You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by co...@apache.org on 2017/09/21 15:02:34 UTC
knox git commit: KNOX-1036 - Fix a number of issues relating to
JWTokenAuthority
Repository: knox
Updated Branches:
refs/heads/master d3f507f94 -> c833bf907
KNOX-1036 - Fix a number of issues relating to JWTokenAuthority
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c833bf90
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c833bf90
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c833bf90
Branch: refs/heads/master
Commit: c833bf907566301e525f514354dcb0325f5e0738
Parents: d3f507f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Sep 20 11:26:33 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Sep 21 15:42:41 2017 +0100
----------------------------------------------------------------------
.../filter/JWTAccessTokenAssertionFilter.java | 23 ++++++------
.../jwt/filter/JWTAuthCodeAssertionFilter.java | 16 ++++----
.../federation/AbstractJWTFilterTest.java | 19 +++++-----
.../impl/DefaultTokenAuthorityService.java | 21 ++++++-----
.../service/knoxsso/WebSSOResourceTest.java | 14 +++----
.../knoxtoken/TokenServiceResourceTest.java | 14 +++----
.../security/token/JWTokenAuthority.java | 19 +++++-----
.../services/security/token/impl/JWT.java | 39 +++++++++++---------
.../services/security/token/impl/JWTToken.java | 27 +++++++-------
9 files changed, 97 insertions(+), 95 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
index f8d9a02..e2ef32e 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
@@ -39,6 +39,7 @@ import org.apache.hadoop.gateway.services.GatewayServices;
import org.apache.hadoop.gateway.services.registry.ServiceRegistry;
import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
+import org.apache.hadoop.gateway.services.security.token.impl.JWT;
import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
import org.apache.hadoop.gateway.util.JsonUtils;
@@ -66,12 +67,12 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE);
sr = (ServiceRegistry) services.getService(GatewayServices.SERVICE_REGISTRY_SERVICE);
}
-
+
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String jsonResponse = null;
-
+
String header = ((HttpServletRequest) request).getHeader("Authorization");
if (header != null && header.startsWith(BEARER)) {
// what follows the bearer designator should be the JWT token being used to request or as an access token
@@ -94,7 +95,7 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
else {
throw new ServletException("Expected JWT Token not provided as Bearer token");
}
-
+
// authorization of the user for the requested service (and resource?) should have been done by
// the JWTFederationFilter - once we get here we can assume that it is authorized and we just need
// to assert the identity via an access token
@@ -102,27 +103,27 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
Subject subject = Subject.getSubject(AccessController.getContext());
String principalName = getPrincipalName(subject);
principalName = mapper.mapUserPrincipal(principalName);
-
+
// calculate expiration timestamp: validity * 1000 + currentTimeInMillis
long expires = System.currentTimeMillis() + validity * 1000;
-
+
String serviceName = request.getParameter("service-name");
String clusterName = request.getParameter("cluster-name");
String accessToken = getAccessToken(principalName, serviceName, expires);
-
+
String serviceURL = sr.lookupServiceURL(clusterName, serviceName);
-
+
HashMap<String, Object> map = new HashMap<>();
// TODO: populate map from JWT authorization code
map.put(ACCESS_TOKEN, accessToken);
map.put(TOKEN_TYPE, BEARER);
map.put(EXPIRES_IN, expires);
-
+
// TODO: this url needs to be rewritten when in gateway deployments....
