Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DE58C17C27 for ; Sun, 22 Mar 2015 08:02:42 +0000 (UTC) Received: (qmail 26123 invoked by uid 500); 22 Mar 2015 08:02:42 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 26082 invoked by uid 500); 22 Mar 2015 08:02:42 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 26073 invoked by uid 99); 22 Mar 2015 08:02:42 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 Mar 2015 08:02:42 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 8234AE08DB; Sun, 22 Mar 2015 08:02:42 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: drankye@apache.org To: commits@directory.apache.org Message-Id: <3fb22010699a44439f35b9f3ec6453a8@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: directory-kerby git commit: WIP: Implementing token mechanism; Fixed a building issue reported by Liqi Date: Sun, 22 Mar 2015 08:02:42 +0000 (UTC) Repository: directory-kerby Updated Branches: refs/heads/master 1f62f8017 -> d2392ce17 WIP: Implementing token mechanism; Fixed a building issue reported by Liqi Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d2392ce1 Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d2392ce1 Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d2392ce1 Branch: refs/heads/master Commit: d2392ce17d77c6781fdcfc5c397285280891239b Parents: 1f62f80 Author: Drankye Authored: Sun Mar 22 16:02:19 2015 +0800 Committer: Drankye Committed: Sun Mar 22 16:02:19 2015 +0800 ---------------------------------------------------------------------- kerby-kerb/kerb-client/pom.xml | 5 -- .../kerberos/kerb/provider/TokenEncoder.java | 7 +- .../kerberos/kerb/spec/base/AuthToken.java | 8 +-- .../kerby/kerberos/kerb/spec/base/KrbToken.java | 21 +++--- kerby-kerb/kerb-server/pom.xml | 5 -- kerby-provider/token-provider/pom.xml | 2 +- .../kerberos/provider/token/JwtAuthToken.java | 72 ++++++++++++++------ .../provider/token/JwtTokenEncoder.java | 30 ++++++-- .../kerby/kerberos/provider/token/JwtUtil.java | 17 +++++ 9 files changed, 115 insertions(+), 52 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-client/pom.xml ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/pom.xml b/kerby-kerb/kerb-client/pom.xml index e26c860..a6b03c2 100644 --- a/kerby-kerb/kerb-client/pom.xml +++ b/kerby-kerb/kerb-client/pom.xml @@ -46,11 +46,6 @@ kerby-event ${project.version} - - org.apache.kerby - kerby-pkix - ${project.version} - http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java index 20876c9..1b9dd55 100644 --- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java +++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java @@ -19,6 +19,7 @@ */ package org.apache.kerby.kerberos.kerb.provider; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.spec.base.AuthToken; import java.io.IOException; @@ -33,7 +34,7 @@ public interface TokenEncoder { * @param token * @return bytes array */ - public byte[] encodeAsBytes(AuthToken token); + public byte[] encodeAsBytes(AuthToken token) throws KrbException; /** * Decode a token from a bytes array. @@ -47,13 +48,13 @@ public interface TokenEncoder { * @param token * @return string representation */ - public String encodeAsString(AuthToken token); + public String encodeAsString(AuthToken token) throws KrbException; /** * Decode a token from a string. * @param content * @return token */ - public AuthToken decodeFromString(String content) throws IOException; + public AuthToken decodeFromString(String content) throws IOException, KrbException; } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java index 1e5e044..472d1de 100644 --- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java +++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java @@ -116,25 +116,25 @@ public interface AuthToken { * Get token issued at time when the token is issued. * @return issued at time */ - public Date getIssuedAtTime(); + public Date getIssueTime(); /** * Set token issued at time. * @param iat */ - public void setIssuedAtTime(Date iat); + public void setIssueTime(Date iat); /** * Get token attributes. * @return token attributes */ - public Map getAttributes(); + public Map getAttributes(); /** * Add a token attribute. * @param name * @param