cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Introducing a dedicated property for checking client secret algorithms
Date Fri, 13 Nov 2015 16:48:46 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 5e8334b2d -> 4744117f9


Introducing a dedicated property for checking client secret algorithms


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4744117f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4744117f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4744117f

Branch: refs/heads/3.1.x-fixes
Commit: 4744117f9228e8f25cc2cba2255f6e6a516e2d2a
Parents: 5e8334b
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Nov 13 16:46:39 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Nov 13 16:48:30 2015 +0000

----------------------------------------------------------------------
 .../oauth2/provider/AbstractOAuthJoseJwtConsumer.java       | 9 +++++++--
 .../oauth2/provider/AbstractOAuthJoseJwtProducer.java       | 9 +++++++--
 .../apache/cxf/rs/security/oauth2/utils/OAuthConstants.java | 5 +++++
 3 files changed, 19 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
index 5d2fa3b..175346e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
@@ -31,6 +31,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsumer {
@@ -47,7 +48,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum
     protected JwsSignatureVerifier getInitializedSignatureVerifier(String clientSecret) {
         if (verifyWithClientSecret) {
             Properties props = JwsUtils.loadSignatureInProperties(false);
-            SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256);
+            SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(
+                props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM));
+            sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
             if (AlgorithmUtils.isHmacSign(sigAlgo)) {
                 return JwsUtils.getHmacSignatureVerifier(clientSecret, sigAlgo);
             }
@@ -59,7 +62,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum
         if (decryptWithClientSecret) {
             SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
             Properties props = JweUtils.loadEncryptionInProperties(false);
-            ContentAlgorithm ctAlgo = JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM);
+            ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm(
+                props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM));
+            ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM;
             theDecryptionProvider = JweUtils.getDirectKeyJweDecryption(key, ctAlgo);
         }
         return theDecryptionProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
index fec38bc..5e1c870 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
@@ -32,6 +32,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProducer {
@@ -47,7 +48,9 @@ public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProduc
     protected JwsSignatureProvider getInitializedSignatureProvider(String clientSecret) {
         if (signWithClientSecret && !StringUtils.isEmpty(clientSecret)) {
             Properties props = JwsUtils.loadSignatureOutProperties(false);
-            SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256);
+            SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(
+                props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM));
+            sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
             if (AlgorithmUtils.isHmacSign(sigAlgo)) {
                 return JwsUtils.getHmacSignatureProvider(clientSecret, sigAlgo);
             }
@@ -58,7 +61,9 @@ public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProduc
         if (encryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) {
             SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
             Properties props = JweUtils.loadEncryptionOutProperties(false);
-            ContentAlgorithm ctAlgo = JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM);
+            ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm(
+                props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM));
+            ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM;
             return JweUtils.getDirectKeyJweEncryption(key, ctAlgo);
         }
         return null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
index dea3e11..e15f85e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
@@ -129,7 +129,12 @@ public final class OAuthConstants {
     // Default refresh token scope value - checked by CXF utility code
     public static final String REFRESH_TOKEN_SCOPE = "refreshToken";
     
+    // Client Secret (JWS) Signature Algorithm
+    public static final String CLIENT_SECRET_SIGNATURE_ALGORITHM = "client.secret.signature.algorithm";
+    // Client Secret (JWE) Encryption Algorithm
+    public static final String CLIENT_SECRET_ENCRYPTION_ALGORITHM = "client.secret.encryption.algorithm";
     
+    // Client Secret Encrypting Algorithm
     private OAuthConstants() {
     }
     


Mime
View raw message