You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/16 12:25:25 UTC

cxf-fediz git commit: [FEDIZ-134] Simplifying a code dealing with the signatures a bit

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 1c4d2f580 -> 7b94dcb76


[FEDIZ-134] Simplifying a code dealing with the signatures a bit


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7b94dcb7
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7b94dcb7
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7b94dcb7

Branch: refs/heads/master
Commit: 7b94dcb765a935153327312567312e4a7af5b7c7
Parents: 1c4d2f5
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Nov 16 11:25:07 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Nov 16 11:25:07 2015 +0000

----------------------------------------------------------------------
 .../cxf/fediz/service/oidc/OAuthDataManager.java  | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7b94dcb7/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index c498161..51ff209 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -23,13 +23,10 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Properties;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.apache.cxf.fediz.core.FedizPrincipal;
 import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
@@ -41,6 +38,7 @@ import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGran
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
@@ -100,23 +98,17 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
     }
 
     protected String getJoseIdToken(FedizPrincipal principal, Client client) {
-        IdToken jwtClaims = tokenConverter.convertToIdToken(principal.getLoginToken().getOwnerDocument(),
+        IdToken idToken = tokenConverter.convertToIdToken(principal.getLoginToken().getOwnerDocument(),
                                                           principal.getName(), 
                                                           client.getClientId());
-        JwsJwtCompactProducer p = new JwsJwtCompactProducer(jwtClaims);
+        JwsJwtCompactProducer p = new JwsJwtCompactProducer(idToken);
         return p.signWith(getJwsSignatureProvider(client));
         // the JWS compact output may also need to be encrypted
     }
 
     protected JwsSignatureProvider getJwsSignatureProvider(Client client) {
-        if (signIdTokenWithClientSecret && client.isConfidential() && client.getClientSecret() != null) {
-            Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
-            SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(
-            sigProps.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM));
-            sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
-            if (AlgorithmUtils.isHmacSign(sigAlgo)) {
-                return JwsUtils.getHmacSignatureProvider(client.getClientSecret(), sigAlgo);
-            }
+        if (signIdTokenWithClientSecret && client.isConfidential()) {
+            return OAuthUtils.getClientSecretSignatureProvider(client.getClientSecret());
         } 
         return JwsUtils.loadSignatureProvider(true);