_A_QNAME_PATTER",
namePattern, xml)); 
   
 }
-String pfx = namePattern.substring(0, namePattern.indexOf(':'));
+String pfx = namePattern.substring(0, idx);
 String ns = el.lookupNamespaceURI(pfx);
 if (ns == null) {
 ns = pfx;
@@ -226,7 +227,7 @@ public class AnnotationHandlerChainBuilder extends 
HandlerChainBuilder {
 if (!ns.equals(comp.getNamespaceURI())) {
 return false;
 }
-String localPart = namePattern.substring(namePattern.indexOf(':') + 1,
+String localPart = namePattern.substring(idx + 1,
  namePattern.length());
 if (localPart.contains("*")) {
 //wildcard pattern matching

http://git-wip-us.apache.org/repos/asf/cxf/blob/0985e79a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java
--
diff --git 
a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java
 
b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java
index c8ba542..7e733b8 100644
--- 
a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java
+++ 
b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/HandlerChainBuilder.java
@@ -93,21 +93,22 @@ public class HandlerChainBuilder {
  */
 public List sortHandlers(List handlers) {
 
-List logicalHandlers = new 
ArrayList();
-List protocolHandlers = new ArrayList();
+final int size = handlers.size();
+List logicalHandlers = new ArrayList(size);
+List protocolHandlers = new ArrayList(Math.min(10, 
size));
 
 for (Handler handler : handlers) {
 if (handler instanceof LogicalHandler) {
-logicalHandlers.add((LogicalHandler)handler);
+logicalHandlers.add(handler);
 } else {
 protocolHandlers.add(handler);
 }
 }
 
-List sortedHandlers = new ArrayList();
-sortedHandlers.addAll(logicalHandlers);
-sortedHandlers.addAll(protocolHandlers);
-return sortedHandlers;
+if (!protocolHandlers.isEmpty()) {
+logicalHandlers.addAll(protocolHandlers);
+}
+return logicalHandlers;
 }
 
 protected ClassLoader getHandlerClassLoader() {
@@ -117,7 +118,10 @@ public class HandlerChainBuilder {
 protected List buildHandlerChain(PortComponentHandlerType ht, 
ClassLoader classLoader) {
 List handlerChain = new ArrayList();
 try {
-

[5/5] cxf git commit: Recording .gitmergeinfo Changes

2015-10-27 Thread coheigea

Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6424b876
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6424b876
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6424b876

Branch: refs/heads/3.0.x-fixes
Commit: 6424b876c32f5ea83a439515add2f1801c733796
Parents: 618ee78
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 17:11:16 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 17:11:16 2015 +

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6424b876/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index e385832..ea84691 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -588,6 +588,7 @@ M 6909358dee4beaa00b493b728dd7689331173d2a
 M 6d7ab22d5adcd15bfa3a086345a0b5851fe3e2b2
 M 6d830354143f91f317d9faf2463c9ceeab44
 M 6e3224606ecf56b821dac537241f18a59b44e3e3
+M 6fd3ada7af5af1fcb0de337c379e34e7bdb44a56
 M 702a4c1759263d25ab62c0804ed61a1f099a
 M 70b568a3390bec3498c427264a5f3f4cbcb7f1cc
 M 717018e84f3ed41f0c9ca5ca550593c6c3352866
@@ -638,6 +639,7 @@ M 9f18da888e37f203b1aa9a3240ed7b6aab3a4ef9
 M a088c793efd923a52f68044b02221f8b47569ef9
 M a2c4be5e99472fc23b1740fc594e5d4c64961ca4
 M a3bf2a80bafa95ec2ccdd2b28ead26c13866acd7
+M a5258a4a853ac7ba9d93e9dba37329f9ee482788
 M a5b1c33534d83b4d0696263439d0d1a906b1afe6
 M a614b75389c2758d6d27e598b679ba013bcb72f0
 M a64265c29be124e9bffb46eb35a68b3504860c3a

[1/5] cxf git commit: Adding some more JOSE tests

2015-10-27 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes e85491716 -> 6424b876c


Adding some more JOSE tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3a726365
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3a726365
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3a726365

Branch: refs/heads/3.0.x-fixes
Commit: 3a72636542ec1cc92c4d5884f34a15b51f9f9f7e
Parents: e854917
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 12:54:31 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 17:11:11 2015 +

