github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

automated code formatting and cleanup

pull/1169/merge
Justin Richer 2017-03-21 13:36:20 -04:00
parent b6cf8fe22b
commit 32ce21b5cd
248 changed files with 3974 additions and 4093 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
View File

@ -16,6 +16,8 @@
*******************************************************************************/
package org.mitre.oauth2.introspectingfilter;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
import java.io.IOException;
import java.net.URI;
import java.util.Calendar;
@ -54,8 +56,6 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.nimbusds.jose.util.Base64;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
/**
* This ResourceServerTokenServices implementation introspects incoming tokens at a
* server's introspection endpoint URL and passes an Authentication object along

2
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.introspectingfilter.service;

2
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.introspectingfilter.service;

6
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.introspectingfilter.service.impl;
@ -32,11 +32,11 @@ import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
/**
*
*
* Parses the incoming accesstoken as a JWT and determines the issuer based on
* the "iss" field inside the JWT. Uses the ServerConfigurationService to determine
* the introspection URL for that issuer.
*
*
* @author jricher
*
*/

6
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java
View File

@ -34,7 +34,7 @@ import com.google.gson.JsonObject;
*
*/
public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionAuthorityGranter {
private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_API");
/* (non-Javadoc)
@ -43,7 +43,7 @@ public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionA
@Override
public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse) {
List<GrantedAuthority> auth = new ArrayList<>(getAuthorities());
if (introspectionResponse.has("scope") && introspectionResponse.get("scope").isJsonPrimitive()) {
String scopeString = introspectionResponse.get("scope").getAsString();
Set<String> scopes = OAuth2Utils.parseParameterList(scopeString);
@ -51,7 +51,7 @@ public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionA
auth.add(new SimpleGrantedAuthority("OAUTH_SCOPE_" + scope));
}
}
return auth;
}

6
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.introspectingfilter.service.impl;
@ -28,9 +28,9 @@ import org.springframework.security.core.authority.AuthorityUtils;
import com.google.gson.JsonObject;
/**
*
*
* Grants the same set of authorities no matter what's passed in.
*
*
* @author jricher
*
*/

6
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.introspectingfilter.service.impl;
@ -23,10 +23,10 @@ import org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationSe
import org.mitre.oauth2.model.RegisteredClient;
/**
*
*
* Always provides the (configured) IntrospectionURL and RegisteredClient regardless
* of token. Useful for talking to a single, trusted authorization server.
*
*
* @author jricher
*
*/

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/AuthorizationEndpointException.java
View File

@ -7,9 +7,9 @@ public class AuthorizationEndpointException extends AuthenticationServiceExcepti
private static final long serialVersionUID = 6953119789654778380L;
private String error;
private String errorDescription;
private String errorURI;
public AuthorizationEndpointException(String error, String errorDescription, String errorURI) {

8
openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client;
@ -34,13 +34,13 @@ import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
/**
*
*
* Simple mapper that adds ROLE_USER to the authorities map for all queries,
* plus adds ROLE_ADMIN if the subject and issuer pair are found in the
* configurable "admins" set.
*
*
* @author jricher
*
*
*/
public class NamedAdminAuthoritiesMapper implements OIDCAuthoritiesMapper {

32
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
View File

@ -88,9 +88,9 @@ import com.nimbusds.jwt.SignedJWT;
/**
* OpenID Connect Authentication Filter class
*
*
* @author nemonik, jricher
*
*
*/
public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
@ -169,9 +169,9 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
/*
* This is the main entry point for the filter.
*
*
* (non-Javadoc)
*
*
* @see org.springframework.security.web.authentication.
* AbstractAuthenticationProcessingFilter
* #attemptAuthentication(javax.servlet.http.HttpServletRequest,
@ -204,7 +204,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
/**
* Initiate an Authorization request
*
*
* @param request
* The request from which to extract parameters and perform the
* authentication
@ -270,7 +270,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
String state = createState(session);
Map<String, String> options = authOptions.getOptions(serverConfig, clientConfig, request);
// if we're using PKCE, handle the challenge here
if (clientConfig.getCodeChallengeMethod() != null) {
String codeVerifier = createCodeVerifier(session);
@ -287,7 +287,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
e.printStackTrace();
}
}
}
@ -330,7 +330,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
form.add("grant_type", "authorization_code");
form.add("code", authorizationCode);
form.setAll(authOptions.getTokenOptions(serverConfig, clientConfig, request));
String codeVerifier = getStoredCodeVerifier(session);
if (codeVerifier != null) {
form.add("code_verifier", codeVerifier);
@ -345,11 +345,11 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
if(httpClient == null) {
httpClient = HttpClientBuilder.create()
.useSystemProperties()
.setDefaultRequestConfig(RequestConfig.custom()
.setSocketTimeout(httpSocketTimeout)
.build())
.build();
.useSystemProperties()
.setDefaultRequestConfig(RequestConfig.custom()
.setSocketTimeout(httpSocketTimeout)
.build())
.build();
}
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
@ -634,7 +634,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
/**
* Handle Authorization Endpoint error
*
*
* @param request
* The request from which to extract parameters and handle the
* error
@ -708,7 +708,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
protected static String getStoredState(HttpSession session) {
return getStoredSessionString(session, STATE_SESSION_VARIABLE);
}
/**
* Create a random code challenge and store it in the session
* @param session
@ -719,7 +719,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
session.setAttribute(CODE_VERIFIER_SESSION_VARIABLE, challenge);
return challenge;
}
/**
* Retrieve the stored challenge from our session
* @param session

8
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
View File

@ -34,7 +34,7 @@ import com.nimbusds.jwt.JWT;
/**
* @author nemonik, Justin Richer
*
*
*/
public class OIDCAuthenticationProvider implements AuthenticationProvider {
@ -46,7 +46,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
/*
* (non-Javadoc)
*
*
* @see org.springframework.security.authentication.AuthenticationProvider#
* authenticate(org.springframework.security.core.Authentication)
*/
@ -86,7 +86,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
/**
* Override this function to return a different kind of Authentication, processes the authorities differently,
* or do post-processing based on the UserInfo object.
*
*
* @param token
* @param authorities
* @param userInfo
@ -115,7 +115,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
/*
* (non-Javadoc)
*
*
* @see
* org.springframework.security.authentication.AuthenticationProvider#supports
* (java.lang.Class)

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/StaticPrefixTargetLinkURIChecker.java
View File

@ -19,7 +19,7 @@ package org.mitre.openid.connect.client;
/**
* Simple target URI checker, checks whether the string in question starts
* with a configured prefix. Returns "/" if the match fails.
*
*
* @author jricher
*
*/

10
openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client;
@ -24,9 +24,9 @@ import org.springframework.security.core.GrantedAuthority;
import com.google.common.base.Strings;
/**
*
*
* Simple authority representing a user at an issuer.
*
*
* @author jricher
*
*/
@ -51,9 +51,9 @@ public class SubjectIssuerGrantedAuthority implements GrantedAuthority {
/**
* Returns a string formed by concatenating the subject with the issuer, separated by _ and prepended with OIDC_
*
*
* For example, the user "bob" from issuer "http://id.example.com/" would return the authority string of:
*
*
* OIDC_bob_http://id.example.com/
*/
@Override

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/TargetLinkURIChecker.java
View File

@ -20,7 +20,7 @@ public interface TargetLinkURIChecker {
/**
* Check the parameter to make sure that it's a valid deep-link into this application.
*
*
* @param target
* @return
*/

