add client digest interceptor

[davidkarlsen]

Signed-off-by: David J. M. Karlsen david@davidkarlsen.com
@coheigea

[davidkarlsen]

@coheigea any thoughts on this one?
BTW: Are updated snapshots pushed out anywhere? I have a library to adapt to 3.3.2

[coheigea]

Yes see here: https://repository.apache.org/content/groups/snapshots/org/apache/cxf/cxf-rt-rs-security-http-signature/3.3.2-SNAPSHOT/

[coheigea]

When I tried the CreateDigestInterceptor in a test, it writes the header out correctly, but the message body is blank. Here is a test to reproduce:

9005703

I suggest looking at the JOSE interceptors to see how they do it: https://github.com/apache/cxf/tree/master/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs

[davidkarlsen]

@coheigea I had missed calling proceed() which is added now and the test passes (although there is not a matching server-side filter configured in the test as far as I could see?) - maybe it should be a round-trip test with digest+signing+signature-validation on the client side + digestVerification+signatureCheck+signatureOfResponse serverside.

I have an alternative implementation which looks more similar to the jws stuff and wraps the output stream in a cachedOutputStream if you are interested in taking a look? I could add it as a separate PR?

[coheigea]

@davidkarlsen - I'll take care of adding the tests. The latest code is still not working, if you look at SignatureHeaderUtils.createDigestHeader, the messageBody String is actually blank. Maybe use the JWS approach instead in this PR?