cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5311] Adding some basic signer helpers
Date Thu, 22 May 2014 13:16:09 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 3aa98577a -> e03c1d9c2


[CXF-5311] Adding some basic signer helpers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e03c1d9c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e03c1d9c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e03c1d9c

Branch: refs/heads/master
Commit: e03c1d9c28b0e7dd523b9b78649f8876994173bd
Parents: 3aa9857
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu May 22 14:15:50 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu May 22 14:15:50 2014 +0100

----------------------------------------------------------------------
 .../oauth2/jws/HmacJwsSignatureProvider.java    | 59 +++++++++++++++++++
 .../security/oauth2/jws/JwsCompactConsumer.java | 11 ++--
 .../security/oauth2/jws/JwsCompactProducer.java |  2 +-
 .../oauth2/jws/JwsSignatureProvider.java        | 25 --------
 .../oauth2/jws/JwsSignatureValidator.java       |  2 +-
 .../oauth2/jws/JwsSignatureVerifier.java        | 25 ++++++++
 .../jws/PrivateKeyJwsSignatureProvider.java     | 61 ++++++++++++++++++++
 .../jws/PublicKeyJwsSignatureVerifier.java      | 52 +++++++++++++++++
 .../cxf/rs/security/oauth2/jwt/JwtHeaders.java  | 14 +++++
 .../oauth2/jws/JwsCompactReaderWriterTest.java  | 48 +++------------
 .../oauth2/utils/crypto/CryptoUtils.java        |  8 +--
 11 files changed, 233 insertions(+), 74 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
new file mode 100644
index 0000000..3d50ff5
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jws;
+
+import java.util.Arrays;
+
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithms;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
+
+public class HmacJwsSignatureProvider implements JwsSignatureVerifier, JwsSignatureValidator
{
+    private byte[] key;
+    public HmacJwsSignatureProvider(byte[] key) {
+        this.key = key;
+    }
+    public HmacJwsSignatureProvider(String encodedKey) {
+        try {
+            this.key = Base64UrlUtility.decode(encodedKey);
+        } catch (Base64Exception ex) {
+            throw new SecurityException();
+        }
+    }
+    
+    @Override
+    public byte[] sign(JwtHeaders headers, String unsignedText) {
+        return computeMac(headers, unsignedText);
+    }
+    
+    @Override
+    public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) {
+        byte[] expected = computeMac(headers, unsignedText);
+        return Arrays.equals(expected, signature);
+    }
+    
+    private byte[] computeMac(JwtHeaders headers, String text) {
+        return HmacUtils.computeHmac(key, 
+                                     Algorithms.toJavaName(headers.getAlgorithm()), 
+                                     text);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactConsumer.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactConsumer.java
index a7ac432..eb80170 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactConsumer.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactConsumer.java
@@ -91,14 +91,17 @@ public class JwsCompactConsumer {
         }
         return token;
     }
-    public void validateSignatureWith(JwsSignatureValidator validator) {
-        validator.validate(getJwtHeaders(), getUnsignedEncodedToken(), getDecodedSignature());
+    public boolean verifySignatureWith(JwsSignatureValidator validator) {
+        if (!validator.verify(getJwtHeaders(), getUnsignedEncodedToken(), getDecodedSignature()))
{
+            throw new SecurityException();
+        }
+        return true;
     }
     private static String decodeToString(String encoded) {
         try {
             return new String(decode(encoded), "UTF-8");
         } catch (UnsupportedEncodingException ex) {
-            throw new OAuthServiceException(ex);
+            throw new SecurityException(ex);
         }
         
     }
@@ -107,7 +110,7 @@ public class JwsCompactConsumer {
         try {
             return Base64UrlUtility.decode(encoded);
         } catch (Base64Exception ex) {
-            throw new OAuthServiceException(ex);
+            throw new SecurityException(ex);
         }
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
index d3b6931..88ec0f6 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
@@ -65,7 +65,7 @@ public class JwsCompactProducer {
         }
         return getUnsignedEncodedToken() + "." + (noSignature ? "" : signature);
     }
-    public void signWith(JwsSignatureProvider signer) { 
+    public void signWith(JwsSignatureVerifier signer) { 
         setSignatureOctets(signer.sign(token.getHeaders(), getUnsignedEncodedToken()));
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
deleted file mode 100644
index 1e3c44f..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jws;
-
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
-
-public interface JwsSignatureProvider {
-    byte[] sign(JwtHeaders headers, String text);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureValidator.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureValidator.java
index c1ebe71..e6bdc59a 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureValidator.java
@@ -21,5 +21,5 @@ package org.apache.cxf.rs.security.oauth2.jws;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
 
