http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java index d2f10c3..ef3449d 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsJsonWriterProvider.java @@ -63,9 +63,8 @@ public class AbstractJwsJsonWriterProvider { if (sigProviders == null) { LOG.warning("JWS JSON init properties resource is not identified"); throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES); - } else { - return Collections.emptyList(); } + return Collections.emptyList(); } List<String> propLocs = null; if (propLocsProp instanceof String) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 04e3a9a..0c21fd1 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -101,9 +101,8 @@ public final class KeyManagementUtils { Certificate[] certs = keyStore.getCertificateChain(alias); if (certs != null) { return Arrays.copyOf(certs, certs.length, X509Certificate[].class); - } else { - return new X509Certificate[]{(X509Certificate)CryptoUtils.loadCertificate(keyStore, alias)}; } + return new X509Certificate[]{(X509Certificate)CryptoUtils.loadCertificate(keyStore, alias)}; } catch (Exception ex) { LOG.warning("X509 Certificates can not be created"); throw new JoseException(ex); @@ -347,9 +346,8 @@ public final class KeyManagementUtils { } } return certs; - } else { - return null; } + return null; } //TODO: enhance the certificate validation code public static void validateCertificateChain(Properties storeProperties, List<X509Certificate> inCerts) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java index 6d90565..73db703 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java @@ -65,12 +65,11 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio } if (!wrap) { return CryptoUtils.encryptBytes(cek, keyEncryptionKey, secretKeyProperties); - } else { - return CryptoUtils.wrapSecretKey(cek, - getContentEncryptionAlgoJava(headers), - keyEncryptionKey, - secretKeyProperties); } + return CryptoUtils.wrapSecretKey(cek, + getContentEncryptionAlgoJava(headers), + keyEncryptionKey, + secretKeyProperties); } protected String getKeyEncryptionAlgoJava(JweHeaders headers) { return AlgorithmUtils.toJavaName(headers.getKeyEncryptionAlgorithm().getJwaName()); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java index c2a8126..3eab1ff 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java @@ -104,9 +104,8 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption { private byte[] toApuBytes(String apuString) { if (apuString != null) { return toBytes(apuString); - } else { - return CryptoUtils.generateSecureRandomBytes(512 / 8); } + return CryptoUtils.generateSecureRandomBytes(512 / 8); } private byte[] toBytes(String str) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java index 0be53e1..6076ee9 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweOutputStream.java @@ -62,10 +62,9 @@ public class JweOutputStream extends FilterOutputStream { len -= lenToCopy; if (lastRawDataChunk.length < blockSize) { return; - } else { - encryptAndWrite(lastRawDataChunk, 0, lastRawDataChunk.length); - lastRawDataChunk = null; } + encryptAndWrite(lastRawDataChunk, 0, lastRawDataChunk.length); + lastRawDataChunk = null; } int offset = 0; int chunkSize = blockSize > len ? blockSize : blockSize * (len / blockSize); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 9fa4ec6..d4eea8d 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -83,9 +83,8 @@ public final class JweUtils { if (keyAlgo != null) { KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo); return encrypt(keyEncryptionProvider, contentAlgo, content, ct); - } else { - return encryptDirect(key, contentAlgo, content, ct); } + return encryptDirect(key, contentAlgo, content, ct); } public static String encrypt(JsonWebKey key, ContentAlgorithm contentAlgo, byte[] content, String ct) { KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key); @@ -110,9 +109,8 @@ public final class JweUtils { if (keyAlgo != null) { KeyDecryptionProvider keyDecryptionProvider = getSecretKeyDecryptionProvider(key, keyAlgo); return decrypt(keyDecryptionProvider, contentAlgo, content); - } else { - return decryptDirect(key, contentAlgo, content); } + return decryptDirect(key, contentAlgo, content); } public static byte[] decrypt(JsonWebKey key, ContentAlgorithm contentAlgo, String content) { KeyDecryptionProvider keyDecryptionProvider = getKeyDecryptionProvider(key); @@ -255,9 +253,8 @@ public final class JweUtils { KeyType keyType = jwk.getKeyType(); if (KeyType.OCTET == keyType) { return getContentEncryptionProvider(JwkUtils.toSecretKey(jwk), ctAlgo); - } else { - return null; } + return null; } public static ContentEncryptionProvider getContentEncryptionProvider(SecretKey key, ContentAlgorithm algorithm) { @@ -303,9 +300,8 @@ public final class JweUtils { public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) { if (AlgorithmUtils.isEcdhEsDirect(key.getAlgorithm())) { return getEcDirectKeyJweEncryption(key, ContentAlgorithm.A128GCM); - } else { - return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), getContentAlgo(key.getAlgorithm())); } + return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), getContentAlgo(key.getAlgorithm())); } public static JweEncryption getEcDirectKeyJweEncryption(JsonWebKey key, ContentAlgorithm ctAlgo) { if (AlgorithmUtils.isEcdhEsDirect(key.getAlgorithm())) { @@ -315,9 +311,8 @@ public final class JweUtils { } ECPublicKey ecKey = JwkUtils.toECPublicKey(key); return new EcdhDirectKeyJweEncryption(ecKey, curve, ctAlgo); - } else { - throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM); } + throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM); } public static JweEncryption getDirectKeyJweEncryption(SecretKey key, ContentAlgorithm algo) { return getDirectKeyJweEncryption(key.getEncoded(), algo); @@ -325,17 +320,15 @@ public