knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject [03/37] knox git commit: KNOX-1036 - Fix a number of issues relating to JWTokenAuthority
Date Thu, 26 Oct 2017 14:22:39 GMT
KNOX-1036 - Fix a number of issues relating to JWTokenAuthority

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c833bf90
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c833bf90
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c833bf90

Branch: refs/heads/KNOX-1049
Commit: c833bf907566301e525f514354dcb0325f5e0738
Parents: d3f507f
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Sep 20 11:26:33 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 21 15:42:41 2017 +0100

----------------------------------------------------------------------
 .../filter/JWTAccessTokenAssertionFilter.java   | 23 ++++++------
 .../jwt/filter/JWTAuthCodeAssertionFilter.java  | 16 ++++----
 .../federation/AbstractJWTFilterTest.java       | 19 +++++-----
 .../impl/DefaultTokenAuthorityService.java      | 21 ++++++-----
 .../service/knoxsso/WebSSOResourceTest.java     | 14 +++----
 .../knoxtoken/TokenServiceResourceTest.java     | 14 +++----
 .../security/token/JWTokenAuthority.java        | 19 +++++-----
 .../services/security/token/impl/JWT.java       | 39 +++++++++++---------
 .../services/security/token/impl/JWTToken.java  | 27 +++++++-------
 9 files changed, 97 insertions(+), 95 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
index f8d9a02..e2ef32e 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
@@ -39,6 +39,7 @@ import org.apache.hadoop.gateway.services.GatewayServices;
 import org.apache.hadoop.gateway.services.registry.ServiceRegistry;
 import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
 import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
+import org.apache.hadoop.gateway.services.security.token.impl.JWT;
 import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
 import org.apache.hadoop.gateway.util.JsonUtils;
 
@@ -66,12 +67,12 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
     authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE);
     sr = (ServiceRegistry) services.getService(GatewayServices.SERVICE_REGISTRY_SERVICE);
   }
-  
+
   @Override
   public void doFilter(ServletRequest request, ServletResponse response,
       FilterChain chain) throws IOException, ServletException {
     String jsonResponse = null;
-    
+
     String header = ((HttpServletRequest) request).getHeader("Authorization");
     if (header != null && header.startsWith(BEARER)) {
       // what follows the bearer designator should be the JWT token being used to request
or as an access token
@@ -94,7 +95,7 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
       else {
         throw new ServletException("Expected JWT Token not provided as Bearer token");
       }
-      
+
       // authorization of the user for the requested service (and resource?) should have
been done by
       // the JWTFederationFilter - once we get here we can assume that it is authorized and
we just need
       // to assert the identity via an access token
@@ -102,27 +103,27 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
       Subject subject = Subject.getSubject(AccessController.getContext());
       String principalName = getPrincipalName(subject);
       principalName = mapper.mapUserPrincipal(principalName);
-      
+
       // calculate expiration timestamp: validity * 1000 + currentTimeInMillis
       long expires = System.currentTimeMillis() + validity * 1000;
-      
+
       String serviceName = request.getParameter("service-name");
       String clusterName = request.getParameter("cluster-name");
       String accessToken = getAccessToken(principalName, serviceName, expires);
-      
+
       String serviceURL = sr.lookupServiceURL(clusterName, serviceName);
-      
+
       HashMap<String, Object> map = new HashMap<>();
       // TODO: populate map from JWT authorization code
       map.put(ACCESS_TOKEN, accessToken);
       map.put(TOKEN_TYPE, BEARER);
       map.put(EXPIRES_IN, expires);
-      
+
       // TODO: this url needs to be rewritten when in gateway deployments....
       map.put(SVC_URL, serviceURL);
-      
+
       jsonResponse = JsonUtils.renderAsJsonString(map);
-      
+
       response.getWriter().write(jsonResponse);
       //KNOX-685: response.getWriter().flush();
       return; // break filter chain
@@ -147,7 +148,7 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
         return principalName;
       }
     };
-    JWTToken token = null;
+    JWT token = null;
     try {
       token = authority.issueToken(p, serviceName, "RS256", expires);
       // Coverity CID 1327961

