You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/07/24 18:21:08 UTC
svn commit: r1365160 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2: ./
src/main/java/org/apache/cxf/rs/security/oauth2/client/
src/main/java/org/apache/cxf/rs/security/oauth2/common/
src/main/java/org/apache/cxf/rs/security/oauth2/filters/ src/mai...
Author: sergeyb
Date: Tue Jul 24 16:21:07 2012
New Revision: 1365160
URL: http://svn.apache.org/viewvc?rev=1365160&view=rev
Log:
[CXF-4431] Initial OAuth2 MAC token support, applying a modified patch from Sasi M - thanks
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java (with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java (with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java (with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java (with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java (with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java (with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java (with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java (with props)
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml Tue Jul 24 16:21:07 2012
@@ -53,6 +53,11 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java?rev=1365160&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java Tue Jul 24 16:21:07 2012
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.net.URI;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+
+public class HttpRequestProperties {
+
+ private String hostName;
+ private int port;
+ private String httpMethod;
+ private String requestPath;
+ private String requestQuery;
+
+ public HttpRequestProperties(WebClient wc, String httpMethod) {
+ this(wc.getCurrentURI(), httpMethod);
+ }
+
+ public HttpRequestProperties(URI uri, String httpMethod) {
+ this(uri.getHost(), uri.getPort(), httpMethod,
+ uri.getRawPath(), uri.getRawQuery());
+ }
+
+ public HttpRequestProperties(String hostName, int port, String httpMethod, String requestPath) {
+ this(hostName, port, httpMethod, requestPath, null);
+ }
+
+ public HttpRequestProperties(String hostName, int port, String httpMethod,
+ String requestPath, String requestQuery) {
+ this.requestPath = requestPath;
+ this.hostName = hostName;
+ this.port = port;
+ this.httpMethod = httpMethod;
+ }
+
+ public String getRequestPath() {
+ return requestPath;
+ }
+
+ public String getRequestQuery() {
+ return requestQuery;
+ }
+
+ public String getHostName() {
+ return hostName;
+ }
+ public int getPort() {
+ return port;
+ }
+ public String getHttpMethod() {
+ return httpMethod;
+ }
+}
\ No newline at end of file
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java Tue Jul 24 16:21:07 2012
@@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.tokens.mac.MacAuthorizationScheme;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
/**
@@ -225,7 +226,7 @@ public final class OAuthClientUtils {
}
/**
- * Creates OAuth Authorization header for accessing the end user's resources
+ * Creates OAuth Authorization header with Bearer scheme
* @param consumer represents the registered client
* @param accessToken the access token
* @return the header value
@@ -234,21 +235,46 @@ public final class OAuthClientUtils {
ClientAccessToken accessToken)
throws OAuthServiceException {
StringBuilder sb = new StringBuilder();
- appendTokenData(sb, accessToken);
+ appendTokenData(sb, accessToken, null);
return sb.toString();
}
-
- private static void appendTokenData(StringBuilder sb, ClientAccessToken token)
+ /**
+ * Creates OAuth Authorization header with the scheme that
+ * may require an access to the current HTTP request properties
+ * @param consumer represents the registered client
+ * @param accessToken the access token
+ * @param httpProps http request properties, can be null for Bearer tokens
+ * @return the header value
+ */
+ public static String createAuthorizationHeader(Consumer consumer,
+ ClientAccessToken accessToken,
+ HttpRequestProperties httpProps)
+ throws OAuthServiceException {
+ StringBuilder sb = new StringBuilder();
+ appendTokenData(sb, accessToken, httpProps);
+ return sb.toString();
+ }
+
+ private static void appendTokenData(StringBuilder sb,
+ ClientAccessToken token,
+ HttpRequestProperties httpProps)
throws OAuthServiceException {
// this should all be handled by token specific serializers
if (OAuthConstants.BEARER_TOKEN_TYPE.equals(token.getTokenType())) {
sb.append(OAuthConstants.BEARER_AUTHORIZATION_SCHEME);
sb.append(" ");
sb.append(token.getTokenKey());
+ } else if (OAuthConstants.MAC_TOKEN_TYPE.equals(token.getTokenType())) {
+ if (httpProps == null) {
+ throw new IllegalArgumentException("MAC scheme requires HTTP Request properties");
+ }
+ MacAuthorizationScheme macAuthData = new MacAuthorizationScheme(httpProps, token);
+ String macAlgo = token.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM);
+ String macSecret = token.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET);
+ sb.append(macAuthData.toAuthorizationHeader(macAlgo, macSecret));
} else {
- // deal with MAC and other tokens
- throw new OAuthServiceException("Unsupported token type");
+ throw new ClientWebApplicationException(new OAuthServiceException("Unsupported token type"));
}
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java Tue Jul 24 16:21:07 2012
@@ -18,7 +18,7 @@
*/
package org.apache.cxf.rs.security.oauth2.common;
-import java.util.Collections;
+import java.util.LinkedHashMap;
import java.util.Map;
/**
@@ -28,7 +28,9 @@ public abstract class AccessToken {
private String tokenKey;
private String tokenType;
- private Map<String, String> parameters = Collections.emptyMap();
+ private String refreshToken;
+
+ private Map<String, String> parameters = new LinkedHashMap<String, String>();
protected AccessToken(String tokenType, String tokenKey) {
this.tokenType = tokenType;
@@ -52,6 +54,24 @@ public abstract class AccessToken {
}
/**
+ * Sets the refresh token key the client can use to obtain a new
+ * access token
+ * @param refreshToken the refresh token
+ */
+ public void setRefreshToken(String refreshToken) {
+ this.refreshToken = refreshToken;
+ }
+
+ /**
+ * Gets the refresh token key the client can use to obtain a new
+ * access token
+ * @return the refresh token
+ */
+ public String getRefreshToken() {
+ return refreshToken;
+ }
+
+ /**
* Sets token parameters
* @param parameters the token parameters
*/
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java Tue Jul 24 16:21:07 2012
@@ -29,7 +29,6 @@ package org.apache.cxf.rs.security.oauth
public class ClientAccessToken extends AccessToken {
private String scope;
- private String rToken;
private long expiresIn = -1;
public ClientAccessToken(String tokenType, String tokenKey) {
@@ -54,23 +53,7 @@ public class ClientAccessToken extends A
return scope;
}
- /**
- * Sets the refresh token key the client can use to obtain a new
- * access token
- * @param refreshToken the refresh token
- */
- public void setRefreshToken(String refreshToken) {
- this.rToken = refreshToken;
- }
-
- /**
- * Gets the refresh token key the client can use to obtain a new
- * access token
- * @return the refresh token
- */
- public String getRefreshToken() {
- return rToken;
- }
+
/**
* The token lifetime
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java Tue Jul 24 16:21:07 2012
@@ -24,6 +24,7 @@ import java.util.List;
import javax.ws.rs.core.HttpHeaders;
import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
@@ -37,7 +38,9 @@ public class AccessTokenValidatorClient
return Collections.singletonList(OAuthConstants.ALL_AUTH_SCHEMES);
}
- public AccessTokenValidation validateAccessToken(String authScheme, String authSchemeData)
+ public AccessTokenValidation validateAccessToken(MessageContext mc,
+ String authScheme,
+ String authSchemeData)
throws OAuthServiceException {
WebClient client = WebClient.fromClient(tokenValidatorClient, true);
client.header(HttpHeaders.AUTHORIZATION, authScheme + " " + authSchemeData);
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java Tue Jul 24 16:21:07 2012
@@ -21,10 +21,13 @@ package org.apache.cxf.rs.security.oauth
import java.util.List;
+import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