final class JweUtils { public static JweEncryption getDirectKeyJweEncryption(byte[] key, ContentAlgorithm algo) { if (AlgorithmUtils.isAesCbcHmac(algo.getJwaName())) { return new AesCbcHmacJweEncryption(algo, key, null, new DirectKeyEncryptionAlgorithm()); - } else { - return new JweEncryption(new DirectKeyEncryptionAlgorithm(), - getContentEncryptionProvider(key, algo)); } + return new JweEncryption(new DirectKeyEncryptionAlgorithm(), + getContentEncryptionProvider(key, algo)); } public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) { if (AlgorithmUtils.isEcdhEsDirect(key.getAlgorithm())) { return getEcDirectKeyJweDecryption(key, ContentAlgorithm.A128GCM); - } else { - return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), getContentAlgo(key.getAlgorithm())); } + return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), getContentAlgo(key.getAlgorithm())); } public static JweDecryption getDirectKeyJweDecryption(SecretKey key, ContentAlgorithm algorithm) { return getDirectKeyJweDecryption(key.getEncoded(), algorithm); @@ -343,10 +336,9 @@ public final class JweUtils { public static JweDecryption getDirectKeyJweDecryption(byte[] key, ContentAlgorithm algorithm) { if (AlgorithmUtils.isAesCbcHmac(algorithm.getJwaName())) { return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), algorithm); - } else { - return new JweDecryption(new DirectKeyDecryptionAlgorithm(key), - getContentDecryptionProvider(algorithm)); } + return new JweDecryption(new DirectKeyDecryptionAlgorithm(key), + getContentDecryptionProvider(algorithm)); } public static JweDecryption getEcDirectKeyJweDecryption(JsonWebKey key, ContentAlgorithm ctAlgo) { if (AlgorithmUtils.isEcdhEsDirect(key.getAlgorithm())) { @@ -356,9 +348,8 @@ public final class JweUtils { } ECPrivateKey ecKey = JwkUtils.toECPrivateKey(key); return new EcdhDirectKeyJweDecryption(ecKey, ctAlgo); - } else { - throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM); } + throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM); } public static JweEncryptionProvider loadEncryptionProvider(boolean required) { return loadEncryptionProvider(null, required); @@ -631,10 +622,9 @@ public final class JweUtils { ContentAlgorithm contentEncryptionAlgo = headers.getContentEncryptionAlgorithm(); if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgo.getJwaName())) { return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider, generateCekOnce); - } else { - return new JweEncryption(keyEncryptionProvider, - getContentEncryptionProvider(contentEncryptionAlgo, generateCekOnce)); } + return new JweEncryption(keyEncryptionProvider, + getContentEncryptionProvider(contentEncryptionAlgo, generateCekOnce)); } public static JweDecryptionProvider createJweDecryptionProvider(PrivateKey key, KeyAlgorithm keyAlgo, @@ -654,10 +644,9 @@ public final class JweUtils { ContentAlgorithm contentDecryptionAlgo) { if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo.getJwaName())) { return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentDecryptionAlgo); - } else { - return new JweDecryption(keyDecryptionProvider, - getContentDecryptionProvider(contentDecryptionAlgo)); } + return new JweDecryption(keyDecryptionProvider, + getContentDecryptionProvider(contentDecryptionAlgo)); } public static boolean validateCriticalHeaders(JoseHeaders headers) { //TODO: Validate JWE specific constraints @@ -733,9 +722,8 @@ public final class JweUtils { newAAD[headersAAD.length] = '.'; System.arraycopy(aad, 0, newAAD, headersAAD.length + 1, aad.length); return newAAD; - } else { - return headersAAD; } + return headersAAD; } private static byte[] calculateDerivedKey(byte[] keyZ, String algoName, @@ -827,9 +815,8 @@ public final class JweUtils { contentEncryptionAlgo.getJwaName(), compression, headers); if (ctEncryptionProvider == null) { return createJweEncryptionProvider(keyEncryptionProvider, headers); - } else { - return new JweEncryption(keyEncryptionProvider, ctEncryptionProvider); } + return new JweEncryption(keyEncryptionProvider, ctEncryptionProvider); } private static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionProvider keyDecryptionProvider, SecretKey ctDecryptionKey, @@ -840,9 +827,8 @@ public final class JweUtils { } if (keyDecryptionProvider != null) { return createJweDecryptionProvider(keyDecryptionProvider, contentDecryptionAlgo); - } else { - return getDirectKeyJweDecryption(ctDecryptionKey, contentDecryptionAlgo); } + return getDirectKeyJweDecryption(ctDecryptionKey, contentDecryptionAlgo); } public static KeyAlgorithm getKeyEncryptionAlgorithm(Message m, Properties props, KeyAlgorithm algo, KeyAlgorithm defaultAlgo) { @@ -944,12 +930,11 @@ public final class JweUtils { String storeType = props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE); if ("jwk".equals(storeType)) { return JwkUtils.loadPublicJwkSet(m, props); - } else { - //TODO: consider loading all the public keys in the store - PublicKey key = KeyManagementUtils.loadPublicKey(m, props); - JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM); - return new JsonWebKeys(jwk); } + //TODO: consider loading all the public keys in the store + PublicKey key = KeyManagementUtils.loadPublicKey(m, props); + JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM); + return new JsonWebKeys(jwk); } public static Properties loadJweProperties(Message m, String propLoc) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java index cf482dd..510e43a 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java @@ -105,9 +105,8 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvi LOG.warning("Password hash calculation error"); throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE, ex); } - } else { - return p; } + return p; } @Override public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java