value */ - public void addAttribute(String name, String value); + public void addAttribute(String name, Object value); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java index 53f002b..8fc28f5 100644 --- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java +++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java @@ -22,6 +22,7 @@ package org.apache.kerby.kerberos.kerb.spec.base; import org.apache.kerby.asn1.type.Asn1FieldInfo; import org.apache.kerby.asn1.type.Asn1Integer; import org.apache.kerby.asn1.type.Asn1OctetString; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.KrbRuntime; import org.apache.kerby.kerberos.kerb.provider.TokenEncoder; import org.apache.kerby.kerberos.kerb.spec.KrbSequenceType; @@ -57,7 +58,11 @@ public class KrbToken extends KrbSequenceType implements AuthToken { @Override public void encode(ByteBuffer buffer) { - setTokenValue(getTokenEncoder().encodeAsBytes(this)); + try { + setTokenValue(getTokenEncoder().encodeAsBytes(this)); + } catch (KrbException e) { + throw new RuntimeException(e); + } super.encode(buffer); } @@ -162,22 +167,22 @@ public class KrbToken extends KrbSequenceType implements AuthToken { } @Override - public Date getIssuedAtTime() { - return innerToken.getIssuedAtTime(); + public Date getIssueTime() { + return innerToken.getIssueTime(); } @Override - public void setIssuedAtTime(Date iat) { - innerToken.setIssuedAtTime(iat); + public void setIssueTime(Date iat) { + innerToken.setIssueTime(iat); } @Override - public Map getAttributes() { + public Map getAttributes() { return innerToken.getAttributes(); } @Override - public void addAttribute(String name, String value) { - innerToken.addAttribute(name, value); + public void addAttribute(String name, Object value) { + } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-kerb/kerb-server/pom.xml ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml index 3edfc6e..02b69d6 100644 --- a/kerby-kerb/kerb-server/pom.xml +++ b/kerby-kerb/kerb-server/pom.xml @@ -57,11 +57,6 @@ kerby-event ${project.version} - - org.apache.kerby - kerby-pkix - ${project.version} - http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-provider/token-provider/pom.xml ---------------------------------------------------------------------- diff --git a/kerby-provider/token-provider/pom.xml b/kerby-provider/token-provider/pom.xml index af7fe34..140cdc2 100644 --- a/kerby-provider/token-provider/pom.xml +++ b/kerby-provider/token-provider/pom.xml @@ -22,7 +22,7 @@ com.nimbusds nimbus-jose-jwt - 3.8.2 + 3.9 http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java ---------------------------------------------------------------------- diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java index a4441eb..fe9e7ad 100644 --- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java +++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java @@ -19,50 +19,82 @@ */ package org.apache.kerby.kerberos.provider.token; +import com.nimbusds.jose.PlainHeader; +import com.nimbusds.jwt.JWT; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.PlainJWT; +import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; import org.apache.kerby.kerberos.kerb.spec.base.AuthToken; import java.util.Date; import java.util.List; import java.util.Map; +import java.util.UUID; /** * JWT auth token backed by JWT token. */ public class JwtAuthToken implements AuthToken { + private JWTClaimsSet jwtClaims; + + protected JwtAuthToken() { + this(new JWTClaimsSet()); + } + + protected JwtAuthToken(JWTClaimsSet jwtClaims) { + this.jwtClaims = jwtClaims; + } + + protected JwtAuthToken(ReadOnlyJWTClaimsSet jwtClaims) { + this.jwtClaims = JwtUtil.from(jwtClaims); + } + + protected JWT getJwt() { + String jti = jwtClaims.getJWTID(); + if (jti == null || jti.isEmpty()) { + jti = UUID.randomUUID().toString(); + jwtClaims.setJWTID(jti); + } + + PlainHeader header = new PlainHeader(); + PlainJWT jwt = new PlainJWT(header, jwtClaims); + return jwt; + } + @Override public String getSubject() { - return null; + return jwtClaims.getSubject(); } @Override public void setSubject(String sub) { - + jwtClaims.setSubject(sub); } @Override public String getIssuer() { - return null; + return