directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject directory-kerby git commit: WIP: Implementing token mechanism; Fixed a building issue reported by Liqi
Date Sun, 22 Mar 2015 08:02:42 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 1f62f8017 -> d2392ce17


WIP: Implementing token mechanism; Fixed a building issue reported by Liqi


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d2392ce1
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d2392ce1
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d2392ce1

Branch: refs/heads/master
Commit: d2392ce17d77c6781fdcfc5c397285280891239b
Parents: 1f62f80
Author: Drankye <drankye@gmail.com>
Authored: Sun Mar 22 16:02:19 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Sun Mar 22 16:02:19 2015 +0800

----------------------------------------------------------------------
 kerby-kerb/kerb-client/pom.xml                  |  5 --
 .../kerberos/kerb/provider/TokenEncoder.java    |  7 +-
 .../kerberos/kerb/spec/base/AuthToken.java      |  8 +--
 .../kerby/kerberos/kerb/spec/base/KrbToken.java | 21 +++---
 kerby-kerb/kerb-server/pom.xml                  |  5 --
 kerby-provider/token-provider/pom.xml           |  2 +-
 .../kerberos/provider/token/JwtAuthToken.java   | 72 ++++++++++++++------
 .../provider/token/JwtTokenEncoder.java         | 30 ++++++--
 .../kerby/kerberos/provider/token/JwtUtil.java  | 17 +++++
 9 files changed, 115 insertions(+), 52 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-client/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/pom.xml b/kerby-kerb/kerb-client/pom.xml
index e26c860..a6b03c2 100644
--- a/kerby-kerb/kerb-client/pom.xml
+++ b/kerby-kerb/kerb-client/pom.xml
@@ -46,11 +46,6 @@
       <artifactId>kerby-event</artifactId>
       <version>${project.version}</version>
     </dependency>
-    <dependency>
-      <groupId>org.apache.kerby</groupId>
-      <artifactId>kerby-pkix</artifactId>
-      <version>${project.version}</version>
-    </dependency>
   </dependencies>
 
   <profiles>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
index 20876c9..1b9dd55 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kerb.provider;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
 
 import java.io.IOException;
@@ -33,7 +34,7 @@ public interface TokenEncoder {
      * @param token
      * @return bytes array
      */
-    public byte[] encodeAsBytes(AuthToken token);
+    public byte[] encodeAsBytes(AuthToken token) throws KrbException;
 
     /**
      * Decode a token from a bytes array.
@@ -47,13 +48,13 @@ public interface TokenEncoder {
      * @param token
      * @return string representation
      */
-    public String encodeAsString(AuthToken token);
+    public String encodeAsString(AuthToken token) throws KrbException;
 
     /**
      * Decode a token from a string.
      * @param content
      * @return token
      */
-    public AuthToken decodeFromString(String content) throws IOException;
+    public AuthToken decodeFromString(String content) throws IOException, KrbException;
 
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
index 1e5e044..472d1de 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
@@ -116,25 +116,25 @@ public interface AuthToken {
      * Get token issued at time when the token is issued.
      * @return issued at time
      */
-    public Date getIssuedAtTime();
+    public Date getIssueTime();
 
     /**
      * Set token issued at time.
      * @param iat
      */
-    public void setIssuedAtTime(Date iat);
+    public void setIssueTime(Date iat);
 
     /**
      * Get token attributes.
      * @return token attributes
      */
-    public Map<String, String> getAttributes();
+    public Map<String, Object> getAttributes();
 
     /**
      * Add a token attribute.
      * @param name
      * @param value
      */
-    public void addAttribute(String name, String value);
+    public void addAttribute(String name, Object value);
 
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
index 53f002b..8fc28f5 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
@@ -22,6 +22,7 @@ package org.apache.kerby.kerberos.kerb.spec.base;
 import org.apache.kerby.asn1.type.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1OctetString;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.KrbRuntime;
 import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
 import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType;
@@ -57,7 +58,11 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
 
