Repository: knox Updated Branches: refs/heads/master d3f507f94 -> c833bf907
KNOX-1036 - Fix a number of issues relating to JWTokenAuthority Signed-off-by: Colm O hEigeartaigh <cohei...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c833bf90 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c833bf90 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c833bf90 Branch: refs/heads/master Commit: c833bf907566301e525f514354dcb0325f5e0738 Parents: d3f507f Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Sep 20 11:26:33 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Sep 21 15:42:41 2017 +0100 ---------------------------------------------------------------------- .../filter/JWTAccessTokenAssertionFilter.java | 23 ++++++------ .../jwt/filter/JWTAuthCodeAssertionFilter.java | 16 ++++---- .../federation/AbstractJWTFilterTest.java | 19 +++++----- .../impl/DefaultTokenAuthorityService.java | 21 ++++++----- .../service/knoxsso/WebSSOResourceTest.java | 14 +++---- .../knoxtoken/TokenServiceResourceTest.java | 14 +++---- .../security/token/JWTokenAuthority.java | 19 +++++----- .../services/security/token/impl/JWT.java | 39 +++++++++++--------- .../services/security/token/impl/JWTToken.java | 27 +++++++------- 9 files changed, 97 insertions(+), 95 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java index f8d9a02..e2ef32e 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java @@ -39,6 +39,7 @@ import org.apache.hadoop.gateway.services.GatewayServices; import org.apache.hadoop.gateway.services.registry.ServiceRegistry; import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority; import org.apache.hadoop.gateway.services.security.token.TokenServiceException; +import org.apache.hadoop.gateway.services.security.token.impl.JWT; import org.apache.hadoop.gateway.services.security.token.impl.JWTToken; import org.apache.hadoop.gateway.util.JsonUtils; @@ -66,12 +67,12 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE); sr = (ServiceRegistry) services.getService(GatewayServices.SERVICE_REGISTRY_SERVICE); } - + @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String jsonResponse = null; - + String header = ((HttpServletRequest) request).getHeader("Authorization"); if (header != null && header.startsWith(BEARER)) { // what follows the bearer designator should be the JWT token being used to request or as an access token @@ -94,7 +95,7 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt else { throw new ServletException("Expected JWT Token not provided as Bearer token"); } - + // authorization of the user for the requested service (and resource?) should have been done by // the JWTFederationFilter - once we get here we can assume that it is authorized and we just need // to assert the identity via an access token @@ -102,27 +103,27 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt Subject subject = Subject.getSubject(AccessController.getContext()); String principalName = getPrincipalName(subject); principalName = mapper.mapUserPrincipal(principalName); - + // calculate expiration timestamp: validity * 1000 + currentTimeInMillis long expires = System.currentTimeMillis() + validity * 1000; - + String serviceName = request.getParameter("service-name"); String clusterName = request.getParameter("cluster-name"); String accessToken = getAccessToken(principalName, serviceName, expires); - + String serviceURL = sr.lookupServiceURL(clusterName, serviceName); - + HashMap<String, Object> map = new HashMap<>(); // TODO: populate map from JWT authorization code map.put(ACCESS_TOKEN, accessToken); map.put(TOKEN_TYPE, BEARER); map.put(EXPIRES_IN, expires); - + // TODO: this url needs to be rewritten when in gateway deployments.... map.put(SVC_URL, serviceURL); - + jsonResponse = JsonUtils.renderAsJsonString(map); - + response.getWriter().write(jsonResponse); //KNOX-685: response.getWriter().flush(); return; // break filter chain @@ -147,7 +148,7 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt return principalName; } }; - JWTToken token = null; + JWT token = null; try { token = authority.issueToken(p, serviceName, "RS256", expires); // Coverity CID 1327961 http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java index 07cdf62..74b154f 100644 --- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java +++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java @@ -33,12 +33,12 @@ import org.apache.hadoop.gateway.services.GatewayServices; import org.apache.hadoop.gateway.services.registry.ServiceRegistry; import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority; import