public interface AccessTokenValidator {
List<String> getSupportedAuthorizationSchemes();
- AccessTokenValidation validateAccessToken(String authScheme, String authSchemeData)
+ AccessTokenValidation validateAccessToken(MessageContext mc,
+ String authScheme,
+ String authSchemeData)
throws OAuthServiceException;
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java Tue Jul 24 16:21:07 2012
@@ -24,7 +24,7 @@ import java.io.OutputStream;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.util.Collections;
-import java.util.HashMap;
+import java.util.LinkedHashMap;
import java.util.Map;
import javax.ws.rs.Consumes;
@@ -160,7 +160,7 @@ public class OAuthJSONProvider implement
if (!str.startsWith("{") || !str.endsWith("}")) {
throw new ClientWebApplicationException("JSON Sequence is broken");
}
- Map<String, String> map = new HashMap<String, String>();
+ Map<String, String> map = new LinkedHashMap<String, String>();
str = str.substring(1, str.length() - 1).trim();
String[] jsonPairs = str.split(",");
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java Tue Jul 24 16:21:07 2012
@@ -103,7 +103,7 @@ public abstract class AbstractAccessToke
if (handler != null) {
try {
// Convert the HTTP Authorization scheme data into a token
- accessTokenV = handler.validateAccessToken(authScheme, authSchemeData);
+ accessTokenV = handler.validateAccessToken(mc, authScheme, authSchemeData);
} catch (OAuthServiceException ex) {
AuthorizationUtils.throwAuthorizationFailure(
Collections.singleton(authScheme));
@@ -136,9 +136,5 @@ public abstract class AbstractAccessToke
return accessTokenV;
}
- @Deprecated
- public void setGrantHandlers(List<AccessTokenValidator> validators) {
- setTokenValidators(validators);
- }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java Tue Jul 24 16:21:07 2012
@@ -108,6 +108,7 @@ public class AccessTokenService extends
// Extract the information to be of use for the client
ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(),
serverToken.getTokenKey());
+ clientToken.setRefreshToken(serverToken.getRefreshToken());
if (writeOptionalParameters) {
clientToken.setExpiresIn(serverToken.getLifetime());
List<OAuthPermission> perms = serverToken.getScopes();
@@ -117,8 +118,6 @@ public class AccessTokenService extends
clientToken.setParameters(serverToken.getParameters());
}
- //TODO: also set a refresh token if any
-
// Return it to the client
return Response.ok(clientToken)
.header(HttpHeaders.CACHE_CONTROL, "no-store")
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java?rev=1365160&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java Tue Jul 24 16:21:07 2012
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.tokens.mac;
+
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public enum HmacAlgorithm {
+ HmacSHA1(OAuthConstants.MAC_TOKEN_ALGO_HMAC_SHA_1),
+ HmacSHA256(OAuthConstants.MAC_TOKEN_ALGO_HMAC_SHA_256);
+
+ private final String oauthName;
+
+ private HmacAlgorithm(String oauthName) {
+ this.oauthName = oauthName;
+ }
+
+ public String getOAuthName() {
+ return oauthName;
+ }
+
+ public String getJavaName() {
+ return name();
+ }
+
+ public static HmacAlgorithm toHmacAlgorithm(String value) {
+ if (OAuthConstants.MAC_TOKEN_ALGO_HMAC_SHA_1.equals(value)) {
+ return HmacSHA1;
+ }
+ if (OAuthConstants.MAC_TOKEN_ALGO_HMAC_SHA_256.equals(value)) {
+ return HmacSHA256;
+ }
+ return null;
+ }
+
+}
\ No newline at end of file
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java?rev=1365160&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java Tue Jul 24 16:21:07 2012
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.tokens.mac;
+
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public final class HmacUtils {
+ private HmacUtils() {
+
+ }
+
+ public static String computeSignature(String macAlgoOAuthName, String macSecret, String data) {
+ HmacAlgorithm theAlgo = HmacAlgorithm.toHmacAlgorithm(macAlgoOAuthName);
+ return HmacUtils.computeHmacString(macSecret,
+ theAlgo.getJavaName(),
+ data);
+ }
+
+ /**
+ * Computes HMAC value using the given parameters.