21
openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java
View File

@ -60,7 +60,7 @@ public class UserInfoFetcher {
private static final Logger logger = LoggerFactory.getLogger(UserInfoFetcher.class);
private LoadingCache<PendingOIDCAuthenticationToken, UserInfo> cache;
public UserInfoFetcher() {
this(HttpClientBuilder.create().useSystemProperties().build());
}
@ -71,7 +71,7 @@ public class UserInfoFetcher {
.maximumSize(100)
.build(new UserInfoLoader(httpClient));
}
public UserInfo loadUserInfo(final PendingOIDCAuthenticationToken token) {
try {
return cache.get(token);
@ -81,8 +81,8 @@ public class UserInfoFetcher {
}
}
private class UserInfoLoader extends CacheLoader<PendingOIDCAuthenticationToken, UserInfo> {
private HttpComponentsClientHttpRequestFactory factory;
@ -90,22 +90,23 @@ public class UserInfoFetcher {
this.factory = new HttpComponentsClientHttpRequestFactory(httpClient);
}
@Override
public UserInfo load(final PendingOIDCAuthenticationToken token) throws URISyntaxException {
ServerConfiguration serverConfiguration = token.getServerConfiguration();
if (serverConfiguration == null) {
logger.warn("No server configuration found.");
return null;
}
if (Strings.isNullOrEmpty(serverConfiguration.getUserInfoUri())) {
logger.warn("No userinfo endpoint, not fetching.");
return null;
}
String userInfoString = null;
if (serverConfiguration.getUserInfoTokenMethod() == null || serverConfiguration.getUserInfoTokenMethod().equals(UserInfoTokenMethod.HEADER)) {
RestTemplate restTemplate = new RestTemplate(factory) {
@ -145,7 +146,7 @@ public class UserInfoFetcher {
// didn't get anything throw exception
throw new IllegalArgumentException("Unable to load user info");
}
}
}

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.keypublisher;

6
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.keypublisher;
@ -26,9 +26,9 @@ import org.springframework.web.servlet.View;
import org.springframework.web.servlet.ViewResolver;
/**
*
*
* Simple view resolver to map JWK view names to appropriate beans
*
*
* @author jricher
*
*/

6
openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java
View File

@ -15,14 +15,14 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.model;
/**
*
*
* Data container to facilitate returns from the IssuerService API.
*
*
* @author jricher
*
*/

10
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service;
@ -27,11 +27,11 @@ import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.config.ServerConfiguration;
/**
*
*
* This service provides any extra options that need to be passed to the authentication request,
* either through the authorization endpoint (getOptions) or the token endpoint (getTokenOptions).
* These options may depend on the server configuration, client configuration, or HTTP request.
*
*
* @author jricher
*
*/
@ -39,7 +39,7 @@ public interface AuthRequestOptionsService {
/**
* The set of options needed at the authorization endpoint.
*
*
* @param server
* @param client
* @param request
@ -49,7 +49,7 @@ public interface AuthRequestOptionsService {
/**
* The set of options needed at the token endpoint.
*
*
* @param server
* @param client
* @param request

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service;
@ -26,7 +26,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
/**
* Builds a URL string to the IdP's authorization endpoint.
*
*
* @author jricher
*
*/

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service;

6
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service;
@ -24,9 +24,9 @@ import javax.servlet.http.HttpServletRequest;
import org.mitre.openid.connect.client.model.IssuerServiceResponse;
/**
*
*
* Gets an issuer for the given request. Might do dynamic discovery, or might be statically configured.
*
*
* @author jricher
*
*/

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java
View File

@ -15,12 +15,10 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service;
import java.util.List;
import org.mitre.oauth2.model.RegisteredClient;
/**

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service;

16
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -164,10 +164,10 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
/**
* Loader class that fetches the client information.
*
*
* If a client has been registered (ie, it's known to the RegisteredClientService), then this
* will fetch the client's configuration from the server.
*
*
* @author jricher
*
*/
@ -203,12 +203,12 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
try {
String registered = restTemplate.postForObject(serverConfig.getRegistrationEndpointUri(), entity, String.class);
RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
// save this client for later
registeredClientService.save(serverConfig.getIssuer(), client);
return client;
} catch (RestClientException rce) {
throw new InvalidClientException("Error registering client with server");
@ -227,9 +227,9 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
try {
String registered = restTemplate.exchange(knownClient.getRegistrationClientUri(), HttpMethod.GET, entity, String.class).getBody();
// TODO: handle HTTP errors
RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
return client;
} catch (RestClientException rce) {
throw new InvalidClientException("Error loading previously registered client information from server");

26
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java
View File

@ -15,10 +15,17 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
import static org.mitre.util.JsonUtils.getAsBoolean;
import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
import static org.mitre.util.JsonUtils.getAsString;
import static org.mitre.util.JsonUtils.getAsStringList;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ExecutionException;
@ -41,17 +48,10 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import static org.mitre.util.JsonUtils.getAsBoolean;
import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
import static org.mitre.util.JsonUtils.getAsString;
import static org.mitre.util.JsonUtils.getAsStringList;
/**
*
*
* Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
*
*
* @author jricher
*
*/
@ -133,9 +133,9 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer
private HttpComponentsClientHttpRequestFactory httpFactory;
private JsonParser parser = new JsonParser();
OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
}
OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
}
@Override
public ServerConfiguration load(String issuer) throws Exception {

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;

8
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -31,12 +31,12 @@ import org.mitre.openid.connect.config.ServerConfiguration;
* Houses both a static client configuration and a dynamic client configuration
* service in one object. Checks the static service first, then falls through to
* the dynamic service.
*
*
* Provides configuration passthrough for the template, registered client service, whitelist,
* and blacklist for the dynamic service, and to the static service's client map.
*
*
* @author jricher
*
*
*/
public class HybridClientConfigurationService implements ClientConfigurationService {

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java
View File

@ -26,11 +26,11 @@ import org.mitre.openid.connect.client.service.IssuerService;
import com.google.common.collect.Sets;
/**
*
*
* Issuer service that tries to parse input from the inputs from a third-party
* account chooser service (if possible), but falls back to webfinger discovery
* if not.
*
*
* @author jricher
*
*/

8
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -29,11 +29,11 @@ import org.mitre.openid.connect.config.ServerConfiguration;
* Houses both a static server configuration and a dynamic server configuration
* service in one object. Checks the static service first, then falls through to
* the dynamic service.
*
*
* Provides configuration passthrough to the dynamic service's whitelist and blacklist,
* and to the static service's server map.
*
*
*
*
* @author jricher
*
*/

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;

30
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -55,20 +55,20 @@ public class JsonFileRegisteredClientService implements RegisteredClientService
private static final Logger logger = LoggerFactory.getLogger(JsonFileRegisteredClientService.class);
private Gson gson = new GsonBuilder()
.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
@Override
public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
return ClientDetailsEntityJsonProcessor.serialize(src);
}
})
.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
@Override
public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
return ClientDetailsEntityJsonProcessor.parseRegistered(json);
}
})
.setPrettyPrinting()
.create();
.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
@Override
public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
return ClientDetailsEntityJsonProcessor.serialize(src);
}
})
.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
@Override
public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
return ClientDetailsEntityJsonProcessor.parseRegistered(json);
}
})
.setPrettyPrinting()
.create();
private File file;

6
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -33,9 +33,9 @@ import com.google.common.base.Joiner;
import com.google.common.base.Strings;
/**
*
*
* Builds an auth request redirect URI with normal query parameters.
*
*
* @author jricher
*
*/

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;

6
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -29,9 +29,9 @@ import org.mitre.openid.connect.client.service.AuthRequestOptionsService;
import org.mitre.openid.connect.config.ServerConfiguration;
/**
*
*
* Always returns the same set of options.
*
*
* @author jricher
*
*/

8
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -29,9 +29,9 @@ import org.mitre.openid.connect.config.ServerConfiguration;
/**
* Client configuration service that holds a static map from issuer URL to a ClientDetails object to use at that issuer.
*
*
* Designed to be configured as a bean.
*
*
* @author jricher
*
*/
@ -56,7 +56,7 @@ public class StaticClientConfigurationService implements ClientConfigurationServ
/**
* Get the client configured for this issuer
*
*
* @see org.mitre.openid.connect.client.service.ClientConfigurationService#getClientConfiguration(java.lang.String)
*/
@Override

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -28,7 +28,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
/**
* Statically configured server configuration service that maps issuer URLs to server configurations to use at that issuer.
*
*
* @author jricher
*
*/

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -51,7 +51,7 @@ public class StaticSingleIssuerService implements IssuerService {
/**
* Always returns the configured issuer URL
*
*
* @see org.mitre.openid.connect.client.service.IssuerService#getIssuer(javax.servlet.http.HttpServletRequest)
*/
@Override

6
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -34,9 +34,9 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
import com.google.common.base.Strings;
/**
*
*
* Determines the issuer using an account chooser or other third-party-initiated login
*
*
* @author jricher
*
*/

