You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/09/21 16:05:09 UTC
svn commit: r1388501 - in /cxf/branches/2.6.x-fixes: ./
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/
rt/rs/secu...
Author: sergeyb
Date: Fri Sep 21 14:05:08 2012
New Revision: 1388501
URL: http://svn.apache.org/viewvc?rev=1388501&view=rev
Log:
Merged revisions 1388455 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1388455 | sergeyb | 2012-09-21 13:29:36 +0100 (Fri, 21 Sep 2012) | 1 line
[CXF-4431] Minor updates to the MAC token code
........
Modified:
cxf/branches/2.6.x-fixes/ (props changed)
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Merged /cxf/trunk:r1388455
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java?rev=1388501&r1=1388500&r2=1388501&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java Fri Sep 21 14:05:08 2012
@@ -274,8 +274,8 @@ public final class OAuthClientUtils {
}
MacAuthorizationScheme macAuthData = new MacAuthorizationScheme(httpProps, token);
String macAlgo = token.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM);
- String macSecret = token.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET);
- sb.append(macAuthData.toAuthorizationHeader(macAlgo, macSecret));
+ String macKey = token.getParameters().get(OAuthConstants.MAC_TOKEN_KEY);
+ sb.append(macAuthData.toAuthorizationHeader(macAlgo, macKey));
} else {
throw new ClientWebApplicationException(new OAuthServiceException("Unsupported token type"));
}
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java?rev=1388501&r1=1388500&r2=1388501&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java Fri Sep 21 14:05:08 2012
@@ -23,6 +23,7 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+//See http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
public class MacAccessToken extends ServerAccessToken {
public MacAccessToken(Client client,
@@ -57,27 +58,27 @@ public class MacAccessToken extends Serv
public MacAccessToken(Client client,
HmacAlgorithm algo,
String tokenKey,
- String tokenSecret,
+ String macKey,
long lifetime,
long issuedAt) {
super(client, OAuthConstants.MAC_TOKEN_TYPE, tokenKey, lifetime, issuedAt);
- this.setExtraParameters(algo, tokenSecret);
+ this.setExtraParameters(algo, macKey);
}
- private void setExtraParameters(HmacAlgorithm algo, String secret) {
- String theSecret = secret == null ? HmacUtils.generateSecret(algo) : secret;
- super.getParameters().put(OAuthConstants.MAC_TOKEN_SECRET,
- theSecret);
+ private void setExtraParameters(HmacAlgorithm algo, String macKey) {
+ String theKey = macKey == null ? HmacUtils.generateSecret(algo) : macKey;
+ super.getParameters().put(OAuthConstants.MAC_TOKEN_KEY,
+ theKey);
super.getParameters().put(OAuthConstants.MAC_TOKEN_ALGORITHM,
algo.getOAuthName());
}
- public String getMacKey() {
+ public String getMacId() {
return super.getTokenKey();
}
- public String getMacSecret() {
- return super.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET);
+ public String getMacKey() {
+ return super.getParameters().get(OAuthConstants.MAC_TOKEN_KEY);
}
public String getMacAlgorithm() {
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java?rev=1388501&r1=1388500&r2=1388501&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java Fri Sep 21 14:05:08 2012
@@ -89,7 +89,7 @@ public class MacAccessTokenValidator imp
try {
HmacAlgorithm hmacAlgo = HmacAlgorithm.toHmacAlgorithm(macAccessToken.getMacAlgorithm());
byte[] serverMacData = HmacUtils.computeHmac(
- macAccessToken.getMacSecret(), hmacAlgo, normalizedString);
+ macAccessToken.getMacKey(), hmacAlgo, normalizedString);
byte[] clientMacData = Base64Utility.decode(clientMacString);
boolean validMac = Arrays.equals(serverMacData, clientMacData);
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java?rev=1388501&r1=1388500&r2=1388501&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java Fri Sep 21 14:05:08 2012
@@ -40,14 +40,14 @@ public class MacAuthorizationScheme {
this.props = props;
this.macKey = token.getTokenKey();
this.timestamp = Long.toString(System.currentTimeMillis());
- this.nonce = generateNonce(token.getIssuedAt());
+ this.nonce = generateNonce();
}
public MacAuthorizationScheme(HttpRequestProperties props,
Map<String, String> schemeParams) {
this.props = props;
this.macKey = schemeParams.get(OAuthConstants.MAC_TOKEN_ID);
- this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_EXTENSION);
