Repository: cxf Updated Branches: refs/heads/master 1aefa51be -> f74e2e060
[CXF-6363] Introducing JwsHeaders Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f74e2e06 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f74e2e06 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f74e2e06 Branch: refs/heads/master Commit: f74e2e060b93fbbfc05ace263fe7f4f588b63e4d Parents: 1aefa51 Author: Sergey Beryozkin <[email protected]> Authored: Tue Apr 21 12:55:27 2015 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Apr 21 12:55:27 2015 +0100 ---------------------------------------------------------------------- .../jose/jaxrs/JwsJsonWriterInterceptor.java | 7 ++-- .../jose/jaxrs/JwsWriterInterceptor.java | 3 +- .../jose/jws/AbstractJwsSignatureProvider.java | 8 ++-- .../jose/jws/EcDsaJwsSignatureVerifier.java | 3 +- .../jose/jws/HmacJwsSignatureVerifier.java | 5 +-- .../security/jose/jws/JwsCompactConsumer.java | 4 +- .../security/jose/jws/JwsCompactProducer.java | 11 +++-- .../cxf/rs/security/jose/jws/JwsHeaders.java | 43 ++++++++++++++++++++ .../rs/security/jose/jws/JwsJsonProducer.java | 2 +- .../jose/jws/JwsJsonSignatureEntry.java | 6 +-- .../jose/jws/JwsJwtCompactProducer.java | 2 +- .../security/jose/jws/JwsSignatureProvider.java | 5 +-- .../security/jose/jws/JwsSignatureVerifier.java | 3 +- .../cxf/rs/security/jose/jws/JwsUtils.java | 2 +- .../jose/jws/NoneJwsSignatureProvider.java | 5 +-- .../jose/jws/NoneJwsSignatureVerifier.java | 3 +- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 3 +- .../security/jose/jws/JwsCompactHeaderTest.java | 5 ++- .../oauth2/grants/jwt/AbstractJwtHandler.java | 4 +- .../grants/jwt/JwtBearerGrantHandler.java | 7 ++-- .../grants/jwt/AbstractJwtHandlerTest.java | 4 +- 21 files changed, 87 insertions(+), 48 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java index 069279b..7f7435d 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java @@ -37,6 +37,7 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream; import org.apache.cxf.rs.security.jose.jws.JwsJsonProducer; import org.apache.cxf.rs.security.jose.jws.JwsSignature; @@ -59,7 +60,7 @@ public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider impl List<String> protectedHeaders = new ArrayList<String>(sigProviders.size()); List<JwsSignature> signatures = new ArrayList<JwsSignature>(sigProviders.size()); for (JwsSignatureProvider signer : sigProviders) { - JoseHeaders protectedHeader = prepareProtectedHeader(ctx, signer); + JwsHeaders protectedHeader = prepareProtectedHeader(ctx, signer); String encoded = Base64UrlUtility.encode(writer.toJson(protectedHeader)); protectedHeaders.add(encoded); JwsSignature signature = signer.createJwsSignature(protectedHeader); @@ -90,9 +91,9 @@ public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider impl } - private JoseHeaders prepareProtectedHeader(WriterInterceptorContext ctx, + private JwsHeaders prepareProtectedHeader(WriterInterceptorContext ctx, JwsSignatureProvider signer) { - JoseHeaders headers = new JoseHeaders(); + JwsHeaders headers = new JwsHeaders(); headers.setAlgorithm(signer.getAlgorithm().getJwaName()); setContentTypeIfNeeded(headers, ctx); return headers; http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java index 10b43f1..52a09d1 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java @@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsOutputStream; import org.apache.cxf.rs.security.jose.jws.JwsSignature; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; @@ -51,7 +52,7 @@ public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements W ctx.proceed(); return; } - JoseHeaders headers = new JoseHeaders(); + JwsHeaders headers = new JwsHeaders(); JwsSignatureProvider sigProvider = getInitializedSigProvider(headers); setContentTypeIfNeeded(headers, ctx); OutputStream actualOs = ctx.getOutputStream(); http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java index 57ceb17..812c037 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java @@ -33,9 +33,9 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid this.algorithm = algo; } - protected JoseHeaders prepareHeaders(JoseHeaders headers) { + protected JwsHeaders prepareHeaders(JwsHeaders headers) { if (headers == null) { - headers = new JoseHeaders(); + headers = new JwsHeaders(); } String algo = headers.getAlgorithm(); if (algo != null) { @@ -51,13 +51,13 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid return algorithm; } @Override - public byte[] sign(JoseHeaders headers, byte[] content) { + public byte[] sign(JwsHeaders headers, byte[] content) { JwsSignature sig = createJwsSignature(headers); sig.update(content, 0, content.length); return sig.sign(); } @Override - public JwsSignature createJwsSignature(JoseHeaders headers) { + public JwsSignature createJwsSignature(JwsHeaders headers) { return doCreateJwsSignature(prepareHeaders(headers)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java index 1a287c4..025cd21 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java @@ -23,7 +23,6 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.HashMap; import java.util.Map; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; @@ -42,7 +41,7 @@ public class EcDsaJwsSignatureVerifier extends PublicKeyJwsSignatureVerifier { super(key, spec, supportedAlgo); } @Override - public boolean verify(JoseHeaders headers, String unsignedText, byte[] signature) { + public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) { final String algoName = super.getAlgorithm().getJwaName(); if (SIGNATURE_LENGTH_MAP.get(algoName) != signature.length) { LOG.warning("Algorithm " + algoName + " signature length is " + SIGNATURE_LENGTH_MAP.get(algoName) http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java index 528ccc7..984eb32 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -24,7 +24,6 @@ import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.crypto.HmacUtils; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; @@ -52,12 +51,12 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { @Override - public boolean verify(JoseHeaders headers, String unsignedText, byte[] signature) { + public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) { byte[] expected = computeMac(headers, unsignedText); return Arrays.equals(expected, signature); } - private byte[] computeMac(JoseHeaders headers, String text) { + private byte[] computeMac(JwsHeaders headers, String text) { return HmacUtils.computeHmac(key, AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())), hmacSpec, http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java index 27f9551..b86742c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java @@ -90,13 +90,13 @@ public class JwsCompactConsumer { public byte[] getDecodedSignature() { return encodedSignature.isEmpty() ? new byte[]{} : JoseUtils.decode(encodedSignature); } - public JoseHeaders getJoseHeaders() { + public JwsHeaders getJoseHeaders() { JoseHeaders joseHeaders = reader.fromJsonHeaders(headersJson); if (joseHeaders.getUpdateCount() != null) { LOG.warning("Duplicate headers have been detected"); throw new JwsException(JwsException.Error.INVALID_COMPACT_JWS); } - return joseHeaders; + return new JwsHeaders(joseHeaders); } public boolean verifySignatureWith(JwsSignatureVerifier validator) { try { http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index 14b654c..70ebe6d 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -22,32 +22,31 @@ import java.security.interfaces.RSAPrivateKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactProducer { private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); - private JoseHeaders headers; + private JwsHeaders headers; private String plainJwsPayload; private String signature; public JwsCompactProducer(String plainJwsPayload) { this(null, null, plainJwsPayload); } - public JwsCompactProducer(JoseHeaders headers, String plainJwsPayload) { + public JwsCompactProducer(JwsHeaders headers, String plainJwsPayload) { this(headers, null, plainJwsPayload); } - protected JwsCompactProducer(JoseHeaders headers, JoseHeadersReaderWriter w, String plainJwsPayload) { + protected JwsCompactProducer(JwsHeaders headers, JoseHeadersReaderWriter w, String plainJwsPayload) { this.headers = headers; if (w != null) { this.writer = w; } this.plainJwsPayload = plainJwsPayload; } - public JoseHeaders getJoseHeaders() { + public JwsHeaders getJoseHeaders() { if (headers == null) { - headers = new JoseHeaders(); + headers = new JwsHeaders(); } return headers; } http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java new file mode 100644 index 0000000..8d56763 --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java @@ -0,0 +1,43 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jws; + +import