10
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.client.service.impl;
@ -74,7 +74,7 @@ public class WebfingerIssuerService implements IssuerService {
this.issuer = issuer;
}
}
private Set<String> whitelist = new HashSet<>();
private Set<String> blacklist = new HashSet<>();
@ -118,7 +118,7 @@ public class WebfingerIssuerService implements IssuerService {
if (blacklist.contains(lr.issuer)) {
throw new AuthenticationServiceException("Issuer was in blacklist: " + lr.issuer);
}
return new IssuerServiceResponse(lr.issuer, lr.loginHint, request.getParameter("target_link_uri"));
} catch (UncheckedExecutionException | ExecutionException e) {
logger.warn("Issue fetching issuer for user input: " + identifier + ": " + e.getMessage());
@ -218,7 +218,7 @@ public class WebfingerIssuerService implements IssuerService {
public LoadingResult load(String identifier) throws Exception {
UriComponents key = WebfingerURLNormalizer.normalizeResource(identifier);
RestTemplate restTemplate = new RestTemplate(httpFactory);
// construct the URL to go to
@ -268,7 +268,7 @@ public class WebfingerIssuerService implements IssuerService {
// we found the issuer, return it
String href = linkObj.get("href").getAsString();
if (identifier.equals(href)
|| identifier.startsWith("http")) {
// try to avoid sending a URL as the login hint

14
openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/service/impl/TestScopeBasedIntrospectionAuthoritiesGranter.java
View File

@ -38,7 +38,7 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
private JsonObject introspectionResponse;
private ScopeBasedIntrospectionAuthoritiesGranter granter = new ScopeBasedIntrospectionAuthoritiesGranter();
/**
* @throws java.lang.Exception
*/
@ -53,16 +53,16 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
@Test
public void testGetAuthoritiesJsonObject_withScopes() {
introspectionResponse.addProperty("scope", "foo bar baz batman");
List<GrantedAuthority> expected = new ArrayList<>();
expected.add(new SimpleGrantedAuthority("ROLE_API"));
expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_foo"));
expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_bar"));
expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_baz"));
expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_batman"));
List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
assertTrue(authorities.containsAll(expected));
assertTrue(expected.containsAll(authorities));
}
@ -72,12 +72,12 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
*/
@Test
public void testGetAuthoritiesJsonObject_withoutScopes() {
List<GrantedAuthority> expected = new ArrayList<>();
expected.add(new SimpleGrantedAuthority("ROLE_API"));
List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
assertTrue(authorities.containsAll(expected));
assertTrue(expected.containsAll(authorities));
}

22
openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java
View File

@ -1,11 +1,5 @@
package org.mitre.openid.connect.client;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -13,13 +7,21 @@ import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.security.authentication.AuthenticationServiceException;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Mockito.mock;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
public class TestOIDCAuthenticationFilter {
private OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter();
@Test
public void attemptAuthentication_error() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getParameter("error")).thenReturn("Error");
Mockito.when(request.getParameter("error_description")).thenReturn("Description");
@ -27,13 +29,13 @@ public class TestOIDCAuthenticationFilter {
try {
filter.attemptAuthentication(request, mock(HttpServletResponse.class));
fail("AuthorizationEndpointException expected.");
}
catch (AuthorizationEndpointException exception) {
assertThat(exception.getMessage(),
is("Error from Authorization Endpoint: Error Description http://example.com"));
assertThat(exception.getError(), is("Error"));
assertThat(exception.getErrorDescription(), is("Description"));
assertThat(exception.getErrorURI(), is("http://example.com"));

2
openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java
View File

@ -52,7 +52,7 @@ import static org.junit.Assert.fail;
/**
* @author wkim
*
*
*/
public class TestSignedAuthRequestUrlBuilder {

268
openid-connect-common/src/main/java/org/mitre/data/AbstractPageOperationTemplate.java
View File

@ -1,12 +1,12 @@
package org.mitre.data;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Abstract class for performing an operation on a potentially large
* number of items by paging through the items in discreet chunks.
@ -16,162 +16,162 @@ import java.util.Set;
*/
public abstract class AbstractPageOperationTemplate<T> {
private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
private static int DEFAULT_MAX_PAGES = 1000;
private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
private static int DEFAULT_MAX_PAGES = 1000;
private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
/**
* int specifying the maximum number of
* pages which should be fetched before
* execution should terminate
*/
private int maxPages;
/**
* int specifying the maximum number of
* pages which should be fetched before
* execution should terminate
*/
private int maxPages;
/**
* long specifying the maximum execution time
* in milliseconds
*/
private long maxTime;
/**
* long specifying the maximum execution time
* in milliseconds
*/
private long maxTime;
/**
* boolean specifying whether or not Exceptions
* incurred performing the operation should be
* swallowed during execution default true.
*/
private boolean swallowExceptions = true;
/**
* String that is used for logging in final tallies.
*/
private String operationName = "";
/**
* boolean specifying whether or not Exceptions
* incurred performing the operation should be
* swallowed during execution default true.
*/
private boolean swallowExceptions = true;
/**
* String that is used for logging in final tallies.
*/
private String operationName = "";
/**
* default constructor which sets the value of
* maxPages and maxTime to DEFAULT_MAX_PAGES and
* DEFAULT_MAX_TIME_MILLIS respectively
*/
public AbstractPageOperationTemplate(String operationName){
this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
}
/**
* default constructor which sets the value of
* maxPages and maxTime to DEFAULT_MAX_PAGES and
* DEFAULT_MAX_TIME_MILLIS respectively
*/
public AbstractPageOperationTemplate(String operationName){
this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
}
/**
* Instantiates a new AbstractPageOperationTemplate with the
* given maxPages and maxTime
*
* @param maxPages the maximum number of pages to fetch.
* @param maxTime the maximum execution time.
*/
public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
this.maxPages = maxPages;
this.maxTime = maxTime;
this.operationName = operationName;
}
/**
* Instantiates a new AbstractPageOperationTemplate with the
* given maxPages and maxTime
*
* @param maxPages the maximum number of pages to fetch.
* @param maxTime the maximum execution time.
*/
public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
this.maxPages = maxPages;
this.maxTime = maxTime;
this.operationName = operationName;
}
/**
* Execute the operation on each member of a page of results
* retrieved through the fetch method. the method will execute
* until either the maxPages or maxTime limit is reached or until
* the fetch method returns no more results. Exceptions thrown
* performing the operation on the item will be swallowed if the
* swallowException (default true) field is set true.
*/
public void execute(){
logger.debug("[" + getOperationName() + "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
/**
* Execute the operation on each member of a page of results
* retrieved through the fetch method. the method will execute
* until either the maxPages or maxTime limit is reached or until
* the fetch method returns no more results. Exceptions thrown
* performing the operation on the item will be swallowed if the
* swallowException (default true) field is set true.
*/
public void execute(){
logger.debug("[" + getOperationName() + "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
long startTime = System.currentTimeMillis();
long executionTime = 0;
int i = 0;
long startTime = System.currentTimeMillis();
long executionTime = 0;
int i = 0;
int exceptionsSwallowedCount = 0;
int operationsCompleted = 0;
Set<String> exceptionsSwallowedClasses = new HashSet<String>();
int exceptionsSwallowedCount = 0;
int operationsCompleted = 0;
Set<String> exceptionsSwallowedClasses = new HashSet<String>();
while (i< maxPages && executionTime < maxTime){
Collection<T> page = fetchPage();
if(page == null || page.size() == 0){
break;
}
while (i< maxPages && executionTime < maxTime){
Collection<T> page = fetchPage();
if(page == null || page.size() == 0){
break;
}
for (T item : page) {
try {
doOperation(item);
operationsCompleted++;
} catch (Exception e){
if(swallowExceptions){
exceptionsSwallowedCount++;
exceptionsSwallowedClasses.add(e.getClass().getName());
logger.debug("Swallowing exception " + e.getMessage(), e);
} else {
logger.debug("Rethrowing exception " + e.getMessage());
throw e;
}
}
}
for (T item : page) {
try {
doOperation(item);
operationsCompleted++;
} catch (Exception e){
if(swallowExceptions){
exceptionsSwallowedCount++;
exceptionsSwallowedClasses.add(e.getClass().getName());
logger.debug("Swallowing exception " + e.getMessage(), e);
} else {
logger.debug("Rethrowing exception " + e.getMessage());
throw e;
}
}
}
i++;
executionTime = System.currentTimeMillis() - startTime;
}
i++;
executionTime = System.currentTimeMillis() - startTime;
}
finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
}
finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
}
/**
* method responsible for fetching
* a page of items.
*
* @return the collection of items
*/
public abstract Collection<T> fetchPage();
/**
* method responsible for fetching
* a page of items.
*
* @return the collection of items
*/
public abstract Collection<T> fetchPage();
/**
* method responsible for performing desired
* operation on a fetched page item.
*
* @param item the item
*/
protected abstract void doOperation(T item);
/**
* Method responsible for final report of progress.
* @return
*/
protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
logger.info("[" + getOperationName() + "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
}
for(String className: exceptionsSwallowedClasses) {
logger.warn("[" + getOperationName() + "] Paged operation swallowed at least one exception of type " + className);
}
}
/**
* method responsible for performing desired
* operation on a fetched page item.
*
* @param item the item
*/
protected abstract void doOperation(T item);
public int getMaxPages() {
return maxPages;
}
/**
* Method responsible for final report of progress.
* @return
*/
protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
logger.info("[" + getOperationName() + "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
}
for(String className: exceptionsSwallowedClasses) {
logger.warn("[" + getOperationName() + "] Paged operation swallowed at least one exception of type " + className);
}
}
public void setMaxPages(int maxPages) {
this.maxPages = maxPages;
}
public int getMaxPages() {
return maxPages;
}
public long getMaxTime() {
return maxTime;
}
public void setMaxPages(int maxPages) {
this.maxPages = maxPages;
}
public void setMaxTime(long maxTime) {
this.maxTime = maxTime;
}
public long getMaxTime() {
return maxTime;
}
public boolean isSwallowExceptions() {
return swallowExceptions;
}
public void setMaxTime(long maxTime) {
this.maxTime = maxTime;
}
public void setSwallowExceptions(boolean swallowExceptions) {
this.swallowExceptions = swallowExceptions;
}
public boolean isSwallowExceptions() {
return swallowExceptions;
}
public void setSwallowExceptions(boolean swallowExceptions) {
this.swallowExceptions = swallowExceptions;
}
/**

