oltu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From asa...@apache.org
Subject svn commit: r1552699 - in /oltu/trunk/jose/jws/src: main/java/org/apache/oltu/jose/jws/signature/impl/ test/java/org/apache/oltu/jose/jws/impl/
Date Fri, 20 Dec 2013 15:11:24 GMT
Author: asanso
Date: Fri Dec 20 15:11:24 2013
New Revision: 1552699

URL: http://svn.apache.org/r1552699
Log:
OLTU-133 - Add HS256 implementation of SignatureMethod

* added SignatureMethodsHMAC256Impl

Added:
    oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/
    oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodsHMAC256Impl.java
    oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SymmetricKeyImpl.java
    oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/impl/
    oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/impl/SignatureMethodsHMAC256ImplTest.java

Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodsHMAC256Impl.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodsHMAC256Impl.java?rev=1552699&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodsHMAC256Impl.java
(added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodsHMAC256Impl.java
Fri Dec 20 15:11:24 2013
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws.signature.impl;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import org.apache.oltu.commons.encodedtoken.TokenDecoder;
+import org.apache.oltu.jose.jws.signature.SignatureMethod;
+
+public class SignatureMethodsHMAC256Impl implements
+        SignatureMethod<SymmetricKeyImpl, SymmetricKeyImpl> {
+
+    private static final String ALG = "HS256";
+
+    @Override
+    public String calculate(String header, String payload,
+            SymmetricKeyImpl signingKey) {
+
+        StringBuilder sb = new StringBuilder();
+        sb.append(header).append(".").append(payload);
+        String stringToSign = sb.toString();
+        byte[] bytes = stringToSign.getBytes();
+        try {
+
+            Mac mac = Mac.getInstance("HMACSHA256");
+            mac.init(new SecretKeySpec(signingKey.getKey(), mac.getAlgorithm()));
+            mac.update(bytes);
+            bytes = mac.doFinal();
+
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        } catch (InvalidKeyException e) {
+            throw new RuntimeException(e);
+        }
+
+        return TokenDecoder.base64Encode(bytes);
+    }
+
+    @Override
+    public boolean verify(String signature, String header, String payload,
+            SymmetricKeyImpl verifyingKey) {
+        String signed = calculate(header, payload, verifyingKey);
+        return signed.equals(signature);
+    }
+
+    @Override
+    public String getAlgorithm() {
+        return ALG;
+    }
+
+}

Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SymmetricKeyImpl.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SymmetricKeyImpl.java?rev=1552699&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SymmetricKeyImpl.java
(added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SymmetricKeyImpl.java
Fri Dec 20 15:11:24 2013
@@ -0,0 +1,38 @@
+/*************************************************************************
+ *
+ * ADOBE CONFIDENTIAL
+ * __________________
+ *
+ *  Copyright 2013 Adobe Systems Incorporated
+ *  All Rights Reserved.
+ *
+ * NOTICE:  All information contained herein is, and remains
+ * the property of Adobe Systems Incorporated and its suppliers,
+ * if any.  The intellectual and technical concepts contained
+ * herein are proprietary to Adobe Systems Incorporated and its
+ * suppliers and are protected by trade secret or copyright law.
+ * Dissemination of this information or reproduction of this material
+ * is strictly forbidden unless prior written permission is obtained
+ * from Adobe Systems Incorporated.
+ **************************************************************************/
+package org.apache.oltu.jose.jws.signature.impl;
+
+import org.apache.oltu.jose.jws.signature.SymmetricKey;
+
+/**
+ * Symmetric key implementation used for both <i>sign</i> and <i>verify</i>
+ * operations.
+ */
+public class SymmetricKeyImpl implements SymmetricKey {
+
+    private byte[] key;
+
+    public SymmetricKeyImpl(byte[] key) {
+        this.key = key;
+    }
+
+    public byte[] getKey() {
+        return key;
+    }
+
+}

Added: oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/impl/SignatureMethodsHMAC256ImplTest.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/impl/SignatureMethodsHMAC256ImplTest.java?rev=1552699&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/impl/SignatureMethodsHMAC256ImplTest.java
(added)
+++ oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/impl/SignatureMethodsHMAC256ImplTest.java
Fri Dec 20 15:11:24 2013
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws.impl;
+
+import org.apache.oltu.commons.encodedtoken.TokenDecoder;
+import org.apache.oltu.jose.jws.signature.impl.SignatureMethodsHMAC256Impl;
+import org.apache.oltu.jose.jws.signature.impl.SymmetricKeyImpl;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class SignatureMethodsHMAC256ImplTest {
+
+    private final byte[] hsKey = { 3, (byte) 35, (byte) 53, (byte) 75,
+            (byte) 43, (byte) 15, (byte) 165, (byte) 188, (byte) 131,
+            (byte) 126, (byte) 6, (byte) 101, (byte) 119, (byte) 123,
+            (byte) 166, (byte) 143, (byte) 90, (byte) 179, (byte) 40,
+            (byte) 230, (byte) 240, (byte) 84, (byte) 201, (byte) 40,
+            (byte) 169, (byte) 15, (byte) 132, (byte) 178, (byte) 210,
+            (byte) 80, (byte) 46, (byte) 191, (byte) 211, (byte) 251,
+            (byte) 90, (byte) 146, (byte) 210, (byte) 6, (byte) 71, (byte) 239,
+            (byte) 150, (byte) 138, (byte) 180, (byte) 195, (byte) 119,
+            (byte) 98, (byte) 61, (byte) 34, (byte) 61, (byte) 46, (byte) 33,
+            (byte) 114, (byte) 5, (byte) 46, (byte) 79, (byte) 8, (byte) 192,
+            (byte) 205, (byte) 154, (byte) 245, (byte) 103, (byte) 208,
+            (byte) 128, (byte) 163 };
+
+    private String hs256;
+
+    private String payload;
+
+    private SymmetricKeyImpl key;
+    private SignatureMethodsHMAC256Impl sHmacImpl;
+
+    @Before
+    public void setUp() {
+        payload = "{\"iss\":\"joe\",\r\n \"exp\":1300819380,\r\n \"http://example.com/is_root\":true}";
+        hs256 = "{\"typ\":\"JWT\",\r\n" + " \"alg\":\"HS256\"}";
+        key = new SymmetricKeyImpl(hsKey);
+        sHmacImpl = new SignatureMethodsHMAC256Impl();
+    }
+
+    @After
+    public void tearDown() {
+        payload = null;
+        hs256 = null;
+        key = null;
+        sHmacImpl = null;
+    }
+
+    @Test
+    public void testCalculate() {
+        assertEquals("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
+                sHmacImpl.calculate(TokenDecoder.base64Encode(hs256),
+                        TokenDecoder.base64Encode(payload), key));
+    }
+
+    @Test
+    public void testVerify() {
+        String accessToken = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
+        String jwt[] = accessToken.split("\\.");
+        assertTrue(sHmacImpl.verify(jwt[2], jwt[0], jwt[1], key));
+    }
+
+}



Mime
View raw message