You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/01/24 14:53:20 UTC
svn commit: r1561006 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src:
main/java/org/apache/cxf/rs/security/oauth2/common/
main/java/org/apache/cxf/rs/security/oauth2/grants/code/
main/java/org/apache/cxf/rs/security/oauth2/provider/ main/java/or...
Author: sergeyb
Date: Fri Jan 24 13:53:19 2014
New Revision: 1561006
URL: http://svn.apache.org/r1561006
Log:
[CXF-5417] More basic tests and some updates
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java (with props)
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java?rev=1561006&r1=1561005&r2=1561006&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java Fri Jan 24 13:53:19 2014
@@ -23,7 +23,7 @@ public class OOBAuthorizationResponse {
private String authorizationCode;
private String clientId;
private String userId;
- private long lifetime;
+ private long expiresIn;
public String getAuthorizationCode() {
return authorizationCode;
@@ -49,12 +49,21 @@ public class OOBAuthorizationResponse {
this.userId = userId;
}
+ @Deprecated
public long getLifetime() {
- return lifetime;
+ return expiresIn;
}
-
+ @Deprecated
public void setLifetime(long lifetime) {
- this.lifetime = lifetime;
+ this.expiresIn = lifetime;
+ }
+
+ public long getExpiresIn() {
+ return expiresIn;
+ }
+
+ public void setExpiresIn(long lifetime) {
+ this.expiresIn = lifetime;
}
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java?rev=1561006&r1=1561005&r2=1561006&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java Fri Jan 24 13:53:19 2014
@@ -51,7 +51,7 @@ public class AuthorizationCodeGrantHandl
return null;
}
// check it has not expired, the client ids are the same
- if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getLifetime())) {
+ if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getExpiresIn())) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
if (!grant.getClient().getClientId().equals(client.getClientId())) {
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java?rev=1561006&r1=1561005&r2=1561006&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServiceException.java Fri Jan 24 13:53:19 2014
@@ -20,6 +20,7 @@
package org.apache.cxf.rs.security.oauth2.provider;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
/**
@@ -38,6 +39,10 @@ public class OAuthServiceException exten
super(message, cause);
}
+ public OAuthServiceException(Throwable cause) {
+ super(OAuthConstants.SERVER_ERROR, cause);
+ }
+
public OAuthServiceException(OAuthError error) {
this.error = error;
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java?rev=1561006&r1=1561005&r2=1561006&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java Fri Jan 24 13:53:19 2014
@@ -86,7 +86,7 @@ public class AuthorizationCodeGrantServi
oobResponse.setClientId(client.getClientId());
oobResponse.setAuthorizationCode(grant.getCode());
oobResponse.setUserId(userSubject.getLogin());
- oobResponse.setLifetime(grant.getLifetime());
+ oobResponse.setExpiresIn(grant.getExpiresIn());
return deliverOOBResponse(oobResponse);
} else {
// return the code by appending it as a query parameter to the redirect URI
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java?rev=1561006&r1=1561005&r2=1561006&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java Fri Jan 24 13:53:19 2014
@@ -28,6 +28,8 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+
/**
* Encryption helpers
@@ -40,7 +42,7 @@ public final class EncryptionUtils {
try {
return Base64UrlUtility.encode(key.getEncoded());
} catch (Exception ex) {
- throw new RuntimeException(ex);
+ throw new OAuthServiceException(ex);
}
}
@@ -86,7 +88,7 @@ public final class EncryptionUtils {
SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
return decryptSequence(encodedData, key, props);
} catch (Exception ex) {
- throw new RuntimeException(ex);
+ throw new OAuthServiceException(ex);
}
}
@@ -102,7 +104,7 @@ public final class EncryptionUtils {
byte[] bytes = processBytes(encryptedBytes, secretKey, props, Cipher.DECRYPT_MODE);
return new String(bytes, "UTF-8");
} catch (Exception ex) {
- throw new RuntimeException(ex);
+ throw new OAuthServiceException(ex);
}
}
@@ -119,7 +121,7 @@ public final class EncryptionUtils {
Cipher.ENCRYPT_MODE);
return Base64UrlUtility.encode(bytes);
