cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1560782 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src: main/java/org/apache/cxf/rs/security/oauth2/grants/code/ main/java/org/apache/cxf/rs/security/oauth2/utils/ test/java/org/apache/cxf/rs/security/oauth2/utils/
Date Thu, 23 Jan 2014 18:55:13 GMT
Author: sergeyb
Date: Thu Jan 23 18:55:12 2014
New Revision: 1560782

URL: http://svn.apache.org/r1560782
Log:
[CXF-5513] Completing support for encrypting server-related data

Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
  (with props)
Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
Thu Jan 23 18:55:12 2014
@@ -37,6 +37,10 @@ public class AuthorizationCodeGrant impl
     private String code;
     private String redirectUri;
     
+    public AuthorizationCodeGrant() {
+        
+    }
+    
     public AuthorizationCodeGrant(String code) {
         this.code = code;
     }
@@ -70,6 +74,10 @@ public class AuthorizationCodeGrant impl
     public String getCode() {
         return code;
     }
+    
+    public void setCode(String c) {
+        this.code = c;
+    }
 
     /**
      * {@inheritDoc}

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
Thu Jan 23 18:55:12 2014
@@ -33,13 +33,17 @@ public class ServerAuthorizationCodeGran
     private static final long serialVersionUID = -5004608901535459036L;
     
     private long issuedAt;
-    private long lifetime;
+    private long expiresIn;
     private Client client;
     private List<String> approvedScopes = Collections.emptyList();
     private UserSubject subject;
     private String audience;
     private String clientCodeVerifier;
     
+    public ServerAuthorizationCodeGrant() {
+        
+    }
+    
     public ServerAuthorizationCodeGrant(Client client, 
                                         long lifetime) {
         this(client, OAuthUtils.generateRandomTokenKey(), lifetime,
@@ -48,11 +52,11 @@ public class ServerAuthorizationCodeGran
     
     public ServerAuthorizationCodeGrant(Client client, 
                                   String code,
-                                  long lifetime, 
+                                  long expiresIn, 
                                   long issuedAt) {
         super(code);
         this.client = client;
-        this.lifetime = lifetime;
+        this.expiresIn = expiresIn;
         this.issuedAt = issuedAt;
     }
 
@@ -63,13 +67,30 @@ public class ServerAuthorizationCodeGran
     public long getIssuedAt() {
         return issuedAt;
     }
+    
+    public void setIssuedAt(long issuedAt) {
+        this.issuedAt = issuedAt;
+    }
 
     /**
      * Returns the number of seconds this grant can be valid after it was issued
      * @return the seconds this grant will be valid for
      */
+    @Deprecated
     public long getLifetime() {
-        return lifetime;
+        return expiresIn;
+    }
+    
+    /**
+     * Returns the number of seconds this grant can be valid after it was issued
+     * @return the seconds this grant will be valid for
+     */
+    public long getExpiresIn() {
+        return expiresIn;
+    }
+    
+    public void setExpiresIn(long expiresIn) {
+        this.expiresIn = expiresIn;
     }
 
     /**
@@ -80,6 +101,10 @@ public class ServerAuthorizationCodeGran
         return client;
     }
 
+    public void setClient(Client c) {
+        this.client = c;
+    }
+    
     /**
      * Sets the scopes explicitly approved by the end user.
      * If this list is empty then the end user had no way to down-scope. 

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
Thu Jan 23 18:55:12 2014
@@ -22,30 +22,17 @@ package org.apache.cxf.rs.security.oauth
 import java.security.Key;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
 
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-
 
 /**
  * Encryption helpers
  */
 public final class EncryptionUtils {
-    private static final String SEP = "|";
     private EncryptionUtils() {
     }
     
@@ -87,49 +74,14 @@ public final class EncryptionUtils {
         return keyGen.generateKey();
     }
     
-    public static String encryptTokenWithSecretKey(ServerAccessToken token, 
-                                                  Key secretKey) {
-        return encryptTokenWithSecretKey(token, secretKey, null);
-    }
-    
-    public static String encryptTokenWithSecretKey(ServerAccessToken token, 
-                                                   Key secretKey,
-                                                   SecretKeyProperties props) {
-        String tokenSequence = tokenizeServerToken(token);
-        return encryptSequence(tokenSequence, secretKey, props);
-    }
-    
-    public static String encryptRefreshTokenWithSecretKey(RefreshToken token, Key secretKey)
{
-        return encryptRefreshTokenWithSecretKey(token, secretKey, null);
-    }
-    
-    public static String encryptRefreshTokenWithSecretKey(RefreshToken token, 
-                                                          Key secretKey,
-                                                          SecretKeyProperties props) {
-        String tokenSequence = tokenizeRefreshToken(token);
-        
-        return encryptSequence(tokenSequence, secretKey, props);
-    }
-    
-    public static String decryptTokenSequence(String encodedToken, 
-                                              String encodedSecretKey) {
-        return decryptTokenSequence(encodedToken, encodedSecretKey, "AES");
-    }
-    
-    public static String decryptTokenSequence(String encodedData, 
-                                              String encodedSecretKey, 
-                                              String algo) {
-        try {
-            SecretKey key = decodeSecretKey(encodedSecretKey, algo);
-            return decryptSequence(encodedData, key);
-        } catch (Exception ex) {
-            throw new RuntimeException(ex);
-        }
+    public static String decryptSequence(String encodedToken, 
+                                         String encodedSecretKey) {
+        return decryptSequence(encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
     }
     
-    public static String decryptTokenSequence(String encodedData, 
-                                              String encodedSecretKey, 
-                                              SecretKeyProperties props) {
+    public static String decryptSequence(String encodedData, 
+                                         String encodedSecretKey, 
+                                         SecretKeyProperties props) {
         try {
             SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
             return decryptSequence(encodedData, key, props);
@@ -154,64 +106,6 @@ public final class EncryptionUtils {
         }
     }
     
-    public static ServerAccessToken decryptToken(OAuthDataProvider provider,
-                                                 String encodedToken, 
-                                                 String encodedSecretKey) {
-        return decryptToken(provider, encodedToken, encodedSecretKey, "AES");
-    }
-    
-    public static ServerAccessToken decryptToken(OAuthDataProvider provider,
-                                                 String encodedToken, 
-                                                 String encodedSecretKey,
-                                                 String algo) {
-        SecretKey key = decodeSecretKey(encodedSecretKey, algo);
-        return decryptToken(provider, encodedToken, key);
-    }
-    
-    public static ServerAccessToken decryptToken(OAuthDataProvider provider,
-                                                 String encodedToken, 
-                                                 String encodedSecretKey,
-                                                 SecretKeyProperties props) {
-        SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
-        return decryptToken(provider, encodedToken, key, props);
-    }
-    
-    public static ServerAccessToken decryptToken(OAuthDataProvider provider,
-                                                 String encodedToken, 
-                                                 Key secretKey) {
-        return decryptToken(provider, encodedToken, secretKey, null);
-    }
-    
-    public static ServerAccessToken decryptToken(OAuthDataProvider provider,
-                                                 String encodedData, 
-                                                 Key secretKey, 
-                                                 SecretKeyProperties props) {
-        try {
-            String decryptedSequence = decryptSequence(encodedData, secretKey, props);
-            return recreateToken(provider, encodedData, decryptedSequence);
-        } catch (Exception ex) {
-            throw new RuntimeException(ex);
-        }
-    }
-    
-    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
-                                                   String encodedToken, 
-                                                   Key key) {
-        return decryptRefreshToken(provider, encodedToken, key, null);
-    }
-    
-    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
-                                                   String encodedData, 
-                                                   Key key, 
-                                                   SecretKeyProperties props) {
-        try {
-            String decryptedSequence = decryptSequence(encodedData, key, props);
-            return recreateRefreshToken(provider, encodedData, decryptedSequence);
-        } catch (Exception ex) {
-            throw new RuntimeException(ex);
-        }
-    }
-    
     public static String encryptSequence(String sequence, Key secretKey) {
         return encryptSequence(sequence, secretKey, null);
     }
@@ -269,166 +163,4 @@ public final class EncryptionUtils {
         }
     }
     
-    public static ServerAccessToken recreateToken(OAuthDataProvider provider,
-                                                  String newTokenKey,
-                                                  String decryptedSequence) {
-        return recreateToken(provider, newTokenKey, decryptedSequence.split("\\" + SEP));
-    }
-    
-    public static RefreshToken recreateRefreshToken(OAuthDataProvider provider,
-                                                    String newTokenKey,
-                                                    String decryptedSequence) {
-        String[] parts = decryptedSequence.split("\\" + SEP);
-        ServerAccessToken token = recreateToken(provider, newTokenKey, parts);
-        return new RefreshToken(token, 
-                                newTokenKey, 
-                                parseSimpleList(parts[parts.length - 1]));
-    }
-    
-    private static ServerAccessToken recreateToken(OAuthDataProvider provider,
-                                                  String newTokenKey,
-                                                  String[] parts) {
-        
-        
-        @SuppressWarnings("serial")
-        final ServerAccessToken newToken = new ServerAccessToken(provider.getClient(parts[4]),
-                                                                 parts[1],
-                                                                 newTokenKey == null ? parts[0]
: newTokenKey,
-                                                                 Long.valueOf(parts[2]),
-                                                                 Long.valueOf(parts[3]))
{
-        };  
-        
-        newToken.setRefreshToken(getStringPart(parts[5]));
-        newToken.setGrantType(getStringPart(parts[6]));
-        newToken.setAudience(getStringPart(parts[7]));
-        newToken.setParameters(parseSimpleMap(parts[8]));
-        
-        // Permissions
-        if (!parts[9].trim().isEmpty()) {
-            List<OAuthPermission> perms = new LinkedList<OAuthPermission>();

-            String[] allPermParts = parts[9].split("\\.");
-            for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
-                OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i
+ 1]);
-                perm.setDefault(Boolean.valueOf(allPermParts[i + 2]));
-                perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
-                perm.setUris(parseSimpleList(allPermParts[i + 4]));
-                perms.add(perm);
-            }
-            newToken.setScopes(perms);
-        }
-        //UserSubject:
-        if (!parts[10].trim().isEmpty()) {
-            String[] subjectParts = parts[10].split("\\.");
-            UserSubject subject = new UserSubject(subjectParts[0], getStringPart(subjectParts[1]));
-            subject.setRoles(parseSimpleList(subjectParts[2]));
-            subject.setProperties(parseSimpleMap(subjectParts[3]));
-            newToken.setSubject(subject);
-        }
-        
-        
-        return newToken;
-    }
-    
-    private static String tokenizeServerToken(ServerAccessToken token) {
-        StringBuilder state = new StringBuilder();
-        // 0: key
-        state.append(token.getTokenKey());
-        // 1: type
-        state.append(SEP);
-        state.append(token.getTokenType());
-        // 2: expiresIn 
-        state.append(SEP);
-        state.append(token.getExpiresIn());
-        // 3: issuedAt
-        state.append(SEP);
-        state.append(token.getIssuedAt());
-        // 4: client id
-        state.append(SEP);
-        state.append(token.getClient().getClientId());
-        // 5: refresh token
-        state.append(SEP);
-        state.append(token.getRefreshToken());
-        // 6: grant type
-        state.append(SEP);
-        state.append(token.getGrantType());
-        // 7: audience
-        state.append(SEP);
-        state.append(token.getAudience());
-        // 8: other parameters
-        state.append(SEP);
-        // {key=value, key=value}
-        state.append(token.getParameters().toString());
-        // 9: permissions
-        state.append(SEP);
-        if (token.getScopes().isEmpty()) {
-            state.append(" ");
-        } else {
-            for (OAuthPermission p : token.getScopes()) {
-                // 9.1
-                state.append(p.getPermission());
-                state.append(".");
-                // 9.2
-                state.append(p.getDescription());
-                state.append(".");
-                // 9.3
-                state.append(p.isDefault());
-                state.append(".");
-                // 9.4
-                state.append(p.getHttpVerbs().toString());
-                state.append(".");
-                // 9.5
-                state.append(p.getUris().toString());
-            }
-        }
-        // 10: user subject
-        state.append(SEP);
-        if (token.getSubject() != null) {
-             // 10.1
-            state.append(token.getSubject().getLogin());
-            state.append(".");
-             // 10.2
-            state.append(token.getSubject().getId());
-            state.append(".");
-             // 10.3
-            state.append(token.getSubject().getRoles().toString());
-            state.append(".");
-             // 10.4
-            state.append(token.getSubject().getProperties().toString());
-        } else {
-            state.append(" ");
-        }
-        
-        return state.toString();
-    }
-    
-    private static String getStringPart(String str) {
-        return "null".equals(str) ? null : str;
-    }
-    
-    private static String prepareSimpleString(String str) {
-        return str.trim().isEmpty() ? "" : str.substring(1, str.length() - 1);
-    }
-    
-    private static List<String> parseSimpleList(String listStr) {
-        String pureStringList = prepareSimpleString(listStr);
-        if (pureStringList.isEmpty()) {
-            return Collections.emptyList();
-        } else {
-            return Arrays.asList(pureStringList.split(","));
-        }
-    }
-    
-    private static Map<String, String> parseSimpleMap(String mapStr) {
-        Map<String, String> props = new HashMap<String, String>();
-        List<String> entries = parseSimpleList(mapStr);
-        for (String entry : entries) {
-            String[] pair = entry.split("=");
-            props.put(pair[0], pair[1]);
-        }
-        return props;
-    }
-    private static String tokenizeRefreshToken(RefreshToken token) {
-        String seq = tokenizeServerToken(token);
-        return seq + SEP + token.getAccessTokens().toString();
-    }
 }

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java?rev=1560782&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
(added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
Thu Jan 23 18:55:12 2014
@@ -0,0 +1,500 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.utils;
+
+import java.security.Key;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+
+
+/**
+ * Default Model Encryption helpers
+ */
+public final class ModelEncryptionSupport {
+    private static final String SEP = "|";
+    private ModelEncryptionSupport() {
+    }
+    
+    public static String encryptClient(Client client, Key secretKey) {
+        return encryptClient(client, secretKey, null);
+    }
+     
+    public static String encryptClient(Client client, Key secretKey,
+                                       SecretKeyProperties props) {
+        String tokenSequence = tokenizeClient(client);
+        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+    }
+    
+    public static String encryptAccessToken(ServerAccessToken token, Key secretKey) {
+        return encryptAccessToken(token, secretKey, null);
+    }
+    
+    public static String encryptAccessToken(ServerAccessToken token, Key secretKey,
+                                            SecretKeyProperties props) {
+        String tokenSequence = tokenizeServerToken(token);
+        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+    }
+    
+    public static String encryptRefreshToken(RefreshToken token, Key secretKey) {
+        return encryptRefreshToken(token, secretKey, null);
+    }
+    
+    public static String encryptRefreshToken(RefreshToken token, Key secretKey,
+                                             SecretKeyProperties props) {
+        String tokenSequence = tokenizeRefreshToken(token);
+        
+        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+    }
+    
+    public static String encryptCodeGrant(ServerAuthorizationCodeGrant grant, Key secretKey)
{
+        return encryptCodeGrant(grant, secretKey, null);
+    }
+    
+    public static String encryptCodeGrant(ServerAuthorizationCodeGrant grant, Key secretKey,
+                                             SecretKeyProperties props) {
+        String tokenSequence = tokenizeCodeGrant(grant);
+        
+        return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+    }
+    
+    public static Client decryptClient(String encodedSequence, String encodedSecretKey) {
+        return decryptClient(encodedSequence, encodedSecretKey, new SecretKeyProperties("AES"));
+    }
+    
+    public static Client decryptClient(String encodedSequence, String encodedSecretKey,
+                                       SecretKeyProperties props) {
+        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+        return decryptClient(encodedSequence, key, props);
+    }
+    
+    public static Client decryptClient(String encodedSequence, Key secretKey) {
+        return decryptClient(encodedSequence, secretKey, null);
+    }
+    
+    public static Client decryptClient(String encodedData, Key secretKey, 
+                                       SecretKeyProperties props) {
+        try {
+            String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey,
props);
+            return recreateClient(decryptedSequence);
+        } catch (Exception ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+    
+    public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
+                                                 String encodedToken, 
+                                                 String encodedSecretKey) {
+        return decryptAccessToken(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
+    }
+    
+    public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
+                                                 String encodedToken, 
+                                                 String encodedSecretKey,
+                                                 SecretKeyProperties props) {
+        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+        return decryptAccessToken(provider, encodedToken, key, props);
+    }
+    
+    public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
+                                                 String encodedToken, 
+                                                 Key secretKey) {
+        return decryptAccessToken(provider, encodedToken, secretKey, null);
+    }
+    
+    public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
+                                                 String encodedData, 
+                                                 Key secretKey, 
+                                                 SecretKeyProperties props) {
+        try {
+            String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey,
props);
+            return recreateAccessToken(provider, encodedData, decryptedSequence);
+        } catch (Exception ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+    
+    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
+                                                   String encodedToken, 
+                                                   String encodedSecretKey) {
+        return decryptRefreshToken(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
+    }
+    
+    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
+                                                  String encodedToken, 
+                                                  String encodedSecretKey,
+                                                  SecretKeyProperties props) {
+        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+        return decryptRefreshToken(provider, encodedToken, key, props);
+    }
+    
+    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
+                                                   String encodedToken, 
+                                                   Key key) {
+        return decryptRefreshToken(provider, encodedToken, key, null);
+    }
+    
+    public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
+                                                   String encodedData, 
+                                                   Key key, 
+                                                   SecretKeyProperties props) {
+        try {
+            String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, key,
props);
+            return recreateRefreshToken(provider, encodedData, decryptedSequence);
+        } catch (Exception ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+    
+    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
+                                                   String encodedToken, 
+                                                   String encodedSecretKey) {
+        return decryptCodeGrant(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
+    }
+    
+    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
+                                                  String encodedToken, 
+                                                  String encodedSecretKey,
+                                                  SecretKeyProperties props) {
+        SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+        return decryptCodeGrant(provider, encodedToken, key, props);
+    }
+    
+    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
+                                                   String encodedToken, 
+                                                   Key key) {
+        return decryptCodeGrant(provider, encodedToken, key, null);
+    }
+    
+    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
+                                                   String encodedData, 
+                                                   Key key, 
+                                                   SecretKeyProperties props) {
+        try {
+            String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, key,
props);
+            return recreateCodeGrant(provider, decryptedSequence);
+        } catch (Exception ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+    
+    public static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
+                                                  String newTokenKey,
+                                                  String decryptedSequence) {
+        return recreateAccessToken(provider, newTokenKey, getParts(decryptedSequence));
+    }
+    
+    public static RefreshToken recreateRefreshToken(OAuthDataProvider provider,
+                                                    String newTokenKey,
+                                                    String decryptedSequence) {
+        String[] parts = getParts(decryptedSequence);
+        ServerAccessToken token = recreateAccessToken(provider, newTokenKey, parts);
+        return new RefreshToken(token, 
+                                newTokenKey, 
+                                parseSimpleList(parts[parts.length - 1]));
+    }
+    
+    public static ServerAuthorizationCodeGrant recreateCodeGrant(OAuthDataProvider provider,
+                                                                 String decryptedSequence)
{
+        return recreateCodeGrantInternal(provider, decryptedSequence);
+    }
+    
+    public static Client recreateClient(String sequence) {
+        return recreateClientInternal(sequence);
+    }
+    
+    private static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
+                                                  String newTokenKey,
+                                                  String[] parts) {
+        
+        
+        @SuppressWarnings("serial")
+        final ServerAccessToken newToken = new ServerAccessToken(provider.getClient(parts[4]),
+                                                                 parts[1],
+                                                                 newTokenKey == null ? parts[0]
: newTokenKey,
+                                                                 Long.valueOf(parts[2]),
+                                                                 Long.valueOf(parts[3]))
{
+        };  
+        
+        newToken.setRefreshToken(getStringPart(parts[5]));
+        newToken.setGrantType(getStringPart(parts[6]));
+        newToken.setAudience(getStringPart(parts[7]));
+        newToken.setParameters(parseSimpleMap(parts[8]));
+        
+        // Permissions
+        if (!parts[9].trim().isEmpty()) {
+            List<OAuthPermission> perms = new LinkedList<OAuthPermission>();

+            String[] allPermParts = parts[9].split("\\.");
+            for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
+                OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i
+ 1]);
+                perm.setDefault(Boolean.valueOf(allPermParts[i + 2]));
+                perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
+                perm.setUris(parseSimpleList(allPermParts[i + 4]));
+                perms.add(perm);
+            }
+            newToken.setScopes(perms);
+        }
+        //UserSubject:
+        newToken.setSubject(recreateUserSubject(parts[10]));
+                
+        return newToken;
+    }
+    
+    private static String tokenizeRefreshToken(RefreshToken token) {
+        String seq = tokenizeServerToken(token);
+        return seq + SEP + token.getAccessTokens().toString();
+    }
+    
+    private static String tokenizeServerToken(ServerAccessToken token) {
+        StringBuilder state = new StringBuilder();
+        // 0: key
+        state.append(token.getTokenKey());
+        // 1: type
+        state.append(SEP);
+        state.append(token.getTokenType());
+        // 2: expiresIn 
+        state.append(SEP);
+        state.append(token.getExpiresIn());
+        // 3: issuedAt
+        state.append(SEP);
+        state.append(token.getIssuedAt());
+        // 4: client id
+        state.append(SEP);
+        state.append(token.getClient().getClientId());
+        // 5: refresh token
+        state.append(SEP);
+        state.append(token.getRefreshToken());
+        // 6: grant type
+        state.append(SEP);
+        state.append(token.getGrantType());
+        // 7: audience
+        state.append(SEP);
+        state.append(token.getAudience());
+        // 8: other parameters
+        state.append(SEP);
+        // {key=value, key=value}
+        state.append(token.getParameters().toString());
+        // 9: permissions
+        state.append(SEP);
+        if (token.getScopes().isEmpty()) {
+            state.append(" ");
+        } else {
+            for (OAuthPermission p : token.getScopes()) {
+                // 9.1
+                state.append(p.getPermission());
+                state.append(".");
+                // 9.2
+                state.append(p.getDescription());
+                state.append(".");
+                // 9.3
+                state.append(p.isDefault());
+                state.append(".");
+                // 9.4
+                state.append(p.getHttpVerbs().toString());
+                state.append(".");
+                // 9.5
+                state.append(p.getUris().toString());
+            }
+        }
+        state.append(SEP);
+        // 10: user subject
+        tokenizeUserSubject(state, token.getSubject());
+        
+        return state.toString();
+    }
+    
+
+    private static Client recreateClientInternal(String sequence) {
+        String[] parts = getParts(sequence);
+        Client c = new Client(parts[0], parts[1], Boolean.valueOf(parts[2]), parts[3], parts[4]);
+        c.setApplicationDescription(parts[5]);
+        c.setApplicationLogoUri(parts[6]);
+        c.setAllowedGrantTypes(parseSimpleList(parts[7]));
+        c.setRegisteredScopes(parseSimpleList(parts[8]));
+        c.setRedirectUris(parseSimpleList(parts[9]));
+        c.setRegisteredAudiences(parseSimpleList(parts[10]));
+        c.setProperties(parseSimpleMap(parts[11]));
+        c.setSubject(recreateUserSubject(parts[12]));
+        return c; 
+    }
+    private static String tokenizeClient(Client client) {
+        StringBuilder state = new StringBuilder();
+        // 0: id
+        state.append(client.getClientId());
+        state.append(SEP);
+        // 1: secret
+        state.append(client.getClientSecret());
+        state.append(SEP);
+        // 2: confidentiality
+        state.append(client.isConfidential());
+        state.append(SEP);
+        // 3: app name
+        state.append(client.getApplicationName());
+        state.append(SEP);
+        // 4: app web URI
+        state.append(client.getApplicationWebUri());
+        state.append(SEP);
+        // 5: app description
+        state.append(client.getApplicationDescription());
+        state.append(SEP);
+        // 6: app logo URI
+        state.append(client.getApplicationLogoUri());
+        state.append(SEP);
+        // 7: grants
+        state.append(client.getAllowedGrantTypes().toString());
+        state.append(SEP);
+        // 8: redirect URIs
+        state.append(client.getRedirectUris());
+        state.append(SEP);
+        // 9: registered scopes
+        state.append(client.getRegisteredScopes());
+        state.append(SEP);
+        // 10: registered audiences
