calculate pairwise based on redirect uri rather than client id

2013-09-11 14:37:17 -04:00 · 2013-09-11 14:37:17 -04:00 · 0281cf02fe
parent f6a8ac4529
commit 0281cf02fe
8 changed files with 31 additions and 62 deletions
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
@ -24,7 +24,6 @@ import javax.persistence.Table;
@Table(name = "pairwise_identifier")
@NamedQueries({
 	@NamedQuery(name="PairwiseIdentifier.getAll", query = "select p from PairwiseIdentifier p"),
 	@NamedQuery(name="PairwiseIdentifier.getByClientId", query = "select p from PairwiseIdentifier p WHERE p.userSub = :sub AND p.clientId = :clientId"),
 	@NamedQuery(name="PairwiseIdentifier.getBySectorIdentifier", query = "select p from PairwiseIdentifier p WHERE p.userSub = :sub AND p.sectorIdentifier = :sectorIdentifier")
 })
 public class PairwiseIdentifier {
@ -32,7 +31,6 @@ public class PairwiseIdentifier {
 	private Long id;
 	private String identifier;
 	private String userSub;
 	private String clientId;
 	private String sectorIdentifier;
 	/**
@ -84,22 +82,6 @@ public class PairwiseIdentifier {
 		this.userSub = userSub;
 	}
 	/**
 	 * @return the clientId
 	 */
 	@Basic
 	@Column(name = "client_id")
 	public String getClientId() {
 		return clientId;
 	}
 	/**
 	 * @param clientId the clientId to set
 	 */
 	public void setClientId(String clientId) {
 		this.clientId = clientId;
 	}
 	/**
 	 * @return the sectorIdentifier
 	 */
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java
@ -20,15 +20,6 @@ public interface PairwiseIdentifierRepository {
 	 */
    public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri);
 	/**
 	 * Get a pairwise identifier by its associated user subject and client id.
 	 * 
 	 * @param sub
 	 * @param clientId
 	 * @return
 	 */
    public PairwiseIdentifier getByClientId(String sub, String clientId);
    /**
     * Save a pairwise identifier to the database.
     * 
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java
@ -13,6 +13,10 @@ import org.mitre.openid.connect.model.UserInfo;
 public interface PairwiseIdentiferService {
 	/**
 	 * Calcualtes the pairwise identifier for the given userinfo object and client.
 	 * 
 	 * Returns 'null' if no identifer could be calculated.
 	 * 
 	 * @param userInfo
 	 * @param client
 	 * @return
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java
@ -37,18 +37,6 @@ public class JpaPairwiseIdentifierRepository implements PairwiseIdentifierReposi
 		return getSingleResult(query.getResultList());
 	}
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.repository.PairwiseIdentifierRepository#getByClientId(java.lang.String, java.lang.String)
 	 */
 	@Override
 	public PairwiseIdentifier getByClientId(String sub, String clientId) {
 		TypedQuery<PairwiseIdentifier> query = manager.createNamedQuery("PairwiseIdentifier.getByClientId", PairwiseIdentifier.class);
 		query.setParameter("sub", sub);
 		query.setParameter("clientId", clientId);
 		return getSingleResult(query.getResultList());
 	}
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.repository.PairwiseIdentifierRepository#save(org.mitre.openid.connect.model.PairwiseIdentifier)
 	 */
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java
@ -3,17 +3,24 @@
 */
 package org.mitre.openid.connect.service.impl;
 import java.util.Set;
 import java.util.UUID;
 import org.apache.http.client.utils.URIBuilder;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.openid.connect.model.PairwiseIdentifier;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.repository.PairwiseIdentifierRepository;
 import org.mitre.openid.connect.service.PairwiseIdentiferService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 import com.google.common.base.Strings;
 import com.google.common.collect.Iterables;
 /**
 * @author jricher
@ -22,15 +29,28 @@ import com.google.common.base.Strings;
@Service("uuidPairwiseIdentiferService")
 public class UUIDPairwiseIdentiferService implements PairwiseIdentiferService {
 	private static Logger logger = LoggerFactory.getLogger(UUIDPairwiseIdentiferService.class);
 	@Autowired