} catch (Exception ex) {
- throw new RuntimeException(ex);
+ throw new OAuthServiceException(ex);
}
}
@@ -142,7 +144,7 @@ public final class EncryptionUtils {
}
return c.doFinal(bytes);
} catch (Exception ex) {
- throw new RuntimeException(ex);
+ throw new OAuthServiceException(ex);
}
}
@@ -151,7 +153,7 @@ public final class EncryptionUtils {
byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
return new SecretKeySpec(secretKeyBytes, algo);
} catch (Exception ex) {
- throw new RuntimeException(ex);
+ throw new OAuthServiceException(ex);
}
}
@@ -159,7 +161,7 @@ public final class EncryptionUtils {
try {
return Base64UrlUtility.decode(encodedSequence);
} catch (Exception ex) {
- throw new RuntimeException(ex);
+ throw new OAuthServiceException(ex);
}
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java?rev=1561006&r1=1561005&r2=1561006&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/ModelEncryptionSupport.java Fri Jan 24 13:53:19 2014
@@ -35,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
@@ -108,7 +109,7 @@ public final class ModelEncryptionSuppor
String decryptedSequence = EncryptionUtils.decryptSequence(encodedData, secretKey, props);
return recreateClient(decryptedSequence);
} catch (Exception ex) {
- throw new RuntimeException(ex);
+ throw new OAuthServiceException(ex);
}
}
@@ -336,9 +337,10 @@ public final class ModelEncryptionSuppor
private static Client recreateClientInternal(String sequence) {
String[] parts = getParts(sequence);
- Client c = new Client(parts[0], parts[1], Boolean.valueOf(parts[2]), parts[3], parts[4]);
- c.setApplicationDescription(parts[5]);
- c.setApplicationLogoUri(parts[6]);
+ Client c = new Client(parts[0], parts[1], Boolean.valueOf(parts[2]),
+ getStringPart(parts[3]), getStringPart(parts[4]));
+ c.setApplicationDescription(getStringPart(parts[5]));
+ c.setApplicationLogoUri(getStringPart(parts[6]));
c.setAllowedGrantTypes(parseSimpleList(parts[7]));
c.setRegisteredScopes(parseSimpleList(parts[8]));
c.setRedirectUris(parseSimpleList(parts[9]));
@@ -397,9 +399,9 @@ public final class ModelEncryptionSuppor
parts[1],
Long.valueOf(parts[2]),
Long.valueOf(parts[3]));
- grant.setRedirectUri(parts[4]);
- grant.setAudience(parts[5]);
- grant.setClientCodeVerifier(parts[6]);
+ grant.setRedirectUri(getStringPart(parts[4]));
+ grant.setAudience(getStringPart(parts[5]));
+ grant.setClientCodeVerifier(getStringPart(parts[6]));
grant.setApprovedScopes(parseSimpleList(parts[7]));
grant.setSubject(recreateUserSubject(parts[8]));
return grant;
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java?rev=1561006&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java Fri Jan 24 13:53:19 2014
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.utils;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+
+public class CodeGrantEncryptingDataProvider extends EncryptingDataProvider
+ implements AuthorizationCodeDataProvider {
+
+ private Set<String> grants = new HashSet<String>();
+
+ public CodeGrantEncryptingDataProvider() throws Exception {
+ super();
+ }
+
+ @Override
+ public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)
+ throws OAuthServiceException {
+ ServerAuthorizationCodeGrant grant =
+ new ServerAuthorizationCodeGrant(reg.getClient(), 123);
+ grant.setAudience(reg.getAudience());
+ String encrypted = ModelEncryptionSupport.encryptCodeGrant(grant, key);
+ grant.setCode(encrypted);
+ grants.add(encrypted);
+ return grant;
+ }
+
+ @Override
+ public ServerAuthorizationCodeGrant removeCodeGrant(String code) throws OAuthServiceException {
+ grants.remove(code);
+ return ModelEncryptionSupport.decryptCodeGrant(this, code, key);
+ }
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/CodeGrantEncryptingDataProvider.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java?rev=1561006&r1=1561005&r2=1561006&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptingDataProvider.java Fri Jan 24 13:53:19 2014
@@ -39,20 +39,20 @@ import org.apache.cxf.rs.security.oauth2
public class EncryptingDataProvider implements OAuthDataProvider {
- SecretKey tokenKey;
- private Map<String, Client> clients;
-
+ SecretKey key;
+ private Map<String, String> clients;
private Set<String> tokens = new HashSet<String>();
private Map<String, String> refreshTokens = new HashMap<String, String>();