+ this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_TIMESTAMP);
this.nonce = schemeParams.get(OAuthConstants.MAC_TOKEN_NONCE);
}
@@ -73,8 +73,7 @@ public class MacAuthorizationScheme {
addParameter(sb, OAuthConstants.MAC_TOKEN_ID, macKey, false);
addParameter(sb, OAuthConstants.MAC_TOKEN_NONCE, nonce, false);
addParameter(sb, OAuthConstants.MAC_TOKEN_SIGNATURE, signature, false);
- // lets pass a timestamp via an extension parameter
- addParameter(sb, OAuthConstants.MAC_TOKEN_EXTENSION, timestamp, false);
+ addParameter(sb, OAuthConstants.MAC_TOKEN_TIMESTAMP, timestamp, false);
return sb.toString();
@@ -95,13 +94,13 @@ public class MacAuthorizationScheme {
}
- String value = nonce + SEPARATOR
+ String value = timestamp + SEPARATOR
+ + nonce + SEPARATOR
+ props.getHttpMethod().toUpperCase() + SEPARATOR
+ requestURI + SEPARATOR
+ props.getHostName() + SEPARATOR
+ props.getPort() + SEPARATOR
- + "" + SEPARATOR
- + timestamp + SEPARATOR;
+ + "" + SEPARATOR;
return value;
}
@@ -110,16 +109,12 @@ public class MacAuthorizationScheme {
return query;
}
- private static String generateNonce(long issuedAt) {
- long ageInSecs = System.currentTimeMillis() / 1000 - issuedAt;
- if (ageInSecs == 0) {
- ageInSecs = 1;
- }
+ private static String generateNonce() {
byte[] randomBytes = new byte[20];
new SecureRandom().nextBytes(randomBytes);
String random = Base64Utility.encode(randomBytes);
- return Long.toString(ageInSecs) + ":" + random;
+ return random;
}
}
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1388501&r1=1388500&r2=1388501&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java Fri Sep 21 14:05:08 2012
@@ -50,13 +50,14 @@ public final class OAuthConstants {
// MAC token parameters
// Set by Access Token Service
- public static final String MAC_TOKEN_SECRET = "secret";
- public static final String MAC_TOKEN_ALGORITHM = "algorithm";
+ public static final String MAC_TOKEN_KEY = "mac_key";
+ public static final String MAC_TOKEN_ALGORITHM = "mac_algorithm";
public static final String MAC_TOKEN_ALGO_HMAC_SHA_1 = "hmac-sha-1";
public static final String MAC_TOKEN_ALGO_HMAC_SHA_256 = "hmac-sha-256";
// Set in Authorization header
public static final String MAC_TOKEN_ID = "id";
+ public static final String MAC_TOKEN_TIMESTAMP = "ts";
public static final String MAC_TOKEN_EXTENSION = "ext";
public static final String MAC_TOKEN_NONCE = "nonce";
public static final String MAC_TOKEN_SIGNATURE = "mac";
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java?rev=1388501&r1=1388500&r2=1388501&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java Fri Sep 21 14:05:08 2012
@@ -107,7 +107,7 @@ public class OAuthJSONProviderTest exten
token.setRefreshToken("5678");
token.setApprovedScope("read");
Map<String, String> params = new LinkedHashMap<String, String>();
- params.put(OAuthConstants.MAC_TOKEN_SECRET, "test_mac_secret");
+ params.put(OAuthConstants.MAC_TOKEN_KEY, "test_mac_secret");
params.put(OAuthConstants.MAC_TOKEN_ALGORITHM, OAuthConstants.MAC_TOKEN_ALGO_HMAC_SHA_1);
params.put("my_parameter", "abc");
@@ -127,11 +127,11 @@ public class OAuthJSONProviderTest exten
public void testReadMacClientAccessToken() throws Exception {
String response = "{" + "\"access_token\":\"1234\"," + "\"token_type\":\"mac\","
+ "\"refresh_token\":\"5678\"," + "\"expires_in\":12345," + "\"scope\":\"read\","
- + "\"secret\":\"adijq39jdlaska9asud\"," + "\"algorithm\":\"hmac-sha-256\","
+ + "\"mac_key\":\"adijq39jdlaska9asud\"," + "\"mac_algorithm\":\"hmac-sha-256\","
+ "\"my_parameter\":\"abc\"" + "}";
ClientAccessToken macToken = doReadClientAccessToken(response, "mac", null);
assertEquals("adijq39jdlaska9asud",
- macToken.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET));
+ macToken.getParameters().get(OAuthConstants.MAC_TOKEN_KEY));
assertEquals("hmac-sha-256",
macToken.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM));
}
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java?rev=1388501&r1=1388500&r2=1388501&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java Fri Sep 21 14:05:08 2012
@@ -78,7 +78,7 @@ public class MacAccessTokenValidatorTest
return new MacAuthorizationScheme(props, macAccessToken)
.toAuthorizationHeader(macAccessToken.getMacAlgorithm(),
- macAccessToken.getMacSecret());
+ macAccessToken.getMacKey());
}
private static HttpServletRequest mockHttpRequest() {