You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/04/21 15:56:16 UTC
cxf git commit: More prototyping related to the x509cert token binding
Repository: cxf
Updated Branches:
refs/heads/master 088b1235d -> 2735d624a
More prototyping related to the x509cert token binding
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2735d624
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2735d624
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2735d624
Branch: refs/heads/master
Commit: 2735d624afed00841621ce4fe0e9c864d76f5bcc
Parents: 088b123
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Apr 21 16:56:01 2017 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Apr 21 16:56:01 2017 +0100
----------------------------------------------------------------------
.../filters/AccessTokenIntrospectionClient.java | 2 ++
.../oauth2/provider/OAuthJSONProvider.java | 19 ++++++++++++++++++-
.../rs/security/oauth2/utils/JwtTokenUtils.java | 9 ---------
3 files changed, 20 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/2735d624/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
index f5aba4b..2c78938 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java
@@ -95,6 +95,8 @@ public class AccessTokenIntrospectionClient implements AccessTokenValidator {
if (response.getUsername() != null) {
atv.setTokenSubject(new UserSubject(response.getUsername()));
}
+ atv.getExtraProps().putAll(response.getExtensions());
+
return atv;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2735d624/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
index 200470a..ce083c1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
@@ -39,8 +39,10 @@ import javax.ws.rs.ext.MessageBodyWriter;
import javax.ws.rs.ext.Provider;
import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
@@ -126,7 +128,15 @@ public class OAuthJSONProvider implements MessageBodyWriter<Object>,
if (!obj.getExtensions().isEmpty()) {
for (Map.Entry<String, String> entry : obj.getExtensions().entrySet()) {
sb.append(",");
- appendJsonPair(sb, entry.getKey(), entry.getValue());
+ if (JoseConstants.HEADER_X509_THUMBPRINT_SHA256.equals(entry.getKey())) {
+ StringBuilder cnfObj = new StringBuilder();
+ cnfObj.append("{");
+ appendJsonPair(sb, entry.getKey(), entry.getValue());
+ cnfObj.append("}");
+ appendJsonPair(sb, "cnf", cnfObj.toString(), false);
+ } else {
+ appendJsonPair(sb, entry.getKey(), entry.getValue());
+ }
}
}
}
@@ -270,6 +280,13 @@ public class OAuthJSONProvider implements MessageBodyWriter<Object>,
if (exp != null) {
resp.setExp(exp);
}
+ Map<String, Object> cnf = CastUtils.cast((Map<?, ?>)params.get("cnf"));
+ if (cnf != null) {
+ String thumbprint = (String)cnf.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
+ if (thumbprint != null) {
+ resp.getExtensions().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, thumbprint);
+ }
+ }
return resp;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2735d624/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
index 657d34a..cd2fca4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
@@ -24,10 +24,8 @@ import java.util.Map;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -124,13 +122,6 @@ public final class JwtTokenUtils {
at.getExtraProperties().putAll(extraProperties);
}
- // At the moment only a string 'x5t#S256' cnf property is recognized
- Map<String, Object> cnf = CastUtils.cast((Map<?, ?>)claims.getClaim(JwtConstants.CLAIM_CONFIRMATION));
- if (cnf != null && cnf.containsKey(JoseConstants.HEADER_X509_THUMBPRINT_SHA256)) {
- String certCnf = cnf.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256).toString();
- at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf);
- }
-
return at;
}
}