From 2b620426968afc28ef4b6c9be6a4fb35542efa98 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Thu, 6 Sep 2012 17:20:22 -0400
Subject: [PATCH] unshadowed Jwe header, unshadowed IdTokenClaims, added smart
 copy constructor to ClaimSet

---
 .../AbstractOIDCAuthenticationFilter.java     |  2 +-
 .../main/java/org/mitre/jwe/model/Jwe.java    | 29 ++++++++++---------
 .../java/org/mitre/jwe/model/JweHeader.java   |  4 +++
 .../java/org/mitre/jwt/model/ClaimSet.java    | 15 ++++++++++
 .../main/java/org/mitre/jwt/model/Jwt.java    |  6 ++--
 .../java/org/mitre/jwt/model/JwtClaims.java   |  4 +++
 .../java/org/mitre/jwt/model/JwtHeader.java   |  4 +++
 .../mitre/openid/connect/model/IdToken.java   | 10 +++++--
 .../openid/connect/model/IdTokenClaims.java   |  4 +++
 9 files changed, 57 insertions(+), 21 deletions(-)

diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java
index 31ebadd44..80cf6e118 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java
@@ -425,7 +425,7 @@ public class AbstractOIDCAuthenticationFilter extends
 
 			// pull the user_id out as a claim on the id_token
 			
-			String userId = idToken.getTokenClaims().getUserId();
+			String userId = idToken.getClaims().getUserId();
 			
 			// construct an OpenIdConnectAuthenticationToken and return a Authentication object w/the userId and the idToken
 			
diff --git a/openid-connect-common/src/main/java/org/mitre/jwe/model/Jwe.java b/openid-connect-common/src/main/java/org/mitre/jwe/model/Jwe.java
index 331ac877f..ec1ef6890 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwe/model/Jwe.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwe/model/Jwe.java
@@ -4,6 +4,7 @@ import java.util.List;
 
 import org.apache.commons.codec.binary.Base64;
 import org.mitre.jwt.model.Jwt;
+import org.mitre.jwt.model.JwtHeader;
 
 import com.google.common.base.Splitter;
 import com.google.common.collect.Lists;
@@ -20,22 +21,18 @@ import com.google.gson.JsonObject;
  */
 public class Jwe extends Jwt {
 
-	private JweHeader header;
-	
 	private byte[] encryptedKey;
 	
 	private byte[] ciphertext;
 	
 	public Jwe() {
 		super();
-		this.header = new JweHeader();
 		this.encryptedKey = null;
 		this.ciphertext = null;
 	}
 	
 	public Jwe(JweHeader header, byte[] encryptedKey, byte[] ciphertext, String integrityValue) {
-		super(null, null, integrityValue);
-		this.header = header;
+		super(header, null, integrityValue);
 		this.encryptedKey = encryptedKey;
 		this.ciphertext = ciphertext;
 	}
@@ -52,11 +49,18 @@ public class Jwe extends Jwt {
 	*/
 	
 	public JweHeader getHeader() {
-		return header;
+		return (JweHeader) super.getHeader();
 	}
 
-	public void setHeader(JweHeader header) {
-		this.header = header;
+	/**
+	 * Set the header, wrapping it in a JweHeader if necessary
+	 */
+	public void setHeader(JwtHeader header) {
+		if (header instanceof JweHeader) {		
+			super.setHeader(header);
+		} else {
+			super.setHeader(new JweHeader(header));
+		}
 	}
 
 	public byte[] getEncryptedKey() {
@@ -77,12 +81,9 @@ public class Jwe extends Jwt {
 
 	@Override
 	public String getSignatureBase() {
-		byte[] c = ciphertext;
-		byte[] e = encryptedKey;
-
-		String h64 = new String(Base64.encodeBase64URLSafe(header.toJsonString().getBytes()));
-		String e64 = new String(Base64.encodeBase64URLSafe(e));
-		String c64 = new String(Base64.encodeBase64URLSafe(c));
+		String h64 = new String(Base64.encodeBase64URLSafe(getHeader().toJsonString().getBytes()));
+		String e64 = new String(Base64.encodeBase64URLSafe(getEncryptedKey()));
+		String c64 = new String(Base64.encodeBase64URLSafe(getCiphertext()));
 		
 		return h64 + "." + e64 + "." + c64;	
 	}
diff --git a/openid-connect-common/src/main/java/org/mitre/jwe/model/JweHeader.java b/openid-connect-common/src/main/java/org/mitre/jwe/model/JweHeader.java
index b6b0b1bd4..94240c12d 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwe/model/JweHeader.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwe/model/JweHeader.java
@@ -33,6 +33,10 @@ public class JweHeader extends JwtHeader{
 		super(b64);
     }
 	