org.apache.hadoop.gateway.services.security.token.TokenServiceException; -import org.apache.hadoop.gateway.services.security.token.impl.JWTToken; +import org.apache.hadoop.gateway.services.security.token.impl.JWT; import org.apache.hadoop.gateway.util.JsonUtils; public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter { private static final String BEARER = "Bearer "; - + private JWTokenAuthority authority = null; private ServiceRegistry sr; @@ -56,7 +56,7 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE); sr = (ServiceRegistry) services.getService(GatewayServices.SERVICE_REGISTRY_SERVICE); } - + @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { @@ -64,15 +64,15 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter Subject subject = Subject.getSubject(AccessController.getContext()); String principalName = getPrincipalName(subject); principalName = mapper.mapUserPrincipal(principalName); - JWTToken authCode; + JWT authCode; try { authCode = authority.issueToken(subject, "RS256"); // get the url for the token service - String url = null; + String url = null; if (sr != null) { url = sr.lookupServiceURL("token", "TGS"); } - + HashMap<String, Object> map = new HashMap<>(); // TODO: populate map from JWT authorization code // Coverity CID 1327960 @@ -86,9 +86,9 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter if (url != null) { map.put("tke", url); } - + String jsonResponse = JsonUtils.renderAsJsonString(map); - + response.getWriter().write(jsonResponse); //KNOX-685: response.getWriter().flush(); } catch (TokenServiceException e) { http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java index d477f1f..bdde3e6 100644 --- a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java +++ b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java @@ -56,7 +56,6 @@ import org.apache.hadoop.gateway.services.security.impl.X509CertificateUtil; import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority; import org.apache.hadoop.gateway.services.security.token.TokenServiceException; import org.apache.hadoop.gateway.services.security.token.impl.JWT; -import org.apache.hadoop.gateway.services.security.token.impl.JWTToken; import org.easymock.EasyMock; import org.junit.After; import org.junit.Assert; @@ -550,7 +549,7 @@ public abstract class AbstractJWTFilterTest { * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(javax.security.auth.Subject, java.lang.String) */ @Override - public JWTToken issueToken(Subject subject, String algorithm) + public JWT issueToken(Subject subject, String algorithm) throws TokenServiceException { // TODO Auto-generated method stub return null; @@ -560,7 +559,7 @@ public abstract class AbstractJWTFilterTest { * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String) */ @Override - public JWTToken issueToken(Principal p, String algorithm) + public JWT issueToken(Principal p, String algorithm) throws TokenServiceException { // TODO Auto-generated method stub return null; @@ -570,16 +569,16 @@ public abstract class AbstractJWTFilterTest { * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, java.lang.String) */ @Override - public JWTToken issueToken(Principal p, String audience, String algorithm) + public JWT issueToken(Principal p, String audience, String algorithm) throws TokenServiceException { return null; } /* (non-Javadoc) - * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#verifyToken(org.apache.hadoop.gateway.services.security.token.impl.JWTToken) + * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#verifyToken(org.apache.hadoop.gateway.services.security.token.impl.JWT) */ @Override - public boolean verifyToken(JWTToken token) throws TokenServiceException { + public boolean verifyToken(JWT token) throws TokenServiceException { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) verifyingKey); return token.verify(verifier); } @@ -588,13 +587,13 @@ public abstract class AbstractJWTFilterTest { * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, java.lang.String, long) */ @Override - public JWTToken issueToken(Principal p, String audience, String algorithm, + public JWT issueToken(Principal p, String audience, String algorithm, long expires) throws TokenServiceException { return null; } @Override - public JWTToken issueToken(Principal p, List<String> audiences, String algorithm, + public JWT issueToken(Principal p, List<String> audiences, String algorithm, long expires) throws TokenServiceException { return null; } @@ -603,14 +602,14 @@ public abstract class AbstractJWTFilterTest { * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, long) */ @Override - public JWT issueToken(Principal p, String audience, long l) + public JWT issueToken(Principal p, String algorithm, long expires) throws TokenServiceException { // TODO Auto-generated method stub return null; } @Override - public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException { + public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException { JWSVerifier verifier = new RSASSAVerifier(publicKey); return token.verify(verifier); } http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java index fc0a266..33b86bd 100644 --- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java +++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java @@ -37,6 +37,7 @@ import org.apache.hadoop.gateway.services.security.KeystoreService; import org.apache.hadoop.gateway.services.security.KeystoreServiceException; import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority; import org.apache.hadoop.gateway.services.security.token.TokenServiceException; +import org.apache.hadoop.gateway.services.security.token.impl.JWT; import org.apache.hadoop.gateway.services.security.token.impl.JWTToken; import com.nimbusds.jose.JWSSigner; @@ -63,28 +64,28 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service { * @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(javax.security.auth.Subject, java.lang.String) */ @Override - public JWTToken issueToken(Subject subject, String algorithm) throws TokenServiceException { + public JWT issueToken(Subject subject, String algorithm) throws TokenServiceException { Principal p = (Principal) subject.getPrincipals().toArray()[0]; return issueToken(p, algorithm); } - + /* (non-Javadoc) * @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String) */ @Override - public JWTToken issueToken(Principal p, String algorithm) throws TokenServiceException { + public JWT issueToken(Principal p, String algorithm) throws TokenServiceException { return issueToken(p, null, algorithm); } - + /* (non-Javadoc) * @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, long expires) */ @Override - public JWTToken issueToken(Principal p, String algorithm, long expires) throws TokenServiceException { + public JWT issueToken(Principal p, String algorithm, long expires) throws TokenServiceException { return issueToken(p, (String)null, algorithm, expires); } - public JWTToken issueToken(Principal p, String audience, String algorithm) + public JWT issueToken(Principal p, String audience, String algorithm) throws TokenServiceException { return issueToken(p, audience, algorithm, -1); } @@ -93,7 +94,7 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service { * @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal, java.lang.String, java.lang.String) */ @Override - public JWTToken issueToken(Principal p, String audience, String algorithm, long expires) + public JWT issueToken(Principal p, String audience, String algorithm, long expires) throws TokenServiceException { ArrayList<String> audiences = null; if (audience != null) { @@ -104,7 +105,7 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service { } @Override - public JWTToken issueToken(Principal p, List<String> audiences, String algorithm, long expires) + public JWT issueToken(Principal p, List<String> audiences, String algorithm, long expires) throws TokenServiceException { String[] claimArray = new String[4]; claimArray[0] = "KNOXSSO"; @@ -159,13 +160,13 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service { } @Override - public boolean verifyToken(JWTToken token) + public boolean verifyToken(JWT token) throws TokenServiceException { return verifyToken(token, null); } @Override - public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) + public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException { boolean rc = false; PublicKey key; http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java index c953c91..4e9e76b 100644 --- a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java +++ b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java @@ -274,32 +274,32 @@ public class WebSSOResourceTest { } @Override - public JWTToken issueToken(Subject subject, String algorithm) + public JWT issueToken(Subject subject, String algorithm) throws TokenServiceException { Principal p = (Principal) subject.getPrincipals().toArray()[0]; return issueToken(p, algorithm); } @Override - public JWTToken issueToken(Principal p, String algorithm) + public JWT issueToken(Principal p, String algorithm) throws TokenServiceException { return issueToken(p, null, algorithm); } @Override - public JWTToken