38
openid-connect-common/src/main/java/org/mitre/data/DefaultPageCriteria.java
View File

@ -8,28 +8,28 @@ package org.mitre.data;
*/
public class DefaultPageCriteria implements PageCriteria {
private static final int DEFAULT_PAGE_NUMBER = 0;
private static final int DEFAULT_PAGE_SIZE = 100;
private static final int DEFAULT_PAGE_NUMBER = 0;
private static final int DEFAULT_PAGE_SIZE = 100;
private int pageNumber;
private int pageSize;
private int pageNumber;
private int pageSize;
public DefaultPageCriteria(){
this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
}
public DefaultPageCriteria(){
this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
}
public DefaultPageCriteria(int pageNumber, int pageSize) {
this.pageNumber = pageNumber;
this.pageSize = pageSize;
}
public DefaultPageCriteria(int pageNumber, int pageSize) {
this.pageNumber = pageNumber;
this.pageSize = pageSize;
}
@Override
public int getPageNumber() {
return pageNumber;
}
@Override
public int getPageNumber() {
return pageNumber;
}
@Override
public int getPageSize() {
return pageSize;
}
@Override
public int getPageSize() {
return pageSize;
}
}

4
openid-connect-common/src/main/java/org/mitre/data/PageCriteria.java
View File

@ -8,6 +8,6 @@ package org.mitre.data;
*/
public interface PageCriteria {
public int getPageNumber();
public int getPageSize();
public int getPageNumber();
public int getPageSize();
}

2
openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java
View File

@ -29,7 +29,7 @@ import com.google.common.base.Strings;
/**
* Provides utility methods for normalizing and parsing URIs for use with Webfinger Discovery.
*
*
* @author wkim
*
*/

2
openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.jose.keystore;

2
openid-connect-common/src/main/java/org/mitre/jwt/assertion/AssertionValidator.java
View File

@ -26,5 +26,5 @@ import com.nimbusds.jwt.JWT;
public interface AssertionValidator {
public boolean isValid(JWT assertion);
}

2
openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/NullAssertionValidator.java
View File

@ -23,7 +23,7 @@ import com.nimbusds.jwt.JWT;
/**
* Reject all assertions passed in.
*
*
* @author jricher
*
*/

14
openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/SelfAssertionValidator.java
View File

@ -33,7 +33,7 @@ import com.nimbusds.jwt.SignedJWT;
/**
* Validates all assertions generated by this server
*
*
* @author jricher
*
*/
@ -43,17 +43,17 @@ public class SelfAssertionValidator implements AssertionValidator {
@Autowired
private ConfigurationPropertiesBean config;
@Autowired
private JWTSigningAndValidationService jwtService;
@Override
public boolean isValid(JWT assertion) {
if (!(assertion instanceof SignedJWT)) {
// unsigned assertion
return false;
}
JWTClaimsSet claims;
try {
claims = assertion.getJWTClaimsSet();
@ -61,17 +61,17 @@ public class SelfAssertionValidator implements AssertionValidator {
logger.debug("Invalid assertion claims");
return false;
}
if (Strings.isNullOrEmpty(claims.getIssuer())) {
logger.debug("No issuer for assertion, rejecting");
return false;
}
if (claims.getIssuer().equals(config.getIssuer())) {
logger.debug("Issuer is not the same as this server, rejecting");
return false;
}
if (jwtService.validateSignature((SignedJWT) assertion)) {
return true;
} else {

20
openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/WhitelistedIssuerAssertionValidator.java
View File

@ -41,12 +41,12 @@ import com.nimbusds.jwt.SignedJWT;
public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
private static Logger logger = LoggerFactory.getLogger(WhitelistedIssuerAssertionValidator.class);
/**
* Map of issuer -> JWKSetUri
*/
private Map<String, String> whitelist = new HashMap<>();
/**
* @return the whitelist
*/
@ -63,15 +63,15 @@ public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
@Autowired
private JWKSetCacheService jwkCache;
@Override
public boolean isValid(JWT assertion) {
if (!(assertion instanceof SignedJWT)) {
// unsigned assertion
return false;
}
JWTClaimsSet claims;
try {
claims = assertion.getJWTClaimsSet();
@ -79,21 +79,21 @@ public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
logger.debug("Invalid assertion claims");
return false;
}
if (Strings.isNullOrEmpty(claims.getIssuer())) {
logger.debug("No issuer for assertion, rejecting");
return false;
}
if (!whitelist.containsKey(claims.getIssuer())) {
logger.debug("Issuer is not in whitelist, rejecting");
return false;
}
String jwksUri = whitelist.get(claims.getIssuer());
JWTSigningAndValidationService validator = jwkCache.getValidator(jwksUri);
if (validator.validateSignature((SignedJWT) assertion)) {
return true;
} else {

11
openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java
View File

@ -45,7 +45,6 @@ import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jca.JCAContext;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.OctetSequenceKey;
@ -80,7 +79,7 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
/**
* Build this service based on the keys given. All public keys will be used to make encrypters,
* all private keys will be used to make decrypters.
*
*
* @param keys
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
@ -94,7 +93,7 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
/**
* Build this service based on the given keystore. All keys must have a key
* id ({@code kid}) field in order to be used.
*
*
* @param keyStore
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
@ -240,13 +239,13 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
logger.warn("No private key for key #" + jwk.getKeyID());
}
} else if (jwk instanceof ECKey) {
// build EC Encrypters and decrypters
ECDHEncrypter encrypter = new ECDHEncrypter((ECKey) jwk);
encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
encrypters.put(id, encrypter);
if (jwk.isPrivate()) { // we can decrypt too
ECDHDecrypter decrypter = new ECDHDecrypter((ECKey) jwk);
decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());

6
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JWTSigningAndValidationService.java
View File

@ -34,7 +34,7 @@ public interface JWTSigningAndValidationService {
/**
* Checks the signature of the given JWT against all configured signers,
* returns true if at least one of the signers validates it.
*
*
* @param jwtString
* the string representation of the JWT as sent on the wire
* @return true if the signature is valid, false if not
@ -45,7 +45,7 @@ public interface JWTSigningAndValidationService {
/**
* Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
* Use the default algorithm to sign.
*
*
* @param jwt the jwt to sign
* @return the signed jwt
* @throws NoSuchAlgorithmException
@ -67,7 +67,7 @@ public interface JWTSigningAndValidationService {
/**
* Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified
* in the JWT spec, section 6. I.E., "HS256" means HMAC with SHA-256 and corresponds to our HmacSigner class.
*
*
* @param jwt the jwt to sign
* @param alg the name of the algorithm to use, as specified in JWS s.6
* @return the signed jwt

