cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1365332 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: client/ common/ services/ tokens/mac/ utils/
Date Tue, 24 Jul 2012 22:55:49 GMT
Author: sergeyb
Date: Tue Jul 24 22:55:49 2012
New Revision: 1365332

URL: http://svn.apache.org/viewvc?rev=1365332&view=rev
Log:
[CXF-4431] Aligning the code with the MAC spec draft v5

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java?rev=1365332&r1=1365331&r2=1365332&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
Tue Jul 24 22:55:49 2012
@@ -213,6 +213,9 @@ public final class OAuthClientUtils {
             if (expiresInStr != null) {
                 token.setExpiresIn(Long.valueOf(expiresInStr));
             }
+            String issuedAtStr = map.remove(OAuthConstants.ACCESS_TOKEN_ISSUED_AT);
+            token.setIssuedAt(issuedAtStr != null ? Long.valueOf(issuedAtStr)
+                                                  : System.currentTimeMillis() / 1000);
             String scope = map.remove(OAuthConstants.SCOPE);
             if (scope != null) {
                 token.setApprovedScope(scope);

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java?rev=1365332&r1=1365331&r2=1365332&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
Tue Jul 24 22:55:49 2012
@@ -29,6 +29,9 @@ public abstract class AccessToken {
     private String tokenKey;
     private String tokenType;
     private String refreshToken;
+    private long expiresIn = -1;
+    private long issuedAt = -1;
+    
     
     private Map<String, String> parameters = new LinkedHashMap<String, String>();
     
@@ -36,6 +39,14 @@ public abstract class AccessToken {
         this.tokenType = tokenType;
         this.tokenKey = tokenKey;
     }
+    
+    protected AccessToken(String tokenType, String tokenKey,
+                          long expiresIn, long issuedAt) {
+        this.tokenType = tokenType;
+        this.tokenKey = tokenKey;
+        this.expiresIn = expiresIn;
+        this.issuedAt = issuedAt;
+    }
 
     /**
      * Returns the token type such as bearer, mac, etc
@@ -72,14 +83,6 @@ public abstract class AccessToken {
     }
     
     /**
-     * Sets token parameters
-     * @param parameters the token parameters
-     */
-    public void setParameters(Map<String, String> parameters) {
-        this.parameters = parameters;
-    }
-
-    /**
      * Gets token parameters 
      * @return
      */
@@ -87,4 +90,33 @@ public abstract class AccessToken {
         return parameters;
     }
 
+    /**
+     * The token lifetime
+     * @return the lifetime, -1 means no 'expires_in' parameter was returned
+     */
+    public long getExpiresIn() {
+        return expiresIn;
+    }
+
+    public void setExpiresIn(long expiresIn) {
+        this.expiresIn = expiresIn;
+    }
+
+    public long getIssuedAt() {
+        return issuedAt;
+    }
+
+    // Can be set at the server or at the moment 
+    // the token is deserialized on the client
+    public void setIssuedAt(long issuedAt) {
+        this.issuedAt = issuedAt;
+    }
+    
+    /**
+     * Sets additional token parameters
+     * @param parameters the token parameters
+     */
+    public void setParameters(Map<String, String> parameters) {
+        this.parameters = parameters;
+    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java?rev=1365332&r1=1365331&r2=1365332&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
Tue Jul 24 22:55:49 2012
@@ -29,8 +29,7 @@ package org.apache.cxf.rs.security.oauth
 public class ClientAccessToken extends AccessToken {
 
     private String scope;
-    private long expiresIn = -1;
-    
+        
     public ClientAccessToken(String tokenType, String tokenKey) {
         super(tokenType, tokenKey);
     }
@@ -53,18 +52,4 @@ public class ClientAccessToken extends A
         return scope;
     }
 
-    
-
-    /**
-     * The token lifetime
-     * @return the lifetime, -1 means no 'expires_in' parameter was returned
-     */
-    public long getExpiresIn() {
-        return expiresIn;
-    }
-
-    public void setExpiresIn(long expiresIn) {
-        this.expiresIn = expiresIn;
-    }
-
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java?rev=1365332&r1=1365331&r2=1365332&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
Tue Jul 24 22:55:49 2012
@@ -26,8 +26,6 @@ import java.util.List;
  */
 public abstract class ServerAccessToken extends AccessToken {
     private String grantType;
-    private long issuedAt;
-    private long lifetime;
     private Client client;
     private List<OAuthPermission> scopes = Collections.emptyList();
     private UserSubject subject;
@@ -35,12 +33,10 @@ public abstract class ServerAccessToken 
     protected ServerAccessToken(Client client, 
                                         String tokenType,
                                         String tokenKey,
-                                        long lifetime, 
+                                        long expiresIn, 
                                         long issuedAt) {
-        super(tokenType, tokenKey);
+        super(tokenType, tokenKey, expiresIn, issuedAt);
         this.client = client;
-        this.lifetime = lifetime;
-        this.issuedAt = issuedAt;
     }
 
     /**
@@ -51,20 +47,13 @@ public abstract class ServerAccessToken 
         return client;
     }
 
-    /**
-     * Returns the time (in seconds) when this token was issued at
-     * @return the seconds
-     */
-    public long getIssuedAt() {
-        return issuedAt;
-    }
-
+    @Deprecated
     /**
      * Returns the number of seconds this token can be valid after it was issued
      * @return the seconds
      */
     public long getLifetime() {
-        return lifetime;
+        return getExpiresIn();
     }
 
