github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

automated code formatting and cleanup

pull/1169/merge
Justin Richer 2017-03-21 13:36:20 -04:00
parent b6cf8fe22b
commit 32ce21b5cd
248 changed files with 3974 additions and 4093 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
View File

@ -16,6 +16,8 @@
*******************************************************************************/
package org.mitre.oauth2.introspectingfilter;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
import java.io.IOException;
import java.net.URI;
import java.util.Calendar;
@ -54,8 +56,6 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.nimbusds.jose.util.Base64;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
/**
* This ResourceServerTokenServices implementation introspects incoming tokens at a
* server's introspection endpoint URL and passes an Authentication object along

10
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
View File

@ -345,11 +345,11 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
if(httpClient == null) {
httpClient = HttpClientBuilder.create()
.useSystemProperties()
.setDefaultRequestConfig(RequestConfig.custom()
.setSocketTimeout(httpSocketTimeout)
.build())
.build();
.useSystemProperties()
.setDefaultRequestConfig(RequestConfig.custom()
.setSocketTimeout(httpSocketTimeout)
.build())
.build();
}
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);

1
openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java
View File

@ -90,6 +90,7 @@ public class UserInfoFetcher {
this.factory = new HttpComponentsClientHttpRequestFactory(httpClient);
}
@Override
public UserInfo load(final PendingOIDCAuthenticationToken token) throws URISyntaxException {
ServerConfiguration serverConfiguration = token.getServerConfiguration();

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java
View File

@ -19,8 +19,6 @@
*/
package org.mitre.openid.connect.client.service;
import java.util.List;
import org.mitre.oauth2.model.RegisteredClient;
/**

20
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java
View File

@ -19,6 +19,13 @@
*/
package org.mitre.openid.connect.client.service.impl;
import static org.mitre.util.JsonUtils.getAsBoolean;
import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
import static org.mitre.util.JsonUtils.getAsString;
import static org.mitre.util.JsonUtils.getAsStringList;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ExecutionException;
@ -41,13 +48,6 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import static org.mitre.util.JsonUtils.getAsBoolean;
import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
import static org.mitre.util.JsonUtils.getAsString;
import static org.mitre.util.JsonUtils.getAsStringList;
/**
*
* Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
@ -133,9 +133,9 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer
private HttpComponentsClientHttpRequestFactory httpFactory;
private JsonParser parser = new JsonParser();
OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
}
OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
}
@Override
public ServerConfiguration load(String issuer) throws Exception {

28
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java
View File

@ -55,20 +55,20 @@ public class JsonFileRegisteredClientService implements RegisteredClientService
private static final Logger logger = LoggerFactory.getLogger(JsonFileRegisteredClientService.class);
private Gson gson = new GsonBuilder()
.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
@Override
public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
return ClientDetailsEntityJsonProcessor.serialize(src);
}
})
.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
@Override
public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
return ClientDetailsEntityJsonProcessor.parseRegistered(json);
}
})
.setPrettyPrinting()
.create();
.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
@Override
public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
return ClientDetailsEntityJsonProcessor.serialize(src);
}
})
.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
@Override
public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
return ClientDetailsEntityJsonProcessor.parseRegistered(json);
}
})
.setPrettyPrinting()
.create();
private File file;

14
openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java
View File

@ -1,11 +1,5 @@
package org.mitre.openid.connect.client;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -13,6 +7,14 @@ import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.security.authentication.AuthenticationServiceException;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Mockito.mock;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
public class TestOIDCAuthenticationFilter {
private OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter();

264
openid-connect-common/src/main/java/org/mitre/data/AbstractPageOperationTemplate.java
View File