4
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/ClientKeyCacheService.java
View File

@ -39,10 +39,10 @@ import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
/**
*
*
* Takes in a client and returns the appropriate validator or encrypter for
* that client's registered key types.
*
*
* @author jricher
*
*/

28
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java
View File

@ -17,8 +17,6 @@
package org.mitre.jwt.signer.service.impl;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.HashMap;
@ -72,10 +70,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
/**
* Build this service based on the keys given. All public keys will be used
* to make verifiers, all private keys will be used to make signers.
*
*
* @param keys
* A map of key identifier to key
*
*
* @throws InvalidKeySpecException
* If the keys in the JWKs are not valid
* @throws NoSuchAlgorithmException
@ -89,10 +87,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
/**
* Build this service based on the given keystore. All keys must have a key
* id ({@code kid}) field in order to be used.
*
*
* @param keyStore
* the keystore to load all keys from
*
*
* @throws InvalidKeySpecException
* If the keys in the JWKs are not valid
* @throws NoSuchAlgorithmException
@ -165,37 +163,37 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
try {
if (jwk instanceof RSAKey) {
// build RSA signers & verifiers
if (jwk.isPrivate()) { // only add the signer if there's a private key
RSASSASigner signer = new RSASSASigner((RSAKey) jwk);
signers.put(id, signer);
}
RSASSAVerifier verifier = new RSASSAVerifier((RSAKey) jwk);
verifiers.put(id, verifier);
} else if (jwk instanceof ECKey) {
// build EC signers & verifiers
if (jwk.isPrivate()) {
ECDSASigner signer = new ECDSASigner((ECKey) jwk);
signers.put(id, signer);
}
ECDSAVerifier verifier = new ECDSAVerifier((ECKey) jwk);
verifiers.put(id, verifier);
} else if (jwk instanceof OctetSequenceKey) {
// build HMAC signers & verifiers
if (jwk.isPrivate()) { // technically redundant check because all HMAC keys are private
MACSigner signer = new MACSigner((OctetSequenceKey) jwk);
signers.put(id, signer);
}
MACVerifier verifier = new MACVerifier((OctetSequenceKey) jwk);
verifiers.put(id, verifier);
} else {
logger.warn("Unknown key type: " + jwk);
}

14
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.jwt.signer.service.impl;
@ -43,12 +43,12 @@ import com.google.gson.JsonParseException;
import com.nimbusds.jose.jwk.JWKSet;
/**
*
*
* Creates a caching map of JOSE signers/validators and encrypters/decryptors
* keyed on the JWK Set URI. Dynamically loads JWK Sets to create the services.
*
*
* @author jricher
*
*
*/
@Service
public class JWKSetCacheService {
@ -150,11 +150,11 @@ public class JWKSetCacheService {
try {
String jsonString = restTemplate.getForObject(key, String.class);
JWKSet jwkSet = JWKSet.parse(jsonString);
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
JWTEncryptionAndDecryptionService service = new DefaultJWTEncryptionAndDecryptionService(keyStore);
return service;
} catch (JsonParseException | RestClientException e) {
throw new IllegalArgumentException("Unable to load JWK Set");

4
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/SymmetricKeyJWTValidatorCacheService.java
View File

@ -41,7 +41,7 @@ import com.nimbusds.jose.util.Base64URL;
/**
* Creates and caches symmetrical validators for clients based on client secrets.
*
*
* @author jricher
*
*/
@ -66,7 +66,7 @@ public class SymmetricKeyJWTValidatorCacheService {
/**
* Create a symmetric signing and validation service for the given client
*
*
* @param client
* @return
*/

4
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
View File

@ -33,7 +33,7 @@ import javax.persistence.Temporal;
/**
* Entity class for authorization codes
*
*
* @author aanganes
*
*/
@ -67,7 +67,7 @@ public class AuthorizationCodeEntity {
/**
* Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
*
*
* @param code the authorization code
* @param authRequest the AuthoriztionRequestHolder associated with the original code request
*/

21
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.model;
@ -57,7 +57,6 @@ import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
@ -66,7 +65,7 @@ import com.nimbusds.jwt.JWT;
/**
* @author jricher
*
*
*/
@Entity
@Table(name = "client_details")
@ -151,10 +150,10 @@ public class ClientDetailsEntity implements ClientDetails {
/** fields for UMA */
private Set<String> claimsRedirectUris;
/** Software statement **/
private JWT softwareStatement;
/** PKCE **/
private PKCEAlgorithm codeChallengeMethod;
@ -239,7 +238,7 @@ public class ClientDetailsEntity implements ClientDetails {
return lookup.get(value);
}
}
/**
* Create a blank ClientDetailsEntity
*/
@ -267,7 +266,7 @@ public class ClientDetailsEntity implements ClientDetails {
}
/**
*
*
* @param id the id to set
*/
public void setId(Long id) {
@ -314,7 +313,7 @@ public class ClientDetailsEntity implements ClientDetails {
/**
* Number of seconds ID token is valid for. MUST be a positive integer, can not be null.
*
*
* @return the idTokenValiditySeconds
*/
@Basic
@ -367,7 +366,7 @@ public class ClientDetailsEntity implements ClientDetails {
}
/**
*
*
*/
@Override
@Transient
@ -580,9 +579,9 @@ public class ClientDetailsEntity implements ClientDetails {
/**
* This library does not make use of this field, so it is not
* stored using our persistence layer.
*
*
* However, it's somehow required by SECOUATH.
*
*
* @return an empty map
*/
@Override

14
openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java
View File

@ -54,11 +54,11 @@ public class DeviceCode {
public static final String QUERY_BY_USER_CODE = "DeviceCode.queryByUserCode";
public static final String QUERY_BY_DEVICE_CODE = "DeviceCode.queryByDeviceCode";
public static final String QUERY_EXPIRED_BY_DATE = "DeviceCode.queryExpiredByDate";
public static final String PARAM_USER_CODE = "userCode";
public static final String PARAM_DEVICE_CODE = "deviceCode";
public static final String PARAM_DATE = "date";
private Long id;
private String deviceCode;
private String userCode;
@ -68,11 +68,11 @@ public class DeviceCode {
private Map<String, String> requestParameters;
private boolean approved;
private AuthenticationHolderEntity authenticationHolder;
public DeviceCode() {
}
public DeviceCode(String deviceCode, String userCode, Set<String> scope, String clientId, Map<String, String> params) {
this.deviceCode = deviceCode;
this.userCode = userCode;
@ -213,7 +213,7 @@ public class DeviceCode {
public void setApproved(boolean approved) {
this.approved = approved;
}
/**
* The authentication in place when this token was created.
* @return the authentication
@ -231,5 +231,5 @@ public class DeviceCode {
this.authenticationHolder = authenticationHolder;
}
}

9
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.model;
@ -41,7 +41,6 @@ import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.Transient;
@ -113,9 +112,9 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
private Set<String> scope;
private Set<Permission> permissions;
private ApprovedSite approvedSite;
private Map<String, Object> additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response
/**
@ -297,7 +296,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
name = "access_token_permissions",
joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id")
)
)
public Set<Permission> getPermissions() {
return permissions;
}

6
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.model;
@ -78,7 +78,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
private Date expiration;
/**
*
*
*/
public OAuth2RefreshTokenEntity() {
@ -104,7 +104,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
/**
* The authentication in place when the original access token was
* created
*
*
* @return the authentication
*/
@ManyToOne

15
openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java
View File

@ -26,8 +26,13 @@ import com.nimbusds.jose.Requirement;
*/
public final class PKCEAlgorithm extends Algorithm {
/**
*
*/
private static final long serialVersionUID = 7752852583210088925L;
public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);
public PKCEAlgorithm(String name, Requirement req) {
@ -37,7 +42,7 @@ public final class PKCEAlgorithm extends Algorithm {
public PKCEAlgorithm(String name) {
super(name, null);
}
public static PKCEAlgorithm parse(final String s) {
if (s.equals(plain.getName())) {
return plain;
@ -47,7 +52,7 @@ public final class PKCEAlgorithm extends Algorithm {
return new PKCEAlgorithm(s);
}
}
}

