cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Adding a client side support for signed code requests
Date Fri, 28 Nov 2014 13:53:10 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 2a6afbcbb -> f4038eebd


Adding a client side support for signed code requests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f4038eeb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f4038eeb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f4038eeb

Branch: refs/heads/3.0.x-fixes
Commit: f4038eebd6c287d55eabe7c72c4bd23e1a7df0e9
Parents: 2a6afbc
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Nov 28 13:51:47 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Nov 28 13:52:51 2014 +0000

----------------------------------------------------------------------
 .../grants/code/JwtRequestCodeFilter.java       |   8 +-
 .../oauth2/grants/code/JwtRequestCodeGrant.java | 111 +++++++++++++++++++
 2 files changed, 117 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f4038eeb/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index 3f1a310..3e43cf9 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -38,6 +38,7 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter
{
     private static final String REQUEST_PARAM = "request";
     private JweDecryptionProvider jweDecryptor;
     private JwsSignatureVerifier jwsVerifier;
+    private String issuer;
     @Override
     public MultivaluedMap<String, String> process(MultivaluedMap<String, String>
params, 
                                                   UserSubject endUser,
@@ -54,8 +55,8 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter
{
                 throw new SecurityException("Invalid Signature");
             }
             JwtClaims claims = consumer.getJwtClaims();
-            //TODO: 'iss' may be different to a client id
-            if (!client.getClientId().equals(claims.getIssuer())
+            String iss = issuer != null ? issuer : client.getClientId();  
+            if (!iss.equals(claims.getIssuer())
                 || claims.getClaim(OAuthConstants.CLIENT_ID) != null 
                 && claims.getStringProperty(OAuthConstants.CLIENT_ID).equals(client.getClientId()))
{
                 throw new SecurityException();
@@ -90,4 +91,7 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter
{
         } 
         return JwsUtils.loadSignatureVerifier(true);
     }
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f4038eeb/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
new file mode 100644
index 0000000..5b2f8b9
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
@@ -0,0 +1,111 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.code;
+
+import java.net.URI;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+
+
+
+/**
+ * Base Authorization Code Grant representation, captures the code 
+ * and the redirect URI this code has been returned to, visible to the client
+ */
+public class JwtRequestCodeGrant extends AuthorizationCodeGrant {
+    private static final long serialVersionUID = -3738825769770411453L;
+    private JwsSignatureProvider sigProvider;
+    private JweEncryptionProvider encryptionProvider;
+    // can be a client id
+    private String issuer;
+    public JwtRequestCodeGrant() {
+    }
+    
+    public JwtRequestCodeGrant(String issuer) {
+        this.issuer = issuer;
+    }
+    
+    public JwtRequestCodeGrant(String code, String issuer) {
+        super(code);
+        this.issuer = issuer;
+    }
+    
+    public JwtRequestCodeGrant(String code, URI uri, String issuer) {
+        super(code, uri);
+        this.issuer = issuer;
+    }
+    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+        this.sigProvider = signatureProvider;
+    }
+    
+    protected JwsSignatureProvider getInitializedSigProvider(JoseHeaders headers) {
+        if (sigProvider != null) {
+            return sigProvider;    
+        } 
+        JwsSignatureProvider theSigProvider = JwsUtils.loadSignatureProvider(true); 
+        headers.setAlgorithm(theSigProvider.getAlgorithm());
+        return theSigProvider;
+    }
+    public MultivaluedMap<String, String> toMap() {
+        String request = getRequest();
+        MultivaluedMap<String, String> newMap = new MetadataMap<String, String>();
+        newMap.putSingle("request", request);
+        return newMap;
+        
+    }
+    public String getRequest() {
+        MultivaluedMap<String, String> map = super.toMap();
+        JwtClaims claims = new JwtClaims();
+        claims.setIssuer(issuer);
+        for (String key : map.keySet()) {
+            claims.setClaim(key, map.getFirst(key));
+        }
+        JwsJwtCompactProducer producer = new JwsJwtCompactProducer(claims);
+        JoseHeaders headers = new JoseHeaders();
+        JwsSignatureProvider theSigProvider = getInitializedSigProvider(headers);
+        String request = producer.signWith(theSigProvider);
+        
+        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
+        if (theEncryptionProvider != null) {
+            request = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(request), null);
+        }
+        return request;
+    }
+    protected JweEncryptionProvider getInitializedEncryptionProvider() {
+        if (encryptionProvider != null) {
+            return encryptionProvider;    
+        } 
+        return JweUtils.loadEncryptionProvider(false);
+    }
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+    
+}


Mime
View raw message