+ *
+ * @param macSecret
+ * @param macAlgorithm Should be one of HmacSHA1 or HmacSHA256
+ * @param data
+ * @return Base64 encoded string representation of the computed hmac value
+ */
+ public static String computeHmacString(String macSecret, String macAlgoJavaName, String data) {
+ return new String(Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data)));
+ }
+
+ /**
+ * Computes HMAC value using the given parameters.
+ *
+ * @param macKey
+ * @param macAlgorithm
+ * @param data
+ * @return Computed HMAC value.
+ */
+ public static byte[] computeHmac(String key, HmacAlgorithm algo, String data) {
+ return computeHmac(key, algo.getJavaName(), data);
+ }
+
+ /**
+ * Computes HMAC value using the given parameters.
+ *
+ * @param macKey
+ * @param macAlgorithm
+ * @param data
+ * @return Computed HMAC value.
+ */
+ public static byte[] computeHmac(String key, String macAlgoJavaName, String data) {
+ try {
+ Mac hmac = Mac.getInstance(macAlgoJavaName);
+ SecretKeySpec secretKey = new SecretKeySpec(key.getBytes("UTF-8"), macAlgoJavaName);
+ hmac.init(secretKey);
+ return hmac.doFinal(data.getBytes());
+ } catch (NoSuchAlgorithmException e) {
+ throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST, e);
+ } catch (InvalidKeyException e) {
+ throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST, e);
+ } catch (UnsupportedEncodingException e) {
+ throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST, e);
+ }
+ }
+
+ public static String generateSecret(HmacAlgorithm algo) {
+ try {
+ KeyGenerator keyGen = KeyGenerator.getInstance(algo.name());
+ return Base64Utility.encode(keyGen.generateKey().getEncoded());
+ } catch (NoSuchAlgorithmException e) {
+ throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
+ }
+ }
+
+
+
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java?rev=1365160&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java Tue Jul 24 16:21:07 2012
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.tokens.mac;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+
+public class MacAccessToken extends ServerAccessToken {
+ public MacAccessToken(Client client,
+ String macAuthAlgo,
+ long lifetime) {
+ this(client, HmacAlgorithm.toHmacAlgorithm(macAuthAlgo), lifetime);
+ }
+
+ public MacAccessToken(Client client,
+ HmacAlgorithm macAlgo,
+ long lifetime) {
+ this(client,
+ macAlgo,
+ OAuthUtils.generateRandomTokenKey(),
+ lifetime,
+ System.currentTimeMillis() / 1000);
+ }
+ public MacAccessToken(Client client,
+ HmacAlgorithm algo,
+ String tokenKey,
+ long lifetime,
+ long issuedAt) {
+ super(client, OAuthConstants.MAC_TOKEN_TYPE, tokenKey, lifetime, issuedAt);
+ this.setExtraParameters(algo);
+ }
+
+ private void setExtraParameters(HmacAlgorithm algo) {
+ super.getParameters().put(OAuthConstants.MAC_TOKEN_SECRET,
+ HmacUtils.generateSecret(algo));
+ super.getParameters().put(OAuthConstants.MAC_TOKEN_ALGORITHM,
+ algo.getOAuthName());
+ }
+
+ public String getMacKey() {
+ return super.getTokenKey();
+ }
+
+ public String getMacSecret() {
+ return super.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET);
+ }
+
+ public String getMacAlgorithm() {
+ return super.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM);
+ }
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java?rev=1365160&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java Tue Jul 24 16:21:07 2012
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.tokens.mac;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public class MacAccessTokenValidator implements AccessTokenValidator {
+ private OAuthDataProvider dataProvider;
+ private NonceVerifier nonceVerifier;
