cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5960] Prototyping default encrypting providers
Date Wed, 20 Aug 2014 11:38:46 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes dd96a9d71 -> a3e071687


[CXF-5960] Prototyping default encrypting providers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a3e07168
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a3e07168
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a3e07168

Branch: refs/heads/3.0.x-fixes
Commit: a3e071687de318c17e7543a56c773849b5fa1442
Parents: dd96a9d
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Aug 20 12:36:34 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Aug 20 12:38:21 2014 +0100

----------------------------------------------------------------------
 .../code/DefaultEncryptingCodeDataProvider.java | 98 ++++++++++++++++++++
 .../provider/AbstractOAuthDataProvider.java     | 16 ++--
 .../DefaultEHCacheOAuthDataProvider.java        |  8 +-
 .../DefaultEncryptingOAuthDataProvider.java     | 93 +++++++++++++++++++
 4 files changed, 203 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a3e07168/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
new file mode 100644
index 0000000..1959952
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.code;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
+
+public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDataProvider

+    implements AuthorizationCodeDataProvider {
+    private long grantLifetime;
+    private Set<String> grants = Collections.synchronizedSet(new HashSet<String>());
+    public DefaultEncryptingCodeDataProvider(String algo, int keySize) {
+        super(algo, keySize);
+    }
+    public DefaultEncryptingCodeDataProvider(KeyProperties props) {
+        super(props);
+    }
+    public DefaultEncryptingCodeDataProvider(SecretKey key) {
+        super(key);
+    }
+    @Override
+    public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)
+        throws OAuthServiceException {
+        ServerAuthorizationCodeGrant grant = doCreateCodeGrant(reg);
+        saveAuthorizationGrant(grant);
+        return grant;
+    }
+
+    @Override
+    public ServerAuthorizationCodeGrant removeCodeGrant(String code) throws OAuthServiceException
{
+        grants.remove(code);
+        return ModelEncryptionSupport.decryptCodeGrant(this, code, key);
+    }
+    
+    protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration
reg)
+        throws OAuthServiceException {
+        ServerAuthorizationCodeGrant grant = 
+            new ServerAuthorizationCodeGrant(reg.getClient(), getCode(reg), getGrantLifetime(),
getIssuedAt());
+        grant.setApprovedScopes(getApprovedScopes(reg));
+        grant.setAudience(reg.getAudience());
+        grant.setClientCodeVerifier(reg.getClientCodeVerifier());
+        grant.setSubject(reg.getSubject());
+        grant.setRedirectUri(reg.getRedirectUri());
+        return grant;
+    }
+
+    protected List<String> getApprovedScopes(AuthorizationCodeRegistration reg) {
+        return reg.getApprovedScope();
+    }
+    
+    protected String getCode(AuthorizationCodeRegistration reg) {
+        return OAuthUtils.generateRandomTokenKey();
+    }
+    
+    public long getGrantLifetime() {
+        return grantLifetime;
+    }
+
+    public void setGrantLifetime(long lifetime) {
+        this.grantLifetime = lifetime;
+    }
+
+    protected long getIssuedAt() {
+        return OAuthUtils.getIssuedAt();
+    }
+    
+    protected void saveAuthorizationGrant(ServerAuthorizationCodeGrant grant) { 
+        String encrypted = ModelEncryptionSupport.encryptCodeGrant(grant, key);
+        grant.setCode(encrypted);
+        grants.add(encrypted);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a3e07168/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 915d87f..7494d74 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -47,7 +47,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
     @Override
     public ServerAccessToken refreshAccessToken(Client client, String refreshTokenKey,
                                                 List<String> requestedScopes) throws
OAuthServiceException {
-        RefreshToken oldRefreshToken = removeRefreshToken(client, refreshTokenKey);
+        RefreshToken oldRefreshToken = revokeRefreshToken(client, refreshTokenKey);
 
         ServerAccessToken serverToken = doRefreshAccessToken(client, oldRefreshToken, requestedScopes);
         saveAccessToken(serverToken);
@@ -56,13 +56,13 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
     
     @Override
     public void revokeToken(Client client, String tokenKey, String tokenTypeHint) throws
OAuthServiceException {
-        if (removeAccessToken(tokenKey)) {
+        if (revokeAccessToken(tokenKey)) {
             return;
         }
-        RefreshToken oldRefreshToken = removeRefreshToken(client, tokenKey);
+        RefreshToken oldRefreshToken = revokeRefreshToken(client, tokenKey);
         if (oldRefreshToken != null) {
             for (String accessTokenKey : oldRefreshToken.getAccessTokens()) {
-                removeAccessToken(accessTokenKey);
+                revokeAccessToken(accessTokenKey);
             }
         }
     }
@@ -111,7 +111,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
         rt.setScopes(at.getScopes());
         rt.getAccessTokens().add(at.getTokenKey());
         at.setRefreshToken(rt.getTokenKey());
-        saveRefreshToken(rt);
+        saveRefreshToken(at, rt);
         return rt;
     }
     