--
 .../cxf/rs/security/jose/jwe/JweUtils.java  |  1 -
 .../jaxrs/security/jwt/JweJwsAlgorithmTest.java | 55 +++-
 2 files changed, 54 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/3a726365/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index e23f605..0c86142 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -364,7 +364,6 @@ public final class JweUtils {
 SecretKey ctDecryptionKey = null;
 String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
 if (inHeaders != null && 
inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
-//TODO: optionally validate inHeaders.getAlgorithm against a 
property in props
 // Supporting loading a private key via a certificate for now
 List chain = 
KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
 KeyManagementUtils.validateCertificateChain(props, chain);

http://git-wip-us.apache.org/repos/asf/cxf/blob/3a726365/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
index 4bbc765..cb1f3b2 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
@@ -168,6 +168,33 @@ public class JweJwsAlgorithmTest extends 
AbstractBusClientServerTestBase {
 }
 
 @org.junit.Test
+public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception {
+
+URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+List providers = new ArrayList();
+providers.add(new JacksonJsonProvider());
+providers.add(new JweWriterInterceptor());
+
+String address = "http://localhost:; + PORT + 
"/jweoaepgcm/bookstore/books";
+WebClient client = 
+WebClient.create(address, providers, busFile.toString());
+client.type("application/json").accept("application/json");
+
+Map properties = new HashMap();
+properties.put("rs.security.keystore.type", "jwk");
+properties.put("rs.security.keystore.alias", "2011-04-29");
+properties.put("rs.security.keystore.file", 
"org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+properties.put("rs.security.encryption.key.algorithm", "RSA1_5");
+properties.put("rs.security.encryption.include.public.key", "true");
+WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+Response response = client.post(new Book("book", 123L));
+assertNotEquals(response.getStatus(), 200);
+}
+
+@org.junit.Test
 public void testWrongContentEncryptionAlgorithm() throws Exception {
 
 if (SKIP_AES_GCM_TESTS || 
!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
@@ -260,7 +287,6 @@ public class JweJwsAlgorithmTest extends 
AbstractBusClientServerTestBase {
 assertNotEquals(response.getStatus(), 200);
 }
 
-
 //
 // Signature tests
 //
@@ -349,6 +375,33 @@ public class JweJwsAlgorithmTest extends 
AbstractBusClientServerTestBase {
 }
 
 @org.junit.Test
+public void

[3/5] cxf git commit: NPE fix

2015-10-27 Thread coheigea

NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/01bcdb5e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/01bcdb5e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/01bcdb5e

Branch: refs/heads/3.0.x-fixes
Commit: 01bcdb5e3b527b90b3c2103103fe351385e41f14
Parents: 34eb4b1
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 15:51:52 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 17:11:15 2015 +

--
 .../main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 5 +
 1 file changed, 5 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/01bcdb5e/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 0c86142..e936359 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -388,6 +388,11 @@ public final class JweUtils {
 } else {
 if 
(JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
 {
 JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, 
KeyOperation.DECRYPT);
+if (jwk == null) {
+LOG.warning("Extracting the JsonWebKey failed");
+throw new 
JweException(JweException.Error.KEY_DECRYPTION_FAILURE);
+}
+
 if ("direct".equals(keyEncryptionAlgo)) {
 contentEncryptionAlgo = getContentEncryptionAlgo(m, props, 
jwk.getAlgorithm());
 ctDecryptionKey = getContentDecryptionSecretKey(jwk, 
contentEncryptionAlgo);

[4/5] cxf git commit: Adding JWTUtils unit tests + fixing a bug with the TTL validation

2015-10-27 Thread coheigea

Adding JWTUtils unit tests + fixing a bug with the TTL validation


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/618ee782
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/618ee782
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/618ee782

Branch: refs/heads/3.0.x-fixes
Commit: 618ee7821a4db7d8e98cf7ab42459b6eb10f287e
Parents: 01bcdb5
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 17:09:07 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 17:11:16 2015 +

--
 .../cxf/rs/security/jose/jwt/JwtUtils.java  |  24 ++--
 .../cxf/rs/security/jose/jwt/JwtUtilsTest.java  | 144 +++
 2 files changed, 159 insertions(+), 9 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/618ee782/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
index c2f9a83..4a54f49 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
@@ -87,21 +87,27 @@ public final class JwtUtils {
 }
 