 	private PairwiseIdentifierRepository pairwiseIdentifierRepository;
 	@Override
    public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client) {
 		String sectorIdentifier = null;
 		if (!Strings.isNullOrEmpty(client.getSectorIdentifierUri())) {
 			UriComponents uri = UriComponentsBuilder.fromUriString(client.getSectorIdentifierUri()).build();
 			sectorIdentifier = uri.getHost(); // calculate based on the host component only
 		} else {
 			Set<String> redirectUris = client.getRedirectUris();			
 			UriComponents uri = UriComponentsBuilder.fromUriString(Iterables.getOnlyElement(redirectUris)).build();
 			sectorIdentifier = uri.getHost(); // calculate based on the host of the only redirect URI
 		}
 		if (sectorIdentifier != null) {
 			// if there's a sector identifier, use that for the lookup
-			PairwiseIdentifier pairwise = pairwiseIdentifierRepository.getBySectorIdentifier(userInfo.getSub(), client.getSectorIdentifierUri());
+			PairwiseIdentifier pairwise = pairwiseIdentifierRepository.getBySectorIdentifier(userInfo.getSub(), sectorIdentifier);
 			if (pairwise == null) {
 				// we don't have an identifier, need to make and save one
@ -38,31 +58,16 @@ public class UUIDPairwiseIdentiferService implements PairwiseIdentiferService {
 				pairwise = new PairwiseIdentifier();
 				pairwise.setIdentifier(UUID.randomUUID().toString());
 				pairwise.setUserSub(userInfo.getSub());
-				pairwise.setSectorIdentifier(client.getSectorIdentifierUri());
+				pairwise.setSectorIdentifier(sectorIdentifier);
 				pairwiseIdentifierRepository.save(pairwise);
 			}
 			return pairwise.getIdentifier();
 		} else {
 			// if there's no sector identifier, use the client ID
 			PairwiseIdentifier pairwise = pairwiseIdentifierRepository.getByClientId(userInfo.getSub(), client.getClientId());
-			if (pairwise == null) {
+			return null;
 				// we don't have an identifier, need to make and save one
 				pairwise = new PairwiseIdentifier();
 				pairwise.setIdentifier(UUID.randomUUID().toString());
 				pairwise.setUserSub(userInfo.getSub());
 				pairwise.setClientId(client.getClientId());
 				pairwiseIdentifierRepository.save(pairwise);
 			}
 			return pairwise.getIdentifier();
 		}
    }
 }
--- a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql
+++ b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql
@ -208,6 +208,5 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
 	identifier VARCHAR(256),
 	sub VARCHAR(256),
 	client_id VARCHAR(256),
 	sector_identifier VARCHAR(2048)
 );
--- a/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql
+++ b/openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql
@ -208,6 +208,5 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
 	id BIGINT AUTO_INCREMENT PRIMARY KEY,
 	identifier VARCHAR(256),
 	sub VARCHAR(256),
 	client_id VARCHAR(256),
 	sector_identifier VARCHAR(2048)
 );
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java
@ -67,7 +67,8 @@ public class TestDefaultUserInfoService {
 	private String pairwiseClientId3 = "pairwiseClient-3-154157";
 	private String pairwiseClientId4 = "pairwiseClient-4-4589723";
-	private String sectorIdentifier12 = "https://sector-identifier-12/url";
+	private String sectorIdentifier1 = "https://sector-identifier-12/url";
 	private String sectorIdentifier2 = "https://sector-identifier-12/url2";
 	private String sectorIdentifier3 = "https://sector-identifier-3/url";
@ -100,12 +101,12 @@ public class TestDefaultUserInfoService {
 		pairwiseClient1 = new ClientDetailsEntity();
 		pairwiseClient1.setClientId(pairwiseClientId1);
 		pairwiseClient1.setSubjectType(SubjectType.PAIRWISE);
-		pairwiseClient1.setSectorIdentifierUri(sectorIdentifier12);
+		pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1);
 		pairwiseClient2 = new ClientDetailsEntity();
 		pairwiseClient2.setClientId(pairwiseClientId2);
 		pairwiseClient2.setSubjectType(SubjectType.PAIRWISE);
-		pairwiseClient2.setSectorIdentifierUri(sectorIdentifier12);
+		pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2);
 		// pairwise set 2
 		pairwiseClient3 = new ClientDetailsEntity();