Return-Path: 
 <commits-return-34828-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 5CE28C403
	for <apmail-cxf-commits-archive@www.apache.org>;
 Fri, 28 Nov 2014 15:33:15 +0000 (UTC)
Received: (qmail 27522 invoked by uid 500); 28 Nov 2014 15:33:15 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 27454 invoked by uid 500); 28 Nov 2014 15:33:15 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 27445 invoked by uid 99); 28 Nov 2014 15:33:15 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Nov 2014 15:33:15 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 03D5694BDF2; Fri, 28 Nov 2014 15:33:14 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: sergeyb@apache.org
To: commits@cxf.apache.org
Message-Id: <fb8acaa781874a53ba9c12f4e8bf8899@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: [CXF-5607] More of OIDC utility support
Date: Fri, 28 Nov 2014 15:33:14 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes f4038eebd -> d7dc4951b


[CXF-5607] More of OIDC utility support


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d7dc4951
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d7dc4951
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d7dc4951

Branch: refs/heads/3.0.x-fixes
Commit: d7dc4951b79b1fcb35030b4752ce563fb10ccbfb
Parents: f4038ee
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Nov 28 15:31:40 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Nov 28 15:32:49 2014 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oidc/rp/OidcUtils.java      |  1 +
 .../oidc/rp/idp/UserInfoCodeResponseFilter.java | 86 ++++++++++++++++++++
 .../security/oidc/rp/idp/UserInfoProvider.java  | 28 +++++++
 3 files changed, 115 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d7dc4951/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcUtils.java
index 10ece56..b978c4f 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcUtils.java
@@ -27,6 +27,7 @@ import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 
 public final class OidcUtils {
+    public static final String ID_TOKEN = "id_token";
     private OidcUtils() {
         
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/d7dc4951/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/idp/UserInfoCodeResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/idp/UserInfoCodeResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/idp/UserInfoCodeResponseFilter.java
new file mode 100644
index 0000000..62be869
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/idp/UserInfoCodeResponseFilter.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp.idp;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
+import org.apache.cxf.rs.security.oidc.common.UserIdToken;
+import org.apache.cxf.rs.security.oidc.rp.OidcUtils;
+
+public class UserInfoCodeResponseFilter implements AccessTokenResponseFilter {
+    private JwsSignatureProvider sigProvider;
+    private JweEncryptionProvider encryptionProvider;
+    private UserInfoProvider userInfoProvider;
+    private String issuer;
+    @Override
+    public void process(Client client, ClientAccessToken ct, UserSubject endUser) {
+        UserIdToken token = userInfoProvider.getUserIdToken(endUser);
+        token.setIssuer(issuer);
+        token.setAudience(client.getClientId());
+        
+        JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
+        JoseHeaders headers = new JoseHeaders();
+        JwsSignatureProvider theSigProvider = getInitializedSigProvider(headers);
+        String idToken = producer.signWith(theSigProvider);
+        
+        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
+        if (theEncryptionProvider != null) {
+            idToken = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(idToken), null);
+        }
+        ct.getParameters().put(OidcUtils.ID_TOKEN, idToken);
+        
+    }
+    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+        this.sigProvider = signatureProvider;
+    }
+    
+    protected JwsSignatureProvider getInitializedSigProvider(JoseHeaders headers) {
+        if (sigProvider != null) {
+            return sigProvider;    
+        } 
+        JwsSignatureProvider theSigProvider = JwsUtils.loadSignatureProvider(true); 
+        headers.setAlgorithm(theSigProvider.getAlgorithm());
+        return theSigProvider;
+    }
+    protected JweEncryptionProvider getInitializedEncryptionProvider() {
+        if (encryptionProvider != null) {
+            return encryptionProvider;    
+        } 
+        return JweUtils.loadEncryptionProvider(false);
+    }
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+    public UserInfoProvider getUserInfoProvider() {
+        return userInfoProvider;
+    }
+    public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
+        this.userInfoProvider = userInfoProvider;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/d7dc4951/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/idp/UserInfoProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/idp/UserInfoProvider.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/idp/UserInfoProvider.java
new file mode 100644
index 0000000..d36dec9
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/idp/UserInfoProvider.java
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp.idp;
+
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oidc.common.UserIdToken;
+import org.apache.cxf.rs.security.oidc.common.UserProfile;
+
+public interface UserInfoProvider {
+    UserIdToken getUserIdToken(UserSubject authenticatedUser);
+    UserProfile getUserProfile(UserSubject authenticatedUser);
+}