You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/01/23 19:55:13 UTC
svn commit: r1560782 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src:
main/java/org/apache/cxf/rs/security/oauth2/grants/code/
main/java/org/apache/cxf/rs/security/oauth2/utils/
test/java/org/apache/cxf/rs/security/oauth2/utils/
Author: sergeyb
Date: Thu Jan 23 18:55:12 2014
New Revision: 1560782
URL: http://svn.apache.org/r1560782
Log:
[CXF-5513] Completing support for encrypting server-related data
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java (with props)
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java Thu Jan 23 18:55:12 2014
@@ -37,6 +37,10 @@ public class AuthorizationCodeGrant impl
private String code;
private String redirectUri;
+ public AuthorizationCodeGrant() {
+
+ }
+
public AuthorizationCodeGrant(String code) {
this.code = code;
}
@@ -70,6 +74,10 @@ public class AuthorizationCodeGrant impl
public String getCode() {
return code;
}
+
+ public void setCode(String c) {
+ this.code = c;
+ }
/**
* {@inheritDoc}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java Thu Jan 23 18:55:12 2014
@@ -33,13 +33,17 @@ public class ServerAuthorizationCodeGran
private static final long serialVersionUID = -5004608901535459036L;
private long issuedAt;
- private long lifetime;
+ private long expiresIn;
private Client client;
private List<String> approvedScopes = Collections.emptyList();
private UserSubject subject;
private String audience;
private String clientCodeVerifier;
+ public ServerAuthorizationCodeGrant() {
+
+ }
+
public ServerAuthorizationCodeGrant(Client client,
long lifetime) {
this(client, OAuthUtils.generateRandomTokenKey(), lifetime,
@@ -48,11 +52,11 @@ public class ServerAuthorizationCodeGran
public ServerAuthorizationCodeGrant(Client client,
String code,
- long lifetime,
+ long expiresIn,
long issuedAt) {
super(code);
this.client = client;
- this.lifetime = lifetime;
+ this.expiresIn = expiresIn;
this.issuedAt = issuedAt;
}
@@ -63,13 +67,30 @@ public class ServerAuthorizationCodeGran
public long getIssuedAt() {
return issuedAt;
}
+
+ public void setIssuedAt(long issuedAt) {
+ this.issuedAt = issuedAt;
+ }
/**
* Returns the number of seconds this grant can be valid after it was issued
* @return the seconds this grant will be valid for
*/
+ @Deprecated
public long getLifetime() {
- return lifetime;
+ return expiresIn;
+ }
+
+ /**
+ * Returns the number of seconds this grant can be valid after it was issued
+ * @return the seconds this grant will be valid for
+ */
+ public long getExpiresIn() {
+ return expiresIn;
+ }
+
+ public void setExpiresIn(long expiresIn) {
+ this.expiresIn = expiresIn;
}
/**
@@ -80,6 +101,10 @@ public class ServerAuthorizationCodeGran
return client;
}
+ public void setClient(Client c) {
+ this.client = c;
+ }
+
/**
* Sets the scopes explicitly approved by the end user.
* If this list is empty then the end user had no way to down-scope.
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java Thu Jan 23 18:55:12 2014
@@ -22,30 +22,17 @@ package org.apache.cxf.rs.security.oauth
import java.security.Key;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-
/**
* Encryption helpers
*/
public final class EncryptionUtils {
- private static final String SEP = "|";
private EncryptionUtils() {
}
@@ -87,49 +74,14 @@ public final class EncryptionUtils {
return keyGen.generateKey();
}
- public static String encryptTokenWithSecretKey(ServerAccessToken token,
- Key secretKey) {
- return encryptTokenWithSecretKey(token, secretKey, null);
- }
-
- public static String encryptTokenWithSecretKey(ServerAccessToken token,
- Key secretKey,
- SecretKeyProperties props) {
- String tokenSequence = tokenizeServerToken(token);
- return encryptSequence(tokenSequence, secretKey, props);
- }
-
- public static String encryptRefreshTokenWithSecretKey(RefreshToken token, Key secretKey) {
- return encryptRefreshTokenWithSecretKey(token, secretKey, null);
- }
-
- public static String encryptRefreshTokenWithSecretKey(RefreshToken token,
- Key secretKey,
- SecretKeyProperties props) {
- String tokenSequence = tokenizeRefreshToken(token);
-
- return encryptSequence(tokenSequence, secretKey, props);
- }
-
- public static String decryptTokenSequence(String encodedToken,
- String encodedSecretKey) {
- return decryptTokenSequence(encodedToken, encodedSecretKey, "AES");
- }
-
- public static String decryptTokenSequence(String encodedData,
- String encodedSecretKey,
- String algo) {
- try {
- SecretKey key = decodeSecretKey(encodedSecretKey, algo);
- return decryptSequence(encodedData, key);
- } catch (Exception ex) {
- throw new RuntimeException(ex);
- }
+ public static String decryptSequence(String encodedToken,
+ String encodedSecretKey) {
+ return decryptSequence(encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
}
- public static String decryptTokenSequence(String encodedData,
- String encodedSecretKey,
- SecretKeyProperties props) {
+ public static String decryptSequence(String encodedData,
+ String encodedSecretKey,
+ SecretKeyProperties props) {
try {
SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
return decryptSequence(encodedData, key, props);
@@ -154,64 +106,6 @@ public final class EncryptionUtils {
}
}
- public static ServerAccessToken decryptToken(OAuthDataProvider provider,
- String encodedToken,
- String encodedSecretKey) {
- return decryptToken(provider, encodedToken, encodedSecretKey, "AES");
- }
-
- public static ServerAccessToken decryptToken(OAuthDataProvider provider,
- String encodedToken,
- String encodedSecretKey,
- String algo) {
- SecretKey key = decodeSecretKey(encodedSecretKey, algo);
- return decryptToken(provider, encodedToken, key);
- }
-
- public static ServerAccessToken decryptToken(OAuthDataProvider provider,
- String encodedToken,
- String encodedSecretKey,
- SecretKeyProperties props) {
- SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
- return decryptToken(provider, encodedToken, key, props);
- }
-
- public static ServerAccessToken decryptToken(OAuthDataProvider provider,
- String encodedToken,
- Key secretKey) {
- return decryptToken(provider, encodedToken, secretKey, null);
- }
-
- public static ServerAccessToken decryptToken(OAuthDataProvider provider,
- String encodedData,
- Key secretKey,
- SecretKeyProperties props) {
- try {
- String decryptedSequence = decryptSequence(encodedData, secretKey, props);
- return recreateToken(provider, encodedData, decryptedSequence);
- } catch (Exception ex) {
- throw new RuntimeException(ex);
- }
- }
-
- public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
- String encodedToken,
- Key key) {
- return decryptRefreshToken(provider, encodedToken, key, null);
- }
-
- public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
- String encodedData,
- Key key,
- SecretKeyProperties props) {
- try {
- String decryptedSequence = decryptSequence(encodedData, key, props);
- return recreateRefreshToken(provider, encodedData, decryptedSequence);
- } catch (Exception ex) {
- throw new RuntimeException(ex);
- }
- }
-
public static String encryptSequence(String sequence, Key secretKey) {
return encryptSequence(sequence, secretKey, null);