+        state.append(client.getRegisteredAudiences());
+        state.append(SEP);
+        // 11: properties
+        state.append(client.getProperties().toString());
+        state.append(SEP);
+        // 12: subject
+        tokenizeUserSubject(state, client.getSubject());
+        
+        return state.toString();
+    }
+    private static ServerAuthorizationCodeGrant recreateCodeGrantInternal(OAuthDataProvider
provider,
+                                                                          String sequence)
{
+        String[] parts = getParts(sequence);
+        ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(provider.getClient(parts[0]),
+                                                                              parts[1],
+                                                                              Long.valueOf(parts[2]),
+                                                                              Long.valueOf(parts[3]));
+        grant.setRedirectUri(parts[4]);
+        grant.setAudience(parts[5]);
+        grant.setClientCodeVerifier(parts[6]);
+        grant.setApprovedScopes(parseSimpleList(parts[7]));
+        grant.setSubject(recreateUserSubject(parts[8]));
+        return grant; 
+    }
+    private static String tokenizeCodeGrant(ServerAuthorizationCodeGrant grant) {
+        StringBuilder state = new StringBuilder();
+        // 0: client id
+        state.append(grant.getClient().getClientId());
+        state.append(SEP);
+        // 1: code
+        state.append(grant.getCode());
+        state.append(SEP);
+        // 2: expiresIn
+        state.append(grant.getExpiresIn());
+        state.append(SEP);
+        // 3: issuedAt
+        state.append(grant.getIssuedAt());
+        state.append(SEP);
+        // 4: redirect URI
+        state.append(grant.getRedirectUri());
+        state.append(SEP);
+        // 5: audience
+        state.append(grant.getAudience());
+        state.append(SEP);
+        // 6: code verifier
+        state.append(grant.getClientCodeVerifier());
+        state.append(SEP);
+        // 7: approved scopes
+        state.append(grant.getApprovedScopes().toString());
+        state.append(SEP);
+        // 8: subject
+        tokenizeUserSubject(state, grant.getSubject());
+        
+        return state.toString();
+    }
+    
+    private static String getStringPart(String str) {
+        return "null".equals(str) ? null : str;
+    }
+    
+    private static String prepareSimpleString(String str) {
+        return str.trim().isEmpty() ? "" : str.substring(1, str.length() - 1);
+    }
+    
+    private static List<String> parseSimpleList(String listStr) {
+        String pureStringList = prepareSimpleString(listStr);
+        if (pureStringList.isEmpty()) {
+            return Collections.emptyList();
+        } else {
+            return Arrays.asList(pureStringList.split(","));
+        }
+    }
+    
+    private static Map<String, String> parseSimpleMap(String mapStr) {
+        Map<String, String> props = new HashMap<String, String>();
+        List<String> entries = parseSimpleList(mapStr);
+        for (String entry : entries) {
+            String[] pair = entry.split("=");
+            props.put(pair[0], pair[1]);
+        }
+        return props;
+    }
+    
+    private static String[] getParts(String sequence) {
+        return sequence.split("\\" + SEP);
+    }
+    
+    private static UserSubject recreateUserSubject(String sequence) {
+        UserSubject subject = null;
+        if (!sequence.trim().isEmpty()) {
+            String[] subjectParts = sequence.split("\\.");
+            subject = new UserSubject(subjectParts[0], getStringPart(subjectParts[1]));
+            subject.setRoles(parseSimpleList(subjectParts[2]));
+            subject.setProperties(parseSimpleMap(subjectParts[3]));
+        }
+        return subject;
+        
+        
+    }
+    
+    private static void tokenizeUserSubject(StringBuilder state, UserSubject subject) {
+        if (subject != null) {
+            // 1
+            state.append(subject.getLogin());
+            state.append(".");
+            // 2
+            state.append(subject.getId());
+            state.append(".");
+            // 3
+            state.append(subject.getRoles().toString());
+            state.append(".");
+            // 4
+            state.append(subject.getProperties().toString());
+        } else {
+            state.append(" ");
+        }
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
Thu Jan 23 18:55:12 2014
@@ -62,7 +62,7 @@ public class EncryptingDataProvider impl
         ServerAccessToken token = createAccessTokenInternal(accessTokenReg);
         
