diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java index 337e874350b..40f659a1f34 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java @@ -21,6 +21,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.Principal; +import java.security.PublicKey; import jakarta.annotation.Priority; import jakarta.ws.rs.HttpMethod; @@ -81,24 +82,26 @@ public void filter(ContainerRequestContext context) throws IOException { } protected SecurityContext configureSecurityContext(JwsSignatureVerifier sigVerifier) { - if (sigVerifier instanceof PublicKeyJwsSignatureVerifier - && ((PublicKeyJwsSignatureVerifier)sigVerifier).getX509Certificate() != null) { - final Principal principal = - ((PublicKeyJwsSignatureVerifier)sigVerifier).getX509Certificate().getSubjectX500Principal(); - return new SecurityContext() { + if (sigVerifier instanceof PublicKeyJwsSignatureVerifier) { + PublicKeyJwsSignatureVerifier pkVerifier = (PublicKeyJwsSignatureVerifier) sigVerifier; + JAXRSUtils.getCurrentMessage().getExchange().put(PublicKey.class, pkVerifier.getPublicKey()); + if (pkVerifier.getX509Certificate() != null) { + final Principal principal = pkVerifier.getX509Certificate().getSubjectX500Principal(); + return new SecurityContext() { - public Principal getUserPrincipal() { - return principal; - } + public Principal getUserPrincipal() { + return principal; + } - public boolean isUserInRole(String arg0) { - return false; - } - }; + public boolean isUserInRole(String arg0) { + return false; + } + }; + } } return null; } - + protected boolean isMethodWithNoContent(String method) { return HttpMethod.DELETE.equals(method) || HttpUtils.isMethodWithNoRequestContent(method); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index 092581d3fd0..61e023708d3 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -206,6 +206,13 @@ public final class JoseConstants extends RSSecurityConstants { */ public static final String ENABLE_UNSIGNED_JWT_PRINCIPAL = "rs.security.enable.unsigned-jwt.principal"; + /** + * Magic value for the {@code rs.security.keystore.alias} property that causes the JWE encryption + * to use the public key extracted from the inbound JWS signature verification, instead of loading + * a key from the configured keystore. This mirrors the WS-Security {@code useReqSigCert} convention. + */ + public static final String USE_REQ_SIG_CERT = "useReqSigCert"; + /** * Whether to trace JOSE headers. */ diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 67d6cb6af31..9f8362571bd 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -427,7 +427,15 @@ public static KeyEncryptionProvider loadKeyEncryptionProvider(Properties props, boolean includeKeyId = JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID); - if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { + String alias = props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS); + if (JoseConstants.USE_REQ_SIG_CERT.equals(alias)) { + PublicKey publicKey = (PublicKey) + PhaseInterceptorChain.getCurrentMessage().getExchange().get(PublicKey.class); + if (publicKey == null) { + throw new JweException(JweException.Error.NO_ENCRYPTOR); + } + keyEncryptionProvider = getPublicKeyEncryptionProvider(publicKey, keyAlgo); + } else if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT); if (jwk != null) { keyAlgo = getKeyEncryptionAlgorithm(m, props, diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java index 51b143818e8..9ddfd037b86 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java @@ -118,6 +118,9 @@ public SignatureAlgorithm getAlgorithm() { public X509Certificate getX509Certificate() { return cert; } + public PublicKey getPublicKey() { + return key; + } @Override public JwsVerificationSignature createJwsVerificationSignature(JwsHeaders headers) { Signature sig = CryptoUtils.getVerificationSignature(key, diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java index 206d5cb44c0..32b4ad6cdb0 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java @@ -435,6 +435,62 @@ private BookStore createJweJwsBookStore(String address, return bean.create(BookStore.class); } + @Test + public void testJweJwsJwkRsaUseReqSigCert() throws Exception { + String address = "https://localhost:" + PORT + "/jwejwsjwkreqsigcert"; + BookStore bs = createUseReqSigCertBookStore(address, + "org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.out.properties", + "org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.out.properties", + "org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.in.properties", + "org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.in.properties", + "rs.security.signature.include.public.key"); + String text = bs.echoText("book"); + assertEquals("book", text); + } + + @Test + public void testJweJwsRsaUseReqSigCert() throws Exception { + String address = "https://localhost:" + PORT + "/jwejwsreqsigcert"; + BookStore bs = createUseReqSigCertBookStore(address, + "org/apache/cxf/systest/jaxrs/security/bob.rs.properties", + "org/apache/cxf/systest/jaxrs/security/alice.rs.properties", + "org/apache/cxf/systest/jaxrs/security/alice.rs.properties", + "org/apache/cxf/systest/jaxrs/security/bob.rs.properties", + "rs.security.signature.include.cert"); + String