map.put(SVC_URL, serviceURL);
-
+
jsonResponse = JsonUtils.renderAsJsonString(map);
-
+
response.getWriter().write(jsonResponse);
//KNOX-685: response.getWriter().flush();
return; // break filter chain
@@ -147,7 +148,7 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
return principalName;
}
};
- JWTToken token = null;
+ JWT token = null;
try {
token = authority.issueToken(p, serviceName, "RS256", expires);
// Coverity CID 1327961
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
index 07cdf62..74b154f 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
@@ -33,12 +33,12 @@ import org.apache.hadoop.gateway.services.GatewayServices;
import org.apache.hadoop.gateway.services.registry.ServiceRegistry;
import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
+import org.apache.hadoop.gateway.services.security.token.impl.JWT;
import org.apache.hadoop.gateway.util.JsonUtils;
public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter {
private static final String BEARER = "Bearer ";
-
+
private JWTokenAuthority authority = null;
private ServiceRegistry sr;
@@ -56,7 +56,7 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter
authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE);
sr = (ServiceRegistry) services.getService(GatewayServices.SERVICE_REGISTRY_SERVICE);
}
-
+
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
@@ -64,15 +64,15 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter
Subject subject = Subject.getSubject(AccessController.getContext());
String principalName = getPrincipalName(subject);
principalName = mapper.mapUserPrincipal(principalName);
- JWTToken authCode;
+ JWT authCode;
try {
authCode = authority.issueToken(subject, "RS256");
// get the url for the token service
- String url = null;
+ String url = null;
if (sr != null) {
url = sr.lookupServiceURL("token", "TGS");
}
-
+
HashMap<String, Object> map = new HashMap<>();
// TODO: populate map from JWT authorization code
// Coverity CID 1327960
@@ -86,9 +86,9 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter
if (url != null) {
map.put("tke", url);
}
-
+
String jsonResponse = JsonUtils.renderAsJsonString(map);
-
+
response.getWriter().write(jsonResponse);
//KNOX-685: response.getWriter().flush();
} catch (TokenServiceException e) {
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
index d477f1f..bdde3e6 100644
--- a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
+++ b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
@@ -56,7 +56,6 @@ import org.apache.hadoop.gateway.services.security.impl.X509CertificateUtil;
import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
import org.apache.hadoop.gateway.services.security.token.impl.JWT;
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
import org.easymock.EasyMock;
import org.junit.After;
import org.junit.Assert;
@@ -550,7 +549,7 @@ public abstract class AbstractJWTFilterTest {
* @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(javax.security.auth.Subject, java.lang.String)
*/
@Override
- public JWTToken issueToken(Subject subject, String algorithm)
+ public JWT issueToken(Subject subject, String algorithm)
throws TokenServiceException {
// TODO Auto-generated method stub
return null;
@@ -560,7 +559,7 @@ public abstract class AbstractJWTFilterTest {
* @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String)
*/
@Override
- public JWTToken issueToken(Principal p, String algorithm)
+ public JWT issueToken(Principal p, String algorithm)
throws TokenServiceException {
// TODO Auto-generated method stub
return null;
@@ -570,16 +569,16 @@ public abstract class AbstractJWTFilterTest {
* @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, java.lang.String)
*/
@Override
- public JWTToken issueToken(Principal p, String audience, String algorithm)
+ public JWT issueToken(Principal p, String audience, String algorithm)
throws TokenServiceException {
return null;
}
/* (non-Javadoc)
- * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#verifyToken(org.apache.hadoop.gateway.services.security.token.impl.JWTToken)
+ * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#verifyToken(org.apache.hadoop.gateway.services.security.token.impl.JWT)
*/
@Override
- public boolean verifyToken(JWTToken token) throws TokenServiceException {
+ public boolean verifyToken(JWT token) throws TokenServiceException {
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) verifyingKey);
return token.verify(verifier);
}
@@ -588,13 +587,13 @@ public abstract class AbstractJWTFilterTest {
* @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, java.lang.String, long)
*/
@Override
