cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making HS algo configurable when verifying with a client secret
Date Wed, 11 Nov 2015 16:42:18 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 030fd7f4d -> ac1dbc498


Making HS algo configurable when verifying with a client secret


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ac1dbc49
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ac1dbc49
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ac1dbc49

Branch: refs/heads/3.1.x-fixes
Commit: ac1dbc4984cb86a0deda1db79899ff20471c9c97
Parents: 030fd7f
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Nov 11 16:40:40 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Nov 11 16:42:01 2015 +0000

----------------------------------------------------------------------
 .../rs/security/jose/jwa/AlgorithmUtils.java    | 21 +++++++++++++++++---
 .../provider/AbstractOAuthJoseJwtConsumer.java  | 10 ++++++++--
 2 files changed, 26 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ac1dbc49/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
index 76854ca..0145b5d 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
@@ -221,9 +221,6 @@ public final class AlgorithmUtils {
     public static boolean isAesCbcHmac(String algo) {
         return ACBC_HS_SET.contains(algo); 
     }
-    public static boolean isHmacSign(String algo) {
-        return HMAC_SIGN_SET.contains(algo); 
-    }
     public static boolean isOctet(String algo) {
         return isHmacSign(algo)
             || isAesCbcHmac(algo)
@@ -231,18 +228,36 @@ public final class AlgorithmUtils {
             || isAesGcmKeyWrap(algo)
             || isAesKeyWrap(algo); 
     }
+    public static boolean isHmacSign(String algo) {
+        return HMAC_SIGN_SET.contains(algo); 
+    }
+    public static boolean isHmacSign(SignatureAlgorithm algo) {
+        return isHmacSign(algo.getJwaName()); 
+    }
     public static boolean isRsaSign(String algo) {
         return isRsaShaSign(algo) || isRsaShaPsSign(algo); 
     }
+    public static boolean isRsaSign(SignatureAlgorithm algo) {
+        return isRsaSign(algo.getJwaName()); 
+    }
     public static boolean isRsaShaSign(String algo) {
         return RSA_SHA_SIGN_SET.contains(algo); 
     }
+    public static boolean isRsaShaSign(SignatureAlgorithm algo) {
+        return isRsaShaSign(algo.getJwaName()); 
+    }
     public static boolean isRsaShaPsSign(String algo) {
         return RSA_SHA_PS_SIGN_SET.contains(algo); 
     }
+    public static boolean isRsaShaPsSign(SignatureAlgorithm algo) {
+        return isRsaShaPsSign(algo.getJwaName()); 
+    }
     public static boolean isEcDsaSign(String algo) {
         return EC_SHA_SIGN_SET.contains(algo); 
     }
+    public static boolean isEcDsaSign(SignatureAlgorithm algo) {
+        return isEcDsaSign(algo.getJwaName()); 
+    }
     
     public static String toJwaName(String javaName, int keyBitSize) {
         //TODO: perhaps a key should be a name+keysize pair

http://git-wip-us.apache.org/repos/asf/cxf/blob/ac1dbc49/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
index 42a66de..e799e35 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
@@ -18,8 +18,11 @@
  */
 package org.apache.cxf.rs.security.oauth2.provider;
 
+import java.util.Properties;
+
 import javax.crypto.SecretKey;
 
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
@@ -43,8 +46,11 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum
     
     protected JwsSignatureVerifier getInitializedSignatureVerifier(String clientSecret) {
         if (verifyWithClientSecret) {
-            byte[] hmac = CryptoUtils.decodeSequence(clientSecret);
-            return JwsUtils.getHmacSignatureVerifier(hmac, SignatureAlgorithm.HS256);
+            Properties props = JwsUtils.loadSignatureInProperties(false);
+            SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256);
+            if (AlgorithmUtils.isHmacSign(sigAlgo)) {
+                return JwsUtils.getHmacSignatureVerifier(clientSecret, sigAlgo);
+            }
         }
         return null;
     }


Mime
View raw message