     @Override
     public void encode(ByteBuffer buffer) {
-        setTokenValue(getTokenEncoder().encodeAsBytes(this));
+        try {
+            setTokenValue(getTokenEncoder().encodeAsBytes(this));
+        } catch (KrbException e) {
+            throw new RuntimeException(e);
+        }
         super.encode(buffer);
     }
 
@@ -162,22 +167,22 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
     }
 
     @Override
-    public Date getIssuedAtTime() {
-        return innerToken.getIssuedAtTime();
+    public Date getIssueTime() {
+        return innerToken.getIssueTime();
     }
 
     @Override
-    public void setIssuedAtTime(Date iat) {
-        innerToken.setIssuedAtTime(iat);
+    public void setIssueTime(Date iat) {
+        innerToken.setIssueTime(iat);
     }
 
     @Override
-    public Map<String, String> getAttributes() {
+    public Map<String, Object> getAttributes() {
         return innerToken.getAttributes();
     }
 
     @Override
-    public void addAttribute(String name, String value) {
-        innerToken.addAttribute(name, value);
+    public void addAttribute(String name, Object value) {
+
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
index 3edfc6e..02b69d6 100644
--- a/kerby-kerb/kerb-server/pom.xml
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -57,11 +57,6 @@
       <artifactId>kerby-event</artifactId>
       <version>${project.version}</version>
     </dependency>
-    <dependency>
-      <groupId>org.apache.kerby</groupId>
-      <artifactId>kerby-pkix</artifactId>
-      <version>${project.version}</version>
-    </dependency>
   </dependencies>
 
   <profiles>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-provider/token-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/pom.xml b/kerby-provider/token-provider/pom.xml
index af7fe34..140cdc2 100644
--- a/kerby-provider/token-provider/pom.xml
+++ b/kerby-provider/token-provider/pom.xml
@@ -22,7 +22,7 @@
     <dependency>
       <groupId>com.nimbusds</groupId>
       <artifactId>nimbus-jose-jwt</artifactId>
-      <version>3.8.2</version>
+      <version>3.9</version>
     </dependency>
   </dependencies>
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
index a4441eb..fe9e7ad 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
@@ -19,50 +19,82 @@
  */
 package org.apache.kerby.kerberos.provider.token;
 
+import com.nimbusds.jose.PlainHeader;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.PlainJWT;
+import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
 import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
 
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 
 /**
  * JWT auth token backed by JWT token.
  */
 public class JwtAuthToken implements AuthToken {
 
+    private JWTClaimsSet jwtClaims;
+
+    protected JwtAuthToken() {
+        this(new JWTClaimsSet());
+    }
+
+    protected JwtAuthToken(JWTClaimsSet jwtClaims) {
+        this.jwtClaims = jwtClaims;
+    }
+
+    protected JwtAuthToken(ReadOnlyJWTClaimsSet jwtClaims) {
+        this.jwtClaims = JwtUtil.from(jwtClaims);
+    }
+
+    protected JWT getJwt() {
+        String jti = jwtClaims.getJWTID();
+        if (jti == null || jti.isEmpty()) {
+            jti = UUID.randomUUID().toString();
+            jwtClaims.setJWTID(jti);
+        }
+
+        PlainHeader header = new PlainHeader();
+        PlainJWT jwt = new PlainJWT(header, jwtClaims);
+        return jwt;
+    }
+
     @Override
     public String getSubject() {
-        return null;
+        return jwtClaims.getSubject();
     }
 
     @Override
     public void setSubject(String sub) {
-
+        jwtClaims.setSubject(sub);
     }
 
     @Override
     public String getIssuer() {
-        return null;
+        return jwtClaims.getIssuer();
     }
 
     @Override
     public void setIssuer(String issuer) {
-
+        jwtClaims.setIssuer(issuer);
     }
 
     @Override
     public List<String> getAudiences() {
-        return null;
+        return jwtClaims.getAudience();
     }
 
     @Override
     public void setAudiences(List<String> audiences) {
-
+        jwtClaims.setAudience(audiences);
     }
 
