You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/10/07 18:43:26 UTC
git commit: Adding a utility for converting JwtToken to
ServerAccessToken
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes b54c3b340 -> 08fbe43f2
Adding a utility for converting JwtToken to ServerAccessToken
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/08fbe43f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/08fbe43f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/08fbe43f
Branch: refs/heads/3.0.x-fixes
Commit: 08fbe43f26280f9d0724dfd099e7b49e13fadc17
Parents: b54c3b3
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Oct 7 17:40:21 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Oct 7 17:42:58 2014 +0100
----------------------------------------------------------------------
.../jose/jwt/token/JwtAccessTokenUtils.java | 112 +++++++++++++++++++
1 file changed, 112 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/08fbe43f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
new file mode 100644
index 0000000..1474675
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt.token;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesGcmContentDecryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.ContentEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweDecryption;
+import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweEncryption;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignature;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+
+public final class JwtAccessTokenUtils {
+ private JwtAccessTokenUtils() {
+
+ }
+
+ public static ServerAccessToken toAccessToken(JwtToken jwt,
+ Client client,
+ SecretKey key) {
+ String jwtString = new JwsJwtCompactProducer(jwt)
+ .signWith(new NoneSignatureProvider());
+ ContentEncryptionAlgorithm contentEncryption =
+ new AesGcmContentEncryptionAlgorithm(key, null, Algorithm.A128GCM.getJwtName());
+ JweEncryptionProvider jweEncryption = new DirectKeyJweEncryption(contentEncryption);
+ String tokenId = jweEncryption.encrypt(getBytes(jwtString), null);
+ Long issuedAt = jwt.getClaims().getIssuedAt();
+ Long notBefore = jwt.getClaims().getNotBefore();
+ if (issuedAt == null) {
+ issuedAt = System.currentTimeMillis();
+ notBefore = null;
+ }
+ Long expiresIn = null;
+ if (notBefore == null) {
+ expiresIn = 3600L;
+ } else {
+ expiresIn = notBefore - issuedAt;
+ }
+
+ return new BearerAccessToken(client, tokenId, issuedAt, expiresIn);
+
+ }
+ public static JwtToken fromAccessTokenId(String tokenId, SecretKey key) {
+ DirectKeyJweDecryption jweDecryption =
+ new DirectKeyJweDecryption(key,
+ new AesGcmContentDecryptionAlgorithm(Algorithm.A128GCM.getJwtName()));
+ String decrypted = jweDecryption.decrypt(tokenId).getContentText();
+ JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(decrypted);
+ return consumer.getJwtToken();
+ }
+ private static class NoneSignatureProvider implements JwsSignatureProvider {
+
+ @Override
+ public String getAlgorithm() {
+ return "none";
+ }
+
+ @Override
+ public JwsSignature createJwsSignature(JwsHeaders headers) {
+ return new NoneJwsSignature();
+ }
+
+ }
+ private static class NoneJwsSignature implements JwsSignature {
+
+ @Override
+ public void update(byte[] src, int off, int len) {
+ // complete
+ }
+
+ @Override
+ public byte[] sign() {
+ return new byte[]{};
+ }
+
+ }
+ private static byte[] getBytes(String str) {
+ try {
+ return str.getBytes("UTF-8");
+ } catch (Exception ex) {
+ // ignore
+ }
+ return null;
+ }
+}