diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java index 337e874350b..6a53449a672 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java @@ -21,6 +21,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.Principal; +import java.security.PublicKey; import jakarta.annotation.Priority; import jakarta.ws.rs.HttpMethod; @@ -77,28 +78,31 @@ public void filter(ContainerRequestContext context) throws IOException { if (securityContext != null) { JAXRSUtils.getCurrentMessage().put(SecurityContext.class, securityContext); } + } } protected SecurityContext configureSecurityContext(JwsSignatureVerifier sigVerifier) { - if (sigVerifier instanceof PublicKeyJwsSignatureVerifier - && ((PublicKeyJwsSignatureVerifier)sigVerifier).getX509Certificate() != null) { - final Principal principal = - ((PublicKeyJwsSignatureVerifier)sigVerifier).getX509Certificate().getSubjectX500Principal(); - return new SecurityContext() { + if (sigVerifier instanceof PublicKeyJwsSignatureVerifier) { + JAXRSUtils.getCurrentMessage().getExchange().put(PublicKey.class, ((PublicKeyJwsSignatureVerifier) sigVerifier).getPublicKey()); + if (((PublicKeyJwsSignatureVerifier) sigVerifier).getX509Certificate() != null) { + final Principal principal = + ((PublicKeyJwsSignatureVerifier)sigVerifier).getX509Certificate().getSubjectX500Principal(); + return new SecurityContext() { - public Principal getUserPrincipal() { - return principal; - } + public Principal getUserPrincipal() { + return principal; + } - public boolean isUserInRole(String arg0) { - return false; - } - }; + public boolean isUserInRole(String arg0) { + return false; + } + }; + } } return null; } - + protected boolean isMethodWithNoContent(String method) { return HttpMethod.DELETE.equals(method) || HttpUtils.isMethodWithNoRequestContent(method); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index 092581d3fd0..e33c825017a 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -206,6 +206,11 @@ public final class JoseConstants extends RSSecurityConstants { */ public static final String ENABLE_UNSIGNED_JWT_PRINCIPAL = "rs.security.enable.unsigned-jwt.principal"; + /** + * Whether to use request signing certificate to create encryption provider + */ + public static final String USE_REQ_SIG_CERT = "useReqSigCert"; + /** * Whether to trace JOSE headers. */ diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 67d6cb6af31..4f40482b62c 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -23,6 +23,7 @@ import java.security.Key; import java.security.PrivateKey; import java.security.PublicKey; +import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; @@ -62,6 +63,8 @@ import org.apache.cxf.rt.security.crypto.MessageDigestUtils; import org.apache.cxf.rt.security.rs.PrivateKeyPasswordProvider; +import static org.apache.cxf.rt.security.rs.RSSecurityConstants.RSSEC_KEY_STORE_ALIAS; + public final class JweUtils { private static final Logger LOG = LogUtils.getL7dLogger(JweUtils.class); @@ -427,7 +430,30 @@ public static KeyEncryptionProvider loadKeyEncryptionProvider(Properties props, boolean includeKeyId = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID); - if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { + if (props.getProperty(RSSEC_KEY_STORE_ALIAS) != null && props.getProperty(RSSEC_KEY_STORE_ALIAS).equals(JoseConstants.USE_REQ_SIG_CERT)) { + var publicKey = PhaseInterceptorChain.getCurrentMessage().getExchange().get(PublicKey.class); + if (publicKey == null) { + throw new JweException(JweException.Error.NO_ENCRYPTOR); + } + keyEncryptionProvider = getPublicKeyEncryptionProvider( + publicKey, + keyAlgo + ); + + if (includeCert) { + headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props)); + } + if (includeCertSha1) { + KeyManagementUtils.setSha1DigestHeader(headers, m, props); + } else if (includeCertSha256) { + KeyManagementUtils.setSha256DigestHeader(headers, m, props); + } + if (includeKeyId && props.containsKey(RSSEC_KEY_STORE_ALIAS)) { + headers.setKeyId(props.getProperty(RSSEC_KEY_STORE_ALIAS)); + } + + } + else if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT); if (jwk != null) { keyAlgo = getKeyEncryptionAlgorithm(m, props, @@ -453,7 +479,8 @@ public static KeyEncryptionProvider loadKeyEncryptionProvider(Properties props, headers.setKeyId(jwk.getKeyId()); } } - } else { + } + else { keyEncryptionProvider = getPublicKeyEncryptionProvider( KeyManagementUtils.loadPublicKey(m, props), props, diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java index 51b143818e8..9ddfd037b86 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java @@ -118,6 +118,9 @@ public SignatureAlgorithm getAlgorithm() { public X509Certificate getX509Certificate() { return cert; } + public PublicKey getPublicKey() { + return key; + } @Override public JwsVerificationSignature createJwsVerificationSignature(JwsHeaders headers) { Signature sig = CryptoUtils.getVerificationSignature(key, diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java index 206d5cb44c0..7cbb55f5923 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java @@ -435,6 +435,114 @@ private BookStore createJweJwsBookStore(String address, return bean.create(BookStore.class); } + @Test + public void testJweJwsJwkRsaUseReqSigCert(){ + String address = "https://localhost:" + PORT + "/jwejwsjwkreqsigcert"; + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + List providers = new LinkedList<>(); + + // writer + JweWriterInterceptor jweWriter = new JweWriterInterceptor(); + jweWriter.setUseJweOutputStream(true); + JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor(); + jwsWriter.setUseJwsOutputStream(true); + // reader + JweClientResponseFilter jweReader = new JweClientResponseFilter(); + JwsClientResponseFilter jwsReader = new JwsClientResponseFilter(); + + providers.add(jweWriter); + providers.add(jwsWriter); + + providers.add(jweReader); + providers.add(jwsReader); + bean.setProviders(providers); + + //CLIENT == ALICE + bean.getProperties(true).put( + "rs.security.encryption.out.properties", + "org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.out.properties" + ); + bean.getProperties(true).put( + "rs.security.signature.out.properties", + "org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.out.properties" + ); + bean.getProperties(true).put( + "rs.security.encryption.in.properties", + "org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.in.properties" + ); + bean.getProperties(true).put( + "rs.security.signature.in.properties", + "org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.in.properties" + ); + + bean.getProperties(true).put("jose.debug", true); + bean.getProperties(true).put("rs.security.signature.include.public.key", "true"); + + BookStore bs = bean.create(BookStore.class); + String text = bs.echoText("book"); + assertEquals("book", text); + } + + @Test + public void testJweJwsRsaUseReqSigCert(){ + String address = "https://localhost:" + PORT + "/jwejwsreqsigcert"; + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + List providers = new LinkedList<>(); + + // writer + JweWriterInterceptor jweWriter = new JweWriterInterceptor(); + jweWriter.setUseJweOutputStream(true); + JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor(); + jwsWriter.setUseJwsOutputStream(true); + // reader + JweClientResponseFilter jweReader = new JweClientResponseFilter(); + JwsClientResponseFilter jwsReader = new JwsClientResponseFilter(); + + providers.add(jweWriter); + providers.add(jwsWriter); + + providers.add(jweReader); + providers.add(jwsReader); + bean.setProviders(providers); + + //CLIENT == ALICE + bean.getProperties(true).put( + "rs.security.encryption.out.properties", + "org/apache/cxf/systest/jaxrs/security/bob.rs.properties" + ); + bean.getProperties(true).put( + "rs.security.signature.out.properties", + "org/apache/cxf/systest/jaxrs/security/alice.rs.properties" + ); + bean.getProperties(true).put( + "rs.security.encryption.in.properties", + "org/apache/cxf/systest/jaxrs/security/alice.rs.properties" + ); + bean.getProperties(true).put( + "rs.security.signature.in.properties", + "org/apache/cxf/systest/jaxrs/security/bob.rs.properties" + ); + + bean.getProperties(true).put("jose.debug", true); + bean.getProperties(true).put("rs.security.signature.include.cert", "true"); + + BookStore bs = bean.create(BookStore.class); + String text = bs.echoText("book"); + assertEquals("book", text); + } + @Test public void testJweAesGcmDirect() throws Exception { String address = "https://localhost:" + PORT + "/jweaesgcmdirect"; diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.in.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.in.properties new file mode 100644 index 00000000000..d8a002f8131 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.in.properties @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.out.properties new file mode 100644 index 00000000000..ed395549c20 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.out.properties @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.in.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.in.properties new file mode 100644 index 00000000000..ed395549c20 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.in.properties @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.out.properties new file mode 100644 index 00000000000..d8a002f8131 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.out.properties @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties index 800578257b8..5514465fd6e 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties @@ -16,6 +16,7 @@ # under the License. rs.security.keystore.type=jks rs.security.keystore.password=password +rs.security.key.password=password rs.security.keystore.alias=alice rs.security.keystore.file=keys/alice.jks rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.in.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.in.properties new file mode 100644 index 00000000000..6563d4c3b9e --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.in.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.out.properties new file mode 100644 index 00000000000..a20d784a755 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.out.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=useReqSigCert +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.in.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.in.properties new file mode 100644 index 00000000000..808772a52d7 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.in.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.out.properties new file mode 100644 index 00000000000..6563d4c3b9e --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.out.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.enc.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.enc.out.properties new file mode 100644 index 00000000000..0b345a78bdf --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.enc.out.properties @@ -0,0 +1,26 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jks +rs.security.keystore.password=password +rs.security.key.password=password +rs.security.keystore.alias=useReqSigCert +rs.security.keystore.file=keys/bob.jks +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties index dea95cd1ba4..617b63405a0 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties @@ -18,6 +18,7 @@ # rs.security.keystore.type=jks rs.security.keystore.password=password +rs.security.key.password=password rs.security.keystore.alias=bob rs.security.keystore.file=keys/bob.jks rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml index 425e817776b..ea30c5b42f9 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml @@ -271,6 +271,44 @@ under the License. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +