Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E652610727 for ; Fri, 24 Jan 2014 13:53:46 +0000 (UTC) Received: (qmail 8725 invoked by uid 500); 24 Jan 2014 13:53:45 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 8613 invoked by uid 500); 24 Jan 2014 13:53:43 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 8606 invoked by uid 99); 24 Jan 2014 13:53:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Jan 2014 13:53:43 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Jan 2014 13:53:40 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 6D86423889EB; Fri, 24 Jan 2014 13:53:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1561006 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src: main/java/org/apache/cxf/rs/security/oauth2/common/ main/java/org/apache/cxf/rs/security/oauth2/grants/code/ main/java/org/apache/cxf/rs/security/oauth2/provider/ main/java/or... Date: Fri, 24 Jan 2014 13:53:20 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140124135320.6D86423889EB@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Fri Jan 24 13:53:19 2014 New Revision: 1561006 URL: http://svn.apache.org/r1561006 Log: [CXF-5417] More basic tests and some updates Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java (with props) Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java?rev=1561006&r1=1561005&r2=1561006&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java Fri Jan 24 13:53:19 2014 @@ -23,7 +23,7 @@ public class OOBAuthorizationResponse { private String authorizationCode; private String clientId; private String userId; - private long lifetime; + private long expiresIn; public String getAuthorizationCode() { return authorizationCode; @@ -49,12 +49,21 @@ public class OOBAuthorizationResponse { this.userId = userId; } + @Deprecated public long getLifetime() { - return lifetime; + return expiresIn; } - + @Deprecated public void setLifetime(long lifetime) { - this.lifetime = lifetime; + this.expiresIn = lifetime; + } + + public long getExpiresIn() { + return expiresIn; + } + + public void setExpiresIn(long lifetime) { + this.expiresIn = lifetime; } } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java?rev=1561006&r1=1561005&r2=1561006&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java Fri Jan 24 13:53:19 2014 @@ -51,7 +51,7 @@ public class AuthorizationCodeGrantHandl return null; } // check it has not expired, the client ids are the same - if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getLifetime())) { + if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getExpiresIn())) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } if (!grant.getClient().getClientId().equals(client.getClientId())) { Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java?rev=1561006&r1=1561005&r2=1561006&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java Fri Jan 24 13:53:19 2014 @@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth2.provider; import org.apache.cxf.rs.security.oauth2.common.OAuthError; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; /** @@ -38,6 +39,10 @@ public class OAuthServiceException exten super(message, cause); } + public OAuthServiceException(Throwable cause) { + super(OAuthConstants.SERVER_ERROR, cause); + } + public OAuthServiceException(OAuthError error) { this.error = error; } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java?rev=1561006&r1=1561005&r2=1561006&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java Fri Jan 24 13:53:19 2014 @@ -86,7 +86,7 @@ public class AuthorizationCodeGrantServi oobResponse.setClientId(client.getClientId()); oobResponse.setAuthorizationCode(grant.getCode()); oobResponse.setUserId(userSubject.getLogin()); - oobResponse.setLifetime(grant.getLifetime()); + oobResponse.setExpiresIn(grant.getExpiresIn()); return deliverOOBResponse(oobResponse); } else { // return the code by appending it as a query parameter to the redirect URI Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java?rev=1561006&r1=1561005&r2=1561006&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java Fri Jan 24 13:53:19 2014 @@ -28,6 +28,8 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; + /** * Encryption helpers @@ -40,7 +42,7 @@ public final class EncryptionUtils { try { return Base64UrlUtility.encode(key.getEncoded()); } catch (Exception ex) { - throw new RuntimeException(ex); + throw new OAuthServiceException(ex); } } @@ -86,7 +88,7 @@ public final class EncryptionUtils { SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo()); return decryptSequence(encodedData, key, props); } catch (Exception ex) { - throw new RuntimeException(ex); + throw new OAuthServiceException(ex); } } @@ -102,7 +104,7 @@ public final class EncryptionUtils { byte[] bytes = processBytes(encryptedBytes, secretKey, props, Cipher.DECRYPT_MODE); return new String(bytes, "UTF-8"); } catch (Exception ex) { - throw new RuntimeException(ex); + throw new OAuthServiceException(ex); } } @@ -119,7 +121,7 @@ public final class EncryptionUtils { Cipher.ENCRYPT_MODE); return Base64UrlUtility.encode(bytes); } catch (Exception ex) { - throw new RuntimeException(ex); + throw new OAuthServiceException(ex); } } @@ -142,7 +144,7 @@ public final class EncryptionUtils { } return c.doFinal(bytes); } catch (Exception ex) { - throw new RuntimeException(ex); + throw new OAuthServiceException(ex); } } @@ -151,7 +153,7 @@ public final class EncryptionUtils { byte[] secretKeyBytes = decodeSequence(encodedSecretKey); return new SecretKeySpec(secretKeyBytes, algo); } catch (Exception ex) { - throw new RuntimeException(ex); + throw new OAuthServiceException(ex); } } @@ -159,7 +161,7 @@ public final class EncryptionUtils { try { return Base64UrlUtility.decode(encodedSequence); } catch (Exception ex) { - throw new RuntimeException(ex); + throw new OAuthServiceException(ex); } } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java?rev=1561006&r1=1561005&r2=1561006&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java Fri Jan 24 13:53:19 2014 @@ -35,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2 import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant; import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider; +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; @@ -108,7 +109,7 @@ public final class ModelEncryptionSuppor String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey, props); return recreateClient(decryptedSequence); } catch (Exception ex) { - throw new RuntimeException(ex); + throw new OAuthServiceException(ex); } } @@ -336,9 +337,10 @@ public final class ModelEncryptionSuppor private static Client recreateClientInternal(String sequence) { String[] parts = getParts(sequence); - Client c = new Client(parts[0], parts[1], Boolean.valueOf(parts[2]), parts[3], parts[4]); - c.setApplicationDescription(parts[5]); - c.setApplicationLogoUri(parts[6]); + Client c = new Client(parts[0], parts[1], Boolean.valueOf(parts[2]), + getStringPart(parts[3]), getStringPart(parts[4])); + c.setApplicationDescription(getStringPart(parts[5])); + c.setApplicationLogoUri(getStringPart(parts[6])); c.setAllowedGrantTypes(parseSimpleList(parts[7])); c.setRegisteredScopes(parseSimpleList(parts[8])); c.setRedirectUris(parseSimpleList(parts[9])); @@ -397,9 +399,9 @@ public final class ModelEncryptionSuppor parts[1], Long.valueOf(parts[2]), Long.valueOf(parts[3])); - grant.setRedirectUri(parts[4]); - grant.setAudience(parts[5]); - grant.setClientCodeVerifier(parts[6]); + grant.setRedirectUri(getStringPart(parts[4])); + grant.setAudience(getStringPart(parts[5])); + grant.setClientCodeVerifier(getStringPart(parts[6])); grant.setApprovedScopes(parseSimpleList(parts[7])); grant.setSubject(recreateUserSubject(parts[8])); return grant; Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java?rev=1561006&view=auto ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java (added) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java Fri Jan 24 13:53:19 2014 @@ -0,0 +1,55 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.oauth2.utils; + +import java.util.HashSet; +import java.util.Set; + +import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider; +import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration; +import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant; +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; + +public class CodeGrantEncryptingDataProvider extends EncryptingDataProvider + implements AuthorizationCodeDataProvider { + + private Set grants = new HashSet(); + + public CodeGrantEncryptingDataProvider() throws Exception { + super(); + } + + @Override + public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg) + throws OAuthServiceException { + ServerAuthorizationCodeGrant grant = + new ServerAuthorizationCodeGrant(reg.getClient(), 123); + grant.setAudience(reg.getAudience()); + String encrypted = ModelEncryptionSupport.encryptCodeGrant(grant, key); + grant.setCode(encrypted); + grants.add(encrypted); + return grant; + } + + @Override + public ServerAuthorizationCodeGrant removeCodeGrant(String code) throws OAuthServiceException { + grants.remove(code); + return ModelEncryptionSupport.decryptCodeGrant(this, code, key); + } +} Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java?rev=1561006&r1=1561005&r2=1561006&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java Fri Jan 24 13:53:19 2014 @@ -39,20 +39,20 @@ import org.apache.cxf.rs.security.oauth2 public class EncryptingDataProvider implements OAuthDataProvider { - SecretKey tokenKey; - private Map clients; - + SecretKey key; + private Map clients; private Set tokens = new HashSet(); private Map refreshTokens = new HashMap(); public EncryptingDataProvider() throws Exception { - tokenKey = EncryptionUtils.getSecretKey(); - clients = Collections.singletonMap("1", new Client("1", "2", true)); + key = EncryptionUtils.getSecretKey(); + String encryptedClient = ModelEncryptionSupport.encryptClient(new Client("1", "2", true), key); + clients = Collections.singletonMap("1", encryptedClient); } @Override public Client getClient(String clientId) throws OAuthServiceException { - return clients.get(clientId); + return ModelEncryptionSupport.decryptClient(clients.get(clientId), key); } @Override @@ -60,26 +60,29 @@ public class EncryptingDataProvider impl throws OAuthServiceException { ServerAccessToken token = createAccessTokenInternal(accessTokenReg); - - String encryptedToken = - ModelEncryptionSupport.encryptAccessToken(token, tokenKey); - - tokens.add(encryptedToken); - refreshTokens.put(token.getRefreshToken(), encryptedToken); - token.setTokenKey(encryptedToken); + encryptAccessToken(token); return token; } @Override public ServerAccessToken getAccessToken(String accessTokenKey) throws OAuthServiceException { - return ModelEncryptionSupport.decryptAccessToken(this, accessTokenKey, tokenKey); + return ModelEncryptionSupport.decryptAccessToken(this, accessTokenKey, key); } @Override public ServerAccessToken refreshAccessToken(Client client, String refreshToken, List requestedScopes) throws OAuthServiceException { - return null; + String encrypted = refreshTokens.remove(refreshToken); + ServerAccessToken token = ModelEncryptionSupport.decryptAccessToken(this, encrypted, key); + tokens.remove(token.getTokenKey()); + + // create a new refresh token + createRefreshToken(token); + // possibly update other token properties + encryptAccessToken(token); + + return token; } @Override @@ -90,7 +93,10 @@ public class EncryptingDataProvider impl @Override public void revokeToken(Client client, String token, String tokenTypeHint) throws OAuthServiceException { - // complete + // the fast way: if it is the refresh token then there will be a matching value for it + String accessToken = refreshTokens.remove(token); + // if no matching value then the token parameter is access token key + tokens.remove(accessToken == null ? token : accessToken); } @Override @@ -109,14 +115,7 @@ public class EncryptingDataProvider impl BearerAccessToken token = new BearerAccessToken(accessTokenReg.getClient(), 3600L); token.setSubject(accessTokenReg.getSubject()); - RefreshToken refreshToken = new RefreshToken(accessTokenReg.getClient(), - "refresh", - 1200L, - OAuthUtils.getIssuedAt()); - - String encryptedRefreshToken = - ModelEncryptionSupport.encryptRefreshToken(refreshToken, tokenKey); - token.setRefreshToken(encryptedRefreshToken); + createRefreshToken(token); token.setGrantType(accessTokenReg.getGrantType()); token.setAudience(accessTokenReg.getAudience()); @@ -126,4 +125,20 @@ public class EncryptingDataProvider impl return token; } + private void encryptAccessToken(ServerAccessToken token) { + String encryptedToken = ModelEncryptionSupport.encryptAccessToken(token, key); + tokens.add(encryptedToken); + refreshTokens.put(token.getRefreshToken(), encryptedToken); + token.setTokenKey(encryptedToken); + } + + private void createRefreshToken(ServerAccessToken token) { + RefreshToken refreshToken = new RefreshToken(token.getClient(), + "refresh", + 1200L, + OAuthUtils.getIssuedAt()); + + String encryptedRefreshToken = ModelEncryptionSupport.encryptRefreshToken(refreshToken, key); + token.setRefreshToken(encryptedRefreshToken); + } } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java?rev=1561006&r1=1561005&r2=1561006&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java Fri Jan 24 13:53:19 2014 @@ -33,6 +33,8 @@ import org.apache.cxf.rs.security.oauth2 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; +import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration; +import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant; import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; @@ -43,11 +45,11 @@ import org.junit.Test; public class EncryptionUtilsTest extends Assert { - private EncryptingDataProvider p; + private CodeGrantEncryptingDataProvider p; @Before public void setUp() throws Exception { - p = new EncryptingDataProvider(); + p = new CodeGrantEncryptingDataProvider(); } @After @@ -69,6 +71,17 @@ public class EncryptionUtilsTest extends } @Test + public void testEncryptDecryptCodeGrant() throws Exception { + AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration(); + codeReg.setAudience("http://bar"); + codeReg.setClient(p.getClient("1")); + ServerAuthorizationCodeGrant grant = p.createCodeGrant(codeReg); + ServerAuthorizationCodeGrant grant2 = p.removeCodeGrant(grant.getCode()); + assertEquals("http://bar", grant2.getAudience()); + assertEquals("1", grant2.getClient().getClientId()); + } + + @Test public void testBearerTokenJSON() throws Exception { AccessTokenRegistration atr = prepareTokenRegistration(); @@ -80,8 +93,8 @@ public class EncryptionUtilsTest extends jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap(), bos); - String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.tokenKey); - String decrypted = EncryptionUtils.decryptSequence(encrypted, p.tokenKey); + String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key); + String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key); ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap(), @@ -91,6 +104,55 @@ public class EncryptionUtilsTest extends compareAccessTokens(token, token2); } + @Test + public void testClientJSON() throws Exception { + Client c = new Client("client", "secret", true); + c.setSubject(new UserSubject("subject", "id")); + JSONProvider jsonp = new JSONProvider(); + jsonp.setMarshallAsJaxbElement(true); + jsonp.setUnmarshallAsJaxbElement(true); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + jsonp.writeTo(c, Client.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, + new MetadataMap(), bos); + + String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key); + String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key); + Client c2 = jsonp.readFrom(Client.class, Client.class, + new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, + new MetadataMap(), + new ByteArrayInputStream(decrypted.getBytes())); + + assertEquals(c.getClientId(), c2.getClientId()); + assertEquals(c.getClientSecret(), c2.getClientSecret()); + assertTrue(c2.isConfidential()); + assertEquals("subject", c2.getSubject().getLogin()); + assertEquals("id", c2.getSubject().getId()); + } + + @Test + public void testCodeGrantJSON() throws Exception { + Client c = new Client("client", "secret", true); + ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(c, "code", 1, 2); + JSONProvider jsonp = new JSONProvider(); + jsonp.setMarshallAsJaxbElement(true); + jsonp.setUnmarshallAsJaxbElement(true); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + jsonp.writeTo(grant, ServerAuthorizationCodeGrant.class, new Annotation[]{}, + MediaType.APPLICATION_JSON_TYPE, + new MetadataMap(), bos); + + String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key); + String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key); + ServerAuthorizationCodeGrant grant2 = jsonp.readFrom(ServerAuthorizationCodeGrant.class, + Client.class, + new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, + new MetadataMap(), + new ByteArrayInputStream(decrypted.getBytes())); + assertEquals("code", grant2.getCode()); + assertEquals(1, grant2.getExpiresIn()); + assertEquals(2, grant2.getIssuedAt()); + } + private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) { assertEquals(token.getTokenKey(), token2.getTokenKey()); assertEquals(token.getTokenType(), token2.getTokenType()); @@ -99,7 +161,7 @@ public class EncryptionUtilsTest extends Client regClient1 = token.getClient(); Client regClient2 = token2.getClient(); assertEquals(regClient1.getClientId(), regClient2.getClientId()); - + assertNull(regClient2.getApplicationDescription()); UserSubject endUser1 = token.getSubject(); UserSubject endUser2 = token2.getSubject(); assertEquals(endUser1.getLogin(), endUser2.getLogin()); @@ -121,7 +183,7 @@ public class EncryptionUtilsTest extends assertEquals(perm1.getDescription(), perm2.getDescription()); RefreshToken refreshToken = - ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.tokenKey); + ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.key); assertEquals(1200L, refreshToken.getExpiresIn()); }