cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating a client side JwtRequest code grant handler
Date Mon, 22 Feb 2016 17:32:34 GMT
Repository: cxf
Updated Branches:
  refs/heads/master b74ab38aa -> 487ef19c3


Updating a client side JwtRequest code grant handler


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/487ef19c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/487ef19c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/487ef19c

Branch: refs/heads/master
Commit: 487ef19c310848d61e69e21f9890012885efae6a
Parents: b74ab38
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Feb 22 17:32:19 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Feb 22 17:32:19 2016 +0000

----------------------------------------------------------------------
 .../oauth2/client/ClientCodeRequestFilter.java  | 21 ++++-
 .../oauth2/grants/code/JwtRequestCodeGrant.java | 82 ++++----------------
 2 files changed, 37 insertions(+), 66 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/487ef19c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 0b950c7..be79d64 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -46,6 +46,8 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
 import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer;
+import org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeGrant;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthJoseJwtProducer;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
@@ -71,6 +73,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
     private boolean faultAccessDeniedResponses;
     private boolean applicationCanHandleAccessDenied;
     private CodeVerifierTransformer codeVerifierTransformer;
+    private OAuthJoseJwtProducer codeRequestJoseProducer;
         
     @Override
     public void filter(ContainerRequestContext rc) throws IOException {
@@ -194,7 +197,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
         String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
         ClientAccessToken at = null;
         if (codeParam != null) {
-            AuthorizationCodeGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
+            AuthorizationCodeGrant grant = prepareCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
             grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
             at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, consumer, grant);
         }
@@ -205,6 +208,18 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
         setClientCodeRequest(tokenContext);
     }
     
+    private AuthorizationCodeGrant prepareCodeGrant(String codeParam, URI absoluteRedirectUri)
{
+        if (codeRequestJoseProducer == null) {
+            return new AuthorizationCodeGrant(codeParam, absoluteRedirectUri);
+        } else {
+            JwtRequestCodeGrant grant = 
+                new JwtRequestCodeGrant(codeParam, absoluteRedirectUri, consumer.getClientId());
+            grant.setClientSecret(consumer.getClientSecret());
+            grant.setJoseProducer(codeRequestJoseProducer);
+            return grant;
+        }
+    }
+
     protected ClientTokenContext initializeClientTokenContext(ContainerRequestContext rc,

                                                               ClientAccessToken at, 
                                                               MultivaluedMap<String, String>
state) {
@@ -362,4 +377,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
     public void setCodeVerifierTransformer(CodeVerifierTransformer codeVerifierTransformer)
{
         this.codeVerifierTransformer = codeVerifierTransformer;
     }
+
+    public void setCodeRequestJoseProducer(OAuthJoseJwtProducer codeRequestJoseProducer)
{
+        this.codeRequestJoseProducer = codeRequestJoseProducer;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/487ef19c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
index 8f95506..f2cc865 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
@@ -20,20 +20,12 @@ package org.apache.cxf.rs.security.oauth2.grants.code;
 
 import java.net.URI;
 
-import javax.crypto.SecretKey;
 import javax.ws.rs.core.MultivaluedMap;
 
-import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthJoseJwtProducer;
 
 
 
@@ -43,12 +35,8 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils;
  */
 public class JwtRequestCodeGrant extends AuthorizationCodeGrant {
     private static final long serialVersionUID = -3738825769770411453L;
-    private JwsSignatureProvider sigProvider;
-    private JweEncryptionProvider encryptionProvider;
+    private OAuthJoseJwtProducer joseProducer = new OAuthJoseJwtProducer();
     private String clientSecret;
-    private boolean encryptWithClientSecret;
-    private boolean signWithClientSecret;
-    // can be a client id
     private String issuer;
     public JwtRequestCodeGrant() {
     }
@@ -66,24 +54,6 @@ public class JwtRequestCodeGrant extends AuthorizationCodeGrant {
         super(code, uri);
         this.issuer = issuer;
     }
-    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
-        this.sigProvider = signatureProvider;
-    }
-    public void setEncryptionProvider(JweEncryptionProvider encProvider) {
-        this.encryptionProvider = encProvider;
-    }
-    
-    protected JwsSignatureProvider getInitializedSigProvider() {
-        if (sigProvider != null) {
-            return sigProvider;    
-        } 
-        if (signWithClientSecret) {
-            byte[] hmac = CryptoUtils.decodeSequence(clientSecret);
-            return JwsUtils.getHmacSignatureProvider(hmac, SignatureAlgorithm.HS256);
-        } else {
-            return JwsUtils.loadSignatureProvider(true);
-        }
-    }
     public MultivaluedMap<String, String> toMap() {
         String request = getRequest();
         MultivaluedMap<String, String> newMap = new MetadataMap<String, String>();
@@ -94,49 +64,31 @@ public class JwtRequestCodeGrant extends AuthorizationCodeGrant {
     public String getRequest() {
         MultivaluedMap<String, String> map = super.toMap();
         JwtClaims claims = new JwtClaims();
-        claims.setIssuer(issuer);
+        if (issuer != null) {
+            claims.setIssuer(issuer);
+        }
         for (String key : map.keySet()) {
             claims.setClaim(key, map.getFirst(key));
         }
-        JwsJwtCompactProducer producer = new JwsJwtCompactProducer(claims);
-        JwsSignatureProvider theSigProvider = getInitializedSigProvider();
-        String request = producer.signWith(theSigProvider);
-        
-        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
-        if (theEncryptionProvider != null) {
-            request = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(request), null);
-        }
-        return request;
-    }
-    protected JweEncryptionProvider getInitializedEncryptionProvider() {
-        if (encryptionProvider != null) {
-            return encryptionProvider;    
-        } 
-        if (encryptWithClientSecret) {
-            SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
-            return JweUtils.getDirectKeyJweEncryption(key, ContentAlgorithm.A128GCM);
-        } else {
-            return JweUtils.loadEncryptionProvider(false);
-        }
+        return joseProducer.processJwt(new JwtToken(claims), clientSecret);
     }
-
+    
     public void setIssuer(String issuer) {
+        // Can it be a client id ?
+        
         this.issuer = issuer;
     }
 
     public void setClientSecret(String clientSecret) {
         this.clientSecret = clientSecret;
     }
-    public void setEncryptWithClientSecret(boolean encryptWithClientSecret) {
-        if (signWithClientSecret) {
-            throw new SecurityException();
-        }
-        this.encryptWithClientSecret = encryptWithClientSecret;
+
+    public OAuthJoseJwtProducer getJoseProducer() {
+        return joseProducer;
     }
-    public void setSignWithClientSecret(boolean signWithClientSecret) {
-        if (encryptWithClientSecret) {
-            throw new SecurityException();
-        }
-        this.signWithClientSecret = signWithClientSecret;
+
+    public void setJoseProducer(OAuthJoseJwtProducer joseProducer) {
+        this.joseProducer = joseProducer;
     }
+    
 }


Mime
View raw message