+
+ public List<String> getSupportedAuthorizationSchemes() {
+ return Collections.singletonList(OAuthConstants.MAC_AUTHORIZATION_SCHEME);
+ }
+
+ public AccessTokenValidation validateAccessToken(MessageContext mc,
+ String authScheme,
+ String authSchemeData) throws OAuthServiceException {
+ HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(),
+ mc.getHttpServletRequest().getMethod());
+ Map<String, String> schemeParams = getSchemeParameters(authSchemeData);
+ MacAuthorizationScheme macAuthInfo = new MacAuthorizationScheme(httpProps, schemeParams);
+
+ MacAccessToken macAccessToken = validateSchemeData(macAuthInfo,
+ schemeParams.get(OAuthConstants.MAC_TOKEN_SIGNATURE));
+ validateTimestampNonce(macAccessToken, macAuthInfo.getTimestamp(), macAuthInfo.getNonce());
+ return new AccessTokenValidation(macAccessToken);
+ }
+
+ private static Map<String, String> getSchemeParameters(String authData) {
+ String[] attributePairs = authData.split(",");
+ Map<String, String> attributeMap = new HashMap<String, String>();
+ for (String pair : attributePairs) {
+ String[] pairValues = pair.trim().split("=", 2);
+ attributeMap.put(pairValues[0].trim(), pairValues[1].trim().replaceAll("\"", ""));
+ }
+ return attributeMap;
+ }
+
+ protected void validateTimestampNonce(MacAccessToken token, String ts, String nonce) {
+ // (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-4.1)
+ if (nonceVerifier != null) {
+ nonceVerifier.verifyNonce(token.getTokenKey(), nonce, ts);
+ }
+ }
+
+ private MacAccessToken validateSchemeData(MacAuthorizationScheme macAuthInfo,
+ String clientMacString) {
+ String macKey = macAuthInfo.getMacKey();
+
+ ServerAccessToken accessToken = dataProvider.getAccessToken(macKey);
+ if (!(accessToken instanceof MacAccessToken)) {
+ throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
+ }
+ MacAccessToken macAccessToken = (MacAccessToken)accessToken;
+
+ String normalizedString = macAuthInfo.getNormalizedRequestString();
+ try {
+ HmacAlgorithm hmacAlgo = HmacAlgorithm.toHmacAlgorithm(macAccessToken.getMacAlgorithm());
+ byte[] serverMacData = HmacUtils.computeHmac(
+ macAccessToken.getMacSecret(), hmacAlgo, normalizedString);
+
+ byte[] clientMacData = Base64Utility.decode(clientMacString);
+ boolean validMac = Arrays.equals(serverMacData, clientMacData);
+ if (!validMac) {
+ AuthorizationUtils.throwAuthorizationFailure(Collections
+ .singleton(OAuthConstants.MAC_AUTHORIZATION_SCHEME));
+ }
+ } catch (Base64Exception e) {
+ throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
+ }
+ return macAccessToken;
+ }
+
+ public void setDataProvider(OAuthDataProvider dataProvider) {
+ this.dataProvider = dataProvider;
+ }
+
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java?rev=1365160&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java Tue Jul 24 16:21:07 2012
@@ -0,0 +1,117 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.tokens.mac;
+
+import java.security.SecureRandom;
+import java.util.Map;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
+import org.apache.cxf.rs.security.oauth2.common.AccessToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public class MacAuthorizationScheme {
+ private static final String SEPARATOR = "\n";
+
+ private HttpRequestProperties props;
+ private String macKey;
+ private String timestamp;
+ private String nonce;
+
+ public MacAuthorizationScheme(HttpRequestProperties props,
+ AccessToken token) {
+ this.props = props;
+ this.macKey = token.getTokenKey();
+ this.timestamp = Long.toString(System.currentTimeMillis());
+ this.nonce = generateNonce();
+ }
+
+ public MacAuthorizationScheme(HttpRequestProperties props,