+	public JweHeader(JwtHeader jwtHeader) {
+		super(jwtHeader);
+	}
+	
 	/**
 	 * Load all claims from the given json object into this object
      */
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java
index 26c1832d0..c96e49f12 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/ClaimSet.java
@@ -55,6 +55,10 @@ public class ClaimSet {
 		loadFromBase64JsonObjectString(b64);
 	}
 	
+	public ClaimSet(ClaimSet claimSet) {
+		loadFromClaimSet(claimSet);
+	}
+	
 	/**
      * Get an extension claim
      */
@@ -185,6 +189,9 @@ public class ClaimSet {
 
 	/**
 	 * Load new claims from the given json object. Will replace any existing claims, but does not clear claim set.  
+	 * 
+	 * This function is intended to be overridden by subclasses for more exact data type and claim handling.
+	 * 
 	 * @param json
 	 */
 	public void loadFromJsonObject(JsonObject json) {
@@ -216,6 +223,14 @@ public class ClaimSet {
 		// save the string we were passed in (decoded from base64)
 		jsonString = new String(b64decoded);
 	}
+
+	public void loadFromClaimSet(ClaimSet claimSet) {
+		
+		loadFromJsonObject(getAsJsonObject()); // we push to a JSON object and back to let subclasses override this
+
+		jsonString = claimSet.toJsonString(); // preserve the string on input
+		
+	}
 	
 	public String toJsonString() {
 		if(jsonString == null) {
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java
index 8b85cf880..31a226eeb 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/Jwt.java
@@ -53,9 +53,9 @@ public class Jwt {
 	 */
 	public Jwt(JwtHeader header, JwtClaims claims, String signature) {
 	    super();
-	    this.header = header;
-	    this.claims = claims;
-	    this.signature = signature;
+	    setHeader(header);
+	    setClaims(claims);
+	    setSignature(signature);
     }
 
 
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java
index c342931af..0cc575938 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java
@@ -51,6 +51,10 @@ public class JwtClaims extends ClaimSet {
 		super(b64);
 	}
 
+	public JwtClaims(JwtClaims jwtClaims) {
+		super(jwtClaims);
+	}
+	
 	@Override
 	public void loadFromJsonObject(JsonObject json) {
 		JsonObject pass = new JsonObject();
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java
index 26f56f7db..ebb5a2beb 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java
@@ -47,6 +47,10 @@ public class JwtHeader extends ClaimSet {
 		super(b64);
     }
 
+	public JwtHeader(JwtHeader jwtHeader) {
+		super(jwtHeader);
+	}
+	
 	/**
 	 * Load all claims from the given json object into this object
      */
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdToken.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdToken.java
index 0c1932a20..556cb4e9f 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdToken.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdToken.java
@@ -80,15 +80,19 @@ public class IdToken extends Jwt {
 	 * @return the tokenClaims
 	 */
 	@Transient
-	public IdTokenClaims getTokenClaims() {
+	public IdTokenClaims getClaims() {
 		return (IdTokenClaims) super.getClaims();
 	}
 
 	/**
 	 * @param tokenClaims the tokenClaims to set
 	 */
-	public void setTokenClaims(IdTokenClaims tokenClaims) {
-		super.setClaims(tokenClaims);
+	public void setClaims(JwtClaims tokenClaims) {
+		if (tokenClaims instanceof IdTokenClaims) {
+			super.setClaims(tokenClaims);
+		} else {
+			super.setClaims(new IdTokenClaims(tokenClaims));
+		}
 	}
 	
 	
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java
index 29fa5d56e..6b7488c75 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java
@@ -57,6 +57,10 @@ public class IdTokenClaims extends JwtClaims {
 	public IdTokenClaims(String b64) {
 	    super(b64);
     }
+	
+	public IdTokenClaims(JwtClaims jwtClaims) {
+		super(jwtClaims);
+	}
 
 	/**
      * @return the id