http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
index 07cdf62..74b154f 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
@@ -33,12 +33,12 @@ import org.apache.hadoop.gateway.services.GatewayServices;
 import org.apache.hadoop.gateway.services.registry.ServiceRegistry;
 import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
 import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
+import org.apache.hadoop.gateway.services.security.token.impl.JWT;
 import org.apache.hadoop.gateway.util.JsonUtils;
 
 public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter {
   private static final String BEARER = "Bearer ";
-  
+
   private JWTokenAuthority authority = null;
 
   private ServiceRegistry sr;
@@ -56,7 +56,7 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter
     authority = (JWTokenAuthority) services.getService(GatewayServices.TOKEN_SERVICE);
     sr = (ServiceRegistry) services.getService(GatewayServices.SERVICE_REGISTRY_SERVICE);
   }
-  
+
   @Override
   public void doFilter(ServletRequest request, ServletResponse response,
       FilterChain chain) throws IOException, ServletException {
@@ -64,15 +64,15 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter
       Subject subject = Subject.getSubject(AccessController.getContext());
       String principalName = getPrincipalName(subject);
       principalName = mapper.mapUserPrincipal(principalName);
-      JWTToken authCode;
+      JWT authCode;
       try {
         authCode = authority.issueToken(subject, "RS256");
         // get the url for the token service
-        String url = null; 
+        String url = null;
         if (sr != null) {
           url = sr.lookupServiceURL("token", "TGS");
         }
-        
+
         HashMap<String, Object> map = new HashMap<>();
         // TODO: populate map from JWT authorization code
         // Coverity CID 1327960
@@ -86,9 +86,9 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter
         if (url != null) {
           map.put("tke", url);
         }
-        
+
         String jsonResponse = JsonUtils.renderAsJsonString(map);
-        
+
         response.getWriter().write(jsonResponse);
         //KNOX-685: response.getWriter().flush();
       } catch (TokenServiceException e) {

http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
index d477f1f..bdde3e6 100644
--- a/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
+++ b/gateway-provider-security-jwt/src/test/java/org/apache/hadoop/gateway/provider/federation/AbstractJWTFilterTest.java
@@ -56,7 +56,6 @@ import org.apache.hadoop.gateway.services.security.impl.X509CertificateUtil;
 import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
 import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
 import org.apache.hadoop.gateway.services.security.token.impl.JWT;
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
 import org.easymock.EasyMock;
 import org.junit.After;
 import org.junit.Assert;
@@ -550,7 +549,7 @@ public abstract class AbstractJWTFilterTest  {
      * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(javax.security.auth.Subject,
java.lang.String)
      */
     @Override
-    public JWTToken issueToken(Subject subject, String algorithm)
+    public JWT issueToken(Subject subject, String algorithm)
         throws TokenServiceException {
       // TODO Auto-generated method stub
       return null;
@@ -560,7 +559,7 @@ public abstract class AbstractJWTFilterTest  {
      * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal,
java.lang.String)
      */
     @Override
-    public JWTToken issueToken(Principal p, String algorithm)
+    public JWT issueToken(Principal p, String algorithm)
         throws TokenServiceException {
       // TODO Auto-generated method stub
       return null;
@@ -570,16 +569,16 @@ public abstract class AbstractJWTFilterTest  {
      * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal,
java.lang.String, java.lang.String)
      */
     @Override
-    public JWTToken issueToken(Principal p, String audience, String algorithm)
+    public JWT issueToken(Principal p, String audience, String algorithm)
         throws TokenServiceException {
       return null;
     }
 
