subject:"cxf git commit\: Introducing a dedicated property for checking client secret algorithms"

cxf git commit: Introducing a dedicated property for checking client secret algorithms

2015-11-13 Thread sergeyb

Repository: cxf
Updated Branches:
  refs/heads/master c8905fd54 -> 92b8fbba1


Introducing a dedicated property for checking client secret algorithms


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/92b8fbba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/92b8fbba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/92b8fbba

Branch: refs/heads/master
Commit: 92b8fbba1f1c192a26aa77e6c0bb42e7ae1d63c1
Parents: c8905fd
Author: Sergey Beryozkin 
Authored: Fri Nov 13 16:46:39 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 16:46:39 2015 +

--
 .../oauth2/provider/AbstractOAuthJoseJwtConsumer.java   | 9 +++--
 .../oauth2/provider/AbstractOAuthJoseJwtProducer.java   | 9 +++--
 .../apache/cxf/rs/security/oauth2/utils/OAuthConstants.java | 5 +
 3 files changed, 19 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/92b8fbba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
index 5d2fa3b..175346e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
@@ -31,6 +31,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsumer {
@@ -47,7 +48,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsum
 protected JwsSignatureVerifier getInitializedSignatureVerifier(String 
clientSecret) {
 if (verifyWithClientSecret) {
 Properties props = JwsUtils.loadSignatureInProperties(false);
-SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, 
SignatureAlgorithm.HS256);
+SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(
+
props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM));
+sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
 if (AlgorithmUtils.isHmacSign(sigAlgo)) {
 return JwsUtils.getHmacSignatureVerifier(clientSecret, 
sigAlgo);
 }
@@ -59,7 +62,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsum
 if (decryptWithClientSecret) {
 SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
 Properties props = JweUtils.loadEncryptionInProperties(false);
-ContentAlgorithm ctAlgo = 
JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM);
+ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm(
+
props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM));
+ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM;
 theDecryptionProvider = JweUtils.getDirectKeyJweDecryption(key, 
ctAlgo);
 }
 return theDecryptionProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/92b8fbba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
index fec38bc..5e1c870 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
@@ -32,6 +32,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
 import

cxf git commit: Introducing a dedicated property for checking client secret algorithms

2015-11-13 Thread sergeyb

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 5e8334b2d -> 4744117f9


Introducing a dedicated property for checking client secret algorithms


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4744117f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4744117f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4744117f

Branch: refs/heads/3.1.x-fixes
Commit: 4744117f9228e8f25cc2cba2255f6e6a516e2d2a
Parents: 5e8334b
Author: Sergey Beryozkin 
Authored: Fri Nov 13 16:46:39 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 16:48:30 2015 +

--
 .../oauth2/provider/AbstractOAuthJoseJwtConsumer.java   | 9 +++--
 .../oauth2/provider/AbstractOAuthJoseJwtProducer.java   | 9 +++--
 .../apache/cxf/rs/security/oauth2/utils/OAuthConstants.java | 5 +
 3 files changed, 19 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
index 5d2fa3b..175346e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
@@ -31,6 +31,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsumer {
@@ -47,7 +48,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsum
 protected JwsSignatureVerifier getInitializedSignatureVerifier(String 
clientSecret) {
 if (verifyWithClientSecret) {
 Properties props = JwsUtils.loadSignatureInProperties(false);
-SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, 
SignatureAlgorithm.HS256);
+SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(
+
props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM));
+sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
 if (AlgorithmUtils.isHmacSign(sigAlgo)) {
 return JwsUtils.getHmacSignatureVerifier(clientSecret, 
sigAlgo);
 }
@@ -59,7 +62,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsum
 if (decryptWithClientSecret) {
 SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
 Properties props = JweUtils.loadEncryptionInProperties(false);
-ContentAlgorithm ctAlgo = 
JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM);
+ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm(
+
props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM));
+ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM;
 theDecryptionProvider = JweUtils.getDirectKeyJweDecryption(key, 
ctAlgo);
 }
 return theDecryptionProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
index fec38bc..5e1c870 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
@@ -32,6 +32,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;

cxf git commit: Introducing a dedicated property for checking client secret algorithms

cxf git commit: Introducing a dedicated property for checking client secret algorithms

2 matches

Site Navigation

Mail list logo

Footer information