+ Map<String, String> schemeParams) {
+ this.props = props;
+ this.macKey = schemeParams.get(OAuthConstants.MAC_TOKEN_KEY);
+ this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_TIMESTAMP);
+ this.nonce = schemeParams.get(OAuthConstants.MAC_TOKEN_NONCE);
+ }
+
+ public String getMacKey() {
+ return macKey;
+ }
+
+ public String getTimestamp() {
+ return timestamp;
+ }
+
+ public String getNonce() {
+ return nonce;
+ }
+
+ public String toAuthorizationHeader(String macAlgo, String macSecret) {
+
+ String data = getNormalizedRequestString();
+ String signature = HmacUtils.computeSignature(macAlgo, macSecret, data);
+
+ StringBuilder sb = new StringBuilder();
+ sb.append(OAuthConstants.MAC_AUTHORIZATION_SCHEME).append(" ");
+ addParameter(sb, OAuthConstants.MAC_TOKEN_KEY, macKey, false);
+ addParameter(sb, OAuthConstants.MAC_TOKEN_TIMESTAMP, timestamp, false);
+ addParameter(sb, OAuthConstants.MAC_TOKEN_NONCE, nonce, false);
+ addParameter(sb, OAuthConstants.MAC_TOKEN_SIGNATURE, signature, true);
+
+ return sb.toString();
+ }
+
+ private static void addParameter(StringBuilder sb, String name, String value, boolean last) {
+ sb.append(name).append('=')
+ .append('\"').append(value).append('\"');
+ if (!last) {
+ sb.append(',');
+ }
+ }
+
+ public String getNormalizedRequestString() {
+
+ String value = macKey + SEPARATOR
+ + timestamp + SEPARATOR
+ + nonce + SEPARATOR
+ + props.getHttpMethod().toUpperCase() + SEPARATOR
+ + props.getHostName() + SEPARATOR
+ + props.getPort() + SEPARATOR
+ + props.getRequestPath() + SEPARATOR;
+
+ if (!StringUtils.isEmpty(props.getRequestQuery())) {
+ value += normalizeQuery(props.getRequestQuery()) + SEPARATOR;
+ }
+
+ value += SEPARATOR;
+ return value;
+ }
+
+ private static String normalizeQuery(String query) {
+ return query;
+ }
+
+ private static String generateNonce() {
+ byte[] randomBytes = new byte[20];
+ new SecureRandom().nextBytes(randomBytes);
+ return Base64Utility.encode(randomBytes);
+ }
+
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java?rev=1365160&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java Tue Jul 24 16:21:07 2012
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.tokens.mac;
+
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+
+public interface NonceVerifier {
+ void verifyNonce(String tokenKey, String clientNonce, String clientTimestamp)
+ throws OAuthServiceException;
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java Tue Jul 24 16:21:07 2012
@@ -48,11 +48,25 @@ public final class OAuthConstants {
public static final String BEARER_TOKEN_TYPE = "bearer";
public static final String MAC_TOKEN_TYPE = "mac";
+ // MAC token parameters
+ // Set by Access Token Service
+ public static final String MAC_TOKEN_SECRET = "secret";
+ public static final String MAC_TOKEN_ALGORITHM = "algorithm";
+ public static final String MAC_TOKEN_ALGO_HMAC_SHA_1 = "hmac-sha-1";
+ public static final String MAC_TOKEN_ALGO_HMAC_SHA_256 = "hmac-sha-256";
+
+ // Set in Authorization header
+ public static final String MAC_TOKEN_KEY = "token";
+ public static final String MAC_TOKEN_TIMESTAMP = "timestamp";
+ public static final String MAC_TOKEN_NONCE = "nonce";
+ public static final String MAC_TOKEN_SIGNATURE = "signature";
+
// Token Authorization schemes
public static final String BEARER_AUTHORIZATION_SCHEME = "Bearer";
- public static final String MAC_AUTHORIZATION_SCHEME = "Mac";
+ public static final String MAC_AUTHORIZATION_SCHEME = "MAC";
public static final String ALL_AUTH_SCHEMES = "*";
+
// Default Client Authentication Scheme
public static final String BASIC_SCHEME = "Basic";