- public JWTToken issueToken(Principal p, String audience, String algorithm,
+ public JWT issueToken(Principal p, String audience, String algorithm,
long expires) throws TokenServiceException {
return null;
}
@Override
- public JWTToken issueToken(Principal p, List<String> audiences, String algorithm,
+ public JWT issueToken(Principal p, List<String> audiences, String algorithm,
long expires) throws TokenServiceException {
return null;
}
@@ -603,14 +602,14 @@ public abstract class AbstractJWTFilterTest {
* @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, long)
*/
@Override
- public JWT issueToken(Principal p, String audience, long l)
+ public JWT issueToken(Principal p, String algorithm, long expires)
throws TokenServiceException {
// TODO Auto-generated method stub
return null;
}
@Override
- public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException {
+ public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException {
JWSVerifier verifier = new RSASSAVerifier(publicKey);
return token.verify(verifier);
}
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
index fc0a266..33b86bd 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
@@ -37,6 +37,7 @@ import org.apache.hadoop.gateway.services.security.KeystoreService;
import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
+import org.apache.hadoop.gateway.services.security.token.impl.JWT;
import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
import com.nimbusds.jose.JWSSigner;
@@ -63,28 +64,28 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service {
* @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(javax.security.auth.Subject, java.lang.String)
*/
@Override
- public JWTToken issueToken(Subject subject, String algorithm) throws TokenServiceException {
+ public JWT issueToken(Subject subject, String algorithm) throws TokenServiceException {
Principal p = (Principal) subject.getPrincipals().toArray()[0];
return issueToken(p, algorithm);
}
-
+
/* (non-Javadoc)
* @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String)
*/
@Override
- public JWTToken issueToken(Principal p, String algorithm) throws TokenServiceException {
+ public JWT issueToken(Principal p, String algorithm) throws TokenServiceException {
return issueToken(p, null, algorithm);
}
-
+
/* (non-Javadoc)
* @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, long expires)
*/
@Override
- public JWTToken issueToken(Principal p, String algorithm, long expires) throws TokenServiceException {
+ public JWT issueToken(Principal p, String algorithm, long expires) throws TokenServiceException {
return issueToken(p, (String)null, algorithm, expires);
}
- public JWTToken issueToken(Principal p, String audience, String algorithm)
+ public JWT issueToken(Principal p, String audience, String algorithm)
throws TokenServiceException {
return issueToken(p, audience, algorithm, -1);
}
@@ -93,7 +94,7 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service {
* @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, java.lang.String)
*/
@Override
- public JWTToken issueToken(Principal p, String audience, String algorithm, long expires)
+ public JWT issueToken(Principal p, String audience, String algorithm, long expires)
throws TokenServiceException {
ArrayList<String> audiences = null;
if (audience != null) {
@@ -104,7 +105,7 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service {
}
@Override
- public JWTToken issueToken(Principal p, List<String> audiences, String algorithm, long expires)
+ public JWT issueToken(Principal p, List<String> audiences, String algorithm, long expires)
throws TokenServiceException {
String[] claimArray = new String[4];
claimArray[0] = "KNOXSSO";
@@ -159,13 +160,13 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service {
}
@Override
- public boolean verifyToken(JWTToken token)
+ public boolean verifyToken(JWT token)
throws TokenServiceException {
return verifyToken(token, null);
}
@Override
- public boolean verifyToken(JWTToken token, RSAPublicKey publicKey)
+ public boolean verifyToken(JWT token, RSAPublicKey publicKey)
throws TokenServiceException {
boolean rc = false;
PublicKey key;
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
index c953c91..4e9e76b 100644
--- a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
+++ b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
@@ -274,32 +274,32 @@ public class WebSSOResourceTest {
}
@Override
- public JWTToken issueToken(Subject subject, String algorithm)
+ public JWT issueToken(Subject subject, String algorithm)
throws TokenServiceException {
Principal p = (Principal) subject.getPrincipals().toArray()[0];
