cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6487] Varios minor jose and oidc updates
Date Fri, 10 Jul 2015 16:14:34 GMT
Repository: cxf
Updated Branches:
  refs/heads/master dabf5833e -> e49c7fd65


[CXF-6487] Varios minor jose and oidc updates


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e49c7fd6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e49c7fd6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e49c7fd6

Branch: refs/heads/master
Commit: e49c7fd65d6a266329188179baf7fa815e815453
Parents: dabf583
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Jul 10 17:14:19 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Jul 10 17:14:19 2015 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/common/util/StringUtils.java |  2 +-
 .../apache/cxf/common/util/StringUtilsTest.java | 10 +++++++++
 .../apache/cxf/rs/security/jose/JoseUtils.java  |  8 ++++++-
 .../security/jose/jwe/JweCompactConsumer.java   |  6 ++---
 .../cxf/rs/security/jose/jwe/JweUtils.java      |  1 +
 .../security/jose/jws/JwsCompactConsumer.java   |  5 +----
 .../oidc/rp/AbstractTokenValidator.java         | 23 ++++++++++----------
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  2 +-
 .../cxf/rs/security/oidc/rp/UserInfoClient.java |  2 +-
 9 files changed, 36 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/core/src/main/java/org/apache/cxf/common/util/StringUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/StringUtils.java b/core/src/main/java/org/apache/cxf/common/util/StringUtils.java
index 8eb14f5..a8cc568 100644
--- a/core/src/main/java/org/apache/cxf/common/util/StringUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/util/StringUtils.java
@@ -34,7 +34,7 @@ import java.util.regex.Pattern;
 public final class StringUtils {
     public static final Map<String, Pattern> PATTERN_MAP = new HashMap<String, Pattern>();
     static {
-        String patterns[] = {"/", " ", ":", "," , ";", "="}; 
+        String patterns[] = {"/", " ", ":", "," , ";", "=", "\\."}; 
         for (String p : patterns) {
             PATTERN_MAP.put(p, Pattern.compile(p));
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/core/src/test/java/org/apache/cxf/common/util/StringUtilsTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/cxf/common/util/StringUtilsTest.java b/core/src/test/java/org/apache/cxf/common/util/StringUtilsTest.java
index 8f725af..1e38c3a 100644
--- a/core/src/test/java/org/apache/cxf/common/util/StringUtilsTest.java
+++ b/core/src/test/java/org/apache/cxf/common/util/StringUtilsTest.java
@@ -53,6 +53,16 @@ public class StringUtilsTest extends Assert {
     }
     
     @Test
+    public void testSplitWithDot() throws Exception {
+        String str = "a.b.c";
+        String[] parts = StringUtils.split(str, "\\.", -1);
+        assertEquals(3, parts.length);
+        assertEquals("a", parts[0]);
+        assertEquals("b", parts[1]);
+        assertEquals("c", parts[2]);
+    }
+    
+    @Test
     public void testGetFound() throws Exception {
         String regex = "velocity-\\d+\\.\\d+\\.jar";
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
index 635ca76..03a379d 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
@@ -25,6 +25,7 @@ import java.util.Set;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
@@ -33,7 +34,12 @@ public final class JoseUtils {
     private JoseUtils() {
         
     }
-    
+    public static String[] getCompactParts(String compactContent) {
+        if (compactContent.startsWith("\"") && compactContent.endsWith("\"")) {
+            compactContent = compactContent.substring(1, compactContent.length() - 1);
+        }
+        return StringUtils.split(compactContent, "\\.");    
+    }
     public static void setJoseContextProperty(JoseHeaders headers) {    
         String context = (String)JAXRSUtils.getCurrentMessage().get(JoseConstants.JOSE_CONTEXT_PROPERTY);
         if (context != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
index 4fb17b4..cd34c7c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
@@ -28,16 +28,14 @@ import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.rs.security.jose.JoseException;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
+import org.apache.cxf.rs.security.jose.JoseUtils;
 