     /* (non-Javadoc)
-     * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#verifyToken(org.apache.hadoop.gateway.services.security.token.impl.JWTToken)
+     * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#verifyToken(org.apache.hadoop.gateway.services.security.token.impl.JWT)
      */
     @Override
-    public boolean verifyToken(JWTToken token) throws TokenServiceException {
+    public boolean verifyToken(JWT token) throws TokenServiceException {
       JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) verifyingKey);
       return token.verify(verifier);
     }
@@ -588,13 +587,13 @@ public abstract class AbstractJWTFilterTest  {
      * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal,
java.lang.String, java.lang.String, long)
      */
     @Override
-    public JWTToken issueToken(Principal p, String audience, String algorithm,
+    public JWT issueToken(Principal p, String audience, String algorithm,
         long expires) throws TokenServiceException {
       return null;
     }
 
     @Override
-    public JWTToken issueToken(Principal p, List<String> audiences, String algorithm,
+    public JWT issueToken(Principal p, List<String> audiences, String algorithm,
         long expires) throws TokenServiceException {
       return null;
     }
@@ -603,14 +602,14 @@ public abstract class AbstractJWTFilterTest  {
      * @see org.apache.hadoop.gateway.services.security.token.JWTokenAuthority#issueToken(java.security.Principal,
java.lang.String, long)
      */
     @Override
-    public JWT issueToken(Principal p, String audience, long l)
+    public JWT issueToken(Principal p, String algorithm, long expires)
         throws TokenServiceException {
       // TODO Auto-generated method stub
       return null;
     }
 
     @Override
-    public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException
{
+    public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException
{
       JWSVerifier verifier = new RSASSAVerifier(publicKey);
       return token.verify(verifier);
     }

http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
index fc0a266..33b86bd 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.java
@@ -37,6 +37,7 @@ import org.apache.hadoop.gateway.services.security.KeystoreService;
 import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
 import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
 import org.apache.hadoop.gateway.services.security.token.TokenServiceException;
+import org.apache.hadoop.gateway.services.security.token.impl.JWT;
 import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
 
 import com.nimbusds.jose.JWSSigner;
@@ -63,28 +64,28 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority,
Service {
    * @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(javax.security.auth.Subject,
java.lang.String)
    */
   @Override
-  public JWTToken issueToken(Subject subject, String algorithm) throws TokenServiceException
{
+  public JWT issueToken(Subject subject, String algorithm) throws TokenServiceException {
     Principal p = (Principal) subject.getPrincipals().toArray()[0];
     return issueToken(p, algorithm);
   }
-  
+
   /* (non-Javadoc)
    * @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal,
java.lang.String)
    */
   @Override
-  public JWTToken issueToken(Principal p, String algorithm) throws TokenServiceException
{
+  public JWT issueToken(Principal p, String algorithm) throws TokenServiceException {
     return issueToken(p, null, algorithm);
   }
-  
+
   /* (non-Javadoc)
    * @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal,
java.lang.String, long expires)
    */
   @Override
-  public JWTToken issueToken(Principal p, String algorithm, long expires) throws TokenServiceException
{
+  public JWT issueToken(Principal p, String algorithm, long expires) throws TokenServiceException
{
     return issueToken(p, (String)null, algorithm, expires);
   }
 
-  public JWTToken issueToken(Principal p, String audience, String algorithm)
+  public JWT issueToken(Principal p, String audience, String algorithm)
       throws TokenServiceException {
     return issueToken(p, audience, algorithm, -1);
   }
@@ -93,7 +94,7 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service
{
    * @see org.apache.hadoop.gateway.provider.federation.jwt.JWTokenAuthority#issueToken(java.security.Principal,
java.lang.String, java.lang.String)
    */
   @Override
-  public JWTToken issueToken(Principal p, String audience, String algorithm, long expires)
+  public JWT issueToken(Principal p, String audience, String algorithm, long expires)
       throws TokenServiceException {
     ArrayList<String> audiences = null;
     if (audience != null) {
@@ -104,7 +105,7 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority,
Service {
   }
 