index e87080d..afe8293 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java @@ -51,12 +51,11 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionProvider { keyProps.setBlockSize(getKeyCipherBlockSize()); return CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(jweDecryptionInput), getCekDecryptionKey(), keyProps); - } else { - return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(jweDecryptionInput), - getContentEncryptionAlgorithm(jweDecryptionInput), - getCekDecryptionKey(), - keyProps).getEncoded(); } + return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(jweDecryptionInput), + getContentEncryptionAlgorithm(jweDecryptionInput), + getCekDecryptionKey(), + keyProps).getEncoded(); } protected Key getCekDecryptionKey() { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java index 92f2aaf..7141e65 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java @@ -46,18 +46,16 @@ public class JsonWebKeys extends JsonMapObject { Object first = list.get(0); if (first instanceof JsonWebKey) { return CastUtils.cast(list); - } else { - List<JsonWebKey> keys = new LinkedList<JsonWebKey>(); - List<Map<String, Object>> listOfMaps = - CastUtils.cast((List<?>)super.getProperty(KEYS_PROPERTY)); - for (Map<String, Object> map : listOfMaps) { - keys.add(new JsonWebKey(map)); - } - return keys; } - } else { - return null; + List<JsonWebKey> keys = new LinkedList<JsonWebKey>(); + List<Map<String, Object>> listOfMaps = + CastUtils.cast((List<?>)super.getProperty(KEYS_PROPERTY)); + for (Map<String, Object> map : listOfMaps) { + keys.add(new JsonWebKey(map)); + } + return keys; } + return null; } public final void setKey(JsonWebKey key) { setKeys(Collections.singletonList(key)); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 4b67ff6..bd2ad6a 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -284,10 +284,9 @@ public final class JwkUtils { JwkReaderWriter reader = new JwkReaderWriter(); if (props.getProperty(JoseConstants.RSSEC_KEY_STORE_JWKKEY) == null) { return reader.jsonToJwkSet(keyContent); - } else { - JsonWebKey jwk = reader.jsonToJwk(keyContent); - return new JsonWebKeys(jwk); } + JsonWebKey jwk = reader.jsonToJwk(keyContent); + return new JsonWebKeys(jwk); } public static JsonWebKey loadJsonWebKey(Message m, Properties props, KeyOperation keyOper) { @@ -415,24 +414,23 @@ public final class JwkUtils { String encodedPrimeP = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR); if (encodedPrimeP == null) { return CryptoUtils.getRSAPrivateKey(encodedModulus, encodedPrivateExponent); - } else { - String encodedPublicExponent = (String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP); - if (encodedPublicExponent == null) { - throw new JoseException("JWK without the public exponent can not be converted to RSAPrivateKey"); - } - String encodedPrimeQ = (String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR); - String encodedPrimeExpP = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT); - String encodedPrimeExpQ = (String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT); - String encodedCrtCoefficient = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT); - return CryptoUtils.getRSAPrivateKey(encodedModulus, - encodedPublicExponent, - encodedPrivateExponent, - encodedPrimeP, - encodedPrimeQ, - encodedPrimeExpP, - encodedPrimeExpQ, - encodedCrtCoefficient); } + String encodedPublicExponent = (String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP); + if (encodedPublicExponent == null) { + throw new JoseException("JWK without the public exponent can not be converted to RSAPrivateKey"); + } + String encodedPrimeQ = (String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR); + String encodedPrimeExpP = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT); + String encodedPrimeExpQ = (String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT); + String encodedCrtCoefficient = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT); + return CryptoUtils.getRSAPrivateKey(encodedModulus, + encodedPublicExponent, + encodedPrivateExponent, + encodedPrimeP, + encodedPrimeQ, + encodedPrimeExpP, + encodedPrimeExpQ, + encodedCrtCoefficient); } public static JsonWebKey fromRSAPrivateKey(RSAPrivateKey pk, String algo) { return fromRSAPrivateKey(pk, algo, null); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java index 83e4a62..5ca6783 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java @@ -109,9 +109,8 @@ public class JwsJsonConsumer { public String getDecodedJwsPayload() { if (validateB64Status()) { return JoseUtils.decodeToString(jwsPayload); - } else { - return jwsPayload; } + return jwsPayload; } public byte[] getDecodedJwsPayloadBytes() { return StringUtils.toBytesUTF8(getDecodedJwsPayload()); @@ -220,9 +219,8 @@ public class JwsJsonConsumer { JwsJsonProducer producer = new JwsJsonProducer(getDecodedJwsPayload()); producer.getSignatureEntries().addAll(nonValidated); return producer.getJwsJsonSignedDocument(); - } else { - return null; } + return null; } http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java index df0dd8a..9657bdd 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java @@ -80,9 +80,8 @@ public class JwsJsonSignatureEntry implements JsonObject { public String getDecodedJwsPayload() { if (protectedHeader == null || !JwsUtils.isPayloadUnencoded(protectedHeader)) { return JoseUtils.decodeToString(jwsPayload); - } else { - return jwsPayload; } + return jwsPayload; } public byte[] getDecodedJwsPayloadBytes() { return StringUtils.toBytesUTF8(getDecodedJwsPayload()); @@ -108,9 +107,8 @@ public class JwsJsonSignatureEntry implements JsonObject { public String getUnsignedSequence() { if (getEncodedProtectedHeader() != null) { return getEncodedProtectedHeader() + "." + getJwsPayload(); - } else { - return "." + getJwsPayload(); } + return "." + getJwsPayload(); } public String getKeyId() { return getUnionHeader().getKeyId(); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index b3a5c42..c571248 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -525,19 +525,18 @@ public final class JwsUtils { String storeType = props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE); if ("jwk".equals(storeType)) { return JwkUtils.loadPublicJwkSet(m, props); - } else { - X509Certificate[] certs = null; - if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) { - certs = KeyManagementUtils.loadX509CertificateOrChain(m, props); - } - PublicKey key = certs != null && certs.length > 0 - ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props); - JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM); - jwk.setPublicKeyUse(PublicKeyUse.SIGN); - if (certs != null) { - jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs)); - } - return new JsonWebKeys(jwk); } + X509Certificate[] certs = null; + if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) { + certs = KeyManagementUtils.loadX509CertificateOrChain(m, props); + } + PublicKey key = certs != null && certs.length > 0 + ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props); + JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM); + jwk.setPublicKeyUse(PublicKeyUse.SIGN); + if (certs != null) { + jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs)); + } + return new JsonWebKeys(jwk); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java index 7dfaf88..7488f74 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java @@ -74,9 +74,8 @@ public class JwtClaims extends JsonMapObject { List<String> audiences = getAudiences(); if (!StringUtils.isEmpty(audiences)) { return audiences.get(0); - } else { - return null; } + return null; } /** http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java index b98aeda..054bc8a 100644 --- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java +++ b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java @@ -165,10 +165,9 @@ public class AbstractAuthFilter { if (consumerSecret != null && !consumerSecret.equals(client.getSecretKey())) { LOG.warning("Client secret is invalid"); throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN); - } else { - OAuthUtils.validateMessage(oAuthMessage, client, null, - dataProvider, validator); } + OAuthUtils.validateMessage(oAuthMessage, client, null, + dataProvider, validator); accessToken = client.getPreAuthorizedToken(); if (accessToken == null || !accessToken.isPreAuthorized()) { LOG.warning("Preauthorized access token is unavailable"); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java index 63ef8d0..cd4f120 100644 --- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java +++ b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java @@ -49,14 +49,13 @@ public class DefaultOAuthValidator extends SimpleOAuthValidator { throws OAuthProblemException { if (token == null) { throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); - } else { - Long issuedAt = token.getIssuedAt(); - Long lifetime = token.getLifetime(); - if (lifetime != -1 - && (issuedAt + lifetime < (System.currentTimeMillis() / 1000))) { - provider.removeToken(token); - throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED); - } + } + Long issuedAt = token.getIssuedAt(); + Long lifetime = token.getLifetime(); + if (lifetime != -1 + && (issuedAt + lifetime < (System.currentTimeMillis() / 1000))) { + provider.removeToken(token); + throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED); } } } http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java index 584166c..fa62e68d 100644 --- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java +++ b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java @@ -151,10 +151,9 @@ public class AuthorizationRequestHandler { if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) { OOBAuthorizationResponse bean = convertQueryParamsToOOB(queryParams); return Response.ok().entity(bean).build(); - } else { - URI callbackURI = buildCallbackURI(callbackValue, queryParams); - return Response.seeOther(callbackURI).build(); } + URI callbackURI = buildCallbackURI(callbackValue, queryParams); + return Response.seeOther(callbackURI).build(); } catch (OAuthProblemException e) { LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()}); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java index f294bf9..c5c0768 100644 --- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java @@ -145,9 +145,8 @@ public class Saml2BearerGrantHandler extends AbstractGrantHandler { return new SamlUserSubject(jaxrsSc.getUserPrincipal().getName(), roles, jaxrsSc.getClaims()); - } else { - return new UserSubject(sc.getUserPrincipal().getName()); } + return new UserSubject(sc.getUserPrincipal().getName()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java index 104ca5a..885fb42 100644 --- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java +++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java @@ -116,9 +116,8 @@ public class SamlOAuthValidator { .path(accessTokenServiceAddress) .build() .toString(); - } else { - return accessTokenServiceAddress; } + return accessTokenServiceAddress; } private boolean validateAuthenticationSubject(Message m, http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java index 93dce4e..16ccd9a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java @@ -62,10 +62,8 @@ public class BearerAuthSupplier extends AbstractAuthSupplier implements HttpAuth // the last call resulted in 401, trying to refresh the token(s) if (refreshAccessToken(authPolicy)) { return createAuthorizationHeader(); - } else { - return null; - } + return null; } private void refreshAccessTokenIfExpired(AuthorizationPolicy