cxf git commit: Few more updates to the Hawk validators
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes ea30a2c24 -> 75d408048 Few more updates to the Hawk validators Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/75d40804 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/75d40804 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/75d40804 Branch: refs/heads/3.0.x-fixes Commit: 75d40804807fe10c79b78d71be0c885aec490429 Parents: ea30a2c Author: Sergey Beryozkin Authored: Tue Dec 9 13:05:28 2014 + Committer: Sergey Beryozkin Committed: Wed Dec 10 17:13:05 2014 + -- .../hawk/AbstractHawkAccessTokenValidator.java | 30 +--- .../tokens/hawk/HawkAccessTokenValidator.java | 8 ++ .../hawk/HawkAccessTokenValidatorClient.java| 20 + 3 files changed, 48 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/75d40804/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java index 82f655e..9a2e25d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.rs.security.oauth2.tokens.hawk; +import java.net.URI; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -38,7 +39,10 @@ import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator { +protected static final String HTTP_VERB = "http.verb"; +protected static final String HTTP_URI = "http.uri"; private NonceVerifier nonceVerifier; +private boolean remoteSignatureValidation; public List getSupportedAuthorizationSchemes() { return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME); } @@ -50,12 +54,22 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal Map schemeParams = getSchemeParameters(authSchemeData); AccessTokenValidation atv = getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams); +if (isRemoteSignatureValidation()) { +return atv; +} String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY); String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM); - -HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), - mc.getHttpServletRequest().getMethod()); + + +HttpRequestProperties httpProps = null; +if (extraProps != null && extraProps.containsKey(HTTP_VERB) && extraProps.containsKey(HTTP_URI)) { +httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)), + extraProps.getFirst(HTTP_VERB)); +} else { +httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), + mc.getHttpServletRequest().getMethod()); +} HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams); String normalizedString = macAuthInfo.getNormalizedRequestString(); try { @@ -82,7 +96,7 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal MultivaluedMap extraProps, Map schemeParams); -private static Map getSchemeParameters(String authData) { +protected static Map getSchemeParameters(String authData) { String[] attributePairs = authData.split(","); Map attributeMap = new HashMap(); for (String pair : attributePairs) { @@ -101,4 +115,12 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal public void setNonceVerifier(NonceVerifier nonceVerifier) { this.nonceVerifier = nonceVerifier; } + +
cxf git commit: Few more updates to the Hawk validators
Repository: cxf Updated Branches: refs/heads/master 982bff937 -> 3898cf18c Few more updates to the Hawk validators Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3898cf18 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3898cf18 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3898cf18 Branch: refs/heads/master Commit: 3898cf18c620e109fbc5cb65a08604ea2ed06d81 Parents: 982bff9 Author: Sergey Beryozkin Authored: Tue Dec 9 13:05:28 2014 + Committer: Sergey Beryozkin Committed: Tue Dec 9 13:05:28 2014 + -- .../hawk/AbstractHawkAccessTokenValidator.java | 30 +--- .../tokens/hawk/HawkAccessTokenValidator.java | 8 ++ .../hawk/HawkAccessTokenValidatorClient.java| 20 + 3 files changed, 48 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3898cf18/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java index 82f655e..9a2e25d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.rs.security.oauth2.tokens.hawk; +import java.net.URI; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -38,7 +39,10 @@ import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator { +protected static final String HTTP_VERB = "http.verb"; +protected static final String HTTP_URI = "http.uri"; private NonceVerifier nonceVerifier; +private boolean remoteSignatureValidation; public List getSupportedAuthorizationSchemes() { return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME); } @@ -50,12 +54,22 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal Map schemeParams = getSchemeParameters(authSchemeData); AccessTokenValidation atv = getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams); +if (isRemoteSignatureValidation()) { +return atv; +} String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY); String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM); - -HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), - mc.getHttpServletRequest().getMethod()); + + +HttpRequestProperties httpProps = null; +if (extraProps != null && extraProps.containsKey(HTTP_VERB) && extraProps.containsKey(HTTP_URI)) { +httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)), + extraProps.getFirst(HTTP_VERB)); +} else { +httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), + mc.getHttpServletRequest().getMethod()); +} HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams); String normalizedString = macAuthInfo.getNormalizedRequestString(); try { @@ -82,7 +96,7 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal MultivaluedMap extraProps, Map schemeParams); -private static Map getSchemeParameters(String authData) { +protected static Map getSchemeParameters(String authData) { String[] attributePairs = authData.split(","); Map attributeMap = new HashMap(); for (String pair : attributePairs) { @@ -101,4 +115,12 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal public void setNonceVerifier(NonceVerifier nonceVerifier) { this.nonceVerifier = nonceVerifier; } + +public b