 Date createdDate = new Date(issuedAtInSecs * 1000L);
-if (clockOffset != 0) {
-// Calculate the time that is allowed for the message to travel
-createdDate.setTime(createdDate.getTime() - (long)clockOffset * 
1000L);
-}
-
 Date validCreation = new Date();
-if (timeToLive != 0) {
-long currentTime = validCreation.getTime();
-currentTime -= (long)timeToLive * 1000L;
-validCreation.setTime(currentTime);
+long currentTime = validCreation.getTime();
+if (clockOffset > 0) {
+validCreation.setTime(currentTime + (long)clockOffset * 1000L);
 }
 
+// Check to see if the IssuedAt time is in the future
 if (createdDate.after(validCreation)) {
 throw new JwtException("Invalid issuedAt");
 }
+
+if (timeToLive > 0) {
+// Calculate the time that is allowed for the message to travel
+currentTime -= (long)timeToLive * 1000L;
+validCreation.setTime(currentTime);
+
+// Validate the time it took the message to travel
+if (createdDate.before(validCreation)) {
+throw new JwtException("Invalid issuedAt");
+}
+}
 }
 
 public static void validateJwtTimeClaims(JwtClaims claims, int clockOffset,

http://git-wip-us.apache.org/repos/asf/cxf/blob/618ee782/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
new file mode 100644
index 000..9a2050e
--- /dev/null
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
@@ -0,0 +1,144 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt;
+
+import java.util.Calendar;
+import java.util.Date;
+
+import org.junit.Assert;
+
+/**
+ * Some tests for JwtUtils
+ */
+public class JwtUtilsTest extends Assert {
+
+@org.junit.Test
+public void testExpiredToken() throws Exception {
+// Create the JWT Token
+JwtClaims claims = new JwtClaims();
+claims.setSubject("alice");
+claims.setIssuer("DoubleItSTSIssuer");
+
+//

[2/5] cxf git commit: More JOSE tests

2015-10-27 Thread coheigea

More JOSE tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/34eb4b1a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/34eb4b1a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/34eb4b1a

Branch: refs/heads/3.0.x-fixes
Commit: 34eb4b1ad613fb04076cd1cfbe9f6e626a6e230e
Parents: 3a72636
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 15:47:49 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 17:11:12 2015 +

--
 .../jaxrs/security/jwt/BookServerReference.java |  57 +++
 .../jaxrs/security/jwt/JweJwsReferenceTest.java | 370 +++
 .../jaxrs/security/jwt/reference-server.xml | 101 +
 .../cxf/systest/jaxrs/security/certs/Morpit.jks | Bin 0 -> 2221 bytes
 4 files changed, 528 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/34eb4b1a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
new file mode 100644
index 000..aae5a23
--- /dev/null
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jwt;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerReference extends AbstractBusTestServerBase {
+public static final String PORT = 
TestUtil.getPortNumber("jaxrs-jwejws-reference");
+private static final String SERVER_CONFIG_FILE =
+"org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml";
+
+protected void run() {
+SpringBusFactory bf = new SpringBusFactory();
+Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+BusFactory.setDefaultBus(springBus);
+setBus(springBus);
+
+try {
+new BookServerReference();
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+
+public static void main(String[] args) {
+try {
+BookServerReference s = new BookServerReference();
+s.start();
+} catch (Exception ex) {
+ex.printStackTrace();
+System.exit(-1);
+} finally {
+System.out.println("done!");
+}
+}
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/34eb4b1a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
new file mode 100644
index 000..39cec16
--- /dev/null
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
@@ -0,0 +1,370 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is

[1/4] cxf git commit: Adding some more JOSE tests

2015-10-27 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/master 70aceaa6f -> 6fd3ada7a


Adding some more JOSE tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a5258a4a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a5258a4a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a5258a4a

Branch: refs/heads/master
Commit: a5258a4a853ac7ba9d93e9dba37329f9ee482788
Parents: 70aceaa
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 12:54:31 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 12:54:31 2015 +

--
 .../cxf/rs/security/jose/jwe/JweUtils.java  |  1 -
 .../jaxrs/security/jwt/JweJwsAlgorithmTest.java | 55 +++-
 2 files changed, 54 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/a5258a4a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index e23f605..0c86142 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -364,7 +364,6 @@ public final class JweUtils {
 SecretKey ctDecryptionKey = null;
 String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
 if (inHeaders != null && 
inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
-//TODO: optionally validate inHeaders.getAlgorithm against a 
property in props
 // Supporting loading a private key via a certificate for now
 List chain = 
KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
 KeyManagementUtils.validateCertificateChain(props, chain);

http://git-wip-us.apache.org/repos/asf/cxf/blob/a5258a4a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
index fcdaafb..b728d66 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsAlgorithmTest.java
@@ -150,6 +150,33 @@ public class JweJwsAlgorithmTest extends 
AbstractBusClientServerTestBase {
 }
 
