update to v1.0.14 of the JAR

  - update deserialization to use the BouncyCastle PEMParser
  - include tests of AES-encrypted and 3DES-encrypted private keys

jwt_signed/Readme.md

@@ -1,7 +1,7 @@
 # JWT (signed)
 
-This directory contains Java source code for a callout which verifies signed JWT, 
-as well as an example API proxy, which shows how to use the callout. 
+This directory contains Java source code for a callout which verifies signed JWT,
+as well as an example API proxy, which shows how to use the callout.
 
 - [Java source](callout) - Java code, as well as instructions for how to build the Java code.
 - [apiproxy](apiproxy) - an example API Proxy for Apigee Edge that shows how to use the resulting Java callout

jwt_signed/apiproxy/README.md

@@ -31,7 +31,7 @@ This is an open-source project of the Apigee Corporation. It is not covered by A
 
 Several notes:
 
-* use a tool like [apigeetool](https://github.com/apigee/apigeetool-node) or [pushapi](https://github.com/carloseberhardt/apiploy) to deploy the proxy
+* use a tool like [importAndDeploy.js](https://github.com/DinoChiesa/apigee-edge-js/blob/master/examples/importAndDeploy.js), [apigeetool](https://github.com/apigee/apigeetool-node) or [pushapi](https://github.com/carloseberhardt/apiploy) to deploy the proxy
 
 * the apiproxy must include the JAR, and all of its dependencies. See the [resources/java](resources/java) directory for those dependencies. Include them all in the proxy you deploy.
 
@@ -204,7 +204,7 @@ For example, this is how to configure the JWT creation with algorithm=HS256, whi
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -243,13 +243,12 @@ To configure JWT creation with private key signing using an RSA key:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
 The pemfile need not be encrypted. If it is, obviously you need to
-specify the password . Despite the name of the property, the file can
-be in DER format or PEM format. The class looks for the file in the
+specify the password . It should be in PEM format. The class looks for the file in the
 jarfile under the /resources directory.
 
 You can also specify the PEM-encoded private key directly in the XML
@@ -289,10 +288,15 @@ configuration, using the private-key Property, like this:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
+You can generate a suitable DES3-encrypted public/private key pair with the command-line openssl tool, like this:
+```
+ openssl genrsa -des3 -out private-encrypted.pem 2048
+```
+
 If you specify both pemfile and private-key, the latter will be used.
 Either of these properties can also reference a context variable.
 
@@ -315,7 +319,7 @@ To configure JWT parsing with HS256:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -366,7 +370,7 @@ the policy to get that behavior. Like so:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -396,7 +400,7 @@ To configure JWT parsing with RS256:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -447,7 +451,7 @@ public-key property, like so:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -495,7 +499,7 @@ certificate.
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -519,7 +523,7 @@ or, like so:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 
@@ -546,7 +550,7 @@ those values:
   </Properties>
 
