use of org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAuthorizationScheme in project cxf by apache.
the class HawkAccessTokenValidatorTest method getClientAuthHeader.
private static String getClientAuthHeader(HawkAccessToken macAccessToken) {
String address = "http://localhost:8080/appContext/oauth2/testResource";
HttpRequestProperties props = new HttpRequestProperties(URI.create(address), "GET");
return new HawkAuthorizationScheme(props, macAccessToken).toAuthorizationHeader(macAccessToken.getMacAlgorithm(), macAccessToken.getMacKey());
}
use of org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAuthorizationScheme in project cxf by apache.
the class OAuthClientUtils method appendTokenData.
private static void appendTokenData(StringBuilder sb, ClientAccessToken token, HttpRequestProperties httpProps) throws OAuthServiceException {
// this should all be handled by token specific serializers
String tokenType = token.getTokenType().toLowerCase();
if (OAuthConstants.BEARER_TOKEN_TYPE.equalsIgnoreCase(tokenType)) {
sb.append(OAuthConstants.BEARER_AUTHORIZATION_SCHEME);
sb.append(" ");
sb.append(token.getTokenKey());
} else if (OAuthConstants.HAWK_TOKEN_TYPE.equalsIgnoreCase(tokenType)) {
if (httpProps == null) {
throw new IllegalArgumentException("MAC scheme requires HTTP Request properties");
}
HawkAuthorizationScheme macAuthData = new HawkAuthorizationScheme(httpProps, token);
String macAlgo = token.getParameters().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
String macKey = token.getParameters().get(OAuthConstants.HAWK_TOKEN_KEY);
sb.append(macAuthData.toAuthorizationHeader(macAlgo, macKey));
} else {
throw new ProcessingException(new OAuthServiceException("Unsupported token type"));
}
}
use of org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAuthorizationScheme in project cxf by apache.
the class AbstractHawkAccessTokenValidator method validateAccessToken.
public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) throws OAuthServiceException {
Map<String, String> schemeParams = getSchemeParameters(authSchemeData);
AccessTokenValidation atv = getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams);
if (isRemoteSignatureValidation()) {
return atv;
}
String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY);
String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
HttpRequestProperties httpProps = null;
if (extraProps != null && extraProps.containsKey(HTTP_VERB) && extraProps.containsKey(HTTP_URI)) {
httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)), extraProps.getFirst(HTTP_VERB));
} else {
httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), mc.getHttpServletRequest().getMethod());
}
HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams);
String normalizedString = macAuthInfo.getNormalizedRequestString();
try {
HmacAlgorithm hmacAlgo = HmacAlgorithm.toHmacAlgorithm(macAlgo);
byte[] serverMacData = HmacUtils.computeHmac(macKey, hmacAlgo.getJavaName(), normalizedString);
String clientMacString = schemeParams.get(OAuthConstants.HAWK_TOKEN_SIGNATURE);
byte[] clientMacData = Base64Utility.decode(clientMacString);
boolean validMac = MessageDigest.isEqual(serverMacData, clientMacData);
if (!validMac) {
AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));
}
} catch (Base64Exception e) {
throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
}
validateTimestampNonce(macKey, macAuthInfo.getTimestamp(), macAuthInfo.getNonce());
return atv;
}
Aggregations