}
@@ -269,166 +163,4 @@ public final class EncryptionUtils {
}
}
- public static ServerAccessToken recreateToken(OAuthDataProvider provider,
- String newTokenKey,
- String decryptedSequence) {
- return recreateToken(provider, newTokenKey, decryptedSequence.split("\\" + SEP));
- }
-
- public static RefreshToken recreateRefreshToken(OAuthDataProvider provider,
- String newTokenKey,
- String decryptedSequence) {
- String[] parts = decryptedSequence.split("\\" + SEP);
- ServerAccessToken token = recreateToken(provider, newTokenKey, parts);
- return new RefreshToken(token,
- newTokenKey,
- parseSimpleList(parts[parts.length - 1]));
- }
-
- private static ServerAccessToken recreateToken(OAuthDataProvider provider,
- String newTokenKey,
- String[] parts) {
-
-
- @SuppressWarnings("serial")
- final ServerAccessToken newToken = new ServerAccessToken(provider.getClient(parts[4]),
- parts[1],
- newTokenKey == null ? parts[0] : newTokenKey,
- Long.valueOf(parts[2]),
- Long.valueOf(parts[3])) {
- };
-
- newToken.setRefreshToken(getStringPart(parts[5]));
- newToken.setGrantType(getStringPart(parts[6]));
- newToken.setAudience(getStringPart(parts[7]));
- newToken.setParameters(parseSimpleMap(parts[8]));
-
- // Permissions
- if (!parts[9].trim().isEmpty()) {
- List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
- String[] allPermParts = parts[9].split("\\.");
- for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
- OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]);
- perm.setDefault(Boolean.valueOf(allPermParts[i + 2]));
- perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
- perm.setUris(parseSimpleList(allPermParts[i + 4]));
- perms.add(perm);
- }
- newToken.setScopes(perms);
- }
- //UserSubject:
- if (!parts[10].trim().isEmpty()) {
- String[] subjectParts = parts[10].split("\\.");
- UserSubject subject = new UserSubject(subjectParts[0], getStringPart(subjectParts[1]));
- subject.setRoles(parseSimpleList(subjectParts[2]));
- subject.setProperties(parseSimpleMap(subjectParts[3]));
- newToken.setSubject(subject);
- }
-
-
- return newToken;
- }
-
- private static String tokenizeServerToken(ServerAccessToken token) {
- StringBuilder state = new StringBuilder();
- // 0: key
- state.append(token.getTokenKey());
- // 1: type
- state.append(SEP);
- state.append(token.getTokenType());
- // 2: expiresIn
- state.append(SEP);
- state.append(token.getExpiresIn());
- // 3: issuedAt
- state.append(SEP);
- state.append(token.getIssuedAt());
- // 4: client id
- state.append(SEP);
- state.append(token.getClient().getClientId());
- // 5: refresh token
- state.append(SEP);
- state.append(token.getRefreshToken());
- // 6: grant type
- state.append(SEP);
- state.append(token.getGrantType());
- // 7: audience
- state.append(SEP);
- state.append(token.getAudience());
- // 8: other parameters
- state.append(SEP);
- // {key=value, key=value}
- state.append(token.getParameters().toString());
- // 9: permissions
- state.append(SEP);
- if (token.getScopes().isEmpty()) {
- state.append(" ");
- } else {
- for (OAuthPermission p : token.getScopes()) {
- // 9.1
- state.append(p.getPermission());
- state.append(".");
- // 9.2
- state.append(p.getDescription());
- state.append(".");
- // 9.3
- state.append(p.isDefault());
- state.append(".");
- // 9.4
- state.append(p.getHttpVerbs().toString());
- state.append(".");
- // 9.5
- state.append(p.getUris().toString());
- }
- }
- // 10: user subject
- state.append(SEP);
- if (token.getSubject() != null) {
- // 10.1
- state.append(token.getSubject().getLogin());
- state.append(".");
- // 10.2
- state.append(token.getSubject().getId());
- state.append(".");
- // 10.3
- state.append(token.getSubject().getRoles().toString());
- state.append(".");
- // 10.4
- state.append(token.getSubject().getProperties().toString());
- } else {
- state.append(" ");
- }
-
- return state.toString();
- }
-
- private static String getStringPart(String str) {
- return "null".equals(str) ? null : str;
- }
-
- private static String prepareSimpleString(String str) {
- return str.trim().isEmpty() ? "" : str.substring(1, str.length() - 1);
- }
-
- private static List<String> parseSimpleList(String listStr) {