jwtClaims.getIssuer(); } @Override public void setIssuer(String issuer) { - + jwtClaims.setIssuer(issuer); } @Override public List getAudiences() { - return null; + return jwtClaims.getAudience(); } @Override public void setAudiences(List audiences) { - + jwtClaims.setAudience(audiences); } @Override public boolean isIdToken() { - return false; + return true; } @Override @@ -72,7 +104,7 @@ public class JwtAuthToken implements AuthToken { @Override public boolean isBearerToken() { - return false; + return true; } @Override @@ -82,41 +114,41 @@ public class JwtAuthToken implements AuthToken { @Override public Date getExpiredTime() { - return null; + return jwtClaims.getExpirationTime(); } @Override public void setExpiredTime(Date exp) { - + jwtClaims.setExpirationTime(exp); } @Override public Date getNotBeforeTime() { - return null; + return jwtClaims.getNotBeforeTime(); } @Override public void setNotBeforeTime(Date nbt) { - + jwtClaims.setNotBeforeTime(nbt); } @Override - public Date getIssuedAtTime() { - return null; + public Date getIssueTime() { + return jwtClaims.getIssueTime(); } @Override - public void setIssuedAtTime(Date iat) { - + public void setIssueTime(Date iat) { + jwtClaims.setIssueTime(iat); } @Override - public Map getAttributes() { - return null; + public Map getAttributes() { + return jwtClaims.getAllClaims(); } @Override - public void addAttribute(String name, String value) { - + public void addAttribute(String name, Object value) { + jwtClaims.setCustomClaim(name, value); } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java ---------------------------------------------------------------------- diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java index b5e536d..c8f1442 100644 --- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java +++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java @@ -19,10 +19,14 @@ */ package org.apache.kerby.kerberos.provider.token; +import com.nimbusds.jwt.JWT; +import com.nimbusds.jwt.PlainJWT; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.provider.TokenEncoder; import org.apache.kerby.kerberos.kerb.spec.base.AuthToken; import java.io.IOException; +import java.text.ParseException; /** * JWT token encoder, implemented using Nimbus JWT library. @@ -30,8 +34,9 @@ import java.io.IOException; public class JwtTokenEncoder implements TokenEncoder { @Override - public byte[] encodeAsBytes(AuthToken token) { - return new byte[0]; + public byte[] encodeAsBytes(AuthToken token) throws KrbException { + String tokenStr = encodeAsString(token); + return tokenStr.getBytes(); } @Override @@ -40,12 +45,25 @@ public class JwtTokenEncoder implements TokenEncoder { } @Override - public String encodeAsString(AuthToken token) { - return null; + public String encodeAsString(AuthToken token) throws KrbException { + if (! (token instanceof JwtAuthToken) ) { + throw new KrbException("Unexpected AuthToken, not JwtAuthToken"); + } + + JwtAuthToken jwtAuthToken = (JwtAuthToken) token; + JWT jwt = jwtAuthToken.getJwt(); + + String tokenStr = jwt.serialize(); + return tokenStr; } @Override - public AuthToken decodeFromString(String content) throws IOException { - return null; + public AuthToken decodeFromString(String content) throws KrbException { + try { + PlainJWT jwt = PlainJWT.parse(content); + return new JwtAuthToken(jwt.getJWTClaimsSet()); + } catch (ParseException e) { + throw new KrbException("Failed to parse JWT token string", e); + } } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d2392ce1/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java ---------------------------------------------------------------------- diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java new file mode 100644 index 0000000..d7f8e07 --- /dev/null +++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java @@ -0,0 +1,17 @@ +package org.apache.kerby.kerberos.provider.token; + +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; + +/** + * JWT token utilities. + */ +public class JwtUtil { + + public static JWTClaimsSet from(ReadOnlyJWTClaimsSet readOnlyClaims) { + JWTClaimsSet result = new JWTClaimsSet(); + //readOnlyClaims.getAudience() + + return result; + } +}