return issueToken(p, algorithm);
}
@Override
- public JWTToken issueToken(Principal p, String algorithm)
+ public JWT issueToken(Principal p, String algorithm)
throws TokenServiceException {
return issueToken(p, null, algorithm);
}
@Override
- public JWTToken issueToken(Principal p, String audience, String algorithm)
+ public JWT issueToken(Principal p, String audience, String algorithm)
throws TokenServiceException {
return issueToken(p, audience, algorithm, -1);
}
@Override
- public boolean verifyToken(JWTToken token) throws TokenServiceException {
+ public boolean verifyToken(JWT token) throws TokenServiceException {
JWSVerifier verifier = new RSASSAVerifier(publicKey);
return token.verify(verifier);
}
@Override
- public JWTToken issueToken(Principal p, String audience, String algorithm,
+ public JWT issueToken(Principal p, String audience, String algorithm,
long expires) throws TokenServiceException {
List<String> audiences = null;
if (audience != null) {
@@ -310,7 +310,7 @@ public class WebSSOResourceTest {
}
@Override
- public JWTToken issueToken(Principal p, List<String> audiences, String algorithm,
+ public JWT issueToken(Principal p, List<String> audiences, String algorithm,
long expires) throws TokenServiceException {
String[] claimArray = new String[4];
claimArray[0] = "KNOXSSO";
@@ -341,7 +341,7 @@ public class WebSSOResourceTest {
}
@Override
- public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException {
+ public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException {
JWSVerifier verifier = new RSASSAVerifier(publicKey);
return token.verify(verifier);
}
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
index 9faa073..bddd13d 100644
--- a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
+++ b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
@@ -229,32 +229,32 @@ public class TokenServiceResourceTest {
}
@Override
- public JWTToken issueToken(Subject subject, String algorithm)
+ public JWT issueToken(Subject subject, String algorithm)
throws TokenServiceException {
Principal p = (Principal) subject.getPrincipals().toArray()[0];
return issueToken(p, algorithm);
}
@Override
- public JWTToken issueToken(Principal p, String algorithm)
+ public JWT issueToken(Principal p, String algorithm)
throws TokenServiceException {
return issueToken(p, null, algorithm);
}
@Override
- public JWTToken issueToken(Principal p, String audience, String algorithm)
+ public JWT issueToken(Principal p, String audience, String algorithm)
throws TokenServiceException {
return issueToken(p, audience, algorithm, -1);
}
@Override
- public boolean verifyToken(JWTToken token) throws TokenServiceException {
+ public boolean verifyToken(JWT token) throws TokenServiceException {
JWSVerifier verifier = new RSASSAVerifier(publicKey);
return token.verify(verifier);
}
@Override
- public JWTToken issueToken(Principal p, String audience, String algorithm,
+ public JWT issueToken(Principal p, String audience, String algorithm,
long expires) throws TokenServiceException {
ArrayList<String> audiences = null;
if (audience != null) {
@@ -265,7 +265,7 @@ public class TokenServiceResourceTest {
}
@Override
- public JWTToken issueToken(Principal p, List<String> audiences, String algorithm,
+ public JWT issueToken(Principal p, List<String> audiences, String algorithm,
long expires) throws TokenServiceException {
String[] claimArray = new String[4];
claimArray[0] = "KNOXSSO";
@@ -296,7 +296,7 @@ public class TokenServiceResourceTest {
}
@Override
- public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException {
+ public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException {
JWSVerifier verifier = new RSASSAVerifier(publicKey);
return token.verify(verifier);
}
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
index 9cb82ec..155b239 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
@@ -24,29 +24,28 @@ import java.util.List;
import javax.security.auth.Subject;
import org.apache.hadoop.gateway.services.security.token.impl.JWT;
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
public interface JWTokenAuthority {
- JWTToken issueToken(Subject subject, String algorithm)
+ JWT issueToken(Subject subject, String algorithm)
throws TokenServiceException;
- JWTToken issueToken(Principal p, String algorithm)
+ JWT issueToken(Principal p, String algorithm)
throws TokenServiceException;
- JWTToken issueToken(Principal p, String audience,
+ JWT issueToken(Principal p, String audience,
String algorithm) throws TokenServiceException;
- boolean verifyToken(JWTToken token) throws TokenServiceException;
+ boolean verifyToken(JWT token) throws TokenServiceException;
