You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/01/23 17:11:19 UTC
svn commit: r1560721 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2: ./
src/main/java/org/apache/cxf/rs/security/oauth2/common/
src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/
src/main/java/org/apache/cxf/rs/security/oauth2/tokens/ma...
Author: sergeyb
Date: Thu Jan 23 16:11:18 2014
New Revision: 1560721
URL: http://svn.apache.org/r1560721
Log:
[CXF-5513] Making it simpler to encrypt sequences serialized the non-default way, ex, with JSON, etc
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java (with props)
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/refresh/RefreshToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/pom.xml Thu Jan 23 16:11:18 2014
@@ -49,6 +49,17 @@
</dependency>
<!--test dependencies-->
<dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-extension-providers</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jettison</groupId>
+ <artifactId>jettison</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java Thu Jan 23 16:11:18 2014
@@ -38,6 +38,10 @@ public abstract class AccessToken implem
private Map<String, String> parameters = new LinkedHashMap<String, String>();
+ protected AccessToken() {
+
+ }
+
protected AccessToken(String tokenType, String tokenKey) {
this.tokenType = tokenType;
this.tokenKey = tokenKey;
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java Thu Jan 23 16:11:18 2014
@@ -50,6 +50,10 @@ public class Client implements Serializa
private Map<String, String> properties = new HashMap<String, String>();
private UserSubject subject;
+ public Client() {
+
+ }
+
public Client(String clientId, String clientSecret, boolean isConfidential) {
this.clientId = clientId;
this.clientSecret = clientSecret;
@@ -75,6 +79,10 @@ public class Client implements Serializa
return clientId;
}
+ public void setClientId(String id) {
+ clientId = id;
+ }
+
/**
* Gets the client secret
* @return the secret
@@ -83,6 +91,10 @@ public class Client implements Serializa
return clientSecret;
}
+ public void setClientSecret(String secret) {
+ this.clientSecret = secret;
+ }
+
/**
* Gets the name of the third-party application
* this client represents
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java Thu Jan 23 16:11:18 2014
@@ -37,6 +37,10 @@ public abstract class ServerAccessToken
private UserSubject subject;
private String audience;
+ protected ServerAccessToken() {
+
+ }
+
protected ServerAccessToken(Client client,
String tokenType,
String tokenKey,
@@ -75,6 +79,10 @@ public abstract class ServerAccessToken
return client;
}
+ public void setClient(Client c) {
+ this.client = c;
+ }
+
/**
* Returns a list of opaque permissions/scopes
* @return the scopes
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java Thu Jan 23 16:11:18 2014
@@ -46,4 +46,7 @@ public class BearerAccessToken extends S
public BearerAccessToken(ServerAccessToken token, String newKey) {
super(validateTokenType(token, OAuthConstants.BEARER_TOKEN_TYPE), newKey);
}
+ public BearerAccessToken() {
+
+ }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java Thu Jan 23 16:11:18 2014
@@ -67,6 +67,10 @@ public class MacAccessToken extends Serv
this.setExtraParameters(algo, macKey);
}
+ public MacAccessToken(ServerAccessToken token, String newKey) {
+ super(validateTokenType(token, OAuthConstants.MAC_TOKEN_TYPE), newKey);
+ }
+
private void setExtraParameters(HmacAlgorithm algo, String macKey) {
String theKey = macKey == null ? HmacUtils.generateSecret(algo) : macKey;
super.getParameters().put(OAuthConstants.MAC_TOKEN_KEY,
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/refresh/RefreshToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/refresh/RefreshToken.java?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/refresh/RefreshToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/refresh/RefreshToken.java Thu Jan 23 16:11:18 2014
@@ -60,6 +60,9 @@ public class RefreshToken extends Server
super(validateTokenType(token, OAuthConstants.REFRESH_TOKEN_TYPE), key);
this.accessTokens = accessTokens;
}
+ public RefreshToken() {
+
+ }
public List<String> getAccessTokens() {
return accessTokens;
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java Thu Jan 23 16:11:18 2014
@@ -19,6 +19,7 @@
package org.apache.cxf.rs.security.oauth2.utils;
+import java.security.Key;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
@@ -87,27 +88,27 @@ public final class EncryptionUtils {
}
public static String encryptTokenWithSecretKey(ServerAccessToken token,
- SecretKey symmetricKey) {
- return encryptTokenWithSecretKey(token, symmetricKey, null);
+ Key secretKey) {
+ return encryptTokenWithSecretKey(token, secretKey, null);
}
public static String encryptTokenWithSecretKey(ServerAccessToken token,
- SecretKey symmetricKey,
+ Key secretKey,
SecretKeyProperties props) {
String tokenSequence = tokenizeServerToken(token);
- return encryptSequence(tokenSequence, symmetricKey, props);
+ return encryptSequence(tokenSequence, secretKey, props);
}
- public static String encryptRefreshTokenWithSecretKey(RefreshToken token, SecretKey symmetricKey) {
- return encryptRefreshTokenWithSecretKey(token, symmetricKey, null);
+ public static String encryptRefreshTokenWithSecretKey(RefreshToken token, Key secretKey) {
+ return encryptRefreshTokenWithSecretKey(token, secretKey, null);
}
public static String encryptRefreshTokenWithSecretKey(RefreshToken token,
- SecretKey symmetricKey,
- SecretKeyProperties props) {
+ Key secretKey,
+ SecretKeyProperties props) {
String tokenSequence = tokenizeRefreshToken(token);
- return encryptSequence(tokenSequence, symmetricKey, props);
+ return encryptSequence(tokenSequence, secretKey, props);
}
public static String decryptTokenSequence(String encodedToken,
@@ -115,39 +116,38 @@ public final class EncryptionUtils {
return decryptTokenSequence(encodedToken, encodedSecretKey, "AES");
}
- public static String decryptTokenSequence(String encodedToken,
+ public static String decryptTokenSequence(String encodedData,
String encodedSecretKey,
String algo) {
try {
SecretKey key = decodeSecretKey(encodedSecretKey, algo);
- return decryptTokenSequence(encodedToken, key);
+ return decryptSequence(encodedData, key);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
- public static String decryptTokenSequence(String encodedToken,
+ public static String decryptTokenSequence(String encodedData,
String encodedSecretKey,
SecretKeyProperties props) {
try {
SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
- return decryptTokenSequence(encodedToken, key, props);
+ return decryptSequence(encodedData, key, props);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
- public static String decryptTokenSequence(String encodedToken,
- SecretKey key) {
- return decryptTokenSequence(encodedToken, key, null);
+ public static String decryptSequence(String encodedData, Key secretKey) {
+ return decryptSequence(encodedData, secretKey, null);
}
- public static String decryptTokenSequence(String encodedToken,
- SecretKey key,
+ public static String decryptSequence(String encodedData,
+ Key secretKey,
SecretKeyProperties props) {
try {
- byte[] encryptedBytes = decodeSequence(encodedToken);
- byte[] bytes = processBytes(encryptedBytes, key, props, Cipher.DECRYPT_MODE);
+ byte[] encryptedBytes = decodeSequence(encodedData);
+ byte[] bytes = processBytes(encryptedBytes, secretKey, props, Cipher.DECRYPT_MODE);
return new String(bytes, "UTF-8");
} catch (Exception ex) {
throw new RuntimeException(ex);
@@ -178,17 +178,17 @@ public final class EncryptionUtils {
public static ServerAccessToken decryptToken(OAuthDataProvider provider,
String encodedToken,
- SecretKey key) {
- return decryptToken(provider, encodedToken, key, null);
+ Key secretKey) {
+ return decryptToken(provider, encodedToken, secretKey, null);
}
public static ServerAccessToken decryptToken(OAuthDataProvider provider,
- String encodedToken,
- SecretKey key,
+ String encodedData,
+ Key secretKey,
SecretKeyProperties props) {
try {
- String decryptedSequence = decryptTokenSequence(encodedToken, key, props);
- return recreateToken(provider, encodedToken, decryptedSequence);
+ String decryptedSequence = decryptSequence(encodedData, secretKey, props);
+ return recreateToken(provider, encodedData, decryptedSequence);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
@@ -196,27 +196,31 @@ public final class EncryptionUtils {
public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
String encodedToken,
- SecretKey key) {
+ Key key) {
return decryptRefreshToken(provider, encodedToken, key, null);
}
public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
- String encodedToken,
- SecretKey key,
+ String encodedData,
+ Key key,
SecretKeyProperties props) {
try {
- String decryptedSequence = decryptTokenSequence(encodedToken, key, props);
- return recreateRefreshToken(provider, encodedToken, decryptedSequence);
+ String decryptedSequence = decryptSequence(encodedData, key, props);
+ return recreateRefreshToken(provider, encodedData, decryptedSequence);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
- private static String encryptSequence(String sequence, SecretKey symmetricKey,
