You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/11 17:40:54 UTC

cxf git commit: Making HS algo configurable when verifying with a client secret

Repository: cxf
Updated Branches:
  refs/heads/master 2feaf1960 -> 1d78830c6


Making HS algo configurable when verifying with a client secret


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1d78830c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1d78830c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1d78830c

Branch: refs/heads/master
Commit: 1d78830c6c25cb2a4e98a1de980b5e1eb65eaf12
Parents: 2feaf19
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Nov 11 16:40:40 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Nov 11 16:40:40 2015 +0000

----------------------------------------------------------------------
 .../rs/security/jose/jwa/AlgorithmUtils.java    | 21 +++++++++++++++++---
 .../provider/AbstractOAuthJoseJwtConsumer.java  | 10 ++++++++--
 2 files changed, 26 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1d78830c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
index 76854ca..0145b5d 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
@@ -221,9 +221,6 @@ public final class AlgorithmUtils {
     public static boolean isAesCbcHmac(String algo) {
         return ACBC_HS_SET.contains(algo); 
     }
-    public static boolean isHmacSign(String algo) {
-        return HMAC_SIGN_SET.contains(algo); 
-    }
     public static boolean isOctet(String algo) {
         return isHmacSign(algo)
             || isAesCbcHmac(algo)
@@ -231,18 +228,36 @@ public final class AlgorithmUtils {
             || isAesGcmKeyWrap(algo)
             || isAesKeyWrap(algo); 
     }
+    public static boolean isHmacSign(String algo) {
+        return HMAC_SIGN_SET.contains(algo); 
+    }
+    public static boolean isHmacSign(SignatureAlgorithm algo) {
+        return isHmacSign(algo.getJwaName()); 
+    }
     public static boolean isRsaSign(String algo) {
         return isRsaShaSign(algo) || isRsaShaPsSign(algo); 
     }
+    public static boolean isRsaSign(SignatureAlgorithm algo) {
+        return isRsaSign(algo.getJwaName()); 
+    }
     public static boolean isRsaShaSign(String algo) {
         return RSA_SHA_SIGN_SET.contains(algo); 
     }
+    public static boolean isRsaShaSign(SignatureAlgorithm algo) {
+        return isRsaShaSign(algo.getJwaName()); 
+    }
     public static boolean isRsaShaPsSign(String algo) {
         return RSA_SHA_PS_SIGN_SET.contains(algo); 
     }
+    public static boolean isRsaShaPsSign(SignatureAlgorithm algo) {
+        return isRsaShaPsSign(algo.getJwaName()); 
+    }
     public static boolean isEcDsaSign(String algo) {
         return EC_SHA_SIGN_SET.contains(algo); 
     }
+    public static boolean isEcDsaSign(SignatureAlgorithm algo) {
+        return isEcDsaSign(algo.getJwaName()); 
+    }
     
     public static String toJwaName(String javaName, int keyBitSize) {
         //TODO: perhaps a key should be a name+keysize pair

http://git-wip-us.apache.org/repos/asf/cxf/blob/1d78830c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
index 42a66de..e799e35 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
@@ -18,8 +18,11 @@
  */
 package org.apache.cxf.rs.security.oauth2.provider;
 
+import java.util.Properties;
+
 import javax.crypto.SecretKey;
 
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
@@ -43,8 +46,11 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum
     
     protected JwsSignatureVerifier getInitializedSignatureVerifier(String clientSecret) {
         if (verifyWithClientSecret) {
-            byte[] hmac = CryptoUtils.decodeSequence(clientSecret);
-            return JwsUtils.getHmacSignatureVerifier(hmac, SignatureAlgorithm.HS256);
+            Properties props = JwsUtils.loadSignatureInProperties(false);
+            SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256);
+            if (AlgorithmUtils.isHmacSign(sigAlgo)) {
+                return JwsUtils.getHmacSignatureVerifier(clientSecret, sigAlgo);
+            }
         }
         return null;
     }