- boolean verifyToken(JWTToken token, RSAPublicKey publicKey)
+ boolean verifyToken(JWT token, RSAPublicKey publicKey)
throws TokenServiceException;
- JWTToken issueToken(Principal p, String audience, String algorithm,
- long expires) throws TokenServiceException;
+ JWT issueToken(Principal p, String algorithm, long expires) throws TokenServiceException;
- JWT issueToken(Principal p, String audience, long l) throws TokenServiceException;
+ JWT issueToken(Principal p, String audience, String algorithm,
+ long expires) throws TokenServiceException;
- JWTToken issueToken(Principal p, List<String> audience, String algorithm,
+ JWT issueToken(Principal p, List<String> audience, String algorithm,
long expires) throws TokenServiceException;
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
index b834649..1a6f4f9 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
@@ -20,41 +20,44 @@ package org.apache.hadoop.gateway.services.security.token.impl;
import java.util.Date;
import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.JWSVerifier;
public interface JWT {
- public static final String PRINCIPAL = "prn";
- public static final String SUBJECT = "sub";
- public static final String ISSUER = "iss";
- public static final String AUDIENCE = "aud";
- public static final String EXPIRES = "exp";
+ String PRINCIPAL = "prn";
+ String SUBJECT = "sub";
+ String ISSUER = "iss";
+ String AUDIENCE = "aud";
+ String EXPIRES = "exp";
- public abstract String getPayload();
+ String getPayload();
- public abstract void setSignaturePayload(byte[] payload);
+ void setSignaturePayload(byte[] payload);
- public abstract byte[] getSignaturePayload();
+ byte[] getSignaturePayload();
- public abstract String getClaim(String claimName);
+ String getClaim(String claimName);
- public abstract String getPrincipal();
+ String getPrincipal();
- public abstract String getIssuer();
+ String getIssuer();
- public abstract String getAudience();
+ String getAudience();
public String[] getAudienceClaims();
- public abstract String getExpires();
+ String getExpires();
- public abstract Date getExpiresDate();
+ Date getExpiresDate();
- public abstract String getSubject();
+ String getSubject();
- public abstract String getHeader();
+ String getHeader();
- public abstract String getClaims();
+ String getClaims();
- public abstract void sign(JWSSigner signer);
+ void sign(JWSSigner signer);
+
+ boolean verify(JWSVerifier verifier);
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
index cc2ccfe..49d8609 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
@@ -39,10 +39,10 @@ public class JWTToken implements JWT {
private static JWTProviderMessages log = MessagesFactory.get( JWTProviderMessages.class );
SignedJWT jwt = null;
-
+
private JWTToken(byte[] header, byte[] claims, byte[] signature) throws ParseException {
try {
- jwt = new SignedJWT(new Base64URL(new String(header, "UTF8")), new Base64URL(new String(claims, "UTF8")),
+ jwt = new SignedJWT(new Base64URL(new String(header, "UTF8")), new Base64URL(new String(claims, "UTF8")),
new Base64URL(new String(signature, "UTF8")));
} catch (UnsupportedEncodingException e) {
log.unsupportedEncoding(e);
@@ -79,7 +79,7 @@ public class JWTToken implements JWT {
if(claimsArray[3] != null) {
builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3])));
}
-
+
claims = builder.build();
jwt = new SignedJWT(header, claims);
@@ -151,7 +151,7 @@ public class JWTToken implements JWT {
// System.out.println("header: " + token.header);
// System.out.println("claims: " + token.claims);
// System.out.println("payload: " + new String(token.payload));
-
+
return jwt;
}
@@ -161,13 +161,13 @@ public class JWTToken implements JWT {
@Override
public String getClaim(String claimName) {
String claim = null;
-
+
try {
claim = jwt.getJWTClaimsSet().getStringClaim(claimName);
} catch (ParseException e) {
log.unableToParseToken(e);
}
-
+
return claim;
}
@@ -246,9 +246,9 @@ public class JWTToken implements JWT {
return getClaim(JWT.PRINCIPAL);
}
-
+
/* (non-Javadoc)
- * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#getPrincipal()
+ * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#sign(JWSSigner)
*/
@Override
public void sign(JWSSigner signer) {
@@ -259,20 +259,19 @@ public class JWTToken implements JWT {
}
}
- /**
- * @param verifier
- * @return
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#verify(JWSVerifier)
*/
public boolean verify(JWSVerifier verifier) {
boolean rc = false;
-
+
try {
rc = jwt.verify(verifier);
} catch (JOSEException e) {
// TODO Auto-generated catch block
log.unableToVerifyToken(e);
}
-
+
return rc;
- }
+ }
}