You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/04/21 15:56:16 UTC

cxf git commit: More prototyping related to the x509cert token binding

Repository: cxf
Updated Branches:
  refs/heads/master 088b1235d -> 2735d624a


More prototyping related to the x509cert token binding


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2735d624
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2735d624
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2735d624

Branch: refs/heads/master
Commit: 2735d624afed00841621ce4fe0e9c864d76f5bcc
Parents: 088b123
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Apr 21 16:56:01 2017 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Apr 21 16:56:01 2017 +0100

----------------------------------------------------------------------
 .../filters/AccessTokenIntrospectionClient.java  |  2 ++
 .../oauth2/provider/OAuthJSONProvider.java       | 19 ++++++++++++++++++-
 .../rs/security/oauth2/utils/JwtTokenUtils.java  |  9 ---------
 3 files changed, 20 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2735d624/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
index f5aba4b..2c78938 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
@@ -95,6 +95,8 @@ public class AccessTokenIntrospectionClient implements AccessTokenValidator {
         if (response.getUsername() != null) {
             atv.setTokenSubject(new UserSubject(response.getUsername()));
         }
+        atv.getExtraProps().putAll(response.getExtensions());
+        
         return atv;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/2735d624/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
index 200470a..ce083c1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
@@ -39,8 +39,10 @@ import javax.ws.rs.ext.MessageBodyWriter;
 import javax.ws.rs.ext.Provider;
 
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
@@ -126,7 +128,15 @@ public class OAuthJSONProvider implements MessageBodyWriter<Object>,
             if (!obj.getExtensions().isEmpty()) {
                 for (Map.Entry<String, String> entry : obj.getExtensions().entrySet()) {
                     sb.append(",");
-                    appendJsonPair(sb, entry.getKey(), entry.getValue());
+                    if (JoseConstants.HEADER_X509_THUMBPRINT_SHA256.equals(entry.getKey())) {
+                        StringBuilder cnfObj = new StringBuilder();
+                        cnfObj.append("{");
+                        appendJsonPair(sb, entry.getKey(), entry.getValue());
+                        cnfObj.append("}");
+                        appendJsonPair(sb, "cnf", cnfObj.toString(), false);
+                    } else {
+                        appendJsonPair(sb, entry.getKey(), entry.getValue());
+                    }
                 }
             }
         }
@@ -270,6 +280,13 @@ public class OAuthJSONProvider implements MessageBodyWriter<Object>,
         if (exp != null) {
             resp.setExp(exp);
         }
+        Map<String, Object> cnf = CastUtils.cast((Map<?, ?>)params.get("cnf"));
+        if (cnf != null) {
+            String thumbprint = (String)cnf.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
+            if (thumbprint != null) {
+                resp.getExtensions().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, thumbprint);
+            }
+        }
 
         return resp;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2735d624/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
index 657d34a..cd2fca4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
@@ -24,10 +24,8 @@ import java.util.Map;
 
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -124,13 +122,6 @@ public final class JwtTokenUtils {
             at.getExtraProperties().putAll(extraProperties);
         }
         
-        // At the moment only a string 'x5t#S256' cnf property is recognized
-        Map<String, Object> cnf = CastUtils.cast((Map<?, ?>)claims.getClaim(JwtConstants.CLAIM_CONFIRMATION));
-        if (cnf != null && cnf.containsKey(JoseConstants.HEADER_X509_THUMBPRINT_SHA256)) {
-            String certCnf = cnf.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256).toString();
-            at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf);    
-        }
-        
         return at;
     }
 }