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java?rev=1365160&r1=1365159&r2=1365160&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java Tue Jul 24 16:21:07 2012
@@ -22,12 +22,14 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.lang.annotation.Annotation;
import java.util.Collections;
+import java.util.LinkedHashMap;
import java.util.Map;
import javax.ws.rs.core.MediaType;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.junit.Assert;
import org.junit.Test;
@@ -35,8 +37,8 @@ import org.junit.Test;
public class OAuthJSONProviderTest extends Assert {
@Test
- public void testWriteClientAccessToken() throws Exception {
- ClientAccessToken token = new ClientAccessToken("bearer", "1234");
+ public void testWriteBearerClientAccessToken() throws Exception {
+ ClientAccessToken token = new ClientAccessToken(OAuthConstants.BEARER_TOKEN_TYPE, "1234");
token.setExpiresIn(12345);
token.setRefreshToken("5678");
token.setApprovedScope("read");
@@ -51,11 +53,11 @@ public class OAuthJSONProviderTest exten
MediaType.APPLICATION_JSON_TYPE,
new MetadataMap<String, Object>(),
bos);
- doReadClientAccessToken(bos.toString());
+ doReadClientAccessToken(bos.toString(), OAuthConstants.BEARER_TOKEN_TYPE, token.getParameters());
}
@Test
- public void testReadClientAccessToken() throws Exception {
+ public void testReadBearerClientAccessToken() throws Exception {
String response =
"{"
+ "\"access_token\":\"1234\","
@@ -65,13 +67,17 @@ public class OAuthJSONProviderTest exten
+ "\"scope\":\"read\","
+ "\"my_parameter\":\"abc\""
+ "}";
- doReadClientAccessToken(response);
+ doReadClientAccessToken(response, OAuthConstants.BEARER_TOKEN_TYPE,
+ Collections.singletonMap("my_parameter", "abc"));
}
@SuppressWarnings({
"unchecked", "rawtypes"
})
- public void doReadClientAccessToken(String response) throws Exception {
+
+ public ClientAccessToken doReadClientAccessToken(String response,
+ String expectedTokenType,
+ Map<String, String> expectedParams) throws Exception {
OAuthJSONProvider provider = new OAuthJSONProvider();
ClientAccessToken token = (ClientAccessToken)provider.readFrom((Class)ClientAccessToken.class,
ClientAccessToken.class,
@@ -80,15 +86,54 @@ public class OAuthJSONProviderTest exten
new MetadataMap<String, String>(),
new ByteArrayInputStream(response.getBytes()));
assertEquals("1234", token.getTokenKey());
- assertEquals("bearer", token.getTokenType());
+ assertEquals(expectedTokenType, token.getTokenType());
assertEquals("5678", token.getRefreshToken());
assertEquals(12345, token.getExpiresIn());
assertEquals("read", token.getApprovedScope());
Map<String, String> extraParams = token.getParameters();
- assertEquals(1, extraParams.size());
+ if (expectedParams != null) {
+ assertEquals(expectedParams, extraParams);
+ }
assertEquals("abc", extraParams.get("my_parameter"));
+
+ return token;
+
}
+ @Test
+ public void testWriteMacClientAccessToken() throws Exception {
+ ClientAccessToken token = new ClientAccessToken("mac", "1234");
+ token.setExpiresIn(12345);
+ token.setRefreshToken("5678");
+ token.setApprovedScope("read");
+ Map<String, String> params = new LinkedHashMap<String, String>();
+ params.put(OAuthConstants.MAC_TOKEN_SECRET, "test_mac_secret");
+ params.put(OAuthConstants.MAC_TOKEN_ALGORITHM, OAuthConstants.MAC_TOKEN_ALGO_HMAC_SHA_1);
+ params.put("my_parameter", "abc");
+
+ token.setParameters(params);
+
+ OAuthJSONProvider provider = new OAuthJSONProvider();
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ provider.writeTo(token, ClientAccessToken.class, ClientAccessToken.class, new Annotation[] {},
+ MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, Object>(), bos);