     @Override
     public boolean isIdToken() {
-        return false;
+        return true;
     }
 
     @Override
@@ -72,7 +104,7 @@ public class JwtAuthToken implements AuthToken {
 
     @Override
     public boolean isBearerToken() {
-        return false;
+        return true;
     }
 
     @Override
@@ -82,41 +114,41 @@ public class JwtAuthToken implements AuthToken {
 
     @Override
     public Date getExpiredTime() {
-        return null;
+        return jwtClaims.getExpirationTime();
     }
 
     @Override
     public void setExpiredTime(Date exp) {
-
+        jwtClaims.setExpirationTime(exp);
     }
 
     @Override
     public Date getNotBeforeTime() {
-        return null;
+        return jwtClaims.getNotBeforeTime();
     }
 
     @Override
     public void setNotBeforeTime(Date nbt) {
-
+        jwtClaims.setNotBeforeTime(nbt);
     }
 
     @Override
-    public Date getIssuedAtTime() {
-        return null;
+    public Date getIssueTime() {
+        return jwtClaims.getIssueTime();
     }
 
     @Override
-    public void setIssuedAtTime(Date iat) {
-
+    public void setIssueTime(Date iat) {
+        jwtClaims.setIssueTime(iat);
     }
 
     @Override
-    public Map<String, String> getAttributes() {
-        return null;
+    public Map<String, Object> getAttributes() {
+        return jwtClaims.getAllClaims();
     }
 
     @Override
-    public void addAttribute(String name, String value) {
-
+    public void addAttribute(String name, Object value) {
+        jwtClaims.setCustomClaim(name, value);
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
index b5e536d..c8f1442 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
@@ -19,10 +19,14 @@
  */
 package org.apache.kerby.kerberos.provider.token;
 
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.PlainJWT;
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
 import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
 
 import java.io.IOException;
+import java.text.ParseException;
 
 /**
  * JWT token encoder, implemented using Nimbus JWT library.
@@ -30,8 +34,9 @@ import java.io.IOException;
 public class JwtTokenEncoder implements TokenEncoder {
 
     @Override
-    public byte[] encodeAsBytes(AuthToken token) {
-        return new byte[0];
+    public byte[] encodeAsBytes(AuthToken token) throws KrbException {
+        String tokenStr = encodeAsString(token);
+        return tokenStr.getBytes();
     }
 
     @Override
@@ -40,12 +45,25 @@ public class JwtTokenEncoder implements TokenEncoder {
     }
 
     @Override
-    public String encodeAsString(AuthToken token) {
-        return null;
+    public String encodeAsString(AuthToken token) throws KrbException {
+        if (! (token instanceof JwtAuthToken) ) {
+            throw new KrbException("Unexpected AuthToken, not JwtAuthToken");
+        }
+
+        JwtAuthToken jwtAuthToken = (JwtAuthToken) token;
+        JWT jwt = jwtAuthToken.getJwt();
+
+        String tokenStr = jwt.serialize();
+        return tokenStr;
     }
 
     @Override
-    public AuthToken decodeFromString(String content) throws IOException {
-        return null;
+    public AuthToken decodeFromString(String content) throws KrbException {
+        try {
+            PlainJWT jwt = PlainJWT.parse(content);
+            return new JwtAuthToken(jwt.getJWTClaimsSet());
+        } catch (ParseException e) {
+            throw new KrbException("Failed to parse JWT token string", e);
+        }
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java
b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java
new file mode 100644
index 0000000..d7f8e07
--- /dev/null
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java
@@ -0,0 +1,17 @@
+package org.apache.kerby.kerberos.provider.token;
+
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
+
+/**
+ * JWT token utilities.
+ */
+public class JwtUtil {
+
+    public static JWTClaimsSet from(ReadOnlyJWTClaimsSet readOnlyClaims) {
+        JWTClaimsSet result = new JWTClaimsSet();
+        //readOnlyClaims.getAudience()
+
+        return result;
+    }
+}


Mime
View raw message