issueToken(Principal p, String audience, String algorithm) + public JWT issueToken(Principal p, String audience, String algorithm) throws TokenServiceException { return issueToken(p, audience, algorithm, -1); } @Override - public boolean verifyToken(JWTToken token) throws TokenServiceException { + public boolean verifyToken(JWT token) throws TokenServiceException { JWSVerifier verifier = new RSASSAVerifier(publicKey); return token.verify(verifier); } @Override - public JWTToken issueToken(Principal p, String audience, String algorithm, + public JWT issueToken(Principal p, String audience, String algorithm, long expires) throws TokenServiceException { List<String> audiences = null; if (audience != null) { @@ -310,7 +310,7 @@ public class WebSSOResourceTest { } @Override - public JWTToken issueToken(Principal p, List<String> audiences, String algorithm, + public JWT issueToken(Principal p, List<String> audiences, String algorithm, long expires) throws TokenServiceException { String[] claimArray = new String[4]; claimArray[0] = "KNOXSSO"; @@ -341,7 +341,7 @@ public class WebSSOResourceTest { } @Override - public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException { + public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException { JWSVerifier verifier = new RSASSAVerifier(publicKey); return token.verify(verifier); } http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java index 9faa073..bddd13d 100644 --- a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java +++ b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java @@ -229,32 +229,32 @@ public class TokenServiceResourceTest { } @Override - public JWTToken issueToken(Subject subject, String algorithm) + public JWT issueToken(Subject subject, String algorithm) throws TokenServiceException { Principal p = (Principal) subject.getPrincipals().toArray()[0]; return issueToken(p, algorithm); } @Override - public JWTToken issueToken(Principal p, String algorithm) + public JWT issueToken(Principal p, String algorithm) throws TokenServiceException { return issueToken(p, null, algorithm); } @Override - public JWTToken issueToken(Principal p, String audience, String algorithm) + public JWT issueToken(Principal p, String audience, String algorithm) throws TokenServiceException { return issueToken(p, audience, algorithm, -1); } @Override - public boolean verifyToken(JWTToken token) throws TokenServiceException { + public boolean verifyToken(JWT token) throws TokenServiceException { JWSVerifier verifier = new RSASSAVerifier(publicKey); return token.verify(verifier); } @Override - public JWTToken issueToken(Principal p, String audience, String algorithm, + public JWT issueToken(Principal p, String audience, String algorithm, long expires) throws TokenServiceException { ArrayList<String> audiences = null; if (audience != null) { @@ -265,7 +265,7 @@ public class TokenServiceResourceTest { } @Override - public JWTToken issueToken(Principal p, List<String> audiences, String algorithm, + public JWT issueToken(Principal p, List<String> audiences, String algorithm, long expires) throws TokenServiceException { String[] claimArray = new String[4]; claimArray[0] = "KNOXSSO"; @@ -296,7 +296,7 @@ public class TokenServiceResourceTest { } @Override - public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException { + public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException { JWSVerifier verifier = new RSASSAVerifier(publicKey); return token.verify(verifier); } http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java index 9cb82ec..155b239 100644 --- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java @@ -24,29 +24,28 @@ import java.util.List; import javax.security.auth.Subject; import org.apache.hadoop.gateway.services.security.token.impl.JWT; -import org.apache.hadoop.gateway.services.security.token.impl.JWTToken; public interface JWTokenAuthority { - JWTToken issueToken(Subject subject, String algorithm) + JWT issueToken(Subject subject, String algorithm) throws TokenServiceException; - JWTToken issueToken(Principal p, String algorithm) + JWT issueToken(Principal p, String algorithm) throws TokenServiceException; - JWTToken issueToken(Principal p, String audience, + JWT issueToken(Principal p, String audience, String algorithm) throws TokenServiceException; - boolean verifyToken(JWTToken token) throws TokenServiceException; + boolean verifyToken(JWT token) throws TokenServiceException; - boolean verifyToken(JWTToken token, RSAPublicKey publicKey) + boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException; - JWTToken