@ -1,12 +1,12 @@
package org.mitre.data;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Abstract class for performing an operation on a potentially large
* number of items by paging through the items in discreet chunks.
@ -16,162 +16,162 @@ import java.util.Set;
*/
public abstract class AbstractPageOperationTemplate<T> {
private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
private static int DEFAULT_MAX_PAGES = 1000;
private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
private static int DEFAULT_MAX_PAGES = 1000;
private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
/**
* int specifying the maximum number of
* pages which should be fetched before
* execution should terminate
*/
private int maxPages;
/**
* int specifying the maximum number of
* pages which should be fetched before
* execution should terminate
*/
private int maxPages;
/**
* long specifying the maximum execution time
* in milliseconds
*/
private long maxTime;
/**
* long specifying the maximum execution time
* in milliseconds
*/
private long maxTime;
/**
* boolean specifying whether or not Exceptions
* incurred performing the operation should be
* swallowed during execution default true.
*/
private boolean swallowExceptions = true;
/**
* boolean specifying whether or not Exceptions
* incurred performing the operation should be
* swallowed during execution default true.
*/
private boolean swallowExceptions = true;
/**
* String that is used for logging in final tallies.
*/
private String operationName = "";
/**
* String that is used for logging in final tallies.
*/
private String operationName = "";
/**
* default constructor which sets the value of
* maxPages and maxTime to DEFAULT_MAX_PAGES and
* DEFAULT_MAX_TIME_MILLIS respectively
*/
public AbstractPageOperationTemplate(String operationName){
this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
}
/**
* default constructor which sets the value of
* maxPages and maxTime to DEFAULT_MAX_PAGES and
* DEFAULT_MAX_TIME_MILLIS respectively
*/
public AbstractPageOperationTemplate(String operationName){
this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
}
/**
* Instantiates a new AbstractPageOperationTemplate with the
* given maxPages and maxTime
*
* @param maxPages the maximum number of pages to fetch.
* @param maxTime the maximum execution time.
*/
public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
this.maxPages = maxPages;
this.maxTime = maxTime;
this.operationName = operationName;
}
/**
* Instantiates a new AbstractPageOperationTemplate with the
* given maxPages and maxTime
*
* @param maxPages the maximum number of pages to fetch.
* @param maxTime the maximum execution time.
*/
public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
this.maxPages = maxPages;
this.maxTime = maxTime;
this.operationName = operationName;
}
/**
* Execute the operation on each member of a page of results
* retrieved through the fetch method. the method will execute
* until either the maxPages or maxTime limit is reached or until
* the fetch method returns no more results. Exceptions thrown
* performing the operation on the item will be swallowed if the
* swallowException (default true) field is set true.
*/
public void execute(){
logger.debug("[" + getOperationName() + "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
/**
* Execute the operation on each member of a page of results
* retrieved through the fetch method. the method will execute
* until either the maxPages or maxTime limit is reached or until
* the fetch method returns no more results. Exceptions thrown
* performing the operation on the item will be swallowed if the
* swallowException (default true) field is set true.
*/
public void execute(){
logger.debug("[" + getOperationName() + "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
long startTime = System.currentTimeMillis();
long executionTime = 0;
int i = 0;
long startTime = System.currentTimeMillis();
long executionTime = 0;
int i = 0;
int exceptionsSwallowedCount = 0;
int operationsCompleted = 0;
Set<String> exceptionsSwallowedClasses = new HashSet<String>();
int exceptionsSwallowedCount = 0;
int operationsCompleted = 0;
Set<String> exceptionsSwallowedClasses = new HashSet<String>();
while (i< maxPages && executionTime < maxTime){
Collection<T> page = fetchPage();
if(page == null || page.size() == 0){
break;
}
while (i< maxPages && executionTime < maxTime){
Collection<T> page = fetchPage();
if(page == null || page.size() == 0){
break;
}
for (T item : page) {
try {
doOperation(item);
operationsCompleted++;
} catch (Exception e){
if(swallowExceptions){
exceptionsSwallowedCount++;
exceptionsSwallowedClasses.add(e.getClass().getName());
logger.debug("Swallowing exception " + e.getMessage(), e);
} else {
logger.debug("Rethrowing exception " + e.getMessage());
throw e;
}
}
}
for (T item : page) {
try {
doOperation(item);
operationsCompleted++;
} catch (Exception e){
if(swallowExceptions){
exceptionsSwallowedCount++;
exceptionsSwallowedClasses.add(e.getClass().getName());
logger.debug("Swallowing exception " + e.getMessage(), e);
} else {
logger.debug("Rethrowing exception " + e.getMessage());
throw e;
}
}
}
i++;
executionTime = System.currentTimeMillis() - startTime;
}
i++;
executionTime = System.currentTimeMillis() - startTime;
}
finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
}
finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
}
/**
* method responsible for fetching
* a page of items.
*
* @return the collection of items
*/
public abstract Collection<T> fetchPage();
/**
* method responsible for fetching
* a page of items.
*
* @return the collection of items
*/
public abstract Collection<T> fetchPage();
/**
* method responsible for performing desired
* operation on a fetched page item.
*
* @param item the item
*/
protected abstract void doOperation(T item);
/**
* method responsible for performing desired
* operation on a fetched page item.
*
* @param item the item
*/
protected abstract void doOperation(T item);
/**
* Method responsible for final report of progress.
* @return
*/
protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
logger.info("[" + getOperationName() + "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
}
for(String className: exceptionsSwallowedClasses) {
logger.warn("[" + getOperationName() + "] Paged operation swallowed at least one exception of type " + className);
}
}
/**
* Method responsible for final report of progress.
* @return
*/
protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
logger.info("[" + getOperationName() + "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
}
for(String className: exceptionsSwallowedClasses) {
logger.warn("[" + getOperationName() + "] Paged operation swallowed at least one exception of type " + className);
}
}
public int getMaxPages() {
return maxPages;
}
public int getMaxPages() {
return maxPages;
}
public void setMaxPages(int maxPages) {
this.maxPages = maxPages;
}
public void setMaxPages(int maxPages) {
this.maxPages = maxPages;
}
public long getMaxTime() {
return maxTime;
}
public long getMaxTime() {
return maxTime;
}
public void setMaxTime(long maxTime) {
this.maxTime = maxTime;
}
public void setMaxTime(long maxTime) {
this.maxTime = maxTime;
}
public boolean isSwallowExceptions() {
return swallowExceptions;
}
public boolean isSwallowExceptions() {
return swallowExceptions;
}
public void setSwallowExceptions(boolean swallowExceptions) {
this.swallowExceptions = swallowExceptions;
}
public void setSwallowExceptions(boolean swallowExceptions) {
this.swallowExceptions = swallowExceptions;
}
/**