 
 public class JweCompactConsumer {
     protected static final Logger LOG = LogUtils.getL7dLogger(JweCompactConsumer.class);
     private JweDecryptionInput jweDecryptionInput;
     public JweCompactConsumer(String jweContent) {
-        if (jweContent.startsWith("\"") && jweContent.endsWith("\"")) {
-            jweContent = jweContent.substring(1, jweContent.length() - 1);
-        }
-        String[] parts = jweContent.split("\\.");
+        String[] parts = JoseUtils.getCompactParts(jweContent);
         if (parts.length != 5) {
             LOG.warning("5 JWE parts are expected");
             throw new JweException(JweException.Error.INVALID_COMPACT_JWE);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index bac9ba7..065091a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -625,4 +625,5 @@ public final class JweUtils {
                                                                   RSSEC_ENCRYPTION_IN_PROPS,
RSSEC_ENCRYPTION_PROPS);
         KeyManagementUtils.validateCertificateChain(props, certs);
     }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
index 62975a6..2f860e4 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
@@ -47,10 +47,7 @@ public class JwsCompactConsumer {
         if (r != null) {
             this.reader = r;
         }
-        if (encodedJws.startsWith("\"") && encodedJws.endsWith("\"")) {
-            encodedJws = encodedJws.substring(1, encodedJws.length() - 1);
-        }
-        String[] parts = encodedJws.split("\\.");
+        String[] parts = JoseUtils.getCompactParts(encodedJws);
         if (parts.length != 3) {
             if (parts.length == 2 && encodedJws.endsWith(".")) {
                 encodedSignature = "";

http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index 6037c53..a84dfa1 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -42,9 +42,7 @@ public abstract class AbstractTokenValidator {
     private WebClient jwkSetClient;
     private ConcurrentHashMap<String, JsonWebKey> keyMap = new ConcurrentHashMap<String,
JsonWebKey>(); 
     
-    protected JwtToken getJwtToken(String wrappedJwtToken, 
-                                   String idTokenKid, 
-                                   boolean jweOnly) {
+    protected JwtToken getJwtToken(String wrappedJwtToken, boolean jweOnly) {
         if (wrappedJwtToken == null) {
             throw new SecurityException("ID Token is missing");
         }
@@ -58,7 +56,7 @@ public abstract class AbstractTokenValidator {
 
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
         JwtToken jwt = jwtConsumer.getJwtToken(); 
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(jwt, idTokenKid);
+        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(jwt);
         return validateToken(jwtConsumer, jwt, theSigVerifier);
         
     }
@@ -115,7 +113,7 @@ public abstract class AbstractTokenValidator {
         } 
         return JweUtils.loadDecryptionProvider(jweOnly);
     }
-    protected JwsSignatureVerifier getInitializedSigVerifier(JwtToken jwt, String idTokenKid)
{
+    protected JwsSignatureVerifier getInitializedSigVerifier(JwtToken jwt) {
         if (jwsVerifier != null) {
             return jwsVerifier;    
         } 
@@ -123,12 +121,13 @@ public abstract class AbstractTokenValidator {
         if (theJwsVerifier != null) {
             return theJwsVerifier;
         }
-        if (jwkSetClient == null) {
-            throw new SecurityException("Provider Jwk Set Client is not available");
-        }
-        String keyId = idTokenKid != null ? idTokenKid : jwt.getHeaders().getKeyId();
+        
+        String keyId = jwt.getHeaders().getKeyId();
         JsonWebKey key = keyId != null ? keyMap.get(keyId) : null;
         if (key == null) {
+            if (jwkSetClient == null) {
+                throw new SecurityException("Provider Jwk Set Client is not available");
+            }
             JsonWebKeys keys = jwkSetClient.get(JsonWebKeys.class);
             if (keyId != null) {
                 key = keys.getKey(keyId);
@@ -141,9 +140,11 @@ public abstract class AbstractTokenValidator {
             throw new SecurityException("JWK key with the key id: \"" + keyId + "\" is not
available");
         }
         theJwsVerifier = JwsUtils.getSignatureVerifier(key);
-        if (jwkSetClient == null) {
-            throw new SecurityException();
+        
+        if (theJwsVerifier == null) {
+            throw new SecurityException("JWS Verifier is not available");
         }
+        
         return theJwsVerifier;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
index f0305cd..ff633a1 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
@@ -40,7 +40,7 @@ public class IdTokenReader extends AbstractTokenValidator {
         return jwt;
     }
     public JwtToken getIdJwtToken(String idJwtToken, String clientId) {
-        JwtToken jwt = getJwtToken(idJwtToken, null, false);
+        JwtToken jwt = getJwtToken(idJwtToken, false);
         validateJwtClaims(jwt.getClaims(), clientId, true);
         return jwt;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e49c7fd6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
index 1823f12..706368b 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
@@ -52,7 +52,7 @@ public class UserInfoClient extends IdTokenReader {
         return profile;
     }
     public JwtToken getUserInfoJwt(String profileJwtToken, IdToken idToken) {
-        return getJwtToken(profileJwtToken, (String)idToken.getProperty("kid"), encryptedOnly);
+        return getJwtToken(profileJwtToken, encryptedOnly);
     }
     public void validateUserInfo(UserInfo profile, IdToken idToken) {
         validateJwtClaims(profile, idToken.getAudience(), false);


Mime
View raw message