Example 1 with HttpRequestProperties
use of org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties in project cxf by apache.
the class HawkAccessTokenValidatorTest method getClientAuthHeader.
private static String getClientAuthHeader(HawkAccessToken macAccessToken) {
String address = "http://localhost:8080/appContext/oauth2/testResource";
HttpRequestProperties props = new HttpRequestProperties(URI.create(address), "GET");
return new HawkAuthorizationScheme(props, macAccessToken).toAuthorizationHeader(macAccessToken.getMacAlgorithm(), macAccessToken.getMacKey());
}
Also used :
HttpRequestProperties(org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties)
Example 2 with HttpRequestProperties
use of org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties in project cxf by apache.
the class OAuthClientUtils method appendTokenData.
private static void appendTokenData(StringBuilder sb, ClientAccessToken token, HttpRequestProperties httpProps) throws OAuthServiceException {
// this should all be handled by token specific serializers
String tokenType = token.getTokenType().toLowerCase();
if (OAuthConstants.BEARER_TOKEN_TYPE.equalsIgnoreCase(tokenType)) {
sb.append(OAuthConstants.BEARER_AUTHORIZATION_SCHEME);
sb.append(" ");
sb.append(token.getTokenKey());
} else if (OAuthConstants.HAWK_TOKEN_TYPE.equalsIgnoreCase(tokenType)) {
if (httpProps == null) {
throw new IllegalArgumentException("MAC scheme requires HTTP Request properties");
}
HawkAuthorizationScheme macAuthData = new HawkAuthorizationScheme(httpProps, token);
String macAlgo = token.getParameters().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
String macKey = token.getParameters().get(OAuthConstants.HAWK_TOKEN_KEY);
sb.append(macAuthData.toAuthorizationHeader(macAlgo, macKey));
} else {
throw new ProcessingException(new OAuthServiceException("Unsupported token type"));
}
}
Also used :
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
HawkAuthorizationScheme(org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAuthorizationScheme)
ProcessingException(javax.ws.rs.ProcessingException)
ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException)
Example 3 with HttpRequestProperties
use of org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties in project cxf by apache.
the class AbstractHawkAccessTokenValidator method validateAccessToken.
public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) throws OAuthServiceException {
Map<String, String> schemeParams = getSchemeParameters(authSchemeData);
AccessTokenValidation atv = getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams);
if (isRemoteSignatureValidation()) {
return atv;
}
String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY);
String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
HttpRequestProperties httpProps = null;
if (extraProps != null && extraProps.containsKey(HTTP_VERB) && extraProps.containsKey(HTTP_URI)) {
httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)), extraProps.getFirst(HTTP_VERB));
} else {
httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), mc.getHttpServletRequest().getMethod());
}
HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams);
String normalizedString = macAuthInfo.getNormalizedRequestString();
try {
HmacAlgorithm hmacAlgo = HmacAlgorithm.toHmacAlgorithm(macAlgo);
byte[] serverMacData = HmacUtils.computeHmac(macKey, hmacAlgo.getJavaName(), normalizedString);
String clientMacString = schemeParams.get(OAuthConstants.HAWK_TOKEN_SIGNATURE);
byte[] clientMacData = Base64Utility.decode(clientMacString);
boolean validMac = MessageDigest.isEqual(serverMacData, clientMacData);
if (!validMac) {
AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));
}
} catch (Base64Exception e) {
throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
}
validateTimestampNonce(macKey, macAuthInfo.getTimestamp(), macAuthInfo.getNonce());
return atv;
}
Also used :
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
HttpRequestProperties(org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties)
Base64Exception(org.apache.cxf.common.util.Base64Exception)
AccessTokenValidation(org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation)
Aggregations
HttpRequestProperties (org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties)2
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)2
ProcessingException (javax.ws.rs.ProcessingException)1
ResponseProcessingException (javax.ws.rs.client.ResponseProcessingException)1
Base64Exception (org.apache.cxf.common.util.Base64Exception)1
AccessTokenValidation (org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation)1
HawkAuthorizationScheme (org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAuthorizationScheme)1