- SecretKeyProperties keyProps) {
+ public static String encryptSequence(String sequence, Key secretKey) {
+ return encryptSequence(sequence, secretKey, null);
+ }
+
+ public static String encryptSequence(String sequence, Key secretKey,
+ SecretKeyProperties keyProps) {
try {
byte[] bytes = processBytes(sequence.getBytes("UTF-8"),
- symmetricKey,
+ secretKey,
keyProps,
Cipher.ENCRYPT_MODE);
return Base64UrlUtility.encode(bytes);
@@ -225,21 +229,21 @@ public final class EncryptionUtils {
}
}
- private static byte[] processBytes(byte[] bytes, SecretKey symmetricKey,
+ private static byte[] processBytes(byte[] bytes, Key secretKey,
SecretKeyProperties keyProps, int mode) {
try {
- Cipher c = Cipher.getInstance(symmetricKey.getAlgorithm());
+ Cipher c = Cipher.getInstance(secretKey.getAlgorithm());
if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
- c.init(mode, symmetricKey);
+ c.init(mode, secretKey);
} else {
AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
SecureRandom random = keyProps.getSecureRandom();
if (algoSpec == null) {
- c.init(mode, symmetricKey, random);
+ c.init(mode, secretKey, random);
} else if (random == null) {
- c.init(mode, symmetricKey, algoSpec);
+ c.init(mode, secretKey, algoSpec);
} else {
- c.init(mode, symmetricKey, algoSpec, random);
+ c.init(mode, secretKey, algoSpec, random);
}
}
return c.doFinal(bytes);
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java?rev=1560721&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java Thu Jan 23 16:11:18 2014
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.utils;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+
+public class EncryptingDataProvider implements OAuthDataProvider {
+
+ SecretKey tokenKey;
+ private Map<String, Client> clients;
+
+ private Set<String> tokens = new HashSet<String>();
+ private Map<String, String> refreshTokens = new HashMap<String, String>();
+
+ public EncryptingDataProvider() throws Exception {
+ tokenKey = EncryptionUtils.getSecretKey();
+ clients = Collections.singletonMap("1", new Client("1", "2", true));
+ }
+
+ @Override
+ public Client getClient(String clientId) throws OAuthServiceException {
+ return clients.get(clientId);
+ }
+
+ @Override
+ public ServerAccessToken createAccessToken(AccessTokenRegistration accessTokenReg)
+ throws OAuthServiceException {
+
+ ServerAccessToken token = createAccessTokenInternal(accessTokenReg);
+
+ String encryptedToken =
+ EncryptionUtils.encryptTokenWithSecretKey(token, tokenKey);
+
+ tokens.add(encryptedToken);
+ refreshTokens.put(token.getRefreshToken(), encryptedToken);
+ token.setTokenKey(encryptedToken);
+ return token;
+ }
+
+ @Override
+ public ServerAccessToken getAccessToken(String accessTokenKey) throws OAuthServiceException {
+ return EncryptionUtils.decryptToken(this, accessTokenKey, tokenKey);
+ }
+
+ @Override
+ public ServerAccessToken refreshAccessToken(Client client, String refreshToken,
+ List<String> requestedScopes)
+ throws OAuthServiceException {
+ return null;
+ }
+
+ @Override
+ public void removeAccessToken(ServerAccessToken accessToken) throws OAuthServiceException {
+ tokens.remove(accessToken.getTokenKey());
+ }
+
+ @Override
+ public void revokeToken(Client client, String token, String tokenTypeHint)
+ throws OAuthServiceException {
+ // complete
+ }
+
+ @Override
+ public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes,
+ UserSubject subject, String grantType)
+ throws OAuthServiceException {
+ return null;
+ }
+
+ @Override
+ public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScope) {
+ return null;
+ }
+
+ BearerAccessToken createAccessTokenInternal(AccessTokenRegistration accessTokenReg) {
+ BearerAccessToken token = new BearerAccessToken(accessTokenReg.getClient(), 3600L);
+ token.setSubject(accessTokenReg.getSubject());
+
+ RefreshToken refreshToken = new RefreshToken(accessTokenReg.getClient(),
+ "refresh",
+ 1200L,
+ OAuthUtils.getIssuedAt());
+
+ String encryptedRefreshToken = EncryptionUtils.encryptTokenWithSecretKey(refreshToken, tokenKey);
+ token.setRefreshToken(encryptedRefreshToken);
+
+ token.setGrantType(accessTokenReg.getGrantType());
+ token.setAudience(accessTokenReg.getAudience());
+ token.setParameters(Collections.singletonMap("param", "value"));
+ token.setScopes(Collections.singletonList(
+ new OAuthPermission("read", "read permission")));
+ return token;
+ }
+
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java?rev=1560721&r1=1560720&r2=1560721&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java Thu Jan 23 16:11:18 2014
@@ -18,22 +18,21 @@
*/