+ doReadClientAccessToken(bos.toString(),
+ OAuthConstants.MAC_TOKEN_TYPE,
+ params);
+
+ }
+ @Test
+ public void testReadMacClientAccessToken() throws Exception {
+ String response = "{" + "\"access_token\":\"1234\"," + "\"token_type\":\"mac\","
+ + "\"refresh_token\":\"5678\"," + "\"expires_in\":12345," + "\"scope\":\"read\","
+ + "\"secret\":\"adijq39jdlaska9asud\"," + "\"algorithm\":\"hmac-sha-256\","
+ + "\"my_parameter\":\"abc\"" + "}";
+ ClientAccessToken macToken = doReadClientAccessToken(response, "mac", null);
+ assertEquals("adijq39jdlaska9asud",
+ macToken.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET));
+ assertEquals("hmac-sha-256",
+ macToken.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM));
+ }
}
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java?rev=1365160&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java Tue Jul 24 16:21:07 2012
@@ -0,0 +1,97 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.token.mac;
+
+import java.net.URI;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.tokens.mac.HmacAlgorithm;
+import org.apache.cxf.rs.security.oauth2.tokens.mac.MacAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.mac.MacAccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.tokens.mac.MacAuthorizationScheme;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.easymock.EasyMock;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+public class MacAccessTokenValidatorTest extends Assert {
+
+ private MacAccessTokenValidator validator = new MacAccessTokenValidator();
+ private OAuthDataProvider dataProvider = EasyMock.createMock(OAuthDataProvider.class);
+ private MessageContext messageContext = EasyMock.createMock(MessageContext.class);
+
+ @Before
+ public void setUp() {
+ validator.setDataProvider(dataProvider);
+ }
+
+ @Test
+ public void testValidateAccessToken() throws Exception {
+ MacAccessToken macAccessToken = new MacAccessToken(new Client("testClientId", "testClientSecret",
+ false),
+ HmacAlgorithm.HmacSHA256, -1);
+ HttpServletRequest httpRequest = mockHttpRequest();
+ UriInfo uriInfo = mockUriInfo();
+
+ EasyMock.expect(dataProvider.getAccessToken(macAccessToken.getTokenKey())).andReturn(macAccessToken);
+ EasyMock.expect(messageContext.getHttpServletRequest()).andReturn(httpRequest);
+ EasyMock.expect(messageContext.getUriInfo()).andReturn(uriInfo);
+ EasyMock.replay(dataProvider, messageContext, httpRequest, uriInfo);
+
+ String authData = getClientAuthHeader(macAccessToken);
+ AccessTokenValidation tokenValidation = validator
+ .validateAccessToken(messageContext,
+ OAuthConstants.MAC_AUTHORIZATION_SCHEME,
+ authData.split(" ")[1]);
+ assertNotNull(tokenValidation);
+ EasyMock.verify(dataProvider, messageContext, httpRequest);
+ }
+
+ private static String getClientAuthHeader(MacAccessToken macAccessToken) {
+ String address = "http://localhost:8080/appContext/oauth2/testResource";
+ HttpRequestProperties props = new HttpRequestProperties(URI.create(address), "GET");
+
+ return new MacAuthorizationScheme(props, macAccessToken)
+ .toAuthorizationHeader(macAccessToken.getMacAlgorithm(),
+ macAccessToken.getMacSecret());
+ }
+
+ private static HttpServletRequest mockHttpRequest() {
+ HttpServletRequest httpRequest = EasyMock.createMock(HttpServletRequest.class);
+ EasyMock.expect(httpRequest.getMethod()).andReturn("GET");
+ return httpRequest;
+ }
+
+ private static UriInfo mockUriInfo() {
+ UriInfo ui = EasyMock.createMock(UriInfo.class);
+ EasyMock.expect(ui.getRequestUri()).andReturn(
+ URI.create("http://localhost:8080/appContext/oauth2/testResource"));
+ return ui;
+ }
+
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date