     /**

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1365332&r1=1365331&r2=1365332&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
Tue Jul 24 22:55:49 2012
@@ -110,7 +110,7 @@ public class AccessTokenService extends 
                                                               serverToken.getTokenKey());
         clientToken.setRefreshToken(serverToken.getRefreshToken());
         if (writeOptionalParameters) {
-            clientToken.setExpiresIn(serverToken.getLifetime());
+            clientToken.setExpiresIn(serverToken.getExpiresIn());
             List<OAuthPermission> perms = serverToken.getScopes();
             if (!perms.isEmpty()) {
                 clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
   

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java?rev=1365332&r1=1365331&r2=1365332&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
Tue Jul 24 22:55:49 2012
@@ -40,14 +40,14 @@ public class MacAuthorizationScheme {
         this.props = props;
         this.macKey = token.getTokenKey();
         this.timestamp = Long.toString(System.currentTimeMillis());
-        this.nonce = generateNonce();
+        this.nonce = generateNonce(token.getIssuedAt());
     }
     
     public MacAuthorizationScheme(HttpRequestProperties props,
                                   Map<String, String> schemeParams) {
         this.props = props;
-        this.macKey = schemeParams.get(OAuthConstants.MAC_TOKEN_KEY);
-        this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_TIMESTAMP);
+        this.macKey = schemeParams.get(OAuthConstants.MAC_TOKEN_ID);
+        this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_EXTENSION);
         this.nonce = schemeParams.get(OAuthConstants.MAC_TOKEN_NONCE);
     }
     
@@ -70,10 +70,12 @@ public class MacAuthorizationScheme {
         
         StringBuilder sb = new StringBuilder();
         sb.append(OAuthConstants.MAC_AUTHORIZATION_SCHEME).append(" ");
-        addParameter(sb, OAuthConstants.MAC_TOKEN_KEY, macKey, false);
-        addParameter(sb, OAuthConstants.MAC_TOKEN_TIMESTAMP, timestamp, false);
+        addParameter(sb, OAuthConstants.MAC_TOKEN_ID, macKey, false);
         addParameter(sb, OAuthConstants.MAC_TOKEN_NONCE, nonce, false);
-        addParameter(sb, OAuthConstants.MAC_TOKEN_SIGNATURE, signature, true);
+        addParameter(sb, OAuthConstants.MAC_TOKEN_SIGNATURE, signature, false);
+        // lets pass a timestamp via an extension parameter
+        addParameter(sb, OAuthConstants.MAC_TOKEN_EXTENSION, timestamp, false);
+        
         
         return sb.toString();
     }
@@ -87,20 +89,20 @@ public class MacAuthorizationScheme {
     }
     
     public String getNormalizedRequestString() {
+        String requestURI = props.getRequestPath();
+        if (!StringUtils.isEmpty(props.getRequestQuery())) {
+            requestURI += "?" + normalizeQuery(props.getRequestQuery());
+        }
+        
         
-        String value = macKey + SEPARATOR 
-            + timestamp + SEPARATOR 
-            + nonce + SEPARATOR 
-            + props.getHttpMethod().toUpperCase() + SEPARATOR 
+        String value = nonce + SEPARATOR
+            + props.getHttpMethod().toUpperCase() + SEPARATOR
+            + requestURI + SEPARATOR 
             + props.getHostName() + SEPARATOR 
             + props.getPort() + SEPARATOR
-            + props.getRequestPath() + SEPARATOR;
+            + "" + SEPARATOR
+            + timestamp + SEPARATOR;
 
-        if (!StringUtils.isEmpty(props.getRequestQuery())) {
-            value += normalizeQuery(props.getRequestQuery()) + SEPARATOR;
-        }
-            
-        value += SEPARATOR;
         return value;
     }
     
@@ -108,10 +110,16 @@ public class MacAuthorizationScheme {
         return query;
     }
     
-    private static String generateNonce() {
+    private static String generateNonce(long issuedAt) {
+        long ageInSecs = System.currentTimeMillis() / 1000 - issuedAt;
+        if (ageInSecs == 0) {
+            ageInSecs = 1;
+        }
         byte[] randomBytes = new byte[20];
         new SecureRandom().nextBytes(randomBytes);
-        return Base64Utility.encode(randomBytes);
+        String random = Base64Utility.encode(randomBytes);
+        
+        return Long.toString(ageInSecs) + ":" + random;
     }
 
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1365332&r1=1365331&r2=1365332&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Tue Jul 24 22:55:49 2012
@@ -56,10 +56,10 @@ public final class OAuthConstants {
     public static final String MAC_TOKEN_ALGO_HMAC_SHA_256 = "hmac-sha-256";
     
     // Set in Authorization header
-    public static final String MAC_TOKEN_KEY = "token";
-    public static final String MAC_TOKEN_TIMESTAMP = "timestamp";
+    public static final String MAC_TOKEN_ID = "id";
+    public static final String MAC_TOKEN_EXTENSION = "ext";
     public static final String MAC_TOKEN_NONCE = "nonce";
-    public static final String MAC_TOKEN_SIGNATURE = "signature";
+    public static final String MAC_TOKEN_SIGNATURE = "mac";
     
     // Token Authorization schemes
     public static final String BEARER_AUTHORIZATION_SCHEME = "Bearer";
@@ -97,6 +97,12 @@ public final class OAuthConstants {
     public static final String INVALID_SCOPE = "invalid_scope";
     public static final String ACCESS_DENIED = "access_denied";
     
+    // CXF-Specific parameters
+    public static final String ACCESS_TOKEN_ISSUED_AT = "issued_at";
+    // End Of CXF-Specific
+    
+    
+    
     private OAuthConstants() {
     }
     



Mime
View raw message