issueToken(Principal p, String audience, String algorithm, - long expires) throws TokenServiceException; + JWT issueToken(Principal p, String algorithm, long expires) throws TokenServiceException; - JWT issueToken(Principal p, String audience, long l) throws TokenServiceException; + JWT issueToken(Principal p, String audience, String algorithm, + long expires) throws TokenServiceException; - JWTToken issueToken(Principal p, List<String> audience, String algorithm, + JWT issueToken(Principal p, List<String> audience, String algorithm, long expires) throws TokenServiceException; } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java index b834649..1a6f4f9 100644 --- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java @@ -20,41 +20,44 @@ package org.apache.hadoop.gateway.services.security.token.impl; import java.util.Date; import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.JWSVerifier; public interface JWT { - public static final String PRINCIPAL = "prn"; - public static final String SUBJECT = "sub"; - public static final String ISSUER = "iss"; - public static final String AUDIENCE = "aud"; - public static final String EXPIRES = "exp"; + String PRINCIPAL = "prn"; + String SUBJECT = "sub"; + String ISSUER = "iss"; + String AUDIENCE = "aud"; + String EXPIRES = "exp"; - public abstract String getPayload(); + String getPayload(); - public abstract void setSignaturePayload(byte[] payload); + void setSignaturePayload(byte[] payload); - public abstract byte[] getSignaturePayload(); + byte[] getSignaturePayload(); - public abstract String getClaim(String claimName); + String getClaim(String claimName); - public abstract String getPrincipal(); + String getPrincipal(); - public abstract String getIssuer(); + String getIssuer(); - public abstract String getAudience(); + String getAudience(); public String[] getAudienceClaims(); - public abstract String getExpires(); + String getExpires(); - public abstract Date getExpiresDate(); + Date getExpiresDate(); - public abstract String getSubject(); + String getSubject(); - public abstract String getHeader(); + String getHeader(); - public abstract String getClaims(); + String getClaims(); - public abstract void sign(JWSSigner signer); + void sign(JWSSigner signer); + + boolean verify(JWSVerifier verifier); } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java index cc2ccfe..49d8609 100644 --- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java +++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java @@ -39,10 +39,10 @@ public class JWTToken implements JWT { private static JWTProviderMessages log = MessagesFactory.get( JWTProviderMessages.class ); SignedJWT jwt = null; - + private JWTToken(byte[] header, byte[] claims, byte[] signature) throws ParseException { try { - jwt = new SignedJWT(new Base64URL(new String(header, "UTF8")), new Base64URL(new String(claims, "UTF8")), + jwt = new SignedJWT(new Base64URL(new String(header, "UTF8")), new Base64URL(new String(claims, "UTF8")), new Base64URL(new String(signature, "UTF8"))); } catch (UnsupportedEncodingException e) { log.unsupportedEncoding(e); @@ -79,7 +79,7 @@ public class JWTToken implements JWT { if(claimsArray[3] != null) { builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3]))); } - + claims = builder.build(); jwt = new SignedJWT(header, claims); @@ -151,7 +151,7 @@ public class JWTToken implements JWT { // System.out.println("header: " + token.header); // System.out.println("claims: " + token.claims); // System.out.println("payload: " + new String(token.payload)); - + return jwt; } @@ -161,13 +161,13 @@ public class JWTToken implements JWT { @Override public String getClaim(String claimName) { String claim = null; - + try { claim = jwt.getJWTClaimsSet().getStringClaim(claimName); } catch (ParseException e) { log.unableToParseToken(e); } - + return claim; } @@ -246,9 +246,9 @@ public class JWTToken implements JWT { return getClaim(JWT.PRINCIPAL); } - + /* (non-Javadoc) - * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#getPrincipal() + * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#sign(JWSSigner) */ @Override public void sign(JWSSigner signer) { @@ -259,20 +259,19 @@ public class JWTToken implements JWT { } } - /** - * @param verifier - * @return + /* (non-Javadoc) + * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#verify(JWSVerifier) */ public boolean verify(JWSVerifier verifier) { boolean rc = false; - + try { rc = jwt.verify(verifier); } catch (JOSEException e) { // TODO Auto-generated catch block log.unableToVerifyToken(e); } - + return rc; - } + } }