calculate pairwise based on redirect uri rather than client id
Justin Richer
parent
f6a8ac4529
commit
0281cf02fe
|
|
@ -24,7 +24,6 @@ import javax.persistence.Table;
|
|||
@Table(name = "pairwise_identifier")
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="PairwiseIdentifier.getAll", query = "select p from PairwiseIdentifier p"),
|
||||
@NamedQuery(name="PairwiseIdentifier.getByClientId", query = "select p from PairwiseIdentifier p WHERE p.userSub = :sub AND p.clientId = :clientId"),
|
||||
@NamedQuery(name="PairwiseIdentifier.getBySectorIdentifier", query = "select p from PairwiseIdentifier p WHERE p.userSub = :sub AND p.sectorIdentifier = :sectorIdentifier")
|
||||
})
|
||||
public class PairwiseIdentifier {
|
||||
|
|
@ -32,7 +31,6 @@ public class PairwiseIdentifier {
|
|||
private Long id;
|
||||
private String identifier;
|
||||
private String userSub;
|
||||
private String clientId;
|
||||
private String sectorIdentifier;
|
||||
|
||||
/**
|
||||
|
|
@ -84,22 +82,6 @@ public class PairwiseIdentifier {
|
|||
this.userSub = userSub;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the clientId
|
||||
*/
|
||||
@Basic
|
||||
@Column(name = "client_id")
|
||||
public String getClientId() {
|
||||
return clientId;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param clientId the clientId to set
|
||||
*/
|
||||
public void setClientId(String clientId) {
|
||||
this.clientId = clientId;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the sectorIdentifier
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -20,15 +20,6 @@ public interface PairwiseIdentifierRepository {
|
|||
*/
|
||||
public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri);
|
||||
|
||||
/**
|
||||
* Get a pairwise identifier by its associated user subject and client id.
|
||||
*
|
||||
* @param sub
|
||||
* @param clientId
|
||||
* @return
|
||||
*/
|
||||
public PairwiseIdentifier getByClientId(String sub, String clientId);
|
||||
|
||||
/**
|
||||
* Save a pairwise identifier to the database.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -13,6 +13,10 @@ import org.mitre.openid.connect.model.UserInfo;
|
|||
public interface PairwiseIdentiferService {
|
||||
|
||||
/**
|
||||
* Calcualtes the pairwise identifier for the given userinfo object and client.
|
||||
*
|
||||
* Returns 'null' if no identifer could be calculated.
|
||||
*
|
||||
* @param userInfo
|
||||
* @param client
|
||||
* @return
|
||||
|
|
|
|||
|
|
@ -37,18 +37,6 @@ public class JpaPairwiseIdentifierRepository implements PairwiseIdentifierReposi
|
|||
return getSingleResult(query.getResultList());
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.openid.connect.repository.PairwiseIdentifierRepository#getByClientId(java.lang.String, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public PairwiseIdentifier getByClientId(String sub, String clientId) {
|
||||
TypedQuery<PairwiseIdentifier> query = manager.createNamedQuery("PairwiseIdentifier.getByClientId", PairwiseIdentifier.class);
|
||||
query.setParameter("sub", sub);
|
||||
query.setParameter("clientId", clientId);
|
||||
|
||||
return getSingleResult(query.getResultList());
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.mitre.openid.connect.repository.PairwiseIdentifierRepository#save(org.mitre.openid.connect.model.PairwiseIdentifier)
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -3,17 +3,24 @@
|
|||
*/
|
||||
package org.mitre.openid.connect.service.impl;
|
||||
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.apache.http.client.utils.URIBuilder;
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||
import org.mitre.openid.connect.model.PairwiseIdentifier;
|
||||
import org.mitre.openid.connect.model.UserInfo;
|
||||
import org.mitre.openid.connect.repository.PairwiseIdentifierRepository;
|
||||
import org.mitre.openid.connect.service.PairwiseIdentiferService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.util.UriComponents;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.common.collect.Iterables;
|
||||
|
||||
/**
|
||||
* @author jricher
|
||||
|
|
@ -22,15 +29,28 @@ import com.google.common.base.Strings;
|
|||
@Service("uuidPairwiseIdentiferService")
|
||||
public class UUIDPairwiseIdentiferService implements PairwiseIdentiferService {
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(UUIDPairwiseIdentiferService.class);
|
||||
|
||||
@Autowired