   @Override
-  public JWTToken issueToken(Principal p, List<String> audiences, String algorithm,
long expires)
+  public JWT issueToken(Principal p, List<String> audiences, String algorithm, long
expires)
       throws TokenServiceException {
     String[] claimArray = new String[4];
     claimArray[0] = "KNOXSSO";
@@ -159,13 +160,13 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority,
Service {
   }
 
   @Override
-  public boolean verifyToken(JWTToken token)
+  public boolean verifyToken(JWT token)
       throws TokenServiceException {
     return verifyToken(token, null);
   }
 
   @Override
-  public boolean verifyToken(JWTToken token, RSAPublicKey publicKey)
+  public boolean verifyToken(JWT token, RSAPublicKey publicKey)
       throws TokenServiceException {
     boolean rc = false;
     PublicKey key;

http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
index c953c91..4e9e76b 100644
--- a/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
+++ b/gateway-service-knoxsso/src/test/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResourceTest.java
@@ -274,32 +274,32 @@ public class WebSSOResourceTest {
     }
 
     @Override
-    public JWTToken issueToken(Subject subject, String algorithm)
+    public JWT issueToken(Subject subject, String algorithm)
       throws TokenServiceException {
       Principal p = (Principal) subject.getPrincipals().toArray()[0];
       return issueToken(p, algorithm);
     }
 
     @Override
-    public JWTToken issueToken(Principal p, String algorithm)
+    public JWT issueToken(Principal p, String algorithm)
       throws TokenServiceException {
       return issueToken(p, null, algorithm);
     }
 
     @Override
-    public JWTToken issueToken(Principal p, String audience, String algorithm)
+    public JWT issueToken(Principal p, String audience, String algorithm)
       throws TokenServiceException {
       return issueToken(p, audience, algorithm, -1);
     }
 
     @Override
-    public boolean verifyToken(JWTToken token) throws TokenServiceException {
+    public boolean verifyToken(JWT token) throws TokenServiceException {
       JWSVerifier verifier = new RSASSAVerifier(publicKey);
       return token.verify(verifier);
     }
 
     @Override
-    public JWTToken issueToken(Principal p, String audience, String algorithm,
+    public JWT issueToken(Principal p, String audience, String algorithm,
                                long expires) throws TokenServiceException {
       List<String> audiences = null;
       if (audience != null) {
@@ -310,7 +310,7 @@ public class WebSSOResourceTest {
     }
 
     @Override
-    public JWTToken issueToken(Principal p, List<String> audiences, String algorithm,
+    public JWT issueToken(Principal p, List<String> audiences, String algorithm,
                                long expires) throws TokenServiceException {
       String[] claimArray = new String[4];
       claimArray[0] = "KNOXSSO";
@@ -341,7 +341,7 @@ public class WebSSOResourceTest {
     }
 
     @Override
-    public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException
{
+    public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException
{
       JWSVerifier verifier = new RSASSAVerifier(publicKey);
       return token.verify(verifier);
     }

http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
index 9faa073..bddd13d 100644
--- a/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
+++ b/gateway-service-knoxtoken/src/test/java/org/apache/hadoop/gateway/service/knoxtoken/TokenServiceResourceTest.java
@@ -229,32 +229,32 @@ public class TokenServiceResourceTest {
     }
 
     @Override
-    public JWTToken issueToken(Subject subject, String algorithm)
+    public JWT issueToken(Subject subject, String algorithm)
       throws TokenServiceException {
       Principal p = (Principal) subject.getPrincipals().toArray()[0];
       return issueToken(p, algorithm);
     }
 
     @Override
-    public JWTToken issueToken(Principal p, String algorithm)
+    public JWT issueToken(Principal p, String algorithm)
       throws TokenServiceException {
       return issueToken(p, null, algorithm);
     }
 