6
openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.model;
@ -50,7 +50,7 @@ public class RegisteredClient {
private JsonObject src;
/**
*
*
*/
public RegisteredClient() {
this.client = new ClientDetailsEntity();
@ -815,7 +815,7 @@ public class RegisteredClient {
public void setSoftwareStatement(JWT softwareStatement) {
client.setSoftwareStatement(softwareStatement);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getCodeChallengeMethod()

2
openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java
View File

@ -40,7 +40,7 @@ import org.springframework.security.core.GrantedAuthority;
/**
* This class stands in for an original Authentication object.
*
*
* @author jricher
*
*/

3
openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.model;
@ -28,7 +28,6 @@ import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Transient;
/**
* @author jricher

4
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java
View File

@ -30,9 +30,9 @@ import org.slf4j.LoggerFactory;
* Translates a Serializable object of certain primitive types
* into a String for storage in the database, for use with the
* OAuth2Request extensions map.
*
*
* This class does allow some extension data to be lost.
*
*
* @author jricher
*
*/

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
View File

@ -32,5 +32,5 @@ public interface AuthenticationHolderRepository {
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders();
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
}

18
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
View File

@ -23,7 +23,7 @@ import org.mitre.oauth2.model.AuthorizationCodeEntity;
/**
* Interface for saving and consuming OAuth2 authorization codes as AuthorizationCodeEntitys.
*
*
* @author aanganes
*
*/
@ -31,7 +31,7 @@ public interface AuthorizationCodeRepository {
/**
* Save an AuthorizationCodeEntity to the repository
*
*
* @param authorizationCode the AuthorizationCodeEntity to save
* @return the saved AuthorizationCodeEntity
*/
@ -39,7 +39,7 @@ public interface AuthorizationCodeRepository {
/**
* Get an authorization code from the repository by value.
*
*
* @param code the authorization code value
* @return the authentication associated with the code
*/
@ -47,7 +47,7 @@ public interface AuthorizationCodeRepository {
/**
* Remove an authorization code from the repository
*
*
* @param authorizationCodeEntity
*/
public void remove(AuthorizationCodeEntity authorizationCodeEntity);
@ -57,10 +57,10 @@ public interface AuthorizationCodeRepository {
*/
public Collection<AuthorizationCodeEntity> getExpiredCodes();
/**
* @return A collection of all expired codes, limited by the given
* PageCriteria.
*/
public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
/**
* @return A collection of all expired codes, limited by the given
* PageCriteria.
*/
public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
}

46
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
View File

@ -58,38 +58,38 @@ public interface OAuth2TokenRepository {
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens();
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens();
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
/**
* removes duplicate access tokens.
*
* @deprecated this method was added to return the remove duplicate access tokens values
* so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
* removeAccessToken method has been updated so as it will not fail in the event that an
* accessToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
/**
* removes duplicate access tokens.
*
* @deprecated this method was added to return the remove duplicate access tokens values
* so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
* removeAccessToken method has been updated so as it will not fail in the event that an
* accessToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
public void clearDuplicateAccessTokens();
/**
* removes duplicate refresh tokens.
*
* @deprecated this method was added to return the remove duplicate refresh token value
* so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
* removeRefreshToken method has been updated so as it will not fail in the event that
* refreshToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
/**
* removes duplicate refresh tokens.
*
* @deprecated this method was added to return the remove duplicate refresh token value
* so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
* removeRefreshToken method has been updated so as it will not fail in the event that
* refreshToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
public void clearDuplicateRefreshTokens();
public List<OAuth2AccessTokenEntity> getAccessTokensForApprovedSite(ApprovedSite approvedSite);
}

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.repository;

1
openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java
View File

@ -18,7 +18,6 @@
package org.mitre.oauth2.repository.impl;
import java.util.Collection;
import java.util.Set;
import org.mitre.oauth2.model.DeviceCode;

3
openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java
View File

@ -24,7 +24,6 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.DeviceCode;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
/**
* @author jricher
@ -40,7 +39,7 @@ public interface DeviceCodeService {
/**
* @param dc
* @param o2Auth
* @param o2Auth
*/
public DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication o2Auth);

16
openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.oauth2.service;
@ -37,12 +37,12 @@ public interface SystemScopeService {
public static final String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources
public static final String UMA_PROTECTION_SCOPE = "uma_protection";
public static final String UMA_AUTHORIZATION_SCOPE = "uma_authorization";
public static final Set<SystemScope> reservedScopes =
Sets.newHashSet(
new SystemScope(REGISTRATION_TOKEN_SCOPE),
new SystemScope(RESOURCE_TOKEN_SCOPE)
);
public static final Set<SystemScope> reservedScopes =
Sets.newHashSet(
new SystemScope(REGISTRATION_TOKEN_SCOPE),
new SystemScope(RESOURCE_TOKEN_SCOPE)
);
public Set<SystemScope> getAll();
@ -56,7 +56,7 @@ public interface SystemScopeService {
* Get all the reserved system scopes. These can't be used
* by clients directly, but are instead tied to special system
* tokens like id tokens and registration access tokens.
*
*
* @return
*/
public Set<SystemScope> getReserved();

6
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
View File

@ -39,7 +39,7 @@ import com.google.common.base.Strings;
/**
* Shim layer to convert a ClientDetails service into a UserDetails service
*
*
* @author AANGANES
*
*/
@ -53,7 +53,7 @@ public class DefaultClientUserDetailsService implements UserDetailsService {
@Autowired
private ConfigurationPropertiesBean config;
@Override
public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException {
@ -66,7 +66,7 @@ public class DefaultClientUserDetailsService implements UserDetailsService {
if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
(client.getTokenEndpointAuthMethod() != null &&
(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
// Issue a random password each time to prevent password auth from being used (or skipped)

6
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
View File

@ -41,9 +41,9 @@ import com.google.common.base.Strings;
/**
* Loads client details based on URI encoding as passed in from basic auth.
*
*
* Should only get called if non-encoded provider fails.
*
*
* @author AANGANES
*
*/
@ -57,7 +57,7 @@ public class UriEncodedClientUserDetailsService implements UserDetailsService {
@Autowired
private ConfigurationPropertiesBean config;
@Override
public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException {

36
openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect;
@ -95,7 +95,7 @@ import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_SIGNED_RESP
/**
* Utility class to handle the parsing and serialization of ClientDetails objects.
*
*
* @author jricher
*
*/
@ -104,11 +104,11 @@ public class ClientDetailsEntityJsonProcessor {
private static Logger logger = LoggerFactory.getLogger(ClientDetailsEntityJsonProcessor.class);
private static JsonParser parser = new JsonParser();
/**
*
*
* Create an unbound ClientDetailsEntity from the given JSON string.
*
*
* @param jsonString
* @return the entity if successful, null otherwise
*/
@ -205,26 +205,26 @@ public class ClientDetailsEntityJsonProcessor {
c.setRequestUris(getAsStringSet(o, REQUEST_URIS));
c.setClaimsRedirectUris(getAsStringSet(o, CLAIMS_REDIRECT_URIS));
c.setCodeChallengeMethod(getAsPkceAlgorithm(o, CODE_CHALLENGE_METHOD));
c.setSoftwareId(getAsString(o, SOFTWARE_ID));
c.setSoftwareVersion(getAsString(o, SOFTWARE_VERSION));
// note that this does not process or validate the software statement, that's handled in other components
String softwareStatement = getAsString(o, SOFTWARE_STATEMENT);
if (!Strings.isNullOrEmpty(softwareStatement)) {
try {
JWT softwareStatementJwt = JWTParser.parse(softwareStatement);
c.setSoftwareStatement(softwareStatementJwt);
JWT softwareStatementJwt = JWTParser.parse(softwareStatement);
c.setSoftwareStatement(softwareStatementJwt);
} catch (ParseException e) {
logger.warn("Error parsing software statement", e);
return null;
}
}
return c;
} else {
return null;
@ -345,18 +345,18 @@ public class ClientDetailsEntityJsonProcessor {
o.addProperty(INITIATE_LOGIN_URI, c.getInitiateLoginUri());
o.add(POST_LOGOUT_REDIRECT_URIS, getAsArray(c.getPostLogoutRedirectUris()));
o.add(REQUEST_URIS, getAsArray(c.getRequestUris()));
o.add(CLAIMS_REDIRECT_URIS, getAsArray(c.getClaimsRedirectUris()));
o.addProperty(CODE_CHALLENGE_METHOD, c.getCodeChallengeMethod() != null ? c.getCodeChallengeMethod().getName() : null);
o.addProperty(SOFTWARE_ID, c.getSoftwareId());
o.addProperty(SOFTWARE_VERSION, c.getSoftwareVersion());
if (c.getSoftwareStatement() != null) {
o.addProperty(SOFTWARE_STATEMENT, c.getSoftwareStatement().serialize());
}
return o;
}