|
||||
private PairwiseIdentifierRepository pairwiseIdentifierRepository;
|
||||
|
||||
@Override
|
||||
public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client) {
|
||||
|
||||
String sectorIdentifier = null;
|
||||
|
||||
if (!Strings.isNullOrEmpty(client.getSectorIdentifierUri())) {
|
||||
UriComponents uri = UriComponentsBuilder.fromUriString(client.getSectorIdentifierUri()).build();
|
||||
sectorIdentifier = uri.getHost(); // calculate based on the host component only
|
||||
} else {
|
||||
Set<String> redirectUris = client.getRedirectUris();
|
||||
UriComponents uri = UriComponentsBuilder.fromUriString(Iterables.getOnlyElement(redirectUris)).build();
|
||||
sectorIdentifier = uri.getHost(); // calculate based on the host of the only redirect URI
|
||||
}
|
||||
|
||||
if (sectorIdentifier != null) {
|
||||
// if there's a sector identifier, use that for the lookup
|
||||
PairwiseIdentifier pairwise = pairwiseIdentifierRepository.getBySectorIdentifier(userInfo.getSub(), client.getSectorIdentifierUri());
|
||||
PairwiseIdentifier pairwise = pairwiseIdentifierRepository.getBySectorIdentifier(userInfo.getSub(), sectorIdentifier);
|
||||
|
||||
if (pairwise == null) {
|
||||
// we don't have an identifier, need to make and save one
|
||||
|
|
@ -38,31 +58,16 @@ public class UUIDPairwiseIdentiferService implements PairwiseIdentiferService {
|
|||
pairwise = new PairwiseIdentifier();
|
||||
pairwise.setIdentifier(UUID.randomUUID().toString());
|
||||
pairwise.setUserSub(userInfo.getSub());
|
||||
pairwise.setSectorIdentifier(client.getSectorIdentifierUri());
|
||||
pairwise.setSectorIdentifier(sectorIdentifier);
|
||||
|
||||
pairwiseIdentifierRepository.save(pairwise);
|
||||
}
|
||||
|
||||
return pairwise.getIdentifier();
|
||||
} else {
|
||||
// if there's no sector identifier, use the client ID
|
||||
PairwiseIdentifier pairwise = pairwiseIdentifierRepository.getByClientId(userInfo.getSub(), client.getClientId());
|
||||
|
||||
if (pairwise == null) {
|
||||
// we don't have an identifier, need to make and save one
|
||||
|
||||
pairwise = new PairwiseIdentifier();
|
||||
pairwise.setIdentifier(UUID.randomUUID().toString());
|
||||
pairwise.setUserSub(userInfo.getSub());
|
||||
pairwise.setClientId(client.getClientId());
|
||||
|
||||
pairwiseIdentifierRepository.save(pairwise);
|
||||
}
|
||||
|
||||
return pairwise.getIdentifier();
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -208,6 +208,5 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
|
|||
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
|
||||
identifier VARCHAR(256),
|
||||
sub VARCHAR(256),
|
||||
client_id VARCHAR(256),
|
||||
sector_identifier VARCHAR(2048)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -208,6 +208,5 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
|
|||
id BIGINT AUTO_INCREMENT PRIMARY KEY,
|
||||
identifier VARCHAR(256),
|
||||
sub VARCHAR(256),
|
||||
client_id VARCHAR(256),
|
||||
sector_identifier VARCHAR(2048)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -67,7 +67,8 @@ public class TestDefaultUserInfoService {
|
|||
private String pairwiseClientId3 = "pairwiseClient-3-154157";
|
||||
private String pairwiseClientId4 = "pairwiseClient-4-4589723";
|
||||
|
||||
private String sectorIdentifier12 = "https://sector-identifier-12/url";
|
||||
private String sectorIdentifier1 = "https://sector-identifier-12/url";
|
||||
private String sectorIdentifier2 = "https://sector-identifier-12/url2";
|
||||
private String sectorIdentifier3 = "https://sector-identifier-3/url";
|
||||
|
||||
|
||||
|
|
@ -100,12 +101,12 @@ public class TestDefaultUserInfoService {
|
|||
pairwiseClient1 = new ClientDetailsEntity();
|
||||
pairwiseClient1.setClientId(pairwiseClientId1);
|
||||
pairwiseClient1.setSubjectType(SubjectType.PAIRWISE);
|
||||
pairwiseClient1.setSectorIdentifierUri(sectorIdentifier12);
|
||||
pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1);
|
||||
|
||||
pairwiseClient2 = new ClientDetailsEntity();
|
||||
pairwiseClient2.setClientId(pairwiseClientId2);
|
||||
pairwiseClient2.setSubjectType(SubjectType.PAIRWISE);
|
||||
pairwiseClient2.setSectorIdentifierUri(sectorIdentifier12);
|
||||
pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2);
|
||||
|
||||
// pairwise set 2
|
||||
pairwiseClient3 = new ClientDetailsEntity();
|
||||
|
|
|
|||
Loading…
Reference in New Issue