38
openid-connect-common/src/main/java/org/mitre/data/DefaultPageCriteria.java
View File

@ -8,28 +8,28 @@ package org.mitre.data;
*/
public class DefaultPageCriteria implements PageCriteria {
private static final int DEFAULT_PAGE_NUMBER = 0;
private static final int DEFAULT_PAGE_SIZE = 100;
private static final int DEFAULT_PAGE_NUMBER = 0;
private static final int DEFAULT_PAGE_SIZE = 100;
private int pageNumber;
private int pageSize;
private int pageNumber;
private int pageSize;
public DefaultPageCriteria(){
this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
}
public DefaultPageCriteria(){
this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
}
public DefaultPageCriteria(int pageNumber, int pageSize) {
this.pageNumber = pageNumber;
this.pageSize = pageSize;
}
public DefaultPageCriteria(int pageNumber, int pageSize) {
this.pageNumber = pageNumber;
this.pageSize = pageSize;
}
@Override
public int getPageNumber() {
return pageNumber;
}
@Override
public int getPageNumber() {
return pageNumber;
}
@Override
public int getPageSize() {
return pageSize;
}
@Override
public int getPageSize() {
return pageSize;
}
}

4
openid-connect-common/src/main/java/org/mitre/data/PageCriteria.java
View File

@ -8,6 +8,6 @@ package org.mitre.data;
*/
public interface PageCriteria {
public int getPageNumber();
public int getPageSize();
public int getPageNumber();
public int getPageSize();
}

1
openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java
View File

@ -45,7 +45,6 @@ import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jca.JCAContext;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.OctetSequenceKey;

2
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java
View File

@ -17,8 +17,6 @@
package org.mitre.jwt.signer.service.impl;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.HashMap;

1
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
View File

@ -57,7 +57,6 @@ import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;

3
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -41,7 +41,6 @@ import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.Transient;
@ -297,7 +296,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
name = "access_token_permissions",
joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id")
)
)
public Set<Permission> getPermissions() {
return permissions;
}

5
openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java
View File

@ -26,6 +26,11 @@ import com.nimbusds.jose.Requirement;
*/
public final class PKCEAlgorithm extends Algorithm {
/**
*
*/
private static final long serialVersionUID = 7752852583210088925L;
public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);

1
openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
View File

@ -28,7 +28,6 @@ import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Transient;
/**
* @author jricher

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
View File

@ -32,5 +32,5 @@ public interface AuthenticationHolderRepository {
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders();
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
}

10
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
View File

@ -57,10 +57,10 @@ public interface AuthorizationCodeRepository {
*/
public Collection<AuthorizationCodeEntity> getExpiredCodes();
/**
* @return A collection of all expired codes, limited by the given
* PageCriteria.
*/
public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
/**
* @return A collection of all expired codes, limited by the given
* PageCriteria.
*/
public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
}

44
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
View File

@ -58,36 +58,36 @@ public interface OAuth2TokenRepository {
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens();
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens();
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
/**
* removes duplicate access tokens.
*
* @deprecated this method was added to return the remove duplicate access tokens values
* so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
* removeAccessToken method has been updated so as it will not fail in the event that an
* accessToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
/**
* removes duplicate access tokens.
*
* @deprecated this method was added to return the remove duplicate access tokens values
* so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
* removeAccessToken method has been updated so as it will not fail in the event that an
* accessToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
public void clearDuplicateAccessTokens();
/**
* removes duplicate refresh tokens.
*
* @deprecated this method was added to return the remove duplicate refresh token value
* so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
* removeRefreshToken method has been updated so as it will not fail in the event that
* refreshToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
/**
* removes duplicate refresh tokens.
*
* @deprecated this method was added to return the remove duplicate refresh token value
* so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
* removeRefreshToken method has been updated so as it will not fail in the event that
* refreshToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
public void clearDuplicateRefreshTokens();
public List<OAuth2AccessTokenEntity> getAccessTokensForApprovedSite(ApprovedSite approvedSite);

1
openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java
View File

@ -18,7 +18,6 @@
package org.mitre.oauth2.repository.impl;
import java.util.Collection;
import java.util.Set;
import org.mitre.oauth2.model.DeviceCode;

1
openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java
View File

@ -24,7 +24,6 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.DeviceCode;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
/**
* @author jricher