authPolicy) { ClientAccessToken at = getClientAccessToken(); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java index ab1ec2f..e832b27 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java @@ -107,16 +107,15 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { Response codeResponse = createCodeResponse(rc, ui); rc.abortWith(codeResponse); return; - } else { - // complete the code flow if possible - MultivaluedMap<String, String> requestParams = toRequestState(rc, ui); - if (codeResponseQueryParamsAvailable(requestParams) - && (completeUri == null || absoluteRequestUri.endsWith(completeUri))) { - processCodeResponse(rc, ui, requestParams); - checkSecurityContextEnd(rc, requestParams); - // let the request continue - return; - } + } + // complete the code flow if possible + MultivaluedMap<String, String> requestParams = toRequestState(rc, ui); + if (codeResponseQueryParamsAvailable(requestParams) + && (completeUri == null || absoluteRequestUri.endsWith(completeUri))) { + processCodeResponse(rc, ui, requestParams); + checkSecurityContextEnd(rc, requestParams); + // let the request continue + return; } // neither the start nor the end of the flow rc.abortWith(Response.status(401).build()); @@ -249,13 +248,12 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { private AuthorizationCodeGrant prepareCodeGrant(String codeParam, URI absoluteRedirectUri) { if (codeRequestJoseProducer == null) { return new AuthorizationCodeGrant(codeParam, absoluteRedirectUri); - } else { - JwtRequestCodeGrant grant = - new JwtRequestCodeGrant(codeParam, absoluteRedirectUri, consumer.getClientId()); - grant.setClientSecret(consumer.getClientSecret()); - grant.setJoseProducer(codeRequestJoseProducer); - return grant; } + JwtRequestCodeGrant grant = + new JwtRequestCodeGrant(codeParam, absoluteRedirectUri, consumer.getClientId()); + grant.setClientSecret(consumer.getClientSecret()); + grant.setJoseProducer(codeRequestJoseProducer); + return grant; } protected ClientTokenContext initializeClientTokenContext(ContainerRequestContext rc, http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java index 5a41ebc..45baf91 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java @@ -317,9 +317,8 @@ public final class OAuthClientUtils { ClientAccessToken token = fromMapToClientToken(map, defaultTokenType); if (token == null) { throw new OAuthServiceException(OAuthConstants.SERVER_ERROR); - } else { - return token; } + return token; } else if (response.getStatus() >= 400 && map.containsKey(OAuthConstants.ERROR_KEY)) { OAuthError error = new OAuthError(map.get(OAuthConstants.ERROR_KEY), map.get(OAuthConstants.ERROR_DESCRIPTION_KEY)); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java index 526410d..02aea4c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java @@ -63,8 +63,7 @@ public class ClientAccessToken extends AccessToken { public String toString() { if (OAuthConstants.BEARER_AUTHORIZATION_SCHEME.equalsIgnoreCase(super.getTokenType())) { return OAuthConstants.BEARER_AUTHORIZATION_SCHEME + " " + super.getTokenKey(); - } else { - return super.toString(); } + return super.toString(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java index c3808d4..17cb6a8 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java @@ -219,9 +219,8 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator protected boolean checkScopeProperty(String scope) { if (!requiredScopes.isEmpty()) { return requiredScopes.contains(scope); - } else { - return true; } + return true; } public void setUseUserSubject(boolean useUserSubject) { this.useUserSubject = useUserSubject; @@ -292,9 +291,8 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator protected String[] getAuthorizationParts(Message m) { if (!checkFormData) { return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes); - } else { - return new String[]{OAuthConstants.BEARER_AUTHORIZATION_SCHEME, getTokenFromFormData(m)}; } + return new String[]{OAuthConstants.BEARER_AUTHORIZATION_SCHEME, getTokenFromFormData(m)}; } protected String getTokenFromFormData(Message message) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java index 4410a56..5f8b597 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java @@ -197,8 +197,7 @@ public abstract class AbstractGrantHandler implements AccessTokenGrantHandler { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } return audiences; - } else { - return client.getRegisteredAudiences(); } + return client.getRegisteredAudiences(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index a5f0e2a..22557e7 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -116,12 +116,11 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, grant.getNonce()); } return token; - } else { - // the grant was issued based on the authorization time check confirming the - // token was available but it has expired by now or been removed then - // creating a completely new token can be wrong - though this needs to be reviewed - throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } + // the grant was issued based on the authorization time check confirming the + // token was available but it has expired by now or been removed then + // creating a completely new token can be wrong - though this needs to be reviewed + throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } // Make sure the client supports the authorization code in cases where // the implicit/hybrid service was initiating the code grant processing flow http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java index bcc2ee7..1c951ac 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACMTCodeDataProvider.java @@ -79,9 +79,8 @@ public class JPACMTCodeDataProvider extends JPACodeDataProvider { // lock RT for update lockRefreshTokenForUpdate(rt); return