   <ClassName>com.apigee.callout.jwt.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.13.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>
 ```
 

jwt_signed/apiproxy/policies/JWT-Create-HS256.xml

@@ -1,4 +1,3 @@
-
 <JavaCallout name='JWT-Create-HS256' >
   <DisplayName>JWT-Create-HS256</DisplayName>
   <Properties>
@@ -18,5 +17,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Create-RS256-2.xml

@@ -5,39 +5,39 @@
 
     <!-- private-key and private-key-password used only for algorithm = RS256 -->
     <Property name="private-key">
-    -----BEGIN RSA PRIVATE KEY-----
-    Proc-Type: 4,ENCRYPTED
-    DEK-Info: DES-EDE3-CBC,049E6103F40FBE84
+      -----BEGIN RSA PRIVATE KEY-----
+      Proc-Type: 4,ENCRYPTED
+      DEK-Info: DES-EDE3-CBC,171EA6A387A34BF7
 
-    EZVWs5v4FoRrFdK+YbpjCmW0KoHUmBAW7XLvS+vK3BdSM2Yx/hPhDO9URCVl9Oar
-    ApEZC1CxzsyRfvKDtiKWfQKdYKLccl8pA4Jj0sCxVgL4MBFDNDDEau4vRfXBv2EF
-    eGVZiG0/oaGbOUI9bgPKXmDsZQ3LHM9JONTOxaBapc06Gxcj0btkkzwB/dZQVRvb
-    XQFMzySgly1OOcnVkl8CDfKI4TwOERlhXjnnjN8vsDrpZXuSqniR9ARJEK41ZDAV
-    JpkvWnvEYl3oMozgF6NHCFXahefbP8lysMSknhtQwiJUaDZSkoBMMdMfQyfPpPME
-    tgJ4nkPBbSmwpWlTMPSgfth1kAkFvtmYCdV1UVglS+CE1/VDeuTeqkj5f7X/MvEx
-    FuWAkbZ3Gmqy04MvTOL8iy9A1wQo9E9U/6CgPqILcn49ZIOWilW6OzoGKK0F95KO
-    mx5r7MOkq21ltzCTmjt200YM/D5fq78ST7UzqetTFqNbgfraZxawcZf9L0xL2cwa
-    U9MJtPqCRLk4066+I2RkOZ8Zz1bro1nfCS99fayZ1AY/Ohw7+neviyuXIFSMTxsL
-    eiyPVBi6rrWjXIFITafK1oIoELimMbUHS9UOgJt7wkbKVYazcC9sQ4B1am1UQRe1
-    XQWtsYVySiId9iHA2UG+yc/l8GDmsKWAzlhFv5NyuCMAdfXbM1ERFaghPFx3RcZW
-    qtSkso/kFWrH6369ADN8fUAh6GOLrVAC06W6STzLEhoxNDyyS6RW9s/i9qhJWIX9
-    sMuDK2Zg+TRJ+nZbdljhglVLzMLPv3MCxhlji7H4y8YIVD738rpJLOY3LBqh9ilo
-    1HHGlMNkfBDkaSIwT2cBHdC38USyV2fgqlcukzj3a3NvUdmvARtnfEL6gLeSXmHJ
-    HNC6HqihWnBuizX9I9MwYaz9GQw7HN7oZJLBbBatsbxcP9ll/27VZY8BJwwLtuSy
-    /JJRB1ALjBFVKeBo5nHSc7cKld0glnWt+E5yfgQcI/2kpgfqJRb0yAPcMjOQyLJ9
-    xWKl7qDENSKSdy3VMKvj2xxqmkk7eTLbIFRfjioLLCnkfQsCPVdQMrG0Kt67W/F2
-    rZlGqeJtTDIefiQCwSR18t/8SUTqm4SRKDvBFRKhpn6JOl561vp5j3PoD52+ZFCX
-    160sbfqsKqJ/TqqP0BWdSOyYNSmlUQAn3JYZlj3dYM4dTQTADpCWo3ZmDAiFho/y
-    dCwtNpnjWoICcDfyr34G01xCVeyEjkozePLMZ7chOmX87KfVEujgul1qAHHgMAid
-    4l+btMOR8D0od2ZF+DdYllyDSU1fp1EQXXrbkYaFccgYVs8MtBQvCcJtSnayf3L+
-    jUxp3vjF9HE3wVDVTFeCUJGacGIMuoD0RlsT2VFMOjOf4p0F7adPse7aLBhyoLMI
-    N7GMYGDSG6jbWP18bNDWwFDrtPsvSXIZnirZeQNR7P8stVcxrWaphiPXivsHwJE2
-    z9SnpM5YjEoVI/1Cr8XY4QySFR1S72gkOO2WRi6m0kc98F/C3iwCMJ/RXvKfBVrj
-    7ZOF1UXVaoldDs+izZo5biVF/NNIBtg2FkZd4hh/cFlF1PV+M5+5mA==
-    -----END RSA PRIVATE KEY-----
+      eoZdqVDEdtqvtlWWCYYNy3gGnK3bs5/y7nqw97Jf1NF0E2m8UzpinkR0w0HL5c7p
+      NvzJzHGtlntD9qd7E6hIdUsy96884rLXHmdehGDnPfPl223ofo6qq36pcaVyw6Nu
+      ImhLij4DtVoUTtiRqnhSje1MbM9nBOOGdNbgzi1QF7xvwoVq18g4QjyHF7SxV0hr
+      VLRjnIDqVig+HJgvp27nRc6mV+W4gVLKnuJaeBJpAW9harMzDA/kk8F0rbhHyLhJ
+      qfV9qx2uacXly8LgkVI/3wNgohelJ+YxSw+z27NzovgjJnhEnwXG5ZTZ502Ow/F8