- String pureStringList = prepareSimpleString(listStr);
- if (pureStringList.isEmpty()) {
- return Collections.emptyList();
- } else {
- return Arrays.asList(pureStringList.split(","));
- }
- }
-
- private static Map<String, String> parseSimpleMap(String mapStr) {
- Map<String, String> props = new HashMap<String, String>();
- List<String> entries = parseSimpleList(mapStr);
- for (String entry : entries) {
- String[] pair = entry.split("=");
- props.put(pair[0], pair[1]);
- }
- return props;
- }
- private static String tokenizeRefreshToken(RefreshToken token) {
- String seq = tokenizeServerToken(token);
- return seq + SEP + token.getAccessTokens().toString();
- }
}
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java?rev=1560782&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java Thu Jan 23 18:55:12 2014
@@ -0,0 +1,500 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.utils;
+
+import java.security.Key;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+
+
+/**
+ * Default Model Encryption helpers
+ */
+public final class ModelEncryptionSupport {
+ private static final String SEP = "|";
+ private ModelEncryptionSupport() {
+ }
+
+ public static String encryptClient(Client client, Key secretKey) {
+ return encryptClient(client, secretKey, null);
+ }
+
+ public static String encryptClient(Client client, Key secretKey,
+ SecretKeyProperties props) {
+ String tokenSequence = tokenizeClient(client);
+ return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+ }
+
+ public static String encryptAccessToken(ServerAccessToken token, Key secretKey) {
+ return encryptAccessToken(token, secretKey, null);
+ }
+
+ public static String encryptAccessToken(ServerAccessToken token, Key secretKey,
+ SecretKeyProperties props) {
+ String tokenSequence = tokenizeServerToken(token);
+ return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+ }
+
+ public static String encryptRefreshToken(RefreshToken token, Key secretKey) {
+ return encryptRefreshToken(token, secretKey, null);
+ }
+
+ public static String encryptRefreshToken(RefreshToken token, Key secretKey,
+ SecretKeyProperties props) {
+ String tokenSequence = tokenizeRefreshToken(token);
+
+ return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+ }
+
+ public static String encryptCodeGrant(ServerAuthorizationCodeGrant grant, Key secretKey) {
+ return encryptCodeGrant(grant, secretKey, null);
+ }
+
+ public static String encryptCodeGrant(ServerAuthorizationCodeGrant grant, Key secretKey,
+ SecretKeyProperties props) {
+ String tokenSequence = tokenizeCodeGrant(grant);
+
+ return EncryptionUtils.encryptSequence(tokenSequence, secretKey, props);
+ }
+
+ public static Client decryptClient(String encodedSequence, String encodedSecretKey) {
+ return decryptClient(encodedSequence, encodedSecretKey, new SecretKeyProperties("AES"));
+ }
+
+ public static Client decryptClient(String encodedSequence, String encodedSecretKey,
+ SecretKeyProperties props) {
+ SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+ return decryptClient(encodedSequence, key, props);
+ }
+
+ public static Client decryptClient(String encodedSequence, Key secretKey) {
+ return decryptClient(encodedSequence, secretKey, null);
+ }
+
+ public static Client decryptClient(String encodedData, Key secretKey,
+ SecretKeyProperties props) {
+ try {
+ String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey, props);
+ return recreateClient(decryptedSequence);
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+ }
+
+ public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
+ String encodedToken,
+ String encodedSecretKey) {
+ return decryptAccessToken(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
+ }
+
+ public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
+ String encodedToken,
+ String encodedSecretKey,
+ SecretKeyProperties props) {
+ SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+ return decryptAccessToken(provider, encodedToken, key, props);
+ }
+
+ public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
+ String encodedToken,
+ Key secretKey) {
+ return decryptAccessToken(provider, encodedToken, secretKey, null);
+ }
+
+ public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