@@ -142,8 +142,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
     }
     
     protected abstract void saveAccessToken(ServerAccessToken serverToken);
-    protected abstract void saveRefreshToken(RefreshToken refreshToken);
-    protected abstract boolean removeAccessToken(String accessTokenKey);
-    protected abstract RefreshToken removeRefreshToken(Client client, String refreshTokenKey);
+    protected abstract void saveRefreshToken(ServerAccessToken at, RefreshToken refreshToken);
+    protected abstract boolean revokeAccessToken(String accessTokenKey);
+    protected abstract RefreshToken revokeRefreshToken(Client client, String refreshTokenKey);
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a3e07168/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
index 4db4bbd..78ab702 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
@@ -77,14 +77,14 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider
{
 
     @Override
     public void removeAccessToken(ServerAccessToken accessToken) throws OAuthServiceException
{
-        removeAccessToken(accessToken.getTokenKey());
+        revokeAccessToken(accessToken.getTokenKey());
     }
 
-    protected boolean removeAccessToken(String accessTokenKey) {
+    protected boolean revokeAccessToken(String accessTokenKey) {
         return accessTokenCache.remove(accessTokenKey);
     }
     
-    protected RefreshToken removeRefreshToken(Client client, String refreshTokenKey) { 
+    protected RefreshToken revokeRefreshToken(Client client, String refreshTokenKey) { 
         RefreshToken refreshToken = getCacheValue(refreshTokenCache, refreshTokenKey, RefreshToken.class);
         if (refreshToken != null) {
             refreshTokenCache.remove(refreshTokenKey);
@@ -96,7 +96,7 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider
{
         putCacheValue(accessTokenCache, serverToken.getTokenKey(), serverToken, serverToken.getExpiresIn());
     }
     
-    protected void saveRefreshToken(RefreshToken refreshToken) {
+    protected void saveRefreshToken(ServerAccessToken at, RefreshToken refreshToken) {
         putCacheValue(refreshTokenCache, refreshToken.getTokenKey(), refreshToken, refreshToken.getExpiresIn());
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/a3e07168/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
new file mode 100644
index 0000000..bb510af
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.provider;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
+
+public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvider {
+    protected SecretKey key;
+    private Set<String> tokens = Collections.synchronizedSet(new HashSet<String>());
+    private ConcurrentHashMap<String, String> refreshTokens = new ConcurrentHashMap<String,
String>();
+    
+    public DefaultEncryptingOAuthDataProvider(String algo, int keySize) {
+        this(new KeyProperties(algo, keySize));
+    }
+    public DefaultEncryptingOAuthDataProvider(KeyProperties props) {
+        this(CryptoUtils.getSecretKey(props));
+    }
+    public DefaultEncryptingOAuthDataProvider(SecretKey key) {
+        this.key = key;
+    }
+    
+    @Override
+    public Client getClient(String clientId) throws OAuthServiceException {
+        return null;
+    }
+
+    @Override
+    public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException
{
+        return ModelEncryptionSupport.decryptAccessToken(this, accessToken, key);
+    }
+
+    @Override
+    public void removeAccessToken(ServerAccessToken accessToken) throws OAuthServiceException
{
+        revokeAccessToken(accessToken.getTokenKey());
+    }
+
+    @Override
+    protected void saveAccessToken(ServerAccessToken serverToken) {
+        encryptAccessToken(serverToken);
+    }
+
+    @Override
+    protected boolean revokeAccessToken(String accessTokenKey) {
+        return tokens.remove(accessTokenKey);
+    }
+    
+    @Override
+    protected void saveRefreshToken(ServerAccessToken at, RefreshToken refreshToken) {
+        String encryptedRefreshToken = ModelEncryptionSupport.encryptRefreshToken(refreshToken,
key);
+        at.setRefreshToken(encryptedRefreshToken);
+    }
+
+    @Override
+    protected RefreshToken revokeRefreshToken(Client client, String refreshTokenKey) {
+        refreshTokens.remove(refreshTokenKey);
+        return ModelEncryptionSupport.decryptRefreshToken(this, refreshTokenKey, key);
+    }
+
+    private void encryptAccessToken(ServerAccessToken token) {
+        String encryptedToken = ModelEncryptionSupport.encryptAccessToken(token, key);
+        tokens.add(encryptedToken);
+        refreshTokens.put(token.getRefreshToken(), encryptedToken);
+        token.setTokenKey(encryptedToken);
+    }
+}


Mime
View raw message