cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: More code verifier work
Date Tue, 17 Nov 2015 13:05:32 GMT
Repository: cxf
Updated Branches:
  refs/heads/master aea79e65a -> 7f4b3b163


More code verifier work


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7f4b3b16
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7f4b3b16
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7f4b3b16

Branch: refs/heads/master
Commit: 7f4b3b16302c59d58b81d3cfd057db41b82658b3
Parents: aea79e6
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Nov 17 13:05:03 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Nov 17 13:05:03 2015 +0000

----------------------------------------------------------------------
 .../oauth2/client/ClientCodeRequestFilter.java  | 28 ++++++++++++--------
 .../grants/code/AuthorizationCodeGrant.java     | 12 +++++++++
 2 files changed, 29 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7f4b3b16/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 98ca208..ac09dfc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -43,7 +43,6 @@ import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
 import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer;
@@ -156,9 +155,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
     }
     protected void setCodeVerifier(UriBuilder ub, MultivaluedMap<String, String> redirectState)
{
         if (codeVerifierTransformer != null) {
-            String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
             ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE, 
-                          codeVerifierTransformer.transformCodeVerifier(codeVerifier));
+                          redirectState.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
             ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE_METHOD, 
                           codeVerifierTransformer.getChallengeMethod());
         }
@@ -181,13 +179,19 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
                                        UriInfo ui,
                                        MultivaluedMap<String, String> requestParams)
{
         
+        MultivaluedMap<String, String> state = null;
+        if (clientStateManager != null) {
+            state = clientStateManager.fromRedirectState(mc, requestParams);
+        }
+        
         String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
         ClientAccessToken at = null;
         if (codeParam != null) {
-            AccessTokenGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
+            AuthorizationCodeGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
+            grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
             at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, consumer, grant);
         }
-        ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, requestParams);
+        ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, state);
         if (at != null && clientTokenContextManager != null) {
             clientTokenContextManager.setClientTokenContext(mc, tokenContext);
         }
@@ -196,11 +200,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
     
     protected ClientTokenContext initializeClientTokenContext(ContainerRequestContext rc,

                                                               ClientAccessToken at, 
-                                                              MultivaluedMap<String, String>
params) {
-        MultivaluedMap<String, String> state = null;
-        if (clientStateManager != null) {
-            state = clientStateManager.fromRedirectState(mc, params);
-        }
+                                                              MultivaluedMap<String, String>
state) {
         ClientTokenContext tokenContext = createTokenContext(rc, at, state);
         ((ClientTokenContextImpl)tokenContext).setToken(at);
         ((ClientTokenContextImpl)tokenContext).setState(state);
@@ -226,7 +226,13 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
                                                   toCodeRequestState(rc, ui));
     }
     protected MultivaluedMap<String, String> toCodeRequestState(ContainerRequestContext
rc, UriInfo ui) {
-        return toRequestState(rc, ui);
+        MultivaluedMap<String, String> state = toRequestState(rc, ui);
+        if (codeVerifierTransformer != null) {
+            String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
+            state.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, 
+                          codeVerifierTransformer.transformCodeVerifier(codeVerifier));
+        }
+        return state;
     }
     protected MultivaluedMap<String, String> toRequestState(ContainerRequestContext
rc, UriInfo ui) {
         MultivaluedMap<String, String> requestState = new MetadataMap<String, String>();

http://git-wip-us.apache.org/repos/asf/cxf/blob/7f4b3b16/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
index d599ba2..80119f1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
@@ -36,6 +36,7 @@ public class AuthorizationCodeGrant implements AccessTokenGrant {
     private static final long serialVersionUID = -3738825769770411453L;
     private String code;
     private String redirectUri;
+    private String codeVerifier;
     
     public AuthorizationCodeGrant() {
         
@@ -96,7 +97,18 @@ public class AuthorizationCodeGrant implements AccessTokenGrant {
         if (redirectUri != null) {
             map.putSingle(OAuthConstants.REDIRECT_URI, redirectUri);
         }
+        if (codeVerifier != null) {
+            map.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, codeVerifier);
+        }
         return map;
     }
 
+    public String getCodeVerifier() {
+        return codeVerifier;
+    }
+
+    public void setCodeVerifier(String codeVerifier) {
+        this.codeVerifier = codeVerifier;
+    }
+
 }


Mime
View raw message