cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Calculating at_hash size based on the sha size
Date Wed, 09 Dec 2015 17:56:41 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 36ebac7b2 -> e231ad5e6


Calculating at_hash size based on the sha size


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e231ad5e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e231ad5e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e231ad5e

Branch: refs/heads/3.1.x-fixes
Commit: e231ad5e62e91eaf02a46587de9a683c1809a71f
Parents: 36ebac7
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Dec 9 17:55:03 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Dec 9 17:56:23 2015 +0000

----------------------------------------------------------------------
 .../security/jose/jwa/SignatureAlgorithm.java   | 18 ++++++++--------
 .../cxf/rs/security/oidc/utils/OidcUtils.java   | 22 +++++++++++---------
 2 files changed, 21 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e231ad5e/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
index 30f7bfd..b46c79c 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
@@ -27,17 +27,17 @@ public enum SignatureAlgorithm {
     HS384(AlgorithmUtils.HMAC_SHA_384_ALGO, AlgorithmUtils.HMAC_SHA_384_JAVA, 384),
     HS512(AlgorithmUtils.HMAC_SHA_512_ALGO, AlgorithmUtils.HMAC_SHA_512_JAVA, 512),
     
-    RS256(AlgorithmUtils.RS_SHA_256_ALGO, AlgorithmUtils.RS_SHA_256_JAVA, 256),
-    RS384(AlgorithmUtils.RS_SHA_384_ALGO, AlgorithmUtils.RS_SHA_384_JAVA, 384),
-    RS512(AlgorithmUtils.RS_SHA_512_ALGO, AlgorithmUtils.RS_SHA_512_JAVA, 512),
+    RS256(AlgorithmUtils.RS_SHA_256_ALGO, AlgorithmUtils.RS_SHA_256_JAVA, -1),
+    RS384(AlgorithmUtils.RS_SHA_384_ALGO, AlgorithmUtils.RS_SHA_384_JAVA, -1),
+    RS512(AlgorithmUtils.RS_SHA_512_ALGO, AlgorithmUtils.RS_SHA_512_JAVA, -1),
     
-    PS256(AlgorithmUtils.PS_SHA_256_ALGO, AlgorithmUtils.PS_SHA_256_JAVA, 256),
-    PS384(AlgorithmUtils.PS_SHA_384_ALGO, AlgorithmUtils.PS_SHA_384_JAVA, 384),
-    PS512(AlgorithmUtils.PS_SHA_512_ALGO, AlgorithmUtils.PS_SHA_512_JAVA, 512),
+    PS256(AlgorithmUtils.PS_SHA_256_ALGO, AlgorithmUtils.PS_SHA_256_JAVA, -1),
+    PS384(AlgorithmUtils.PS_SHA_384_ALGO, AlgorithmUtils.PS_SHA_384_JAVA, -1),
+    PS512(AlgorithmUtils.PS_SHA_512_ALGO, AlgorithmUtils.PS_SHA_512_JAVA, -1),
     
-    ES256(AlgorithmUtils.ES_SHA_256_ALGO, AlgorithmUtils.ES_SHA_256_JAVA, 256),
-    ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, 384),
-    ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, 512),
+    ES256(AlgorithmUtils.ES_SHA_256_ALGO, AlgorithmUtils.ES_SHA_256_JAVA, -1),
+    ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, -1),
+    ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, -1),
     
     NONE(AlgorithmUtils.NONE_TEXT_ALGO, null, -1);
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/e231ad5e/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 1e42454..e2b7e6e 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -27,6 +27,7 @@ import java.util.Map;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsException;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
@@ -116,21 +117,22 @@ public final class OidcUtils {
             throw new SecurityException("Invalid hash");
         }
     }
-    public static String calculateAccessTokenHash(String value, SignatureAlgorithm joseAlgo)
{
-        return calculateHash(value, joseAlgo);
+    public static String calculateAccessTokenHash(String value, SignatureAlgorithm sigAlgo)
{
+        return calculateHash(value, sigAlgo);
     }
-    public static String calculateAuthorizationCodeHash(String value, SignatureAlgorithm
joseAlgo) {
-        return calculateHash(value, joseAlgo);
+    public static String calculateAuthorizationCodeHash(String value, SignatureAlgorithm
sigAlgo) {
+        return calculateHash(value, sigAlgo);
     }
-    public static String calculateHash(String value, SignatureAlgorithm joseAlgo) {
-        //TODO: map from the JOSE alg to a signature alg, 
-        // for example, RS256 -> SHA-256 
-        // and calculate the chunk size based on the algo key size
-        // for example SHA-256 -> 256/8 = 32 and 32/2 = 16 bytes
+    private static String calculateHash(String value, SignatureAlgorithm sigAlgo) {
+        if (sigAlgo == SignatureAlgorithm.NONE) {
+            throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
+        }
+        int algoShaSize = Integer.valueOf(sigAlgo.getJwaName().substring(2));
+        int valueHashSize = algoShaSize / 16;
         try {
             byte[] atBytes = StringUtils.toBytesASCII(value);
             byte[] digest = MessageDigestUtils.createDigest(atBytes,  MessageDigestUtils.ALGO_SHA_256);
-            return Base64UrlUtility.encodeChunk(digest, 0, 16);
+            return Base64UrlUtility.encodeChunk(digest, 0, valueHashSize);
         } catch (NoSuchAlgorithmException ex) {
             throw new SecurityException(ex);
         }


Mime
View raw message