package org.apache.cxf.rs.security.oauth2.utils;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.lang.annotation.Annotation;
import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.crypto.SecretKey;
+import javax.ws.rs.core.MediaType;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.jaxrs.provider.json.JSONProvider;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
@@ -44,11 +43,11 @@ import org.junit.Test;
public class EncryptionUtilsTest extends Assert {
- private CustomProvider p;
+ private EncryptingDataProvider p;
@Before
public void setUp() throws Exception {
- p = new CustomProvider();
+ p = new EncryptingDataProvider();
}
@After
@@ -69,6 +68,29 @@ public class EncryptionUtilsTest extends
compareAccessTokens(token, token2);
}
+ @Test
+ public void testBearerTokenJSON() throws Exception {
+ AccessTokenRegistration atr = prepareTokenRegistration();
+
+ BearerAccessToken token = p.createAccessTokenInternal(atr);
+ JSONProvider<BearerAccessToken> jsonp = new JSONProvider<BearerAccessToken>();
+ jsonp.setMarshallAsJaxbElement(true);
+ jsonp.setUnmarshallAsJaxbElement(true);
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
+ new MetadataMap<String, Object>(), bos);
+
+ String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.tokenKey);
+ String decrypted = EncryptionUtils.decryptSequence(encrypted, p.tokenKey);
+ ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class,
+ new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
+ new MetadataMap<String, String>(),
+ new ByteArrayInputStream(decrypted.getBytes()));
+
+ // compare tokens
+ compareAccessTokens(token, token2);
+ }
+
private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) {
assertEquals(token.getTokenKey(), token2.getTokenKey());
assertEquals(token.getTokenType(), token2.getTokenType());
@@ -115,93 +137,5 @@ public class EncryptionUtilsTest extends
return atr;
}
- private class CustomProvider implements OAuthDataProvider {
-
- private Map<String, Client> clients;
- private SecretKey tokenKey;
-
- private Set<String> tokens = new HashSet<String>();
- private Map<String, String> refreshTokens = new HashMap<String, String>();
-
- public CustomProvider() throws Exception {
- tokenKey = EncryptionUtils.getSecretKey();
- clients = Collections.singletonMap("1", new Client("1", "2", true));
- }
-
- @Override
- public Client getClient(String clientId) throws OAuthServiceException {
- return clients.get(clientId);
- }
-
- @Override
- public ServerAccessToken createAccessToken(AccessTokenRegistration accessTokenReg)
- throws OAuthServiceException {
-
- ServerAccessToken token = createNewToken(accessTokenReg);
-
- String encryptedToken =
- EncryptionUtils.encryptTokenWithSecretKey(token, tokenKey);
-
- tokens.add(encryptedToken);
- refreshTokens.put(token.getRefreshToken(), encryptedToken);
- token.setTokenKey(encryptedToken);
- return token;
- }
-
- @Override
- public ServerAccessToken getAccessToken(String accessTokenKey) throws OAuthServiceException {
- return EncryptionUtils.decryptToken(this, accessTokenKey, tokenKey);
- }
-
- @Override
- public ServerAccessToken refreshAccessToken(Client client, String refreshToken,
- List<String> requestedScopes)
- throws OAuthServiceException {
- return null;
- }
-
- @Override
- public void removeAccessToken(ServerAccessToken accessToken) throws OAuthServiceException {
- tokens.remove(accessToken.getTokenKey());
- }
-
- @Override
- public void revokeToken(Client client, String token, String tokenTypeHint)
- throws OAuthServiceException {
- // complete
- }
-
- @Override
- public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes,
- UserSubject subject, String grantType)
- throws OAuthServiceException {
- return null;
- }
-
- @Override
- public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScope) {
- return null;
- }
-
- private ServerAccessToken createNewToken(AccessTokenRegistration accessTokenReg) {
- ServerAccessToken token = new BearerAccessToken(accessTokenReg.getClient(), 3600L);
- token.setSubject(accessTokenReg.getSubject());
-
- RefreshToken refreshToken = new RefreshToken(accessTokenReg.getClient(),
- "refresh",
- 1200L,
- OAuthUtils.getIssuedAt());
-
- String encryptedRefreshToken = EncryptionUtils.encryptTokenWithSecretKey(refreshToken, tokenKey);
- token.setRefreshToken(encryptedRefreshToken);
-
- token.setGrantType(accessTokenReg.getGrantType());
- token.setAudience(accessTokenReg.getAudience());
- token.setParameters(Collections.singletonMap("param", "value"));
- token.setScopes(Collections.singletonList(
- new OAuthPermission("read", "read permission")));
- return token;
- }
-
- }
+
}