     @Override
-    public JWTToken issueToken(Principal p, String audience, String algorithm)
+    public JWT issueToken(Principal p, String audience, String algorithm)
       throws TokenServiceException {
       return issueToken(p, audience, algorithm, -1);
     }
 
     @Override
-    public boolean verifyToken(JWTToken token) throws TokenServiceException {
+    public boolean verifyToken(JWT token) throws TokenServiceException {
       JWSVerifier verifier = new RSASSAVerifier(publicKey);
       return token.verify(verifier);
     }
 
     @Override
-    public JWTToken issueToken(Principal p, String audience, String algorithm,
+    public JWT issueToken(Principal p, String audience, String algorithm,
                                long expires) throws TokenServiceException {
       ArrayList<String> audiences = null;
       if (audience != null) {
@@ -265,7 +265,7 @@ public class TokenServiceResourceTest {
     }
 
     @Override
-    public JWTToken issueToken(Principal p, List<String> audiences, String algorithm,
+    public JWT issueToken(Principal p, List<String> audiences, String algorithm,
                                long expires) throws TokenServiceException {
       String[] claimArray = new String[4];
       claimArray[0] = "KNOXSSO";
@@ -296,7 +296,7 @@ public class TokenServiceResourceTest {
     }
 
     @Override
-    public boolean verifyToken(JWTToken token, RSAPublicKey publicKey) throws TokenServiceException
{
+    public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException
{
       JWSVerifier verifier = new RSASSAVerifier(publicKey);
       return token.verify(verifier);
     }

http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
index 9cb82ec..155b239 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/JWTokenAuthority.java
@@ -24,29 +24,28 @@ import java.util.List;
 import javax.security.auth.Subject;
 
 import org.apache.hadoop.gateway.services.security.token.impl.JWT;
-import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;
 
 public interface JWTokenAuthority {
 
-  JWTToken issueToken(Subject subject, String algorithm)
+  JWT issueToken(Subject subject, String algorithm)
       throws TokenServiceException;
 
-  JWTToken issueToken(Principal p, String algorithm)
+  JWT issueToken(Principal p, String algorithm)
       throws TokenServiceException;
 
-  JWTToken issueToken(Principal p, String audience,
+  JWT issueToken(Principal p, String audience,
       String algorithm) throws TokenServiceException;
 
-  boolean verifyToken(JWTToken token) throws TokenServiceException;
+  boolean verifyToken(JWT token) throws TokenServiceException;
 
-  boolean verifyToken(JWTToken token, RSAPublicKey publicKey)
+  boolean verifyToken(JWT token, RSAPublicKey publicKey)
       throws TokenServiceException;
 
-  JWTToken issueToken(Principal p, String audience, String algorithm,
-      long expires) throws TokenServiceException;
+  JWT issueToken(Principal p, String algorithm, long expires) throws TokenServiceException;
 
-  JWT issueToken(Principal p, String audience, long l) throws TokenServiceException;
+  JWT issueToken(Principal p, String audience, String algorithm,
+      long expires) throws TokenServiceException;
 
-  JWTToken issueToken(Principal p, List<String> audience, String algorithm,
+  JWT issueToken(Principal p, List<String> audience, String algorithm,
       long expires) throws TokenServiceException;
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
index b834649..1a6f4f9 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWT.java
@@ -20,41 +20,44 @@ package org.apache.hadoop.gateway.services.security.token.impl;
 import java.util.Date;
 
 import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.JWSVerifier;
 
 public interface JWT {
 
-  public static final String PRINCIPAL = "prn";
-  public static final String SUBJECT = "sub";
-  public static final String ISSUER = "iss";
-  public static final String AUDIENCE = "aud";
-  public static final String EXPIRES = "exp";
+  String PRINCIPAL = "prn";
+  String SUBJECT = "sub";
+  String ISSUER = "iss";
+  String AUDIENCE = "aud";
+  String EXPIRES = "exp";
 
