cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: Adding a utility for converting JwtToken to ServerAccessToken
Date Tue, 07 Oct 2014 16:43:26 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes b54c3b340 -> 08fbe43f2


Adding a utility for converting JwtToken to ServerAccessToken


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/08fbe43f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/08fbe43f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/08fbe43f

Branch: refs/heads/3.0.x-fixes
Commit: 08fbe43f26280f9d0724dfd099e7b49e13fadc17
Parents: b54c3b3
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Oct 7 17:40:21 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Oct 7 17:42:58 2014 +0100

----------------------------------------------------------------------
 .../jose/jwt/token/JwtAccessTokenUtils.java     | 112 +++++++++++++++++++
 1 file changed, 112 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/08fbe43f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
new file mode 100644
index 0000000..1474675
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt.token;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesGcmContentDecryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.ContentEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweDecryption;
+import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweEncryption;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignature;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+
+public final class JwtAccessTokenUtils {
+    private JwtAccessTokenUtils() {
+        
+    }
+    
+    public static ServerAccessToken toAccessToken(JwtToken jwt, 
+                                                  Client client,
+                                                  SecretKey key) {
+        String jwtString = new JwsJwtCompactProducer(jwt)
+                               .signWith(new NoneSignatureProvider());
+        ContentEncryptionAlgorithm contentEncryption = 
+            new AesGcmContentEncryptionAlgorithm(key, null, Algorithm.A128GCM.getJwtName());
+        JweEncryptionProvider jweEncryption = new DirectKeyJweEncryption(contentEncryption);
+        String tokenId = jweEncryption.encrypt(getBytes(jwtString), null);
+        Long issuedAt = jwt.getClaims().getIssuedAt();
+        Long notBefore = jwt.getClaims().getNotBefore();
+        if (issuedAt == null) {
+            issuedAt = System.currentTimeMillis();
+            notBefore = null;
+        }
+        Long expiresIn = null;
+        if (notBefore == null) {
+            expiresIn = 3600L;
+        } else {
+            expiresIn = notBefore - issuedAt;
+        }
+        
+        return new BearerAccessToken(client, tokenId, issuedAt, expiresIn);
+        
+    }
+    public static JwtToken fromAccessTokenId(String tokenId, SecretKey key) {
+        DirectKeyJweDecryption jweDecryption = 
+            new DirectKeyJweDecryption(key, 
+                new AesGcmContentDecryptionAlgorithm(Algorithm.A128GCM.getJwtName()));
+        String decrypted = jweDecryption.decrypt(tokenId).getContentText();
+        JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(decrypted);
+        return consumer.getJwtToken();
+    }
+    private static class NoneSignatureProvider implements JwsSignatureProvider {
+
+        @Override
+        public String getAlgorithm() {
+            return "none";
+        }
+
+        @Override
+        public JwsSignature createJwsSignature(JwsHeaders headers) {
+            return new NoneJwsSignature();
+        }
+        
+    }
+    private static class NoneJwsSignature implements JwsSignature {
+
+        @Override
+        public void update(byte[] src, int off, int len) {
+            // complete
+        }
+
+        @Override
+        public byte[] sign() {
+            return new byte[]{};
+        }
+        
+    }
+    private static byte[] getBytes(String str) {
+        try {
+            return str.getBytes("UTF-8");
+        } catch (Exception ex) {
+            // ignore
+        }
+        return null;
+    }
+}


Mime
View raw message