+ String encodedData,
+ Key secretKey,
+ SecretKeyProperties props) {
+ try {
+ String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey, props);
+ return recreateAccessToken(provider, encodedData, decryptedSequence);
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+ }
+
+ public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
+ String encodedToken,
+ String encodedSecretKey) {
+ return decryptRefreshToken(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
+ }
+
+ public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
+ String encodedToken,
+ String encodedSecretKey,
+ SecretKeyProperties props) {
+ SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+ return decryptRefreshToken(provider, encodedToken, key, props);
+ }
+
+ public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
+ String encodedToken,
+ Key key) {
+ return decryptRefreshToken(provider, encodedToken, key, null);
+ }
+
+ public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
+ String encodedData,
+ Key key,
+ SecretKeyProperties props) {
+ try {
+ String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, key, props);
+ return recreateRefreshToken(provider, encodedData, decryptedSequence);
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+ }
+
+ public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
+ String encodedToken,
+ String encodedSecretKey) {
+ return decryptCodeGrant(provider, encodedToken, encodedSecretKey, new SecretKeyProperties("AES"));
+ }
+
+ public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
+ String encodedToken,
+ String encodedSecretKey,
+ SecretKeyProperties props) {
+ SecretKey key = EncryptionUtils.decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+ return decryptCodeGrant(provider, encodedToken, key, props);
+ }
+
+ public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
+ String encodedToken,
+ Key key) {
+ return decryptCodeGrant(provider, encodedToken, key, null);
+ }
+
+ public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider provider,
+ String encodedData,
+ Key key,
+ SecretKeyProperties props) {
+ try {
+ String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, key, props);
+ return recreateCodeGrant(provider, decryptedSequence);
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+ }
+
+ public static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
+ String newTokenKey,
+ String decryptedSequence) {
+ return recreateAccessToken(provider, newTokenKey, getParts(decryptedSequence));
+ }
+
+ public static RefreshToken recreateRefreshToken(OAuthDataProvider provider,
+ String newTokenKey,
+ String decryptedSequence) {
+ String[] parts = getParts(decryptedSequence);
+ ServerAccessToken token = recreateAccessToken(provider, newTokenKey, parts);
+ return new RefreshToken(token,
+ newTokenKey,
+ parseSimpleList(parts[parts.length - 1]));
+ }
+
+ public static ServerAuthorizationCodeGrant recreateCodeGrant(OAuthDataProvider provider,
+ String decryptedSequence) {
+ return recreateCodeGrantInternal(provider, decryptedSequence);
+ }
+
+ public static Client recreateClient(String sequence) {
+ return recreateClientInternal(sequence);
+ }
+
+ private static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
+ String newTokenKey,
+ String[] parts) {
+
+
+ @SuppressWarnings("serial")
+ final ServerAccessToken newToken = new ServerAccessToken(provider.getClient(parts[4]),
+ parts[1],
+ newTokenKey == null ? parts[0] : newTokenKey,
+ Long.valueOf(parts[2]),
+ Long.valueOf(parts[3])) {
+ };
+
+ newToken.setRefreshToken(getStringPart(parts[5]));
+ newToken.setGrantType(getStringPart(parts[6]));
+ newToken.setAudience(getStringPart(parts[7]));
+ newToken.setParameters(parseSimpleMap(parts[8]));
+
+ // Permissions
+ if (!parts[9].trim().isEmpty()) {
+ List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
+ String[] allPermParts = parts[9].split("\\.");
+ for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
+ OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]);
+ perm.setDefault(Boolean.valueOf(allPermParts[i + 2]));
+ perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
+ perm.setUris(parseSimpleList(allPermParts[i + 4]));
+ perms.add(perm);
+ }
+ newToken.setScopes(perms);
+ }
+ //UserSubject:
+ newToken.setSubject(recreateUserSubject(parts[10]));
+
+ return newToken;
+ }
+
+ private static String tokenizeRefreshToken(RefreshToken token) {
+ String seq = tokenizeServerToken(token);
+ return seq + SEP + token.getAccessTokens().toString();
+ }
+
+ private static String tokenizeServerToken(ServerAccessToken token) {
+ StringBuilder state = new StringBuilder();
+ // 0: key
+ state.append(token.getTokenKey());
+ // 1: type
+ state.append(SEP);
+ state.append(token.getTokenType());
+ // 2: expiresIn
+ state.append(SEP);
+ state.append(token.getExpiresIn());
+ // 3: issuedAt
+ state.append(SEP);
+ state.append(token.getIssuedAt());
+ // 4: client id
+ state.append(SEP);
+ state.append(token.getClient().getClientId());
+ // 5: refresh token
+ state.append(SEP);
+ state.append(token.getRefreshToken());
+ // 6: grant type
+ state.append(SEP);
+ state.append(token.getGrantType());
+ // 7: audience
+ state.append(SEP);
+ state.append(token.getAudience());
+ // 8: other parameters
+ state.append(SEP);
+ // {key=value, key=value}
+ state.append(token.getParameters().toString());
+ // 9: permissions
+ state.append(SEP);
+ if (token.getScopes().isEmpty()) {
+ state.append(" ");
+ } else {
+ for (OAuthPermission p : token.getScopes()) {
+ // 9.1
+ state.append(p.getPermission());
+ state.append(".");
+ // 9.2
+ state.append(p.getDescription());
+ state.append(".");
+ // 9.3
+ state.append(p.isDefault());
+ state.append(".");
+ // 9.4
+ state.append(p.getHttpVerbs().toString());
+ state.append(".");
+ // 9.5
+ state.append(p.getUris().toString());
+ }
+ }
+ state.append(SEP);
+ // 10: user subject
+ tokenizeUserSubject(state, token.getSubject());
+
+ return state.toString();
+ }
+
+
+ private static Client recreateClientInternal(String sequence) {
+ String[] parts = getParts(sequence);
+ Client c = new Client(parts[0], parts[1], Boolean.valueOf(parts[2]), parts[3], parts[4]);
+ c.setApplicationDescription(parts[5]);
+ c.setApplicationLogoUri(parts[6]);
+ c.setAllowedGrantTypes(parseSimpleList(parts[7]));
+ c.setRegisteredScopes(parseSimpleList(parts[8]));
+ c.setRedirectUris(parseSimpleList(parts[9]));
+ c.setRegisteredAudiences(parseSimpleList(parts[10]));
+ c.setProperties(parseSimpleMap(parts[11]));
+ c.setSubject(recreateUserSubject(parts[12]));
+ return c;
+ }
+ private static String tokenizeClient(Client client) {
+ StringBuilder state = new StringBuilder();
+ // 0: id
+ state.append(client.getClientId());
+ state.append(SEP);
+ // 1: secret
+ state.append(client.getClientSecret());
+ state.append(SEP);
+ // 2: confidentiality
+ state.append(client.isConfidential());
+ state.append(SEP);
+ // 3: app name
+ state.append(client.getApplicationName());
+ state.append(SEP);
+ // 4: app web URI
+ state.append(client.getApplicationWebUri());
+ state.append(SEP);
+ // 5: app description
+ state.append(client.getApplicationDescription());
+ state.append(SEP);
+ // 6: app logo URI
+ state.append(client.getApplicationLogoUri());
+ state.append(SEP);
+ // 7: grants
+ state.append(client.getAllowedGrantTypes().toString());
+ state.append(SEP);
+ // 8: redirect URIs
+ state.append(client.getRedirectUris());
+ state.append(SEP);
+ // 9: registered scopes
+ state.append(client.getRegisteredScopes());
+ state.append(SEP);
+ // 10: registered audiences
+ state.append(client.getRegisteredAudiences());
+ state.append(SEP);
+ // 11: properties
+ state.append(client.getProperties().toString());
+ state.append(SEP);
+ // 12: subject
+ tokenizeUserSubject(state, client.getSubject());
+
+ return state.toString();
+ }
+ private static ServerAuthorizationCodeGrant recreateCodeGrantInternal(OAuthDataProvider provider,
+ String sequence) {
+ String[] parts = getParts(sequence);
+ ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(provider.getClient(parts[0]),
+ parts[1],
+ Long.valueOf(parts[2]),
+ Long.valueOf(parts[3]));
+ grant.setRedirectUri(parts[4]);
+ grant.setAudience(parts[5]);
+ grant.setClientCodeVerifier(parts[6]);
+ grant.setApprovedScopes(parseSimpleList(parts[7]));
+ grant.setSubject(recreateUserSubject(parts[8]));
+ return grant;
+ }
+ private static String tokenizeCodeGrant(ServerAuthorizationCodeGrant grant) {