-  public abstract String getPayload();
+  String getPayload();
 
-  public abstract void setSignaturePayload(byte[] payload);
+  void setSignaturePayload(byte[] payload);
 
-  public abstract byte[] getSignaturePayload();
+  byte[] getSignaturePayload();
 
-  public abstract String getClaim(String claimName);
+  String getClaim(String claimName);
 
-  public abstract String getPrincipal();
+  String getPrincipal();
 
-  public abstract String getIssuer();
+  String getIssuer();
 
-  public abstract String getAudience();
+  String getAudience();
 
   public String[] getAudienceClaims();
 
-  public abstract String getExpires();
+  String getExpires();
 
-  public abstract Date getExpiresDate();
+  Date getExpiresDate();
 
-  public abstract String getSubject();
+  String getSubject();
 
-  public abstract String getHeader();
+  String getHeader();
 
-  public abstract String getClaims();
+  String getClaims();
 
-  public abstract void sign(JWSSigner signer);
+  void sign(JWSSigner signer);
+
+  boolean verify(JWSVerifier verifier);
 
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/c833bf90/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
index cc2ccfe..49d8609 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/token/impl/JWTToken.java
@@ -39,10 +39,10 @@ public class JWTToken implements JWT {
   private static JWTProviderMessages log = MessagesFactory.get( JWTProviderMessages.class
);
 
   SignedJWT jwt = null;
-  
+
   private JWTToken(byte[] header, byte[] claims, byte[] signature) throws ParseException
{
     try {
-      jwt = new SignedJWT(new Base64URL(new String(header, "UTF8")), new Base64URL(new String(claims,
"UTF8")), 
+      jwt = new SignedJWT(new Base64URL(new String(header, "UTF8")), new Base64URL(new String(claims,
"UTF8")),
           new Base64URL(new String(signature, "UTF8")));
     } catch (UnsupportedEncodingException e) {
       log.unsupportedEncoding(e);
@@ -79,7 +79,7 @@ public class JWTToken implements JWT {
     if(claimsArray[3] != null) {
       builder = builder.expirationTime(new Date(Long.parseLong(claimsArray[3])));
     }
-    
+
     claims = builder.build();
 
     jwt = new SignedJWT(header, claims);
@@ -151,7 +151,7 @@ public class JWTToken implements JWT {
 //    System.out.println("header: " + token.header);
 //    System.out.println("claims: " + token.claims);
 //    System.out.println("payload: " + new String(token.payload));
-    
+
     return jwt;
   }
 
@@ -161,13 +161,13 @@ public class JWTToken implements JWT {
   @Override
   public String getClaim(String claimName) {
     String claim = null;
-    
+
     try {
       claim = jwt.getJWTClaimsSet().getStringClaim(claimName);
     } catch (ParseException e) {
       log.unableToParseToken(e);
     }
-    
+
     return claim;
   }
 
@@ -246,9 +246,9 @@ public class JWTToken implements JWT {
     return getClaim(JWT.PRINCIPAL);
   }
 
-  
+
   /* (non-Javadoc)
-   * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#getPrincipal()
+   * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#sign(JWSSigner)
    */
   @Override
   public void sign(JWSSigner signer) {
@@ -259,20 +259,19 @@ public class JWTToken implements JWT {
     }
   }
 
-  /**
-   * @param verifier
-   * @return
+  /* (non-Javadoc)
+   * @see org.apache.hadoop.gateway.services.security.token.impl.JWT#verify(JWSVerifier)
    */
   public boolean verify(JWSVerifier verifier) {
     boolean rc = false;
-    
+
     try {
       rc = jwt.verify(verifier);
     } catch (JOSEException e) {
       // TODO Auto-generated catch block
       log.unableToVerifyToken(e);
     }
-    
+
     return rc;
-  }  
+  }
 }


Mime
View raw message