 public interface JwsSignatureValidator {
-    void validate(JwtHeaders headers, String unsignedText, byte[] signature);
+    boolean verify(JwtHeaders headers, String unsignedText, byte[] signature);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureVerifier.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureVerifier.java
new file mode 100644
index 0000000..ed90e48
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureVerifier.java
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jws;
+
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
+
+public interface JwsSignatureVerifier {
+    byte[] sign(JwtHeaders headers, String unsignedText);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
new file mode 100644
index 0000000..3c6990e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jws;
+
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithms;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+
+public class PrivateKeyJwsSignatureProvider implements JwsSignatureVerifier {
+    private PrivateKey key;
+    private SecureRandom random; 
+    private AlgorithmParameterSpec signatureSpec;
+    
+    public PrivateKeyJwsSignatureProvider(PrivateKey key) {
+        this(key, null);
+    }
+    public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec) {
+        this(key, null, spec);
+    }
+    public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, AlgorithmParameterSpec
spec) {
+        this.key = key;
+        this.random = random;
+        this.signatureSpec = spec;
+    }
+    
+    
+    @Override
+    public byte[] sign(JwtHeaders headers, String unsignedText) {
+        try {
+            return CryptoUtils.signData(unsignedText.getBytes("UTF-8"), 
+                                        key, 
+                                        Algorithms.toJavaName(headers.getAlgorithm()),
+                                        random,
+                                        signatureSpec);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PublicKeyJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PublicKeyJwsSignatureVerifier.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PublicKeyJwsSignatureVerifier.java
new file mode 100644
index 0000000..8e453e9
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PublicKeyJwsSignatureVerifier.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jws;
+
+import java.security.PublicKey;
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithms;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+
+public class PublicKeyJwsSignatureVerifier implements JwsSignatureValidator {
+    private PublicKey key;
+    private AlgorithmParameterSpec signatureSpec;
+    public PublicKeyJwsSignatureVerifier(PublicKey key) {
+        this(key, null);
+    }
+    public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec) {
+        this.key = key;
+        this.signatureSpec = spec;
+    }
+    @Override
+    public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) {
+        try {
+            return CryptoUtils.verifySignature(unsignedText.getBytes("UTF-8"), 
+                                               signature, 
+                                               key, 
+                                               Algorithms.toJavaName(headers.getAlgorithm()),
+                                               signatureSpec);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
index 96cc6f7..8470bbd 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
@@ -30,10 +30,24 @@ public class JwtHeaders extends AbstractJwtObject {
     public JwtHeaders() {
     }
     
+    public JwtHeaders(String algorithm) {
+        init(algorithm);
+    }
+    
+    public JwtHeaders(Algorithms algo) {
+        init(algo.getJwtName());
+    }
+    
     public JwtHeaders(Map<String, Object> values) {
         super(values);
     }
     
+    private void init(String algo) {
+        setType(JwtConstants.TYPE_JWT);
+        this.setAlgorithm(algo);
+    }
+    
+    
     public void setType(String type) {
         setHeader(JwtConstants.HEADER_TYPE, type);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java
index 078895a..1385d64 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactReaderWriterTest.java
@@ -33,9 +33,7 @@ import org.apache.cxf.rs.security.oauth2.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenWriter;
 import org.apache.cxf.rs.security.oauth2.jwt.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
 
 import org.junit.Assert;
 import org.junit.Test;
@@ -86,14 +84,9 @@ public class JwsCompactReaderWriterTest extends Assert {
      
     @Test
     public void testWriteJwsSignedByMacSpecExample() throws Exception {
-        JwtHeaders headers = new JwtHeaders();
-        headers.setType(JwtConstants.TYPE_JWT);
-        headers.setAlgorithm(Algorithms.HmacSHA256.getJwtName());
+        JwtHeaders headers = new JwtHeaders(Algorithms.HmacSHA256.getJwtName());
         JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        String plain = jws.getUnsignedEncodedToken();
-        
-        byte[] mac = computeMac(plain);
-        jws.setSignatureOctets(mac);
+        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY));
         
         assertEquals(ENCODED_TOKEN_SIGNED_BY_MAC, jws.getSignedEncodedToken());
         
@@ -101,9 +94,7 @@ public class JwsCompactReaderWriterTest extends Assert {
     
     @Test
     public void testWriteReadJwsUnsigned() throws Exception {
-        JwtHeaders headers = new JwtHeaders();
-        headers.setType(JwtConstants.TYPE_JWT);
-        headers.setAlgorithm(JwtConstants.PLAIN_TEXT_ALGO);
+        JwtHeaders headers = new JwtHeaders(JwtConstants.PLAIN_TEXT_ALGO);
         
         JwtClaims claims = new JwtClaims();
         claims.setIssuer("https://jwt-idp.example.com");
@@ -126,9 +117,7 @@ public class JwsCompactReaderWriterTest extends Assert {
     @Test
     public void testReadJwsSignedByMacSpecExample() throws Exception {
         JwsCompactConsumer jws = new JwsCompactConsumer(ENCODED_TOKEN_SIGNED_BY_MAC);
-        String plain = jws.getUnsignedEncodedToken();
-        byte[] mac = computeMac(plain);
-        Arrays.equals(mac, jws.getDecodedSignature());
+        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)));
         JwtToken token = jws.getJwtToken();
         JwtHeaders headers = token.getHeaders();
         assertEquals(JwtConstants.TYPE_JWT, headers.getType());
@@ -155,9 +144,7 @@ public class JwsCompactReaderWriterTest extends Assert {
     }
     
     private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception {
-        JwtHeaders headers = new JwtHeaders();
-        headers.setType(JwtConstants.TYPE_JWT);
-        headers.setAlgorithm(Algorithms.HmacSHA256.getJwtName());
+        JwtHeaders headers = new JwtHeaders(Algorithms.HmacSHA256.getJwtName());
         
         headers.setHeader(JwtConstants.HEADER_JSON_WEB_KEY, jsonWebKey);
         
@@ -168,11 +155,7 @@ public class JwsCompactReaderWriterTest extends Assert {
         
         JwtToken token = new JwtToken(headers, claims);
         JwsCompactProducer jws = new JwsCompactProducer(token, getWriter());
-        
-        String plain = jws.getUnsignedEncodedToken();
-        
-        byte[] mac = computeMac(plain);
-        jws.setSignatureOctets(mac);
+        jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY));
         
         assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedToken());
     }
@@ -180,9 +163,7 @@ public class JwsCompactReaderWriterTest extends Assert {
     @Test
     public void testReadJwsWithJwkSignedByMac() throws Exception {
         JwsCompactConsumer jws = new JwsCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC);
-        String plain = jws.getUnsignedEncodedToken();
-        byte[] mac = computeMac(plain);
-        Arrays.equals(mac, jws.getDecodedSignature());
+        assertTrue(jws.verifySignatureWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY)));
         JwtToken token = jws.getJwtToken();
         JwtHeaders headers = token.getHeaders();
         assertEquals(JwtConstants.TYPE_JWT, headers.getType());
@@ -209,13 +190,8 @@ public class JwsCompactReaderWriterTest extends Assert {
         JwtHeaders headers = new JwtHeaders();
         headers.setAlgorithm(Algorithms.SHA256withRSA.getJwtName());
         JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
-        String plain = jws.getUnsignedEncodedToken();
-        
         PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
-        byte[] sig = CryptoUtils.signData(plain.getBytes("UTF-8"), key, 
-                                          Algorithms.SHA256withRSA.getJavaName());
-        
-        jws.setSignatureOctets(sig);
+        jws.signWith(new PrivateKeyJwsSignatureProvider(key));
         
         assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedToken());
     }
@@ -223,10 +199,8 @@ public class JwsCompactReaderWriterTest extends Assert {
     @Test
     public void testReadJwsSignedByPrivateKey() throws Exception {
         JwsCompactConsumer jws = new JwsCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY);
-        String plain = jws.getUnsignedEncodedToken();
         RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
-        CryptoUtils.verifySignature(plain.getBytes("UTF-8"), jws.getDecodedSignature(), key,

-                                    Algorithms.SHA256withRSA.getJavaName());
+        assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key)));
         JwtToken token = jws.getJwtToken();
         JwtHeaders headers = token.getHeaders();
         assertEquals(Algorithms.SHA256withRSA.getJwtName(), headers.getAlgorithm());
@@ -244,10 +218,6 @@ public class JwsCompactReaderWriterTest extends Assert {
         return new JwsCompactProducer(token, getWriter());
     }
 
-    private byte[] computeMac(String plain) throws Exception {
-        byte[] key = Base64UrlUtility.decode(ENCODED_MAC_KEY);
-        return HmacUtils.computeHmac(key, Algorithms.HmacSHA256.getJavaName(), plain);
-    }
     
     private JwtTokenWriter getWriter() {
         JwtTokenReaderWriter jsonWriter = new JwtTokenReaderWriter();

http://git-wip-us.apache.org/repos/asf/cxf/blob/e03c1d9c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index afc2345..1039d9e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -160,11 +160,11 @@ public final class CryptoUtils {
         }
     }
     
-    public static void verifySignature(byte[] data, byte[] signature, PublicKey key, String
signAlgo) {
-        verifySignature(data, signature, key, signAlgo, null);
+    public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String
signAlgo) {
+        return verifySignature(data, signature, key, signAlgo, null);
     }
     
-    public static void verifySignature(byte[] data, byte[] signature, PublicKey key, String
signAlgo, 
+    public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String
signAlgo, 
                                 AlgorithmParameterSpec params) {
         try {
             Signature s = Signature.getInstance(signAlgo);
@@ -173,7 +173,7 @@ public final class CryptoUtils {
                 s.setParameter(params);
             }
             s.update(data);
-            s.verify(signature);
+            return s.verify(signature);
         } catch (Exception ex) {
             throw new SecurityException(ex);
         }


Mime
View raw message