7
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.config;
@ -28,13 +28,12 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContext;
import org.springframework.context.i18n.TimeZoneAwareLocaleContext;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.i18n.AbstractLocaleContextResolver;
/**
*
*
* Resolve the server's locale from the injected ConfigurationPropertiesBean.
*
*
* @author jricher
*
*/

82
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
View File

@ -35,7 +35,7 @@ import com.google.gson.Gson;
* Bean to hold configuration information that must be injected into various parts
* of our application. Set all of the properties here, and autowire a reference
* to this bean if you need access to any configuration properties.
*
*
* @author AANGANES
*
*/
@ -49,7 +49,7 @@ public class ConfigurationPropertiesBean {
private String issuer;
private String topbarTitle;
private String shortTopbarTitle;
private String logoImageUrl;
@ -61,14 +61,14 @@ public class ConfigurationPropertiesBean {
private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment
private Locale locale = Locale.ENGLISH; // we default to the english translation
private List<String> languageNamespaces = Lists.newArrayList("messages");
private boolean dualClient = false;
private boolean heartMode = false;
private boolean dualClient = false;
public ConfigurationPropertiesBean() {
private boolean heartMode = false;
public ConfigurationPropertiesBean() {
}
@ -87,7 +87,7 @@ public class ConfigurationPropertiesBean {
logger.warn("\n\n**\n** WARNING: Configured issuer url is not using https scheme.\n**\n\n");
}
}
if (languageNamespaces == null || languageNamespaces.isEmpty()) {
logger.error("No configured language namespaces! Text rendering will fail!");
}
@ -120,14 +120,14 @@ public class ConfigurationPropertiesBean {
public void setTopbarTitle(String topbarTitle) {
this.topbarTitle = topbarTitle;
}
/**
* @return If shortTopbarTitle is undefined, returns topbarTitle.
* @return If shortTopbarTitle is undefined, returns topbarTitle.
*/
public String getShortTopbarTitle() {
return shortTopbarTitle == null ? topbarTitle : shortTopbarTitle;
}
public void setShortTopbarTitle(String shortTopbarTitle) {
this.shortTopbarTitle = shortTopbarTitle;
}
@ -211,37 +211,37 @@ public class ConfigurationPropertiesBean {
}
/**
* @return true if dual client is configured, otherwise false
*/
public boolean isDualClient() {
if (isHeartMode()) {
return false; // HEART mode is incompatible with dual client mode
} else {
return dualClient;
}
}
* @return true if dual client is configured, otherwise false
*/
public boolean isDualClient() {
if (isHeartMode()) {
return false; // HEART mode is incompatible with dual client mode
} else {
return dualClient;
}
}
/**
* @param dualClient the dual client configuration
*/
public void setDualClient(boolean dualClient) {
this.dualClient = dualClient;
}
/**
* Get the list of namespaces as a JSON string, for injection into the JavaScript UI
* @return
*/
public String getLanguageNamespacesString() {
return new Gson().toJson(getLanguageNamespaces());
}
/**
* Get the default namespace (first in the nonempty list)
*/
public String getDefaultLanguageNamespace() {
return getLanguageNamespaces().get(0);
}
/**
* @param dualClient the dual client configuration
*/
public void setDualClient(boolean dualClient) {
this.dualClient = dualClient;
}
/**
* Get the list of namespaces as a JSON string, for injection into the JavaScript UI
* @return
*/
public String getLanguageNamespacesString() {
return new Gson().toJson(getLanguageNamespaces());
}
/**
* Get the default namespace (first in the nonempty list)
*/
public String getDefaultLanguageNamespace() {
return getLanguageNamespaces().get(0);
}
/**
* @return the heartMode

2
openid-connect-common/src/main/java/org/mitre/openid/connect/config/JWKSetEditor.java
View File

@ -25,7 +25,7 @@ import com.nimbusds.jose.jwk.JWKSet;
/**
* Allows JWK Set strings to be used in XML configurations.
*
*
* @author jricher
*
*/

8
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java
View File

@ -25,16 +25,16 @@ import com.nimbusds.jose.JWSAlgorithm;
/**
*
*
* Container class for a client's view of a server's configuration
*
*
* @author nemonik, jricher
*
*
*/
public class ServerConfiguration {
/*
*
*
issuer
REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier.
authorization_endpoint

8
openid-connect-common/src/main/java/org/mitre/openid/connect/config/UIConfiguration.java
View File

@ -20,9 +20,9 @@ package org.mitre.openid.connect.config;
import java.util.Set;
/**
*
*
* Bean for UI (front-end) configuration to be read at start-up.
*
*
* @author jricher
*
*/
@ -30,7 +30,7 @@ public class UIConfiguration {
private Set<String> jsFiles;
private Set<String> templateFiles;
/**
* @return the jsFiles
*/
@ -55,5 +55,5 @@ public class UIConfiguration {
public void setTemplateFiles(Set<String> templateFiles) {
this.templateFiles = templateFiles;
}
}

24
openid-connect-common/src/main/java/org/mitre/openid/connect/model/Address.java
View File

@ -25,62 +25,62 @@ public interface Address extends Serializable {
* @return
*/
public Long getId();
/**
* @return the formatted address
*/
public String getFormatted();
/**
* @param formatted the formatted address to set
*/
public void setFormatted(String formatted);
/**
* @return the streetAddress
*/
public String getStreetAddress();
/**
* @param streetAddress the streetAddress to set
*/
public void setStreetAddress(String streetAddress);
/**
* @return the locality
*/
public String getLocality();
/**
* @param locality the locality to set
*/
public void setLocality(String locality);
/**
* @return the region
*/
public String getRegion();
/**
* @param region the region to set
*/
public void setRegion(String region);
/**
* @return the postalCode
*/
public String getPostalCode();
/**
* @param postalCode the postalCode to set
*/
public void setPostalCode(String postalCode);
/**
* @return the country
*/
public String getCountry();
/**
* @param country the country to set
*/

6
openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
View File

@ -20,7 +20,6 @@ import java.util.Date;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
@ -32,15 +31,10 @@ import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.Transient;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import com.google.common.collect.Sets;
@Entity
@Table(name="approved_site")
@NamedQueries({

2
openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.model;

4
openid-connect-common/src/main/java/org/mitre/openid/connect/model/CachedImage.java
View File

@ -22,11 +22,11 @@ package org.mitre.openid.connect.model;
*
*/
public class CachedImage {
private byte[] data;
private String contentType;
private long length;
/**
* @return the data
*/

2
openid-connect-common/src/main/java/org/mitre/openid/connect/model/ClientStat.java
View File

@ -38,5 +38,5 @@ public class ClientStat {
public void setApprovedSiteCount(Integer count) {
this.approvedSiteCount = count;
}
}

15
openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java
View File

@ -16,8 +16,6 @@
*******************************************************************************/
package org.mitre.openid.connect.model;
import java.io.Serializable;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
@ -63,6 +61,7 @@ public class DefaultAddress implements Address {
/**
* @return the formatted address string
*/
@Override
@Basic
@Column(name = "formatted")
public String getFormatted() {
@ -71,12 +70,14 @@ public class DefaultAddress implements Address {
/**
* @param formatted the formatted address to set
*/
@Override
public void setFormatted(String formatted) {
this.formatted = formatted;
}
/**
* @return the streetAddress
*/
@Override
@Basic
@Column(name="street_address")
public String getStreetAddress() {
@ -85,12 +86,14 @@ public class DefaultAddress implements Address {
/**
* @param streetAddress the streetAddress to set
*/
@Override
public void setStreetAddress(String streetAddress) {
this.streetAddress = streetAddress;
}
/**
* @return the locality
*/
@Override
@Basic
@Column(name = "locality")
public String getLocality() {
@ -99,12 +102,14 @@ public class DefaultAddress implements Address {
/**
* @param locality the locality to set
*/
@Override
public void setLocality(String locality) {
this.locality = locality;
}
/**
* @return the region
*/
@Override
@Basic
@Column(name = "region")
public String getRegion() {
@ -113,12 +118,14 @@ public class DefaultAddress implements Address {
/**
* @param region the region to set
*/
@Override
public void setRegion(String region) {
this.region = region;
}
/**
* @return the postalCode
*/
@Override
@Basic
@Column(name="postal_code")
public String getPostalCode() {
@ -127,12 +134,14 @@ public class DefaultAddress implements Address {
/**
* @param postalCode the postalCode to set
*/
@Override
public void setPostalCode(String postalCode) {
this.postalCode = postalCode;
}
/**
* @return the country
*/
@Override
@Basic
@Column(name = "country")
public String getCountry() {
@ -141,6 +150,7 @@ public class DefaultAddress implements Address {
/**
* @param country the country to set
*/
@Override
public void setCountry(String country) {
this.country = country;
}
@ -148,6 +158,7 @@ public class DefaultAddress implements Address {
/**
* @return the id
*/
@Override
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name = "id")