8
openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
View File

@ -39,10 +39,10 @@ public interface SystemScopeService {
public static final String UMA_AUTHORIZATION_SCOPE = "uma_authorization";
public static final Set<SystemScope> reservedScopes =
Sets.newHashSet(
new SystemScope(REGISTRATION_TOKEN_SCOPE),
new SystemScope(RESOURCE_TOKEN_SCOPE)
);
Sets.newHashSet(
new SystemScope(REGISTRATION_TOKEN_SCOPE),
new SystemScope(RESOURCE_TOKEN_SCOPE)
);
public Set<SystemScope> getAll();

2
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
View File

@ -66,7 +66,7 @@ public class DefaultClientUserDetailsService implements UserDetailsService {
if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
(client.getTokenEndpointAuthMethod() != null &&
(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
// Issue a random password each time to prevent password auth from being used (or skipped)

4
openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
View File

@ -215,8 +215,8 @@ public class ClientDetailsEntityJsonProcessor {
String softwareStatement = getAsString(o, SOFTWARE_STATEMENT);
if (!Strings.isNullOrEmpty(softwareStatement)) {
try {
JWT softwareStatementJwt = JWTParser.parse(softwareStatement);
c.setSoftwareStatement(softwareStatementJwt);
JWT softwareStatementJwt = JWTParser.parse(softwareStatement);
c.setSoftwareStatement(softwareStatementJwt);
} catch (ParseException e) {
logger.warn("Error parsing software statement", e);
return null;

1
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java
View File

@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContext;
import org.springframework.context.i18n.TimeZoneAwareLocaleContext;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.i18n.AbstractLocaleContextResolver;
/**

62
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
View File

@ -64,11 +64,11 @@ public class ConfigurationPropertiesBean {
private List<String> languageNamespaces = Lists.newArrayList("messages");
private boolean dualClient = false;
private boolean dualClient = false;
private boolean heartMode = false;
private boolean heartMode = false;
public ConfigurationPropertiesBean() {
public ConfigurationPropertiesBean() {
}
@ -211,37 +211,37 @@ public class ConfigurationPropertiesBean {
}
/**
* @return true if dual client is configured, otherwise false
*/
public boolean isDualClient() {
if (isHeartMode()) {
return false; // HEART mode is incompatible with dual client mode
} else {
return dualClient;
}
}
* @return true if dual client is configured, otherwise false
*/
public boolean isDualClient() {
if (isHeartMode()) {
return false; // HEART mode is incompatible with dual client mode
} else {
return dualClient;
}
}
/**
* @param dualClient the dual client configuration
*/
public void setDualClient(boolean dualClient) {
this.dualClient = dualClient;
}
/**
* @param dualClient the dual client configuration
*/
public void setDualClient(boolean dualClient) {
this.dualClient = dualClient;
}
/**
* Get the list of namespaces as a JSON string, for injection into the JavaScript UI
* @return
*/
public String getLanguageNamespacesString() {
return new Gson().toJson(getLanguageNamespaces());
}
/**
* Get the list of namespaces as a JSON string, for injection into the JavaScript UI
* @return
*/
public String getLanguageNamespacesString() {
return new Gson().toJson(getLanguageNamespaces());
}
/**
* Get the default namespace (first in the nonempty list)
*/
public String getDefaultLanguageNamespace() {
return getLanguageNamespaces().get(0);
}
/**
* Get the default namespace (first in the nonempty list)
*/
public String getDefaultLanguageNamespace() {
return getLanguageNamespaces().get(0);
}
/**
* @return the heartMode

6
openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
View File

@ -20,7 +20,6 @@ import java.util.Date;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
@ -32,15 +31,10 @@ import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.Transient;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import com.google.common.collect.Sets;
@Entity
@Table(name="approved_site")
@NamedQueries({

15
openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java
View File

@ -16,8 +16,6 @@
*******************************************************************************/
package org.mitre.openid.connect.model;
import java.io.Serializable;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
@ -63,6 +61,7 @@ public class DefaultAddress implements Address {
/**
* @return the formatted address string
*/
@Override
@Basic
@Column(name = "formatted")
public String getFormatted() {
@ -71,12 +70,14 @@ public class DefaultAddress implements Address {
/**
* @param formatted the formatted address to set
*/
@Override
public void setFormatted(String formatted) {
this.formatted = formatted;
}
/**
* @return the streetAddress
*/
@Override
@Basic
@Column(name="street_address")
public String getStreetAddress() {
@ -85,12 +86,14 @@ public class DefaultAddress implements Address {
/**
* @param streetAddress the streetAddress to set
*/
@Override
public void setStreetAddress(String streetAddress) {
this.streetAddress = streetAddress;
}
/**
* @return the locality
*/
@Override
@Basic
@Column(name = "locality")
public String getLocality() {
@ -99,12 +102,14 @@ public class DefaultAddress implements Address {
/**
* @param locality the locality to set
*/
@Override
public void setLocality(String locality) {
this.locality = locality;
}
/**
* @return the region
*/
@Override
@Basic
@Column(name = "region")
public String getRegion() {
@ -113,12 +118,14 @@ public class DefaultAddress implements Address {
/**
* @param region the region to set
*/
@Override
public void setRegion(String region) {
this.region = region;
}
/**
* @return the postalCode
*/
@Override
@Basic
@Column(name="postal_code")
public String getPostalCode() {
@ -127,12 +134,14 @@ public class DefaultAddress implements Address {
/**
* @param postalCode the postalCode to set
*/
@Override
public void setPostalCode(String postalCode) {
this.postalCode = postalCode;
}
/**
* @return the country
*/
@Override
@Basic
@Column(name = "country")
public String getCountry() {
@ -141,6 +150,7 @@ public class DefaultAddress implements Address {
/**
* @param country the country to set
*/
@Override
public void setCountry(String country) {
this.country = country;
}
@ -148,6 +158,7 @@ public class DefaultAddress implements Address {
/**
* @return the id
*/
@Override
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name = "id")

14
openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
View File

@ -51,13 +51,13 @@ import com.google.gson.JsonSerializer;
public class UserInfoInterceptor extends HandlerInterceptorAdapter {
private Gson gson = new GsonBuilder()
.registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
@Override
public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getAuthority());
}
})
.create();
.registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
@Override
public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getAuthority());
}
})
.create();
@Autowired (required = false)
private UserInfoService userInfoService;

12
openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java
View File

@ -118,9 +118,9 @@ public class Claim {
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "claim_token_format")
@CollectionTable(
name = "claim_token_format",
joinColumns = @JoinColumn(name = "owner_id")
)
name = "claim_token_format",
joinColumns = @JoinColumn(name = "owner_id")
)
public Set<String> getClaimTokenFormat() {
return claimTokenFormat;
}
@ -137,9 +137,9 @@ public class Claim {
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "issuer")
@CollectionTable(
name = "claim_issuer",
joinColumns = @JoinColumn(name = "owner_id")
)
name = "claim_issuer",
joinColumns = @JoinColumn(name = "owner_id")
)
public Set<String> getIssuer() {
return issuer;
}

6
openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java
View File

@ -81,9 +81,9 @@ public class Permission {
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(
name = "permission_scope",
joinColumns = @JoinColumn(name = "owner_id")
)
name = "permission_scope",
joinColumns = @JoinColumn(name = "owner_id")
)
public Set<String> getScopes() {
return scopes;
}

2
openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java
View File

@ -141,7 +141,7 @@ public class PermissionTicket {
name = "claim_to_permission_ticket",
joinColumns = @JoinColumn(name = "permission_ticket_id"),
inverseJoinColumns = @JoinColumn(name = "claim_id")
)
)
public Collection<Claim> getClaimsSupplied() {
return claimsSupplied;
}

6
openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java
View File

@ -109,9 +109,9 @@ public class Policy {
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(
name = "policy_scope",
joinColumns = @JoinColumn(name = "owner_id")
)
name = "policy_scope",
joinColumns = @JoinColumn(name = "owner_id")
)
public Set<String> getScopes() {
return scopes;
}

6
openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
View File

@ -137,9 +137,9 @@ public class ResourceSet {
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(
name = "resource_set_scope",
joinColumns = @JoinColumn(name = "owner_id")
)
name = "resource_set_scope",
joinColumns = @JoinColumn(name = "owner_id")
)
public Set<String> getScopes() {
return scopes;
}

56
openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java
View File

@ -287,19 +287,19 @@ public class JsonUtils {
String name = reader.nextName();
Object value = null;
switch(reader.peek()) {
case STRING:
value = reader.nextString();
break;
case BOOLEAN:
value = reader.nextBoolean();
break;
case NUMBER:
value = reader.nextLong();
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
case STRING:
value = reader.nextString();
break;
case BOOLEAN:
value = reader.nextBoolean();
break;
case NUMBER:
value = reader.nextLong();
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
map.put(name, value);
}
@ -311,21 +311,21 @@ public class JsonUtils {
Set arraySet = null;
reader.beginArray();
switch (reader.peek()) {
case STRING:
arraySet = new HashSet<>();
while (reader.hasNext()) {
arraySet.add(reader.nextString());
}
break;
case NUMBER:
arraySet = new HashSet<>();
while (reader.hasNext()) {
arraySet.add(reader.nextLong());
}
break;
default:
arraySet = new HashSet();
break;
case STRING:
arraySet = new HashSet<>();
while (reader.hasNext()) {
arraySet.add(reader.nextString());
}
break;
case NUMBER:
arraySet = new HashSet<>();
while (reader.hasNext()) {
arraySet.add(reader.nextLong());
}
break;
default:
arraySet = new HashSet();
break;
}
reader.endArray();
return arraySet;

50
openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java
View File

@ -16,48 +16,48 @@
*******************************************************************************/
package org.mitre.util.jpa;
import org.mitre.data.PageCriteria;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import org.mitre.data.PageCriteria;
/**
* @author mfranklin
* Date: 4/28/11
* Time: 2:13 PM
*/
public class JpaUtil {
public static <T> T getSingleResult(List<T> list) {
public static <T> T getSingleResult(List<T> list) {
switch(list.size()) {
case 0:
return null;
case 1:
return list.get(0);
default:
throw new IllegalStateException("Expected single result, got " + list.size());
case 0:
return null;
case 1:
return list.get(0);
default:
throw new IllegalStateException("Expected single result, got " + list.size());
}
}
/**
* Get a page of results from the specified TypedQuery
* by using the given PageCriteria to limit the query
* results. The PageCriteria will override any size or
* offset already specified on the query.
*
* @param <T> the type parameter
* @param query the query
* @param pageCriteria the page criteria
* @return the list
*/
public static <T> List<T> getResultPage(TypedQuery<T> query, PageCriteria pageCriteria){
query.setMaxResults(pageCriteria.getPageSize());
query.setFirstResult(pageCriteria.getPageNumber()*pageCriteria.getPageSize());
/**
* Get a page of results from the specified TypedQuery
* by using the given PageCriteria to limit the query
* results. The PageCriteria will override any size or
* offset already specified on the query.
*
* @param <T> the type parameter
* @param query the query
* @param pageCriteria the page criteria
* @return the list
*/
public static <T> List<T> getResultPage(TypedQuery<T> query, PageCriteria pageCriteria){
query.setMaxResults(pageCriteria.getPageSize());
query.setFirstResult(pageCriteria.getPageNumber()*pageCriteria.getPageSize());
return query.getResultList();
}
return query.getResultList();
}
public static <T, I> T saveOrUpdate(I id, EntityManager entityManager, T entity) {
T tmp = entityManager.merge(entity);

322
openid-connect-common/src/test/java/org/mitre/data/AbstractPageOperationTemplateTest.java
View File

