Return-Path: 
 <commits-return-39569-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id F1A2018270
	for <apmail-cxf-commits-archive@www.apache.org>;
 Wed,  9 Dec 2015 17:56:41 +0000 (UTC)
Received: (qmail 23195 invoked by uid 500); 9 Dec 2015 17:56:41 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 23142 invoked by uid 500); 9 Dec 2015 17:56:41 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 23133 invoked by uid 99); 9 Dec 2015 17:56:41 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Dec 2015 17:56:41 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id A327AE00AA; Wed,  9 Dec 2015 17:56:41 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: sergeyb@apache.org
To: commits@cxf.apache.org
Message-Id: <9d74229616174ee2a17490b802edf6b2@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Calculating at_hash size based on the sha size
Date: Wed,  9 Dec 2015 17:56:41 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 36ebac7b2 -> e231ad5e6


Calculating at_hash size based on the sha size


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e231ad5e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e231ad5e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e231ad5e

Branch: refs/heads/3.1.x-fixes
Commit: e231ad5e62e91eaf02a46587de9a683c1809a71f
Parents: 36ebac7
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Dec 9 17:55:03 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Dec 9 17:56:23 2015 +0000

----------------------------------------------------------------------
 .../security/jose/jwa/SignatureAlgorithm.java   | 18 ++++++++--------
 .../cxf/rs/security/oidc/utils/OidcUtils.java   | 22 +++++++++++---------
 2 files changed, 21 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e231ad5e/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
index 30f7bfd..b46c79c 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
@@ -27,17 +27,17 @@ public enum SignatureAlgorithm {
     HS384(AlgorithmUtils.HMAC_SHA_384_ALGO, AlgorithmUtils.HMAC_SHA_384_JAVA, 384),
     HS512(AlgorithmUtils.HMAC_SHA_512_ALGO, AlgorithmUtils.HMAC_SHA_512_JAVA, 512),
     
-    RS256(AlgorithmUtils.RS_SHA_256_ALGO, AlgorithmUtils.RS_SHA_256_JAVA, 256),
-    RS384(AlgorithmUtils.RS_SHA_384_ALGO, AlgorithmUtils.RS_SHA_384_JAVA, 384),
-    RS512(AlgorithmUtils.RS_SHA_512_ALGO, AlgorithmUtils.RS_SHA_512_JAVA, 512),
+    RS256(AlgorithmUtils.RS_SHA_256_ALGO, AlgorithmUtils.RS_SHA_256_JAVA, -1),
+    RS384(AlgorithmUtils.RS_SHA_384_ALGO, AlgorithmUtils.RS_SHA_384_JAVA, -1),
+    RS512(AlgorithmUtils.RS_SHA_512_ALGO, AlgorithmUtils.RS_SHA_512_JAVA, -1),
     
-    PS256(AlgorithmUtils.PS_SHA_256_ALGO, AlgorithmUtils.PS_SHA_256_JAVA, 256),
-    PS384(AlgorithmUtils.PS_SHA_384_ALGO, AlgorithmUtils.PS_SHA_384_JAVA, 384),
-    PS512(AlgorithmUtils.PS_SHA_512_ALGO, AlgorithmUtils.PS_SHA_512_JAVA, 512),
+    PS256(AlgorithmUtils.PS_SHA_256_ALGO, AlgorithmUtils.PS_SHA_256_JAVA, -1),
+    PS384(AlgorithmUtils.PS_SHA_384_ALGO, AlgorithmUtils.PS_SHA_384_JAVA, -1),
+    PS512(AlgorithmUtils.PS_SHA_512_ALGO, AlgorithmUtils.PS_SHA_512_JAVA, -1),
     
-    ES256(AlgorithmUtils.ES_SHA_256_ALGO, AlgorithmUtils.ES_SHA_256_JAVA, 256),
-    ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, 384),
-    ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, 512),
+    ES256(AlgorithmUtils.ES_SHA_256_ALGO, AlgorithmUtils.ES_SHA_256_JAVA, -1),
+    ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, -1),
+    ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, -1),
     
     NONE(AlgorithmUtils.NONE_TEXT_ALGO, null, -1);
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/e231ad5e/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 1e42454..e2b7e6e 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -27,6 +27,7 @@ import java.util.Map;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsException;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
@@ -116,21 +117,22 @@ public final class OidcUtils {
             throw new SecurityException("Invalid hash");
         }
     }
-    public static String calculateAccessTokenHash(String value, SignatureAlgorithm joseAlgo) {
-        return calculateHash(value, joseAlgo);
+    public static String calculateAccessTokenHash(String value, SignatureAlgorithm sigAlgo) {
+        return calculateHash(value, sigAlgo);
     }
-    public static String calculateAuthorizationCodeHash(String value, SignatureAlgorithm joseAlgo) {
-        return calculateHash(value, joseAlgo);
+    public static String calculateAuthorizationCodeHash(String value, SignatureAlgorithm sigAlgo) {
+        return calculateHash(value, sigAlgo);
     }
-    public static String calculateHash(String value, SignatureAlgorithm joseAlgo) {
-        //TODO: map from the JOSE alg to a signature alg, 
-        // for example, RS256 -> SHA-256 
-        // and calculate the chunk size based on the algo key size
-        // for example SHA-256 -> 256/8 = 32 and 32/2 = 16 bytes
+    private static String calculateHash(String value, SignatureAlgorithm sigAlgo) {
+        if (sigAlgo == SignatureAlgorithm.NONE) {
+            throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
+        }
+        int algoShaSize = Integer.valueOf(sigAlgo.getJwaName().substring(2));
+        int valueHashSize = algoShaSize / 16;
         try {
             byte[] atBytes = StringUtils.toBytesASCII(value);
             byte[] digest = MessageDigestUtils.createDigest(atBytes,  MessageDigestUtils.ALGO_SHA_256);
-            return Base64UrlUtility.encodeChunk(digest, 0, 16);
+            return Base64UrlUtility.encodeChunk(digest, 0, valueHashSize);
         } catch (NoSuchAlgorithmException ex) {
             throw new SecurityException(ex);
         }