+      GKsSPVw8g3UixI2g8L69nt1jAaE5sFCpzJkL1RO5+tqZ598SKOjnZpRqbMm+iPjm
+      DLjeSU1PKKeDx9E8J8QD1YFFJDlLQP2Lbsq8tx8xNwPOAwEixZqumftwoSFe2R0z
+      PtvlMpPvX08SvXz/OaysA3a+/sq6IizSZoKgq6S6dTrLx3GEPI4f1tWvirVbD87B
+      ImWNynNP2k6uG+Y1rpcdirKItp4iwLckMACuOAF5efB4rxDtce/h5dlqWY+JQ/UQ
+      IPsCxJjP4SiK+u4YZENhS9wZUhA1GRTFP84Q36tuTIb3Bdv5u01P6HxycbFyF0NU
+      Fx40Y4zcMMjGav8TR9vPlqgLqTYIpjPeydPqYZob5llBRMdCKVRtZfWSVKgjtemj
+      UjudYfgMovyvpzLiNVwFTUtuHQyqeZ92lQ9k5uRSMWhGKJxrEcYMl/laGiXIguwy
+      u/FSmzUco0wTSOKjJTXVHPD0fZYctd7l114uqGH0zO6SZjIiBWiDOW/q7Onpn4A+
+      Elt1u/bVb8wZBr8chFGaMUfd6TW2LieOa23W2X1KxXZhynT2s7PZn3IIu2TJtM8r
+      3ylQvZaHZRoDjexCZY7Ry1/J60hxDkSP1KZLpEekYwYTfJPHh0OWaHtWTAkOqOT9
+      4WFAAnUqXpH+HOsiht7IFibepIghnMg6FOTZVgIgP5lAdHGDjbzCS7VuvGYQ/O6b
+      exVCmUB4MV6qcHtiwsDV6QWukBRfdY8OZniMaSVpV/X14QKj3PmXIpxyrGXKOK4m
+      OZedGRkLaTz9quF0+Vf1JSog6upw4qLpnge0HJz5x1XMcnpvlw0PjXnrNIo/Rj7O
+      WMsfFACnvaQyJXTk3Ul/MKUhuwRGtgD3htAIqpX91hMf+89JeE4ThaAcLfL2Mbit
+      sU3JLxEmNTIz6+GjQgeU/fZU2xg8gBnyCIh2CfpyhiyjfyWol+76TBqgFpz+QNGf
+      UYB9J4xbsVDc8XFhUBd0mY1pWASqREuU+qeDbx8DSqvun7YbP4Px5HzK+h+o1gV6
+      Ge4GFh3FIpwwKdZRxTpvKkE/0A3O1HOAUppvrERjWhdZcpDCRYP7R90k+B3FIVCT
+      ddUnryiJ/SmEEApn5swcJueLZgkBJluW1dg2RHYQcKu64wrKq66PmwaVOFo/T7bD
+      O8OPnhSgbxM+UdZPwmr7aKeoLPg9YvT2PJbKumQ68BDgrTWav/eUAElY3bNL+pf7
+      W6dD5I+Izacqn03jJgbDnIpdtFW3zsC1MYesfavVtRmdKlyV1fZBPDl5+F/kSCv1
+      -----END RSA PRIVATE KEY-----
     </Property>
-    <!-- should store this secret in vault -->
-    <Property name="private-key-password">deecee123</Property>
+
+    <Property name="private-key-password">Apigee-IloveAPIs</Property>
 
     <!-- standard claims -->
     <Property name="subject">{apiproxy.name}</Property>
@@ -53,5 +53,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Create-RS256.xml

@@ -21,5 +21,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-HS256-2.xml

@@ -11,5 +11,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-HS256-paypal.xml

@@ -11,5 +11,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-HS256.xml

@@ -13,5 +13,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-OpenIDConnect.xml

@@ -24,5 +24,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-RS256-2.xml

@@ -24,5 +24,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-RS256.xml

@@ -13,5 +13,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-Verify-RS256-goog.xml

@@ -11,5 +11,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-Verify-RS256-ms.xml

@@ -36,5 +36,5 @@ H3/bKkLSuDaKLWSqMhozdhXsIIKvJQ==
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>

jwt_signed/apiproxy/policies/JWT-Parse-Verify-RS256-salesforce.xml

@@ -50,5 +50,5 @@
   </Properties>
 
   <ClassName>com.apigee.callout.jwtsigned.JwtParserCallout</ClassName>
-  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.11.jar</ResourceURL>
+  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.14.jar</ResourceURL>
 </JavaCallout>