@ -1,13 +1,13 @@
package org.mitre.data;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@ -17,204 +17,200 @@ import static org.junit.Assert.assertTrue;
*/
public class AbstractPageOperationTemplateTest {
@Before
public void setUp() throws Exception {
}
@Before
public void setUp() throws Exception {
}
@Test(timeout = 1000L)
public void execute_zeropages() {
CountingPageOperation op = new CountingPageOperation(0,Long.MAX_VALUE);
op.execute();
@Test(timeout = 1000L)
public void execute_zeropages() {
CountingPageOperation op = new CountingPageOperation(0,Long.MAX_VALUE);
op.execute();
assertEquals(0L, op.counter);
}
assertEquals(0L, op.counter);
}
@Test(timeout = 1000L)
public void execute_singlepage() {
CountingPageOperation op = new CountingPageOperation(1,Long.MAX_VALUE);
op.execute();
@Test(timeout = 1000L)
public void execute_singlepage() {
CountingPageOperation op = new CountingPageOperation(1,Long.MAX_VALUE);
op.execute();
assertEquals(10L, op.counter);
}
assertEquals(10L, op.counter);
}
@Test(timeout = 1000L)
public void execute_negpage() {
CountingPageOperation op = new CountingPageOperation(-1,Long.MAX_VALUE);
op.execute();
@Test(timeout = 1000L)
public void execute_negpage() {
CountingPageOperation op = new CountingPageOperation(-1,Long.MAX_VALUE);
op.execute();
assertEquals(0L, op.counter);
}
assertEquals(0L, op.counter);
}
@Test(timeout = 1000L)
public void execute_npage(){
int n = 7;
CountingPageOperation op = new CountingPageOperation(n,Long.MAX_VALUE);
op.execute();
@Test(timeout = 1000L)
public void execute_npage(){
int n = 7;
CountingPageOperation op = new CountingPageOperation(n,Long.MAX_VALUE);
op.execute();
assertEquals(n*10L, op.counter);
}
assertEquals(n*10L, op.counter);
}
@Test(timeout = 1000L)
public void execute_nullpage(){
CountingPageOperation op = new NullPageCountingPageOperation(Integer.MAX_VALUE, Long.MAX_VALUE);
op.execute();
@Test(timeout = 1000L)
public void execute_nullpage(){
CountingPageOperation op = new NullPageCountingPageOperation(Integer.MAX_VALUE, Long.MAX_VALUE);
op.execute();
assertEquals(0L, op.getCounter());
}
assertEquals(0L, op.getCounter());
}
@Test(timeout = 1000L)
public void execute_emptypage(){
CountingPageOperation op = new EmptyPageCountingPageOperation(Integer.MAX_VALUE, Long.MAX_VALUE);
op.execute();
@Test(timeout = 1000L)
public void execute_emptypage(){
CountingPageOperation op = new EmptyPageCountingPageOperation(Integer.MAX_VALUE, Long.MAX_VALUE);
op.execute();
assertEquals(0L, op.getCounter());
}
assertEquals(0L, op.getCounter());
}
@Test(timeout = 1000L)
public void execute_zerotime(){
CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,0L);
op.execute();
@Test(timeout = 1000L)
public void execute_zerotime(){
CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,0L);
op.execute();
assertEquals(0L, op.getCounter());
assertEquals(0L, op.getTimeToLastFetch());
}
assertEquals(0L, op.getCounter());
assertEquals(0L, op.getTimeToLastFetch());
}
/*
* This is a valid test however it is vulnerable to a race condition
* as such it is being ignored.
*/
@Test(timeout = 1000L)
@Ignore
public void execute_nonzerotime(){
Long timeMillis = 200L;
CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,timeMillis);
op.execute();
/*
* This is a valid test however it is vulnerable to a race condition
* as such it is being ignored.
*/
@Test(timeout = 1000L)
@Ignore
public void execute_nonzerotime(){
Long timeMillis = 200L;
CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,timeMillis);
op.execute();
assertFalse("last fetch time " + op.getTimeToLastFetch() + "" +
" and previous fetch time " + op.getTimeToPreviousFetch() +
" exceed max time" + timeMillis,
op.getTimeToLastFetch() > timeMillis
&& op.getTimeToPreviousFetch() > timeMillis);
}
assertFalse("last fetch time " + op.getTimeToLastFetch() + "" +
" and previous fetch time " + op.getTimeToPreviousFetch() +
" exceed max time" + timeMillis,
op.getTimeToLastFetch() > timeMillis
&& op.getTimeToPreviousFetch() > timeMillis);
}
@Test(timeout = 1000L)
public void execute_negtime(){
Long timeMillis = -100L;
CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,timeMillis);
op.execute();
@Test(timeout = 1000L)
public void execute_negtime(){
Long timeMillis = -100L;
CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,timeMillis);
op.execute();
assertEquals(0L, op.getCounter());
}
assertEquals(0L, op.getCounter());
}
@Test(timeout = 1000L)
public void execute_swallowException(){
CountingPageOperation op = new EvenExceptionCountingPageOperation(1, 1000L);
op.execute();
@Test(timeout = 1000L)
public void execute_swallowException(){
CountingPageOperation op = new EvenExceptionCountingPageOperation(1, 1000L);
op.execute();
assertTrue(op.isSwallowExceptions());
assertEquals(5L, op.getCounter());
}
assertTrue(op.isSwallowExceptions());
assertEquals(5L, op.getCounter());
}
@Test(expected = IllegalStateException.class)
public void execute_noSwallowException(){
CountingPageOperation op = new EvenExceptionCountingPageOperation(1, 1000L);
op.setSwallowExceptions(false);
@Test(expected = IllegalStateException.class)
public void execute_noSwallowException(){
CountingPageOperation op = new EvenExceptionCountingPageOperation(1, 1000L);
op.setSwallowExceptions(false);
try {
op.execute();
}finally {
assertEquals(1L, op.getCounter());
}
}
try {
op.execute();
}finally {
assertEquals(1L, op.getCounter());
}
}
private static class CountingPageOperation extends AbstractPageOperationTemplate<String>{
private static class CountingPageOperation extends AbstractPageOperationTemplate<String>{
private int currentPageFetch;
private int pageSize = 10;
private long counter = 0L;
private long startTime;
private long timeToLastFetch;
private long timeToPreviousFetch;
private int currentPageFetch;
private int pageSize = 10;
private long counter = 0L;
private long startTime;
private long timeToLastFetch;
private long timeToPreviousFetch;
private CountingPageOperation(int maxPages, long maxTime) {
super(maxPages, maxTime, "CountingPageOperation");
startTime = System.currentTimeMillis();
}
private CountingPageOperation(int maxPages, long maxTime) {
super(maxPages, maxTime, "CountingPageOperation");
startTime = System.currentTimeMillis();
}
@Override
public Collection<String> fetchPage() {
timeToPreviousFetch = timeToLastFetch > 0 ? timeToLastFetch : 0;
timeToLastFetch = System.currentTimeMillis() - startTime;
@Override
public Collection<String> fetchPage() {
timeToPreviousFetch = timeToLastFetch > 0 ? timeToLastFetch : 0;
timeToLastFetch = System.currentTimeMillis() - startTime;
List<String> page = new ArrayList<String>(pageSize);
for(int i = 0; i < pageSize; i++ ) {
page.add("item " + currentPageFetch * pageSize + i);
}
currentPageFetch++;
return page;
}
List<String> page = new ArrayList<String>(pageSize);
for(int i = 0; i < pageSize; i++ ) {
page.add("item " + currentPageFetch * pageSize + i);
}
currentPageFetch++;
return page;
}
@Override
protected void doOperation(String item) {
counter++;
}
@Override
protected void doOperation(String item) {
counter++;
}
public long getCounter() {
return counter;
}
public long getCounter() {
return counter;
}
public long getTimeToLastFetch() {
return timeToLastFetch;
}
public long getTimeToLastFetch() {
return timeToLastFetch;
}
public long getTimeToPreviousFetch() {
return timeToPreviousFetch;
}
public long getTimeToPreviousFetch() {
return timeToPreviousFetch;
}
}
public long getStartTime(){
return startTime;
}
}
private static class NullPageCountingPageOperation extends CountingPageOperation {
private NullPageCountingPageOperation(int maxPages, long maxTime) {
super(maxPages, maxTime);
}
private static class NullPageCountingPageOperation extends CountingPageOperation {
private NullPageCountingPageOperation(int maxPages, long maxTime) {
super(maxPages, maxTime);
}
@Override
public Collection<String> fetchPage() {
return null;
}
}
@Override
public Collection<String> fetchPage() {
return null;
}
}
private static class EmptyPageCountingPageOperation extends CountingPageOperation {
private EmptyPageCountingPageOperation(int maxPages, long maxTime) {
super(maxPages, maxTime);
}
private static class EmptyPageCountingPageOperation extends CountingPageOperation {
private EmptyPageCountingPageOperation(int maxPages, long maxTime) {
super(maxPages, maxTime);
}
@Override
public Collection<String> fetchPage() {
return new ArrayList<>(0);
}
}
@Override
public Collection<String> fetchPage() {
return new ArrayList<>(0);
}
}
private static class EvenExceptionCountingPageOperation extends CountingPageOperation {
private static class EvenExceptionCountingPageOperation extends CountingPageOperation {
private int callCounter;
private EvenExceptionCountingPageOperation(int maxPages, long maxTime) {
super(maxPages, maxTime);
}
private int callCounter;
private EvenExceptionCountingPageOperation(int maxPages, long maxTime) {
super(maxPages, maxTime);
}
@Override
protected void doOperation(String item) {
callCounter++;
if(callCounter%2 == 0){
throw new IllegalStateException("even number items cannot be processed");
}
@Override
protected void doOperation(String item) {
callCounter++;
if(callCounter%2 == 0){
throw new IllegalStateException("even number items cannot be processed");
}
super.doOperation(item);
super.doOperation(item);
}
}
}
}
}