public EncryptingDataProvider() throws Exception {
- tokenKey = EncryptionUtils.getSecretKey();
- clients = Collections.singletonMap("1", new Client("1", "2", true));
+ key = EncryptionUtils.getSecretKey();
+ String encryptedClient = ModelEncryptionSupport.encryptClient(new Client("1", "2", true), key);
+ clients = Collections.singletonMap("1", encryptedClient);
}
@Override
public Client getClient(String clientId) throws OAuthServiceException {
- return clients.get(clientId);
+ return ModelEncryptionSupport.decryptClient(clients.get(clientId), key);
}
@Override
@@ -60,26 +60,29 @@ public class EncryptingDataProvider impl
throws OAuthServiceException {
ServerAccessToken token = createAccessTokenInternal(accessTokenReg);
-
- String encryptedToken =
- ModelEncryptionSupport.encryptAccessToken(token, tokenKey);
-
- tokens.add(encryptedToken);
- refreshTokens.put(token.getRefreshToken(), encryptedToken);
- token.setTokenKey(encryptedToken);
+ encryptAccessToken(token);
return token;
}
@Override
public ServerAccessToken getAccessToken(String accessTokenKey) throws OAuthServiceException {
- return ModelEncryptionSupport.decryptAccessToken(this, accessTokenKey, tokenKey);
+ return ModelEncryptionSupport.decryptAccessToken(this, accessTokenKey, key);
}
@Override
public ServerAccessToken refreshAccessToken(Client client, String refreshToken,
List<String> requestedScopes)
throws OAuthServiceException {
- return null;
+ String encrypted = refreshTokens.remove(refreshToken);
+ ServerAccessToken token = ModelEncryptionSupport.decryptAccessToken(this, encrypted, key);
+ tokens.remove(token.getTokenKey());
+
+ // create a new refresh token
+ createRefreshToken(token);
+ // possibly update other token properties
+ encryptAccessToken(token);
+
+ return token;
}
@Override
@@ -90,7 +93,10 @@ public class EncryptingDataProvider impl
@Override
public void revokeToken(Client client, String token, String tokenTypeHint)
throws OAuthServiceException {
- // complete
+ // the fast way: if it is the refresh token then there will be a matching value for it
+ String accessToken = refreshTokens.remove(token);
+ // if no matching value then the token parameter is access token key
+ tokens.remove(accessToken == null ? token : accessToken);
}
@Override
@@ -109,14 +115,7 @@ public class EncryptingDataProvider impl
BearerAccessToken token = new BearerAccessToken(accessTokenReg.getClient(), 3600L);
token.setSubject(accessTokenReg.getSubject());
- RefreshToken refreshToken = new RefreshToken(accessTokenReg.getClient(),
- "refresh",
- 1200L,
- OAuthUtils.getIssuedAt());
-
- String encryptedRefreshToken =
- ModelEncryptionSupport.encryptRefreshToken(refreshToken, tokenKey);
- token.setRefreshToken(encryptedRefreshToken);
+ createRefreshToken(token);
token.setGrantType(accessTokenReg.getGrantType());
token.setAudience(accessTokenReg.getAudience());
@@ -126,4 +125,20 @@ public class EncryptingDataProvider impl
return token;
}
+ private void encryptAccessToken(ServerAccessToken token) {
+ String encryptedToken = ModelEncryptionSupport.encryptAccessToken(token, key);
+ tokens.add(encryptedToken);
+ refreshTokens.put(token.getRefreshToken(), encryptedToken);
+ token.setTokenKey(encryptedToken);
+ }
+
+ private void createRefreshToken(ServerAccessToken token) {
+ RefreshToken refreshToken = new RefreshToken(token.getClient(),
+ "refresh",
+ 1200L,
+ OAuthUtils.getIssuedAt());
+
+ String encryptedRefreshToken = ModelEncryptionSupport.encryptRefreshToken(refreshToken, key);
+ token.setRefreshToken(encryptedRefreshToken);
+ }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java?rev=1561006&r1=1561005&r2=1561006&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java Fri Jan 24 13:53:19 2014
@@ -33,6 +33,8 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
@@ -43,11 +45,11 @@ import org.junit.Test;
public class EncryptionUtilsTest extends Assert {
- private EncryptingDataProvider p;
+ private CodeGrantEncryptingDataProvider p;
@Before
public void setUp() throws Exception {
- p = new EncryptingDataProvider();
+ p = new CodeGrantEncryptingDataProvider();
}
@After
@@ -69,6 +71,17 @@ public class EncryptionUtilsTest extends
}
@Test
+ public void testEncryptDecryptCodeGrant() throws Exception {
+ AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration();
+ codeReg.setAudience("http://bar");
+ codeReg.setClient(p.getClient("1"));
+ ServerAuthorizationCodeGrant grant = p.createCodeGrant(codeReg);
+ ServerAuthorizationCodeGrant grant2 = p.removeCodeGrant(grant.getCode());
+ assertEquals("http://bar", grant2.getAudience());
+ assertEquals("1", grant2.getClient().getClientId());
+ }
+
+ @Test
public void testBearerTokenJSON() throws Exception {
AccessTokenRegistration atr = prepareTokenRegistration();
@@ -80,8 +93,8 @@ public class EncryptionUtilsTest extends
jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
new MetadataMap<String, Object>(), bos);
- String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.tokenKey);
- String decrypted = EncryptionUtils.decryptSequence(encrypted, p.tokenKey);
+ String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key);
+ String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key);
ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class,
new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
new MetadataMap<String, String>(),
@@ -91,6 +104,55 @@ public class EncryptionUtilsTest extends
compareAccessTokens(token, token2);
}
+ @Test
+ public void testClientJSON() throws Exception {
+ Client c = new Client("client", "secret", true);
+ c.setSubject(new UserSubject("subject", "id"));
+ JSONProvider<Client> jsonp = new JSONProvider<Client>();
+ jsonp.setMarshallAsJaxbElement(true);
+ jsonp.setUnmarshallAsJaxbElement(true);
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ jsonp.writeTo(c, Client.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
+ new MetadataMap<String, Object>(), bos);
+
+ String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key);
+ String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key);
+ Client c2 = jsonp.readFrom(Client.class, Client.class,
+ new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
+ new MetadataMap<String, String>(),
+ new ByteArrayInputStream(decrypted.getBytes()));
+
+ assertEquals(c.getClientId(), c2.getClientId());
+ assertEquals(c.getClientSecret(), c2.getClientSecret());
+ assertTrue(c2.isConfidential());
+ assertEquals("subject", c2.getSubject().getLogin());
+ assertEquals("id", c2.getSubject().getId());
+ }
+
+ @Test
+ public void testCodeGrantJSON() throws Exception {
+ Client c = new Client("client", "secret", true);
+ ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(c, "code", 1, 2);
+ JSONProvider<ServerAuthorizationCodeGrant> jsonp = new JSONProvider<ServerAuthorizationCodeGrant>();
+ jsonp.setMarshallAsJaxbElement(true);
+ jsonp.setUnmarshallAsJaxbElement(true);
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ jsonp.writeTo(grant, ServerAuthorizationCodeGrant.class, new Annotation[]{},
+ MediaType.APPLICATION_JSON_TYPE,
+ new MetadataMap<String, Object>(), bos);
+
+ String encrypted = EncryptionUtils.encryptSequence(bos.toString(), p.key);
+ String decrypted = EncryptionUtils.decryptSequence(encrypted, p.key);
+ ServerAuthorizationCodeGrant grant2 = jsonp.readFrom(ServerAuthorizationCodeGrant.class,
+ Client.class,
+ new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
+ new MetadataMap<String, String>(),
+ new ByteArrayInputStream(decrypted.getBytes()));
+ assertEquals("code", grant2.getCode());
+ assertEquals(1, grant2.getExpiresIn());
+ assertEquals(2, grant2.getIssuedAt());
+ }
+
private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) {
assertEquals(token.getTokenKey(), token2.getTokenKey());
assertEquals(token.getTokenType(), token2.getTokenType());
@@ -99,7 +161,7 @@ public class EncryptionUtilsTest extends
Client regClient1 = token.getClient();
Client regClient2 = token2.getClient();
assertEquals(regClient1.getClientId(), regClient2.getClientId());
-
+ assertNull(regClient2.getApplicationDescription());
UserSubject endUser1 = token.getSubject();
UserSubject endUser2 = token2.getSubject();
assertEquals(endUser1.getLogin(), endUser2.getLogin());
@@ -121,7 +183,7 @@ public class EncryptionUtilsTest extends
assertEquals(perm1.getDescription(), perm2.getDescription());
RefreshToken refreshToken =
- ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.tokenKey);
+ ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.key);
assertEquals(1200L, refreshToken.getExpiresIn());
}