cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating CodeVerifierTransformer
Date Tue, 17 Nov 2015 12:27:16 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 97dbb15d1 -> 7ed3c9dc2


Updating CodeVerifierTransformer


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7ed3c9dc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7ed3c9dc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7ed3c9dc

Branch: refs/heads/master
Commit: 7ed3c9dc235f82034054b6517db34a9ae9018304
Parents: 97dbb15
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Nov 17 12:26:39 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Nov 17 12:26:39 2015 +0000

----------------------------------------------------------------------
 .../oauth2/client/ClientCodeRequestFilter.java  | 25 ++++++++++++--
 .../grants/code/CodeVerifierTransformer.java    |  1 +
 .../oauth2/grants/code/DigestCodeVerifier.java  |  5 +++
 .../oauth2/grants/code/PlainCodeVerifier.java   | 34 ++++++++++++++++++++
 .../security/oauth2/utils/OAuthConstants.java   |  3 +-
 5 files changed, 65 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7ed3c9dc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 18285a6..6dfaafe 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -36,6 +36,7 @@ import javax.ws.rs.core.SecurityContext;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
 
+import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
@@ -45,8 +46,10 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 @PreMatching
 @Priority(Priorities.AUTHENTICATION + 1)
@@ -68,6 +71,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
     private boolean setFormPostResponseMode;
     private boolean faultAccessDeniedResponses;
     private boolean applicationCanHandleAccessDenied;
+    private CodeVerifierTransformer codeVerifierTransformer;
         
     @Override
     public void filter(ContainerRequestContext rc) throws IOException {
@@ -136,19 +140,32 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
                                              getAbsoluteRedirectUri(ui).toString(), 
                                              theState, 
                                              theScope);
+        setFormPostResponseMode(ub, redirectState);
         setAdditionalCodeRequestParams(ub, redirectState);
         URI uri = ub.build();
         return Response.seeOther(uri).build();
     }
 
-    protected void setAdditionalCodeRequestParams(UriBuilder ub, MultivaluedMap<String,
String> redirectState) {
+    protected void setFormPostResponseMode(UriBuilder ub, MultivaluedMap<String, String>
redirectState) {
         if (setFormPostResponseMode) {
             // This property is described in OIDC OAuth 2.0 Form Post Response Mode which
is technically
             // can be used without OIDC hence this is set in this filter as opposed to the
OIDC specific one.
             ub.queryParam("response_mode", "form_post");
         }
     }
-
+    protected void setCodeVerifier(UriBuilder ub, MultivaluedMap<String, String> redirectState)
{
+        if (codeVerifierTransformer != null) {
+            String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
+            ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE, 
+                          codeVerifierTransformer.transformCodeVerifier(codeVerifier));
+            ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE_METHOD, 
+                          codeVerifierTransformer.getChallengeMethod());
+        }
+    }
+    protected void setAdditionalCodeRequestParams(UriBuilder ub, MultivaluedMap<String,
String> redirectState) {
+    }
+    
+    
     private URI getAbsoluteRedirectUri(UriInfo ui) {
         if (redirectUri != null) {
             return URI.create(redirectUri);
@@ -315,4 +332,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
     public void setApplicationCanHandleAccessDenied(boolean applicationCanHandleAccessDenied)
{
         this.applicationCanHandleAccessDenied = applicationCanHandleAccessDenied;
     }
+
+    public void setCodeVerifierTransformer(CodeVerifierTransformer codeVerifierTransformer)
{
+        this.codeVerifierTransformer = codeVerifierTransformer;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7ed3c9dc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java
index 02a5e51..c856b7d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java
@@ -20,4 +20,5 @@ package org.apache.cxf.rs.security.oauth2.grants.code;
 
 public interface CodeVerifierTransformer {
     String transformCodeVerifier(String codeVerifier); 
+    String getChallengeMethod();
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7ed3c9dc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
index 9dc64e8..7f4325f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
@@ -29,6 +29,11 @@ public class DigestCodeVerifier implements CodeVerifierTransformer {
         return Base64UrlUtility.encode(digest);
     }
 
+    @Override
+    public String getChallengeMethod() {
+        return "S256";
+    }
+
     
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7ed3c9dc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/PlainCodeVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/PlainCodeVerifier.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/PlainCodeVerifier.java
new file mode 100644
index 0000000..95d3baf
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/PlainCodeVerifier.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.code;
+
+public class PlainCodeVerifier implements CodeVerifierTransformer {
+
+    public String transformCodeVerifier(String codeVerifier) {
+        return codeVerifier;
+    }
+
+    @Override
+    public String getChallengeMethod() {
+        return "plain";
+    }
+
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/7ed3c9dc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
index b8f3687..b835e02 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
@@ -57,9 +57,10 @@ public final class OAuthConstants {
     public static final String BEARER_TOKEN_TYPE = "bearer";
     public static final String HAWK_TOKEN_TYPE = "hawk";
     
-    // http://datatracker.ietf.org/doc/draft-sakimura-oauth-tcse
+    // https://tools.ietf.org/html/rfc7636
     public static final String AUTHORIZATION_CODE_VERIFIER = "code_verifier";
     public static final String AUTHORIZATION_CODE_CHALLENGE = "code_challenge";
+    public static final String AUTHORIZATION_CODE_CHALLENGE_METHOD = "code_challenge_method";
     
     // CXF-specific
     public static final String REFRESH_TOKEN_TYPE = "refresh";


Mime
View raw message