super.updateRefreshToken(rt, at); - } else { - return super.updateExistingRefreshToken(rt, at); } + return super.updateExistingRefreshToken(rt, at); } protected void lockRefreshTokenForUpdate(final RefreshToken refreshToken) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java index 364f912..fc63fe0 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java @@ -98,9 +98,8 @@ public class JwtRequestCodeFilter extends OAuthJoseJwtConsumer implements Author newParams.putSingle(key, value.toString()); } return newParams; - } else { - return params; } + return params; } private boolean isRequestUriValid(Client client, String requestUri) { //TODO: consider restricting to specific hosts http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java index 66554ff..7780c16 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerAuthHandler.java @@ -72,9 +72,8 @@ public class JwtBearerAuthHandler extends OAuthServerJoseJwtConsumer implements client = clientProvider.getClient(clientId); if (client == null) { throw ExceptionUtils.toNotAuthorizedException(null, null); - } else { - message.put(Client.class, client); } + message.put(Client.class, client); } JwtToken token = super.getJwtToken(assertion, client); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index 07ac41f..89a45b1 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -268,14 +268,13 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl checkRequestedScopes(client, requestedScopes); if (requestedScopes.isEmpty()) { return Collections.emptyList(); - } else { - List<OAuthPermission> list = new ArrayList<>(); - for (String scope : requestedScopes) { - convertSingleScopeToPermission(client, scope, list); - } - if (!list.isEmpty()) { - return list; - } + } + List<OAuthPermission> list = new ArrayList<>(); + for (String scope : requestedScopes) { + convertSingleScopeToPermission(client, scope, list); + } + if (!list.isEmpty()) { + return list; } throw new OAuthServiceException("Requested scopes can not be mapped"); @@ -341,9 +340,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl MultivaluedMap<String, String> params = (MultivaluedMap<String, String>)messageContext.get(OAuthConstants.TOKEN_REQUEST_PARAMS); return params; - } else { - return null; } + return null; } protected RefreshToken updateExistingRefreshToken(RefreshToken rt, ServerAccessToken at) { synchronized (refreshTokenLock) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java index e12c515..363bff3 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java @@ -167,9 +167,8 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider { Element e = cache.get(key); if (e != null) { return cls.cast(e.getObjectValue()); - } else { - return null; } + return null; } protected static void putCacheValue(Ehcache cache, String key, Object value, long ttl) { Element element = new Element(key, value); http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java index 0ace50c..d2be7d3 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java @@ -132,9 +132,8 @@ public class JCacheOAuthDataProvider extends AbstractOAuthDataProvider { public List<ServerAccessToken> getAccessTokens(Client c, UserSubject sub) { if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) { return getJwtAccessTokens(c, sub); - } else { - return getTokens(accessTokenCache, c, sub); } + return getTokens(accessTokenCache, c, sub); } @Override @@ -146,9 +145,8 @@ public class JCacheOAuthDataProvider extends AbstractOAuthDataProvider { public ServerAccessToken getAccessToken(String accessTokenKey) throws OAuthServiceException { if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) { return getJwtAccessToken(accessTokenKey); - } else { - return getToken(accessTokenCache, accessTokenKey); } + return getToken(accessTokenCache, accessTokenKey); } @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java index 56ba35c..3ab720b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java @@ -311,10 +311,9 @@ public class JPAOAuthDataProvider extends AbstractOAuthDataProvider { protected TypedQuery<Client> getClientsQuery(UserSubject resourceOwnerSubject, EntityManager entityManager) { if (resourceOwnerSubject == null) { return entityManager.createQuery(CLIENT_QUERY, Client.class); - } else { - return entityManager.createQuery(CLIENT_QUERY + " WHERE ros.login = :login", Client.class). - setParameter("login", resourceOwnerSubject.getLogin()); } + return entityManager.createQuery(CLIENT_QUERY + " WHERE ros.login = :login", Client.class). + setParameter("login", resourceOwnerSubject.getLogin()); } protected TypedQuery<BearerAccessToken> getTokensQuery(Client c, UserSubject resourceOwnerSubject, http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java index 486bda3..6047c4b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java @@ -227,14 +227,12 @@ public class OAuthJSONProvider implements MessageBodyWriter<Object>, Map<String, String> params = readJSONResponse(is); if (Map.class.isAssignableFrom(cls)) { return params; - } else { - ClientAccessToken token = OAuthClientUtils.fromMapToClientToken(params); - if (token == null) { - throw new WebApplicationException(500); - } else { - return token; - } } + ClientAccessToken token = OAuthClientUtils.fromMapToClientToken(params); + if (token == null) { + throw new WebApplicationException(500); + } + return token; } http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java index 50cd136..f483100 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtConsumer.java @@ -39,16 +39,14 @@ public class OAuthJoseJwtConsumer extends JoseJwtConsumer { protected JwsSignatureVerifier getInitializedSignatureVerifier(String clientSecret) { if (verifyWithClientSecret && !StringUtils.isEmpty(clientSecret)) { return OAuthUtils.getClientSecretSignatureVerifier(clientSecret); - } else { - return