         String encryptedToken = 
-            EncryptionUtils.encryptTokenWithSecretKey(token, tokenKey);
+            ModelEncryptionSupport.encryptAccessToken(token, tokenKey);
         
         tokens.add(encryptedToken);
         refreshTokens.put(token.getRefreshToken(), encryptedToken);
@@ -72,7 +72,7 @@ public class EncryptingDataProvider impl
     
     @Override
     public ServerAccessToken getAccessToken(String accessTokenKey) throws OAuthServiceException
{
-        return EncryptionUtils.decryptToken(this, accessTokenKey, tokenKey);
+        return ModelEncryptionSupport.decryptAccessToken(this, accessTokenKey, tokenKey);
     }
 
     @Override
@@ -114,7 +114,8 @@ public class EncryptingDataProvider impl
                                                      1200L,
                                                      OAuthUtils.getIssuedAt());
         
-        String encryptedRefreshToken = EncryptionUtils.encryptTokenWithSecretKey(refreshToken,
tokenKey);
+        String encryptedRefreshToken = 
+            ModelEncryptionSupport.encryptRefreshToken(refreshToken, tokenKey);
         token.setRefreshToken(encryptedRefreshToken);
         
         token.setGrantType(accessTokenReg.getGrantType());

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
Thu Jan 23 18:55:12 2014
@@ -121,7 +121,7 @@ public class EncryptionUtilsTest extends
         assertEquals(perm1.getDescription(), perm2.getDescription());
         
         RefreshToken refreshToken = 
-            EncryptionUtils.decryptRefreshToken(p, token2.getRefreshToken(), p.tokenKey);
+            ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.tokenKey);
         assertEquals(1200L, refreshToken.getExpiresIn());
     }
     



Mime
View raw message