4
openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java
View File

@ -379,7 +379,7 @@ public class DefaultUserInfo implements UserInfo {
*/
@Override
public void setAddress(Address address) {
if (address != null) {
if (address != null) {
this.address = new DefaultAddress(address);
} else {
this.address = null;
@ -499,7 +499,7 @@ public class DefaultUserInfo implements UserInfo {
ui.setPhoneNumber(nullSafeGetString(obj, "phone_number"));
ui.setPhoneNumberVerified(obj.has("phone_number_verified") && obj.get("phone_number_verified").isJsonPrimitive() ? obj.get("phone_number_verified").getAsBoolean() : null);
if (obj.has("address") && obj.get("address").isJsonObject()) {
JsonObject addr = obj.get("address").getAsJsonObject();
ui.setAddress(new DefaultAddress());

10
openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
View File

@ -30,9 +30,9 @@ import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
/**
*
*
* @author Michael Walsh, Justin Richer
*
*
*/
public class OIDCAuthenticationToken extends AbstractAuthenticationToken {
@ -49,9 +49,9 @@ public class OIDCAuthenticationToken extends AbstractAuthenticationToken {
/**
* Constructs OIDCAuthenticationToken with a full set of authorities, marking this as authenticated.
*
*
* Set to authenticated.
*
*
* Constructs a Principal out of the subject and issuer.
* @param subject
* @param authorities
@ -78,7 +78,7 @@ public class OIDCAuthenticationToken extends AbstractAuthenticationToken {
/*
* (non-Javadoc)
*
*
* @see org.springframework.security.core.Authentication#getCredentials()
*/
@Override

6
openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.model;
@ -30,9 +30,9 @@ import javax.persistence.NamedQuery;
import javax.persistence.Table;
/**
*
*
* Holds the generated pairwise identifiers for a user. Can be tied to either a client ID or a sector identifier URL.
*
*
* @author jricher
*
*/

8
openid-connect-common/src/main/java/org/mitre/openid/connect/model/PendingOIDCAuthenticationToken.java
View File

@ -33,7 +33,7 @@ import com.nimbusds.jwt.JWTParser;
/**
* AuthenticationToken for use as a data shuttle from the filter to the auth provider.
*
*
* @author jricher
*
*/
@ -52,9 +52,9 @@ public class PendingOIDCAuthenticationToken extends AbstractAuthenticationToken
/**
* Constructs OIDCAuthenticationToken for use as a data shuttle from the filter to the auth provider.
*
*
* Set to not-authenticated.
*
*
* Constructs a Principal out of the subject and issuer.
* @param sub
* @param idToken
@ -80,7 +80,7 @@ public class PendingOIDCAuthenticationToken extends AbstractAuthenticationToken
/*
* (non-Javadoc)
*
*
* @see org.springframework.security.core.Authentication#getCredentials()
*/
@Override

10
openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java
View File

@ -184,12 +184,12 @@ public interface UserInfo extends Serializable {
public void setPhoneNumber(String phoneNumber);
/**
*
*
*/
public Boolean getPhoneNumberVerified();
/**
*
*
* @param phoneNumberVerified
*/
public void setPhoneNumberVerified(Boolean phoneNumberVerified);
@ -216,20 +216,20 @@ public interface UserInfo extends Serializable {
/**
*
*
* @return
*/
public String getBirthdate();
/**
*
*
* @param birthdate
*/
public void setBirthdate(String birthdate);
/**
* Serialize this UserInfo object to JSON.
*
*
* @return
*/
public JsonObject toJson();

2
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java
View File

@ -28,7 +28,7 @@ public interface AddressRepository {
/**
* Returns the Address for the given id
*
*
* @param id
* id the id of the Address
* @return a valid Address if it exists, null otherwise

10
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java
View File

@ -30,7 +30,7 @@ public interface ApprovedSiteRepository {
/**
* Returns the ApprovedSite for the given id
*
*
* @param id
* id the id of the ApprovedSite
* @return a valid ApprovedSite if it exists, null otherwise
@ -39,7 +39,7 @@ public interface ApprovedSiteRepository {
/**
* Return a collection of all ApprovedSites managed by this repository
*
*
* @return the ApprovedSite collection, or null
*/
public Collection<ApprovedSite> getAll();
@ -47,7 +47,7 @@ public interface ApprovedSiteRepository {
/**
* Return a collection of ApprovedSite managed by this repository matching the
* provided client ID and user ID
*
*
* @param clientId
* @param userId
* @return
@ -56,7 +56,7 @@ public interface ApprovedSiteRepository {
/**
* Removes the given ApprovedSite from the repository
*
*
* @param aggregator
* the ApprovedSite object to remove
*/
@ -64,7 +64,7 @@ public interface ApprovedSiteRepository {
/**
* Persists an ApprovedSite
*
*
* @param aggregator
* valid ApprovedSite instance
* @return the persisted entity

2
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.repository;

6
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*******************************************************************************/
/**
*
*
*/
package org.mitre.openid.connect.repository;
@ -29,7 +29,7 @@ public interface PairwiseIdentifierRepository {
/**
* Get a pairwise identifier by its associated user subject and sector identifier.
*
*
* @param sub
* @param sectorIdentifierUri
* @return
@ -38,7 +38,7 @@ public interface PairwiseIdentifierRepository {
/**
* Save a pairwise identifier to the database.
*
*
* @param pairwise
*/
public void save(PairwiseIdentifier pairwise);

6
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
View File

@ -20,7 +20,7 @@ import org.mitre.openid.connect.model.UserInfo;
/**
* UserInfo repository interface
*
*
* @author Michael Joseph Walsh
*
*/
@ -34,9 +34,9 @@ public interface UserInfoRepository {
public UserInfo getByUsername(String username);
/**
*
*
* Get the UserInfo object by its email field
*
*
* @param email
* @return
*/

16
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/WhitelistedSiteRepository.java
View File

@ -22,22 +22,22 @@ import org.mitre.openid.connect.model.WhitelistedSite;
/**
* WhitelistedSite repository interface
*
*
* @author Michael Joseph Walsh, aanganes
*
*
*/
public interface WhitelistedSiteRepository {
/**
* Return a collection of all WhitelistedSite managed by this repository
*
*
* @return the WhitelistedSite collection, or null
*/
public Collection<WhitelistedSite> getAll();
/**
* Returns the WhitelistedSite for the given id
*
*
* @param id
* id the id of the WhitelistedSite
* @return a valid WhitelistedSite if it exists, null otherwise
@ -46,7 +46,7 @@ public interface WhitelistedSiteRepository {
/**
* Find a WhitelistedSite by its associated ClientDetails reference
*
*
* @param client the Relying Party
* @return the corresponding WhitelistedSite if one exists for the RP, or null
*/
@ -54,7 +54,7 @@ public interface WhitelistedSiteRepository {
/**
* Return a collection of the WhitelistedSites created by a given user
*
*
* @param creator the id of the admin who may have created some WhitelistedSites
* @return the collection of corresponding WhitelistedSites, if any, or null
*/
@ -62,7 +62,7 @@ public interface WhitelistedSiteRepository {
/**
* Removes the given IdToken from the repository
*
*
* @param whitelistedSite
* the WhitelistedSite object to remove
*/
@ -70,7 +70,7 @@ public interface WhitelistedSiteRepository {
/**
* Persists a WhitelistedSite
*
*
* @param whitelistedSite
* @return
*/

Some files were not shown because too many files have changed in this diff Show More