null; } + return null; } protected JweDecryptionProvider getInitializedDecryptionProvider(String clientSecret) { if (decryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) { return OAuthUtils.getClientSecretDecryptionProvider(clientSecret); - } else { - return null; } + return null; } public boolean isDecryptWithClientSecret() { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java index 4fe5aeb..9cfc8a1 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJoseJwtProducer.java @@ -38,16 +38,14 @@ public class OAuthJoseJwtProducer extends JoseJwtProducer { protected JwsSignatureProvider getInitializedSignatureProvider(String clientSecret) { if (signWithClientSecret && !StringUtils.isEmpty(clientSecret)) { return OAuthUtils.getClientSecretSignatureProvider(clientSecret); - } else { - return null; } + return null; } protected JweEncryptionProvider getInitializedEncryptionProvider(String clientSecret) { if (encryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) { return OAuthUtils.getClientSecretEncryptionProvider(clientSecret); - } else { - return null; } + return null; } public void setEncryptWithClientSecret(boolean encryptWithClientSecret) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index cac819b..4f9a56c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -67,11 +67,10 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant if (isFormResponse(state)) { return createHtmlResponse(prepareFormResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken)); - } else { - StringBuilder sb = - prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); - return Response.seeOther(URI.create(sb.toString())).build(); } + StringBuilder sb = + prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); + return Response.seeOther(URI.create(sb.toString())).build(); } protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java index 1657d59..831dcec 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java @@ -133,10 +133,9 @@ public class AbstractTokenService extends AbstractOAuthService { protected boolean isConfidenatialClientSecretValid(Client client, String providedClientSecret) { if (clientSecretVerifier != null) { return clientSecretVerifier.validateClientSecret(client, providedClientSecret); - } else { - return client.getClientSecret() != null - && providedClientSecret != null && client.getClientSecret().equals(providedClientSecret); } + return client.getClientSecret() != null + && providedClientSecret != null && client.getClientSecret().equals(providedClientSecret); } protected boolean isValidPublicClient(Client client, String clientId, String clientSecret) { return canSupportPublicClients @@ -216,9 +215,8 @@ public class AbstractTokenService extends AbstractOAuthService { OAuthError customError = ex.getError(); if (writeCustomErrors && customError != null) { return createErrorResponseFromBean(customError); - } else { - return createErrorResponseFromBean(new OAuthError(error)); } + return createErrorResponseFromBean(new OAuthError(error)); } protected Response createErrorResponse(MultivaluedMap<String, String> params, http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index 0245a34..77ae3bf 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -177,9 +177,8 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService protected Response deliverOOBResponse(OOBAuthorizationResponse response) { if (oobDeliverer != null) { return oobDeliverer.deliver(response); - } else { - return createHtmlResponse(response); } + return createHtmlResponse(response); } protected Response createErrorResponse(String state, @@ -187,11 +186,10 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService String error) { if (redirectUri == null) { return Response.status(401).entity(error).build(); - } else { - UriBuilder ub = getRedirectUriBuilder(state, redirectUri); - ub.queryParam(OAuthConstants.ERROR_KEY, error); - return Response.seeOther(ub.build()).build(); } + UriBuilder ub = getRedirectUriBuilder(state, redirectUri); + ub.queryParam(OAuthConstants.ERROR_KEY, error); + return Response.seeOther(ub.build()).build(); } protected UriBuilder getRedirectUriBuilder(String state, String redirectUri) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java index 6c71d8b..10c2b7d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java @@ -97,9 +97,8 @@ public class AuthorizationMetadataService { endpointAddress = endpointAddress != null ? endpointAddress : defRelAddress; if (endpointAddress.startsWith("https")) { return endpointAddress; - } else { - return UriBuilder.fromUri(baseUri).path(endpointAddress).build().toString(); } + return UriBuilder.fromUri(baseUri).path(endpointAddress).build().toString(); } private String getBaseUri(UriInfo ui) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java index 25081d6..2674194 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java @@ -56,9 +56,8 @@ public class AuthorizationService { RedirectionBasedGrantService service = getService(responseType); if (service != null) { return service.authorize(); - } else { - return reportInvalidResponseType(); } + return reportInvalidResponseType(); } @GET @@ -67,9 +66,8 @@ public class AuthorizationService { RedirectionBasedGrantService service = getService(responseType); if (service != null) { return service.authorizeDecision(); - } else { - return reportInvalidResponseType(); } + return reportInvalidResponseType(); } /** @@ -84,9 +82,8 @@ public class AuthorizationService { RedirectionBasedGrantService service = getService(responseType); if (service != null) { return service.authorizeDecisionForm(params); - } else { - return reportInvalidResponseType(); } + return reportInvalidResponseType(); } private RedirectionBasedGrantService getService(String responseType) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java