You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by se...@apache.org on 2014/10/07 18:41:25 UTC

[1/2] git commit: Adding a utility for converting JwtToken to ServerAccessToken

Repository: cxf
Updated Branches:
  refs/heads/master a5aff3e7a -> 9a952cfaf


Adding a utility for converting JwtToken to ServerAccessToken


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b8938b57
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b8938b57
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b8938b57

Branch: refs/heads/master
Commit: b8938b57448dd490b55730d4b8d4d719b087dca8
Parents: aa237f2
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Oct 7 17:40:21 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Oct 7 17:40:21 2014 +0100

----------------------------------------------------------------------
 .../jose/jwt/token/JwtAccessTokenUtils.java     | 112 +++++++++++++++++++
 1 file changed, 112 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b8938b57/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
new file mode 100644
index 0000000..1474675
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/token/JwtAccessTokenUtils.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt.token;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesGcmContentDecryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.ContentEncryptionAlgorithm;
+import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweDecryption;
+import org.apache.cxf.rs.security.jose.jwe.DirectKeyJweEncryption;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignature;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+
+public final class JwtAccessTokenUtils {
+    private JwtAccessTokenUtils() {
+        
+    }
+    
+    public static ServerAccessToken toAccessToken(JwtToken jwt, 
+                                                  Client client,
+                                                  SecretKey key) {
+        String jwtString = new JwsJwtCompactProducer(jwt)
+                               .signWith(new NoneSignatureProvider());
+        ContentEncryptionAlgorithm contentEncryption = 
+            new AesGcmContentEncryptionAlgorithm(key, null, Algorithm.A128GCM.getJwtName());
+        JweEncryptionProvider jweEncryption = new DirectKeyJweEncryption(contentEncryption);
+        String tokenId = jweEncryption.encrypt(getBytes(jwtString), null);
+        Long issuedAt = jwt.getClaims().getIssuedAt();
+        Long notBefore = jwt.getClaims().getNotBefore();
+        if (issuedAt == null) {
+            issuedAt = System.currentTimeMillis();
+            notBefore = null;
+        }
+        Long expiresIn = null;
+        if (notBefore == null) {
+            expiresIn = 3600L;
+        } else {
+            expiresIn = notBefore - issuedAt;
+        }
+        
+        return new BearerAccessToken(client, tokenId, issuedAt, expiresIn);
+        
+    }
+    public static JwtToken fromAccessTokenId(String tokenId, SecretKey key) {
+        DirectKeyJweDecryption jweDecryption = 
+            new DirectKeyJweDecryption(key, 
+                new AesGcmContentDecryptionAlgorithm(Algorithm.A128GCM.getJwtName()));
+        String decrypted = jweDecryption.decrypt(tokenId).getContentText();
+        JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(decrypted);
+        return consumer.getJwtToken();
+    }
+    private static class NoneSignatureProvider implements JwsSignatureProvider {
+
+        @Override
+        public String getAlgorithm() {
+            return "none";
+        }
+
+        @Override
+        public JwsSignature createJwsSignature(JwsHeaders headers) {
+            return new NoneJwsSignature();
+        }
+        
+    }
+    private static class NoneJwsSignature implements JwsSignature {
+
+        @Override
+        public void update(byte[] src, int off, int len) {
+            // complete
+        }
+
+        @Override
+        public byte[] sign() {
+            return new byte[]{};
+        }
+        
+    }
+    private static byte[] getBytes(String str) {
+        try {
+            return str.getBytes("UTF-8");
+        } catch (Exception ex) {
+            // ignore
+        }
+        return null;
+    }
+}

[2/2] git commit: Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf

Posted by se...@apache.org.

Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9a952cfa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9a952cfa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9a952cfa

Branch: refs/heads/master
Commit: 9a952cfafebdeb14a456d2b657f8fe3211184492
Parents: b8938b5 a5aff3e
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Oct 7 17:40:59 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Oct 7 17:40:59 2014 +0100

----------------------------------------------------------------------
 .../interceptors/MessageModeOutInterceptor.java   | 18 ++++++++++--------
 .../jexlClaimMappingsWithFunctions.script         | 11 ++++++++++-
 2 files changed, 20 insertions(+), 9 deletions(-)
----------------------------------------------------------------------