You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2013/12/20 14:45:31 UTC

svn commit: r1552667 - /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/

Author: sergeyb
Date: Fri Dec 20 13:45:30 2013
New Revision: 1552667

URL: http://svn.apache.org/r1552667
Log:
[CXF-5472] Making a digest-based code verifier check optional as per the latest draft

Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java   (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java   (with props)
Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java?rev=1552667&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java Fri Dec 20 13:45:30 2013
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.grants.code;
+
+import java.util.List;
+
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+
+
+/**
+ * Abstract AuthorizationCodeDataProvider implementation 
+ */
+public abstract class AbstractAuthorizationCodeDataProvider implements AuthorizationCodeDataProvider {
+
+    private long grantLifetime;
+    
+    public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)
+        throws OAuthServiceException {
+        ServerAuthorizationCodeGrant grant = 
+            new ServerAuthorizationCodeGrant(reg.getClient(), getCode(reg), getGrantLifetime(), getIssuedAt());
+        grant.setApprovedScopes(getApprovedScopes(reg));
+        grant.setAudience(reg.getAudience());
+        grant.setClientCodeVerifier(reg.getClientCodeVerifier());
+        grant.setSubject(reg.getSubject());
+        grant.setRedirectUri(reg.getRedirectUri());
+        return grant;
+    }
+
+    protected List<String> getApprovedScopes(AuthorizationCodeRegistration reg) {
+        return reg.getApprovedScope();
+    }
+    
+    protected String getCode(AuthorizationCodeRegistration reg) {
+        return OAuthUtils.generateRandomTokenKey();
+    }
+
+    public long getGrantLifetime() {
+        return grantLifetime;
+    }
+
+    public void setGrantLifetime(long lifetime) {
+        this.grantLifetime = lifetime;
+    }
+
+    protected long getIssuedAt() {
+        return OAuthUtils.getIssuedAt();
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java?rev=1552667&r1=1552666&r2=1552667&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java Fri Dec 20 13:45:30 2013
@@ -19,17 +19,12 @@
 
 package org.apache.cxf.rs.security.oauth2.grants.code;
 
-import java.io.StringWriter;
-
 import javax.ws.rs.core.MultivaluedMap;
 
-import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-import org.apache.cxf.rs.security.oauth2.utils.MessageDigestGenerator;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
@@ -39,6 +34,8 @@ import org.apache.cxf.rs.security.oauth2
  */
 public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
     
+    private CodeVerifierTransformer codeVerifierTransformer;
+    
     public AuthorizationCodeGrantHandler() {
         super(OAuthConstants.AUTHORIZATION_CODE_GRANT);
     }
@@ -92,18 +89,13 @@ public class AuthorizationCodeGrantHandl
         if (clientCodeChallenge == null) {
             return false;
         }
-        MessageDigestGenerator mdg = new MessageDigestGenerator();
-        byte[] digest = mdg.createDigest(clientCodeVerifier, "SHA-256");
-        int length = digest.length > 128 / 8 ? 128 / 8 : digest.length;
-        
-        StringWriter stringWriter = new StringWriter();
-        try {
-            Base64UrlUtility.encode(digest, 0, length, stringWriter);
-        } catch (Base64Exception e) {
-            throw new OAuthServiceException("server_error", e);
-        }
-        String expectedHash = stringWriter.toString();
-        return clientCodeChallenge.equals(expectedHash);
+        String transformedCodeVerifier = codeVerifierTransformer == null 
+            ? clientCodeVerifier : codeVerifierTransformer.transformCodeVerifier(clientCodeVerifier); 
+        return clientCodeChallenge.equals(transformedCodeVerifier);
         
     }
+
+    public void setCodeVerifierTransformer(CodeVerifierTransformer codeVerifier) {
+        this.codeVerifierTransformer = codeVerifier;
+    }
 }

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java?rev=1552667&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java Fri Dec 20 13:45:30 2013
@@ -0,0 +1,23 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.code;
+
+public interface CodeVerifierTransformer {
+    String transformCodeVerifier(String codeVerifier); 
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/CodeVerifierTransformer.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java?rev=1552667&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java Fri Dec 20 13:45:30 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.code;
+
+import java.io.StringWriter;
+
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+import org.apache.cxf.rs.security.oauth2.utils.MessageDigestGenerator;
+
+public class DigestCodeVerifier implements CodeVerifierTransformer {
+
+    public String transformCodeVerifier(String codeVerifier) {
+        MessageDigestGenerator mdg = new MessageDigestGenerator();
+        byte[] digest = mdg.createDigest(codeVerifier, "SHA-256");
+        int length = digest.length > 128 / 8 ? 128 / 8 : digest.length;
+        
+        StringWriter stringWriter = new StringWriter();
+        try {
+            Base64UrlUtility.encode(digest, 0, length, stringWriter);
+        } catch (Base64Exception e) {
+            throw new OAuthServiceException("server_error", e);
+        }
+        return stringWriter.toString();
+    }
+
+    
+
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date