index b8219df..767d12a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java @@ -96,9 +96,8 @@ public class DirectAuthorizationService extends AbstractOAuthService { subject = getMessageContext().getContent(UserSubject.class); if (subject != null) { return subject; - } else { - return OAuthUtils.createSubject(securityContext); } + return OAuthUtils.createSubject(securityContext); } public SubjectCreator getSubjectCreator() { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index dcb9a88..a0b9a02 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -308,9 +308,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService return sessionAuthenticityTokenProvider.getSessionState(super.getMessageContext(), sessionToken, subject); - } else { - return null; } + return null; } @@ -335,9 +334,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService if (StringUtils.isEmpty(approvedScope)) { // no down-scoping done by a user, all of the requested scopes have been authorized return requestedScope; - } else { - return approvedScope; } + return approvedScope; } /** @@ -514,9 +512,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService } if (StringUtils.isEmpty(sessionToken)) { return false; - } else { - return requestToken.equals(sessionToken); } + return requestToken.equals(sessionToken); } /** http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java index 43c8faf..a1fa491 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java @@ -46,9 +46,8 @@ public class HawkAccessTokenValidatorClient extends AbstractHawkAccessTokenValid map.putSingle(HTTP_VERB, mc.getRequest().getMethod()); map.putSingle(HTTP_URI, mc.getUriInfo().getRequestUri().toString()); return validator.validateAccessToken(mc, authScheme, authSchemeData, map); - } else { - return super.validateAccessToken(mc, authScheme, authSchemeData, extraProps); } + return super.validateAccessToken(mc, authScheme, authSchemeData, extraProps); } protected AccessTokenValidation getAccessTokenValidation(MessageContext mc, http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java index e21483d..8b50b5e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java @@ -42,9 +42,8 @@ public final class AuthorizationUtils { String[] parts = AuthorizationUtils.getAuthorizationParts(mc); if (parts.length == 2) { return getBasicAuthParts(parts[1]); - } else { - return null; } + return null; } public static String[] getBasicAuthParts(String basicAuthData) { String authDecoded = null; http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java index 06bf7de..dda5829 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java @@ -205,9 +205,8 @@ public final class OAuthUtils { UserSubject subject = mc.getContent(UserSubject.class); if (subject != null) { return subject; - } else { - return OAuthUtils.createSubject(sc); } + return OAuthUtils.createSubject(sc); } public static UserSubject createSubject(SecurityContext securityContext) { List<String> roleNames = Collections.emptyList(); @@ -357,19 +356,18 @@ public final class OAuthUtils { // the current request scopes if (!partialMatchScopeValidation) { return registeredScopes.containsAll(requestScopes); - } else { - for (String requestScope : requestScopes) { - boolean match = false; - for (String registeredScope : registeredScopes) { - if (requestScope.startsWith(registeredScope)) { - match = true; - break; - } - } - if (!match) { - return false; + } + for (String requestScope : requestScopes) { + boolean match = false; + for (String registeredScope : registeredScopes) { + if (requestScope.startsWith(registeredScope)) { + match = true; + break; } } + if (!match) { + return false; + } } } return true; @@ -438,9 +436,8 @@ public final class OAuthUtils { if (!AlgorithmUtils.isHmacSign(sigAlgo)) { // Must be HS-based for the symmetric signature throw new OAuthServiceException(OAuthConstants.SERVER_ERROR); - } else { - return sigAlgo; } + return sigAlgo; } public static String convertListOfScopesToString(List<String> registeredScopes) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java index 97e3dcb..e0585c2 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java @@ -457,9 +457,8 @@ public final class ModelEncryptionSupport { String pureStringList = prepareSimpleString(listStr); if (pureStringList.isEmpty()) { return Collections.emptyList(); - } else { - return Arrays.asList(pureStringList.split(",")); } + return Arrays.asList(pureStringList.split(",")); } public static Map<String, String> parseSimpleMap(String mapStr) { http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java index 2cc9d98..3f1a4a4 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/ClaimRequirement.java @@ -48,8 +48,7 @@ public class ClaimRequirement extends JsonMapObject { Object prop = getProperty(VALUES_PROPERTY); if (prop instanceof List) { return CastUtils.cast((List<?>)prop); - } else { - return null; } + return null; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java index ce38ecf..7a48f57 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java @@ -152,9 +152,8 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements //TODO: OIDC core talks about various security algorithm preferences // that may be set during the client registrations, they can be passed along too return keyServiceClient.post(jwt, String.class); - } else { - return super.processJwt(jwt, client); } + return super.processJwt(jwt, client); } public void setKeyServiceClient(WebClient keyServiceClient) { this.keyServiceClient = keyServiceClient; http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java index 5fa96c8..4542a28 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java @@ -38,8 +38,7 @@ public class OidcIdTokenProvider implements ContextProvider<IdTokenContext> { } }; - } else { - return null; } + return null; } }