java.util.Map; + +import org.apache.cxf.rs.security.jose.JoseHeaders; + +public class JwsHeaders extends JoseHeaders { + public JwsHeaders() { + } + + public JwsHeaders(JoseHeaders headers) { + super(headers.asMap()); + } + + public JwsHeaders(Map<String, Object> values) { + super(values); + } + public JwsHeaders(String sigAlgo) { + init(sigAlgo); + } + private void init(String sigAlgo) { + setAlgorithm(sigAlgo); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java index 46ce4ea..4c4a2a6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java @@ -119,7 +119,7 @@ public class JwsJsonProducer { public String signWith(JwsSignatureProvider signer, JoseHeaders protectedHeader, JoseHeaders unprotectedHeader) { - JoseHeaders unionHeaders = new JoseHeaders(); + JwsHeaders unionHeaders = new JwsHeaders(); if (protectedHeader != null) { unionHeaders.asMap().putAll(protectedHeader.asMap()); http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java index 9ef258e..2238a3b 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java @@ -38,7 +38,7 @@ public class JwsJsonSignatureEntry { private String encodedSignature; private JoseHeaders protectedHeader; private JoseHeaders unprotectedHeader; - private JoseHeaders unionHeaders; + private JwsHeaders unionHeaders; private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); public JwsJsonSignatureEntry(String encodedJwsPayload, @@ -60,7 +60,7 @@ public class JwsJsonSignatureEntry { prepare(); } private void prepare() { - unionHeaders = new JoseHeaders(); + unionHeaders = new JwsHeaders(); if (protectedHeader != null) { unionHeaders.asMap().putAll(protectedHeader.asMap()); @@ -92,7 +92,7 @@ public class JwsJsonSignatureEntry { public JoseHeaders getUnprotectedHeader() { return unprotectedHeader; } - public JoseHeaders getUnionHeader() { + public JwsHeaders getUnionHeader() { return unionHeaders; } public String getEncodedSignature() { http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java index 12df35c..8995cda 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java @@ -36,7 +36,7 @@ public class JwsJwtCompactProducer extends JwsCompactProducer { this(new JwtToken(headers, claims), null); } protected JwsJwtCompactProducer(JwtToken token, JwtTokenReaderWriter w) { - super(token.getHeaders(), w, JwtUtils.claimsToJson(token.getClaims(), w)); + super(new JwsHeaders(token.getHeaders()), w, JwtUtils.claimsToJson(token.getClaims(), w)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java index 9ca48cb..00f0c2a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java @@ -18,15 +18,14 @@ */ package org.apache.cxf.rs.security.jose.jws; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public interface JwsSignatureProvider { SignatureAlgorithm getAlgorithm(); - byte[] sign(JoseHeaders headers, byte[] content); + byte[] sign(JwsHeaders headers, byte[] content); /** * Create a signature handler capable of updating the signature input (optional operation) */ - JwsSignature createJwsSignature(JoseHeaders headers); + JwsSignature createJwsSignature(JwsHeaders headers); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java index 26f9597..c44a678 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java @@ -18,10 +18,9 @@ */ package org.apache.cxf.rs.security.jose.jws; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public interface JwsSignatureVerifier { SignatureAlgorithm getAlgorithm(); - boolean verify(JoseHeaders headers, String unsignedText, byte[] signature); + boolean verify(JwsHeaders headers, String unsignedText, byte[] signature); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index d4b759a..eabbea0 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -324,7 +324,7 @@ public final class JwsUtils { return jws; } public static String sign(JwsSignatureProvider jwsSig, String content, String ct) { - JoseHeaders headers = new JoseHeaders(); + JwsHeaders headers = new JwsHeaders(); if (ct != null) { headers.setContentType(ct); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java index d442677..3f6a5ca 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java @@ -18,7 +18,6 @@ */ package org.apache.cxf.rs.security.jose.jws; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class NoneJwsSignatureProvider implements JwsSignatureProvider { @@ -29,12 +28,12 @@ public class NoneJwsSignatureProvider implements