text = bs.echoText("book"); + assertEquals("book", text); + } + + private BookStore createUseReqSigCertBookStore(String address, + String encOutProps, String sigOutProps, + String encInProps, String sigInProps, + String includeKeyProperty) { + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSJweJwsTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + bean.setServiceClass(BookStore.class); + bean.setAddress(address); + List providers = new LinkedList<>(); + JweWriterInterceptor jweWriter = new JweWriterInterceptor(); + jweWriter.setUseJweOutputStream(true); + JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor(); + jwsWriter.setUseJwsOutputStream(true); + providers.add(jweWriter); + providers.add(jwsWriter); + providers.add(new JweClientResponseFilter()); + providers.add(new JwsClientResponseFilter()); + bean.setProviders(providers); + bean.getProperties(true).put("rs.security.encryption.out.properties", encOutProps); + bean.getProperties(true).put("rs.security.signature.out.properties", sigOutProps); + bean.getProperties(true).put("rs.security.encryption.in.properties", encInProps); + bean.getProperties(true).put("rs.security.signature.in.properties", sigInProps); + bean.getProperties(true).put("jose.debug", true); + bean.getProperties(true).put(includeKeyProperty, "true"); + return bean.create(BookStore.class); + } + @Test public void testJweAesGcmDirect() throws Exception { String address = "https://localhost:" + PORT + "/jweaesgcmdirect"; diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.in.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.in.properties new file mode 100644 index 00000000000..124a9e72ede --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.in.properties @@ -0,0 +1,24 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.out.properties new file mode 100644 index 00000000000..38a5d09b8ba --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.enc.out.properties @@ -0,0 +1,24 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.in.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.in.properties new file mode 100644 index 00000000000..38a5d09b8ba --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.in.properties @@ -0,0 +1,24 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.out.properties new file mode 100644 index 00000000000..124a9e72ede --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.sign.out.properties @@ -0,0 +1,24 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties index 800578257b8..ce5698615cc 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties @@ -1,3 +1,5 @@ +# +# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -16,6 +18,7 @@ # under the License. rs.security.keystore.type=jks rs.security.keystore.password=password +rs.security.key.password=password rs.security.keystore.alias=alice rs.security.keystore.file=keys/alice.jks rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.in.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.in.properties new file mode 100644 index 00000000000..4b274207a18 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.in.properties @@ -0,0 +1,25 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.out.properties new file mode 100644 index 00000000000..70a832ca7a6 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.enc.out.properties @@ -0,0 +1,25 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=useReqSigCert +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.in.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.in.properties new file mode 100644 index 00000000000..784207c0228 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.in.properties @@ -0,0 +1,25 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.out.properties new file mode 100644 index 00000000000..4b274207a18 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.sign.out.properties @@ -0,0 +1,25 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jwk +rs.security.keystore.alias=2011-04-29 +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.enc.out.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.enc.out.properties new file mode 100644 index 00000000000..a96534bfecf --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.enc.out.properties @@ -0,0 +1,27 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +rs.security.keystore.type=jks +rs.security.keystore.password=password +rs.security.key.password=password +rs.security.keystore.alias=useReqSigCert +rs.security.keystore.file=keys/bob.jks +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties index dea95cd1ba4..65a9dc19c00 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties @@ -1,4 +1,5 @@ # +# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -18,6 +19,7 @@ # rs.security.keystore.type=jks rs.security.keystore.password=password +rs.security.key.password=password rs.security.keystore.alias=bob rs.security.keystore.file=keys/bob.jks rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml index 425e817776b..ea30c5b42f9 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server.xml @@ -271,6 +271,44 @@ under the License. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +