cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1388455 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src: main/java/org/apache/cxf/rs/security/oauth2/client/ main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/ main/java/org/apache/cxf/rs/security/oauth2/utils/ test/java/org/ap...
Date Fri, 21 Sep 2012 12:29:37 GMT
Author: sergeyb
Date: Fri Sep 21 12:29:36 2012
New Revision: 1388455

URL: http://svn.apache.org/viewvc?rev=1388455&view=rev
Log:
[CXF-4431] Minor updates to the MAC token code

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java?rev=1388455&r1=1388454&r2=1388455&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
Fri Sep 21 12:29:36 2012
@@ -274,8 +274,8 @@ public final class OAuthClientUtils {
             }
             MacAuthorizationScheme macAuthData = new MacAuthorizationScheme(httpProps, token);
             String macAlgo = token.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM);
-            String macSecret = token.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET);
-            sb.append(macAuthData.toAuthorizationHeader(macAlgo, macSecret));
+            String macKey = token.getParameters().get(OAuthConstants.MAC_TOKEN_KEY);
+            sb.append(macAuthData.toAuthorizationHeader(macAlgo, macKey));
         } else {
             throw new ClientException(new OAuthServiceException("Unsupported token type"));
         }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java?rev=1388455&r1=1388454&r2=1388455&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
Fri Sep 21 12:29:36 2012
@@ -23,6 +23,7 @@ import org.apache.cxf.rs.security.oauth2
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
+//See http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
 public class MacAccessToken extends ServerAccessToken {
     
     public MacAccessToken(Client client, 
@@ -57,27 +58,27 @@ public class MacAccessToken extends Serv
     public MacAccessToken(Client client,
                           HmacAlgorithm algo,
                           String tokenKey,
-                          String tokenSecret,
+                          String macKey,
                           long lifetime, 
                           long issuedAt) {
         super(client, OAuthConstants.MAC_TOKEN_TYPE, tokenKey, lifetime, issuedAt);
-        this.setExtraParameters(algo, tokenSecret);
+        this.setExtraParameters(algo, macKey);
     }
     
-    private void setExtraParameters(HmacAlgorithm algo, String secret) {
-        String theSecret = secret == null ? HmacUtils.generateSecret(algo) : secret; 
-        super.getParameters().put(OAuthConstants.MAC_TOKEN_SECRET,
-                                  theSecret);
+    private void setExtraParameters(HmacAlgorithm algo, String macKey) {
+        String theKey = macKey == null ? HmacUtils.generateSecret(algo) : macKey; 
+        super.getParameters().put(OAuthConstants.MAC_TOKEN_KEY,
+                                  theKey);
         super.getParameters().put(OAuthConstants.MAC_TOKEN_ALGORITHM,
                                   algo.getOAuthName());
     }
     
-    public String getMacKey() {
+    public String getMacId() {
         return super.getTokenKey();
     }
     
-    public String getMacSecret() {
-        return super.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET);
+    public String getMacKey() {
+        return super.getParameters().get(OAuthConstants.MAC_TOKEN_KEY);
     }
     
     public String getMacAlgorithm() {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java?rev=1388455&r1=1388454&r2=1388455&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
Fri Sep 21 12:29:36 2012
@@ -89,7 +89,7 @@ public class MacAccessTokenValidator imp
         try {
             HmacAlgorithm hmacAlgo = HmacAlgorithm.toHmacAlgorithm(macAccessToken.getMacAlgorithm());
             byte[] serverMacData = HmacUtils.computeHmac(
-                macAccessToken.getMacSecret(), hmacAlgo, normalizedString); 
+                macAccessToken.getMacKey(), hmacAlgo, normalizedString); 
                                                          
             byte[] clientMacData = Base64Utility.decode(clientMacString);
             boolean validMac = Arrays.equals(serverMacData, clientMacData);

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java?rev=1388455&r1=1388454&r2=1388455&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
Fri Sep 21 12:29:36 2012
@@ -40,14 +40,14 @@ public class MacAuthorizationScheme {
         this.props = props;
         this.macKey = token.getTokenKey();
         this.timestamp = Long.toString(System.currentTimeMillis());
-        this.nonce = generateNonce(token.getIssuedAt());
+        this.nonce = generateNonce();
     }
     
     public MacAuthorizationScheme(HttpRequestProperties props,
                                   Map<String, String> schemeParams) {
         this.props = props;
         this.macKey = schemeParams.get(OAuthConstants.MAC_TOKEN_ID);
-        this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_EXTENSION);
+        this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_TIMESTAMP);
         this.nonce = schemeParams.get(OAuthConstants.MAC_TOKEN_NONCE);
     }
     
@@ -73,8 +73,7 @@ public class MacAuthorizationScheme {
         addParameter(sb, OAuthConstants.MAC_TOKEN_ID, macKey, false);
         addParameter(sb, OAuthConstants.MAC_TOKEN_NONCE, nonce, false);
         addParameter(sb, OAuthConstants.MAC_TOKEN_SIGNATURE, signature, false);
-        // lets pass a timestamp via an extension parameter
-        addParameter(sb, OAuthConstants.MAC_TOKEN_EXTENSION, timestamp, false);
+        addParameter(sb, OAuthConstants.MAC_TOKEN_TIMESTAMP, timestamp, false);
         
         
         return sb.toString();
@@ -95,13 +94,13 @@ public class MacAuthorizationScheme {
         }
         
         
-        String value = nonce + SEPARATOR
+        String value = timestamp + SEPARATOR 
+            + nonce + SEPARATOR
             + props.getHttpMethod().toUpperCase() + SEPARATOR
             + requestURI + SEPARATOR 
             + props.getHostName() + SEPARATOR 
             + props.getPort() + SEPARATOR
-            + "" + SEPARATOR
-            + timestamp + SEPARATOR;
+            + "" + SEPARATOR;
 
         return value;
     }
@@ -110,16 +109,12 @@ public class MacAuthorizationScheme {
         return query;
     }
     
-    private static String generateNonce(long issuedAt) {
-        long ageInSecs = System.currentTimeMillis() / 1000 - issuedAt;
-        if (ageInSecs == 0) {
-            ageInSecs = 1;
-        }
+    private static String generateNonce() {
         byte[] randomBytes = new byte[20];
         new SecureRandom().nextBytes(randomBytes);
         String random = Base64Utility.encode(randomBytes);
         
-        return Long.toString(ageInSecs) + ":" + random;
+        return random;
     }
 
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1388455&r1=1388454&r2=1388455&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Fri Sep 21 12:29:36 2012
@@ -50,13 +50,14 @@ public final class OAuthConstants {
     
     // MAC token parameters
     // Set by Access Token Service
-    public static final String MAC_TOKEN_SECRET = "secret";
-    public static final String MAC_TOKEN_ALGORITHM = "algorithm";
+    public static final String MAC_TOKEN_KEY = "mac_key";
+    public static final String MAC_TOKEN_ALGORITHM = "mac_algorithm";
     public static final String MAC_TOKEN_ALGO_HMAC_SHA_1 = "hmac-sha-1";
     public static final String MAC_TOKEN_ALGO_HMAC_SHA_256 = "hmac-sha-256";
     
     // Set in Authorization header
     public static final String MAC_TOKEN_ID = "id";
+    public static final String MAC_TOKEN_TIMESTAMP = "ts";
     public static final String MAC_TOKEN_EXTENSION = "ext";
     public static final String MAC_TOKEN_NONCE = "nonce";
     public static final String MAC_TOKEN_SIGNATURE = "mac";

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java?rev=1388455&r1=1388454&r2=1388455&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
Fri Sep 21 12:29:36 2012
@@ -107,7 +107,7 @@ public class OAuthJSONProviderTest exten
         token.setRefreshToken("5678");
         token.setApprovedScope("read");
         Map<String, String> params = new LinkedHashMap<String, String>();
-        params.put(OAuthConstants.MAC_TOKEN_SECRET, "test_mac_secret");
+        params.put(OAuthConstants.MAC_TOKEN_KEY, "test_mac_secret");
         params.put(OAuthConstants.MAC_TOKEN_ALGORITHM, OAuthConstants.MAC_TOKEN_ALGO_HMAC_SHA_1);
         params.put("my_parameter", "abc");
         
@@ -127,11 +127,11 @@ public class OAuthJSONProviderTest exten
     public void testReadMacClientAccessToken() throws Exception {
         String response = "{" + "\"access_token\":\"1234\"," + "\"token_type\":\"mac\","
             + "\"refresh_token\":\"5678\"," + "\"expires_in\":12345," + "\"scope\":\"read\","
-            + "\"secret\":\"adijq39jdlaska9asud\"," + "\"algorithm\":\"hmac-sha-256\","
+            + "\"mac_key\":\"adijq39jdlaska9asud\"," + "\"mac_algorithm\":\"hmac-sha-256\","
             + "\"my_parameter\":\"abc\"" + "}";
         ClientAccessToken macToken = doReadClientAccessToken(response, "mac", null);
         assertEquals("adijq39jdlaska9asud", 
-                     macToken.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET));
+                     macToken.getParameters().get(OAuthConstants.MAC_TOKEN_KEY));
         assertEquals("hmac-sha-256",
                      macToken.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM));
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java?rev=1388455&r1=1388454&r2=1388455&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
Fri Sep 21 12:29:36 2012
@@ -78,7 +78,7 @@ public class MacAccessTokenValidatorTest
         
         return new MacAuthorizationScheme(props, macAccessToken)
             .toAuthorizationHeader(macAccessToken.getMacAlgorithm(),
-                                   macAccessToken.getMacSecret());
+                                   macAccessToken.getMacKey());
     }
     
     private static HttpServletRequest mockHttpRequest() {



Mime
View raw message