JwsSignatureProvider { } @Override - public JwsSignature createJwsSignature(JoseHeaders headers) { + public JwsSignature createJwsSignature(JwsHeaders headers) { return new NoneJwsSignature(); } @Override - public byte[] sign(JoseHeaders headers, byte[] content) { + public byte[] sign(JwsHeaders headers, byte[] content) { JwsSignature sig = createJwsSignature(headers); sig.update(content, 0, content.length); return sig.sign(); http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java index 270234e..ba1fad6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java @@ -18,13 +18,12 @@ */ package org.apache.cxf.rs.security.jose.jws; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class NoneJwsSignatureVerifier implements JwsSignatureVerifier { @Override - public boolean verify(JoseHeaders headers, String unsignedText, byte[] signature) { + public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) { return headers.getAlgorithm().equals(getAlgorithm()) && signature.length == 0; } http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java index fb163ad..38180f6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java @@ -25,7 +25,6 @@ import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; @@ -44,7 +43,7 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { this.supportedAlgo = supportedAlgo; } @Override - public boolean verify(JoseHeaders headers, String unsignedText, byte[] signature) { + public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) { try { return CryptoUtils.verifySignature(StringUtils.toBytesUTF8(unsignedText), signature, http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java index 55b448a..4894811 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactHeaderTest.java @@ -128,8 +128,9 @@ public class JwsCompactHeaderTest extends Assert { public void verifyJwsWithTwoAlgHeaderFieldsBogusFieldFirst() throws Exception { JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_FIRST); - assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, - SignatureAlgorithm.HS256))); + boolean result = jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, + SignatureAlgorithm.HS256)); + assertFalse(result); } @Test http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java index 66af402..ddc4af0 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java @@ -21,7 +21,7 @@ package org.apache.cxf.rs.security.oauth2.grants.jwt; import java.util.List; import java.util.Set; -import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; @@ -43,7 +43,7 @@ public abstract class AbstractJwtHandler extends AbstractGrantHandler { super(grants); } - protected void validateSignature(JoseHeaders headers, String unsignedText, byte[] signature) { + protected void validateSignature(JwsHeaders headers, String unsignedText, byte[] signature) { JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(); if (!theSigVerifier.verify(headers, unsignedText, signature)) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java index a421551..a5935b0 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java @@ -23,6 +23,7 @@ import java.util.Arrays; import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.jaxrs.utils.HttpUtils; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.Client; @@ -57,9 +58,9 @@ public class JwtBearerGrantHandler extends AbstractJwtHandler { try { JwsJwtCompactConsumer jwsReader = getJwsReader(assertion); JwtToken jwtToken = jwsReader.getJwtToken(); - validateSignature(jwtToken.getHeaders(), - jwsReader.getUnsignedEncodedSequence(), - jwsReader.getDecodedSignature()); + validateSignature(new JwsHeaders(jwtToken.getHeaders()), + jwsReader.getUnsignedEncodedSequence(), + jwsReader.getDecodedSignature()); validateClaims(client, jwtToken.getClaims()); http://git-wip-us.apache.org/repos/asf/cxf/blob/f74e2e06/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java index 5ee0145..47eb9fe 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java +++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandlerTest.java @@ -22,7 +22,7 @@ import java.util.Arrays; import javax.ws.rs.core.MultivaluedMap; -import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; @@ -52,7 +52,7 @@ public class AbstractJwtHandlerTest { @Mock private JwsSignatureVerifier signatureVerifier; @Mock - private JoseHeaders headers; + private JwsHeaders headers; @Before public void setUp() {
