You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/11 17:40:54 UTC
cxf git commit: Making HS algo configurable when verifying with a
client secret
Repository: cxf
Updated Branches:
refs/heads/master 2feaf1960 -> 1d78830c6
Making HS algo configurable when verifying with a client secret
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1d78830c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1d78830c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1d78830c
Branch: refs/heads/master
Commit: 1d78830c6c25cb2a4e98a1de980b5e1eb65eaf12
Parents: 2feaf19
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Nov 11 16:40:40 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Nov 11 16:40:40 2015 +0000
----------------------------------------------------------------------
.../rs/security/jose/jwa/AlgorithmUtils.java | 21 +++++++++++++++++---
.../provider/AbstractOAuthJoseJwtConsumer.java | 10 ++++++++--
2 files changed, 26 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/1d78830c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
index 76854ca..0145b5d 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
@@ -221,9 +221,6 @@ public final class AlgorithmUtils {
public static boolean isAesCbcHmac(String algo) {
return ACBC_HS_SET.contains(algo);
}
- public static boolean isHmacSign(String algo) {
- return HMAC_SIGN_SET.contains(algo);
- }
public static boolean isOctet(String algo) {
return isHmacSign(algo)
|| isAesCbcHmac(algo)
@@ -231,18 +228,36 @@ public final class AlgorithmUtils {
|| isAesGcmKeyWrap(algo)
|| isAesKeyWrap(algo);
}
+ public static boolean isHmacSign(String algo) {
+ return HMAC_SIGN_SET.contains(algo);
+ }
+ public static boolean isHmacSign(SignatureAlgorithm algo) {
+ return isHmacSign(algo.getJwaName());
+ }
public static boolean isRsaSign(String algo) {
return isRsaShaSign(algo) || isRsaShaPsSign(algo);
}
+ public static boolean isRsaSign(SignatureAlgorithm algo) {
+ return isRsaSign(algo.getJwaName());
+ }
public static boolean isRsaShaSign(String algo) {
return RSA_SHA_SIGN_SET.contains(algo);
}
+ public static boolean isRsaShaSign(SignatureAlgorithm algo) {
+ return isRsaShaSign(algo.getJwaName());
+ }
public static boolean isRsaShaPsSign(String algo) {
return RSA_SHA_PS_SIGN_SET.contains(algo);
}
+ public static boolean isRsaShaPsSign(SignatureAlgorithm algo) {
+ return isRsaShaPsSign(algo.getJwaName());
+ }
public static boolean isEcDsaSign(String algo) {
return EC_SHA_SIGN_SET.contains(algo);
}
+ public static boolean isEcDsaSign(SignatureAlgorithm algo) {
+ return isEcDsaSign(algo.getJwaName());
+ }
public static String toJwaName(String javaName, int keyBitSize) {
//TODO: perhaps a key should be a name+keysize pair
http://git-wip-us.apache.org/repos/asf/cxf/blob/1d78830c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
index 42a66de..e799e35 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
@@ -18,8 +18,11 @@
*/
package org.apache.cxf.rs.security.oauth2.provider;
+import java.util.Properties;
+
import javax.crypto.SecretKey;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
@@ -43,8 +46,11 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum
protected JwsSignatureVerifier getInitializedSignatureVerifier(String clientSecret) {
if (verifyWithClientSecret) {
- byte[] hmac = CryptoUtils.decodeSequence(clientSecret);
- return JwsUtils.getHmacSignatureVerifier(hmac, SignatureAlgorithm.HS256);
+ Properties props = JwsUtils.loadSignatureInProperties(false);
+ SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256);
+ if (AlgorithmUtils.isHmacSign(sigAlgo)) {
+ return JwsUtils.getHmacSignatureVerifier(clientSecret, sigAlgo);
+ }
}
return null;
}