+ StringBuilder state = new StringBuilder();
+ // 0: client id
+ state.append(grant.getClient().getClientId());
+ state.append(SEP);
+ // 1: code
+ state.append(grant.getCode());
+ state.append(SEP);
+ // 2: expiresIn
+ state.append(grant.getExpiresIn());
+ state.append(SEP);
+ // 3: issuedAt
+ state.append(grant.getIssuedAt());
+ state.append(SEP);
+ // 4: redirect URI
+ state.append(grant.getRedirectUri());
+ state.append(SEP);
+ // 5: audience
+ state.append(grant.getAudience());
+ state.append(SEP);
+ // 6: code verifier
+ state.append(grant.getClientCodeVerifier());
+ state.append(SEP);
+ // 7: approved scopes
+ state.append(grant.getApprovedScopes().toString());
+ state.append(SEP);
+ // 8: subject
+ tokenizeUserSubject(state, grant.getSubject());
+
+ return state.toString();
+ }
+
+ private static String getStringPart(String str) {
+ return "null".equals(str) ? null : str;
+ }
+
+ private static String prepareSimpleString(String str) {
+ return str.trim().isEmpty() ? "" : str.substring(1, str.length() - 1);
+ }
+
+ private static List<String> parseSimpleList(String listStr) {
+ String pureStringList = prepareSimpleString(listStr);
+ if (pureStringList.isEmpty()) {
+ return Collections.emptyList();
+ } else {
+ return Arrays.asList(pureStringList.split(","));
+ }
+ }
+
+ private static Map<String, String> parseSimpleMap(String mapStr) {
+ Map<String, String> props = new HashMap<String, String>();
+ List<String> entries = parseSimpleList(mapStr);
+ for (String entry : entries) {
+ String[] pair = entry.split("=");
+ props.put(pair[0], pair[1]);
+ }
+ return props;
+ }
+
+ private static String[] getParts(String sequence) {
+ return sequence.split("\\" + SEP);
+ }
+
+ private static UserSubject recreateUserSubject(String sequence) {
+ UserSubject subject = null;
+ if (!sequence.trim().isEmpty()) {
+ String[] subjectParts = sequence.split("\\.");
+ subject = new UserSubject(subjectParts[0], getStringPart(subjectParts[1]));
+ subject.setRoles(parseSimpleList(subjectParts[2]));
+ subject.setProperties(parseSimpleMap(subjectParts[3]));
+ }
+ return subject;
+
+
+ }
+
+ private static void tokenizeUserSubject(StringBuilder state, UserSubject subject) {
+ if (subject != null) {
+ // 1
+ state.append(subject.getLogin());
+ state.append(".");
+ // 2
+ state.append(subject.getId());
+ state.append(".");
+ // 3
+ state.append(subject.getRoles().toString());
+ state.append(".");
+ // 4
+ state.append(subject.getProperties().toString());
+ } else {
+ state.append(" ");
+ }
+ }
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java Thu Jan 23 18:55:12 2014
@@ -62,7 +62,7 @@ public class EncryptingDataProvider impl
ServerAccessToken token = createAccessTokenInternal(accessTokenReg);
String encryptedToken =
- EncryptionUtils.encryptTokenWithSecretKey(token, tokenKey);
+ ModelEncryptionSupport.encryptAccessToken(token, tokenKey);
tokens.add(encryptedToken);
refreshTokens.put(token.getRefreshToken(), encryptedToken);
@@ -72,7 +72,7 @@ public class EncryptingDataProvider impl
@Override
public ServerAccessToken getAccessToken(String accessTokenKey) throws OAuthServiceException {
- return EncryptionUtils.decryptToken(this, accessTokenKey, tokenKey);
+ return ModelEncryptionSupport.decryptAccessToken(this, accessTokenKey, tokenKey);
}
@Override
@@ -114,7 +114,8 @@ public class EncryptingDataProvider impl
1200L,
OAuthUtils.getIssuedAt());
- String encryptedRefreshToken = EncryptionUtils.encryptTokenWithSecretKey(refreshToken, tokenKey);
+ String encryptedRefreshToken =
+ ModelEncryptionSupport.encryptRefreshToken(refreshToken, tokenKey);
token.setRefreshToken(encryptedRefreshToken);
token.setGrantType(accessTokenReg.getGrantType());
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java?rev=1560782&r1=1560781&r2=1560782&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java Thu Jan 23 18:55:12 2014
@@ -121,7 +121,7 @@ public class EncryptionUtilsTest extends
assertEquals(perm1.getDescription(), perm2.getDescription());
RefreshToken refreshToken =
- EncryptionUtils.decryptRefreshToken(p, token2.getRefreshToken(), p.tokenKey);
+ ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.tokenKey);
assertEquals(1200L, refreshToken.getExpiresIn());
}