cxf git commit: Introducing a dedicated property for checking client secret algorithms
Repository: cxf Updated Branches: refs/heads/master c8905fd54 -> 92b8fbba1 Introducing a dedicated property for checking client secret algorithms Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/92b8fbba Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/92b8fbba Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/92b8fbba Branch: refs/heads/master Commit: 92b8fbba1f1c192a26aa77e6c0bb42e7ae1d63c1 Parents: c8905fd Author: Sergey BeryozkinAuthored: Fri Nov 13 16:46:39 2015 + Committer: Sergey Beryozkin Committed: Fri Nov 13 16:46:39 2015 + -- .../oauth2/provider/AbstractOAuthJoseJwtConsumer.java | 9 +++-- .../oauth2/provider/AbstractOAuthJoseJwtProducer.java | 9 +++-- .../apache/cxf/rs/security/oauth2/utils/OAuthConstants.java | 5 + 3 files changed, 19 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/92b8fbba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java index 5d2fa3b..175346e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java @@ -31,6 +31,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer; import org.apache.cxf.rs.security.jose.jwt.JwtToken; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rt.security.crypto.CryptoUtils; public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsumer { @@ -47,7 +48,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum protected JwsSignatureVerifier getInitializedSignatureVerifier(String clientSecret) { if (verifyWithClientSecret) { Properties props = JwsUtils.loadSignatureInProperties(false); -SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256); +SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm( + props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM)); +sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256; if (AlgorithmUtils.isHmacSign(sigAlgo)) { return JwsUtils.getHmacSignatureVerifier(clientSecret, sigAlgo); } @@ -59,7 +62,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum if (decryptWithClientSecret) { SecretKey key = CryptoUtils.decodeSecretKey(clientSecret); Properties props = JweUtils.loadEncryptionInProperties(false); -ContentAlgorithm ctAlgo = JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM); +ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm( + props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM)); +ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM; theDecryptionProvider = JweUtils.getDirectKeyJweDecryption(key, ctAlgo); } return theDecryptionProvider; http://git-wip-us.apache.org/repos/asf/cxf/blob/92b8fbba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java index fec38bc..5e1c870 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java @@ -32,6 +32,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer; import
cxf git commit: Introducing a dedicated property for checking client secret algorithms
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 5e8334b2d -> 4744117f9 Introducing a dedicated property for checking client secret algorithms Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4744117f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4744117f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4744117f Branch: refs/heads/3.1.x-fixes Commit: 4744117f9228e8f25cc2cba2255f6e6a516e2d2a Parents: 5e8334b Author: Sergey BeryozkinAuthored: Fri Nov 13 16:46:39 2015 + Committer: Sergey Beryozkin Committed: Fri Nov 13 16:48:30 2015 + -- .../oauth2/provider/AbstractOAuthJoseJwtConsumer.java | 9 +++-- .../oauth2/provider/AbstractOAuthJoseJwtProducer.java | 9 +++-- .../apache/cxf/rs/security/oauth2/utils/OAuthConstants.java | 5 + 3 files changed, 19 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java index 5d2fa3b..175346e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java @@ -31,6 +31,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer; import org.apache.cxf.rs.security.jose.jwt.JwtToken; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rt.security.crypto.CryptoUtils; public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsumer { @@ -47,7 +48,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum protected JwsSignatureVerifier getInitializedSignatureVerifier(String clientSecret) { if (verifyWithClientSecret) { Properties props = JwsUtils.loadSignatureInProperties(false); -SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256); +SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm( + props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM)); +sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256; if (AlgorithmUtils.isHmacSign(sigAlgo)) { return JwsUtils.getHmacSignatureVerifier(clientSecret, sigAlgo); } @@ -59,7 +62,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum if (decryptWithClientSecret) { SecretKey key = CryptoUtils.decodeSecretKey(clientSecret); Properties props = JweUtils.loadEncryptionInProperties(false); -ContentAlgorithm ctAlgo = JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM); +ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm( + props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM)); +ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM; theDecryptionProvider = JweUtils.getDirectKeyJweDecryption(key, ctAlgo); } return theDecryptionProvider; http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java index fec38bc..5e1c870 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java @@ -32,6 +32,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;