 @org.junit.Test
+public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception {
+
+URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml");
+
+List providers = new ArrayList();
+providers.add(new JacksonJsonProvider());
+providers.add(new JweWriterInterceptor());
+
+String address = "http://localhost:; + PORT + 
"/jweoaepgcm/bookstore/books";
+WebClient client = 
+WebClient.create(address, providers, busFile.toString());
+client.type("application/json").accept("application/json");
+
+Map properties = new HashMap();
+properties.put("rs.security.keystore.type", "jwk");
+properties.put("rs.security.keystore.alias", "2011-04-29");
+properties.put("rs.security.keystore.file", 
"org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
+properties.put("rs.security.encryption.content.algorithm", "A128GCM");
+properties.put("rs.security.encryption.key.algorithm", "RSA1_5");
+properties.put("rs.security.encryption.include.public.key", "true");
+WebClient.getConfig(client).getRequestContext().putAll(properties);
+
+Response response = client.post(new Book("book", 123L));
+assertNotEquals(response.getStatus(), 200);
+}
+
+@org.junit.Test
 public void testWrongContentEncryptionAlgorithm() throws Exception {
 if (!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
 return;
@@ -232,7 +259,6 @@ public class JweJwsAlgorithmTest extends 
AbstractBusClientServerTestBase {
 assertNotEquals(response.getStatus(), 200);
 }
 
-
 //
 // Signature tests
 //
@@ -321,6 +347,33 @@ public class JweJwsAlgorithmTest extends 
AbstractBusClientServerTestBase {
 }
 
 @org.junit.Test
+public void testWrongSignatureAlgorithmKeyIncluded() throws

[4/4] cxf git commit: Adding JWTUtils unit tests + fixing a bug with the TTL validation

2015-10-27 Thread coheigea

Adding JWTUtils unit tests + fixing a bug with the TTL validation


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6fd3ada7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6fd3ada7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6fd3ada7

Branch: refs/heads/master
Commit: 6fd3ada7af5af1fcb0de337c379e34e7bdb44a56
Parents: 67e48ee
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 17:09:07 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 17:09:07 2015 +

--
 .../cxf/rs/security/jose/jwt/JwtUtils.java  |  24 ++--
 .../cxf/rs/security/jose/jwt/JwtUtilsTest.java  | 144 +++
 2 files changed, 159 insertions(+), 9 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6fd3ada7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
index 3f0a27e..9f1c1d6 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
@@ -87,21 +87,27 @@ public final class JwtUtils {
 }
 
 Date createdDate = new Date(issuedAtInSecs * 1000L);
-if (clockOffset != 0) {
-// Calculate the time that is allowed for the message to travel
-createdDate.setTime(createdDate.getTime() - (long)clockOffset * 
1000L);
-}
-
 Date validCreation = new Date();
-if (timeToLive != 0) {
-long currentTime = validCreation.getTime();
-currentTime -= (long)timeToLive * 1000L;
-validCreation.setTime(currentTime);
+long currentTime = validCreation.getTime();
+if (clockOffset > 0) {
+validCreation.setTime(currentTime + (long)clockOffset * 1000L);
 }
 
+// Check to see if the IssuedAt time is in the future
 if (createdDate.after(validCreation)) {
 throw new JwtException("Invalid issuedAt");
 }
+
+if (timeToLive > 0) {
+// Calculate the time that is allowed for the message to travel
+currentTime -= (long)timeToLive * 1000L;
+validCreation.setTime(currentTime);
+
+// Validate the time it took the message to travel
+if (createdDate.before(validCreation)) {
+throw new JwtException("Invalid issuedAt");
+}
+}
 }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6fd3ada7/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
new file mode 100644
index 000..9a2050e
--- /dev/null
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
@@ -0,0 +1,144 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt;
+
+import java.util.Calendar;
+import java.util.Date;
+
+import org.junit.Assert;
+
+/**
+ * Some tests for JwtUtils
+ */
+public class JwtUtilsTest extends Assert {
+
+@org.junit.Test
+public void testExpiredToken() throws Exception {
+// Create the JWT Token
+JwtClaims claims = new JwtClaims();
+claims.setSubject("alice");
+claims.setIssuer("DoubleItSTSIssuer");
+
+// Set the expiry date to be yesterday
+Calendar cal =

[2/4] cxf git commit: More JOSE tests

2015-10-27 Thread coheigea

More JOSE tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6c96aa32
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6c96aa32
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6c96aa32

Branch: refs/heads/master
Commit: 6c96aa3247891af50b9f3f63a5e21368b2b5bd0d
Parents: a5258a4
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 15:47:49 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 15:47:49 2015 +

--
 .../jaxrs/security/jwt/BookServerReference.java |  57 +++
 .../jaxrs/security/jwt/JweJwsReferenceTest.java | 370 +++
 .../jaxrs/security/jwt/reference-server.xml | 101 +
 .../cxf/systest/jaxrs/security/certs/Morpit.jks | Bin 0 -> 2221 bytes
 4 files changed, 528 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6c96aa32/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
new file mode 100644
index 000..aae5a23
--- /dev/null
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/BookServerReference.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jwt;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerReference extends AbstractBusTestServerBase {
+public static final String PORT = 
TestUtil.getPortNumber("jaxrs-jwejws-reference");
+private static final String SERVER_CONFIG_FILE =
+"org/apache/cxf/systest/jaxrs/security/jwt/reference-server.xml";
+
+protected void run() {
+SpringBusFactory bf = new SpringBusFactory();
+Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+BusFactory.setDefaultBus(springBus);
+setBus(springBus);
+
+try {
+new BookServerReference();
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+
+public static void main(String[] args) {
+try {
+BookServerReference s = new BookServerReference();
+s.start();
+} catch (Exception ex) {
+ex.printStackTrace();
+System.exit(-1);
+} finally {
+System.out.println("done!");
+}
+}
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/6c96aa32/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
new file mode 100644
index 000..39cec16
--- /dev/null
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JweJwsReferenceTest.java
@@ -0,0 +1,370 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is

[3/4] cxf git commit: NPE fix

2015-10-27 Thread coheigea

NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/67e48ee0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/67e48ee0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/67e48ee0

Branch: refs/heads/master
Commit: 67e48ee00b55cb0780b01f91fd08716f8d953592
Parents: 6c96aa3
Author: Colm O hEigeartaigh 
Authored: Tue Oct 27 15:51:52 2015 +
Committer: Colm O hEigeartaigh 
Committed: Tue Oct 27 15:51:52 2015 +

--
 .../main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 5 +
 1 file changed, 5 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/67e48ee0/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 0c86142..e936359 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -388,6 +388,11 @@ public final class JweUtils {
 } else {
 if 
(JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
 {
 JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, 
KeyOperation.DECRYPT);
+if (jwk == null) {
+LOG.warning("Extracting the JsonWebKey failed");
+throw new 
JweException(JweException.Error.KEY_DECRYPTION_FAILURE);
+}
+
 if ("direct".equals(keyEncryptionAlgo)) {
 contentEncryptionAlgo = getContentEncryptionAlgo(m, props, 
jwk.getAlgorithm());
 ctDecryptionKey = getContentDecryptionSecretKey(jwk, 
contentEncryptionAlgo);

[2/2] cxf git commit: Picking up WSS4J 2.1.4

[1/2] cxf git commit: Picking up WSS4J 2.1.4

[2/2] cxf git commit: Picking up WSS4J 2.0.6

[1/2] cxf git commit: Recording .gitmergeinfo Changes

cxf git commit: Recording .gitmergeinfo Changes

cxf git commit: Misc minor enhancements to HandlerChain builders and resolver

[5/5] cxf git commit: Recording .gitmergeinfo Changes

[1/5] cxf git commit: Adding some more JOSE tests

[3/5] cxf git commit: NPE fix

[4/5] cxf git commit: Adding JWTUtils unit tests + fixing a bug with the TTL validation

[2/5] cxf git commit: More JOSE tests

[1/4] cxf git commit: Adding some more JOSE tests

[4/4] cxf git commit: Adding JWTUtils unit tests + fixing a bug with the TTL validation

[2/4] cxf git commit: More JOSE tests

[3/4] cxf git commit: NPE fix

15 matches

Site Navigation

Mail list logo

Footer information