40
openid-connect-common/src/test/java/org/mitre/jose/TestJWKSetKeyStore.java
View File

@ -50,35 +50,35 @@ public class TestJWKSetKeyStore {
private String RSAkid = "rsa_1";
private JWK RSAjwk = new RSAKey(
new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
new Base64URL("AQAB"), // e
new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null);
private String RSAkid_rsa2 = "rsa_2";
private JWK RSAjwk_rsa2 = new RSAKey(
new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
new Base64URL("AQAB"), // e
new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_rsa2, null, null, null);

46
openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJWTEncryptionAndDecryptionService.java
View File

@ -93,35 +93,35 @@ public class TestDefaultJWTEncryptionAndDecryptionService {
private String RSAkid = "rsa321";
private JWK RSAjwk = new RSAKey(
new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
new Base64URL("AQAB"), // e
new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null);
private String RSAkid_2 = "rsa3210";
private JWK RSAjwk_2 = new RSAKey(
new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
new Base64URL("AQAB"), // e
new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_2, null, null, null);
private String AESkid = "aes123";
@ -165,9 +165,9 @@ public class TestDefaultJWTEncryptionAndDecryptionService {
service_4 = new DefaultJWTEncryptionAndDecryptionService(keys_4);
claimsSet = new JWTClaimsSet.Builder()
.issuer(issuer)
.subject(subject)
.build();
.issuer(issuer)
.subject(subject)
.build();
// Key Store

34
openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java
View File

@ -54,27 +54,27 @@ public class WebfingerView extends AbstractView {
private static final Logger logger = LoggerFactory.getLogger(WebfingerView.class);
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
.setExclusionStrategies(new ExclusionStrategy() {
@Override
public boolean shouldSkipField(FieldAttributes f) {
@Override
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
@Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

4
openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
View File

@ -291,8 +291,8 @@ public class DiscoveryEndpoint {
baseUrl = baseUrl.concat("/");
}
Collection<JWSAlgorithm> serverSigningAlgs = signService.getAllSigningAlgsSupported();
Collection<JWSAlgorithm> clientSymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512);
signService.getAllSigningAlgsSupported();
Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512);
Collection<JWSAlgorithm> clientSymmetricAndAsymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512,
JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512,
JWSAlgorithm.ES256, JWSAlgorithm.ES384, JWSAlgorithm.ES512,

1
openid-connect-server/src/main/java/org/mitre/oauth2/assertion/impl/DirectCopyRequestFactory.java
View File

@ -18,7 +18,6 @@
package org.mitre.oauth2.assertion.impl;
import java.text.ParseException;
import java.util.List;
import java.util.Set;
import org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory;

16
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
View File

@ -70,15 +70,15 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe
@Override
@Transactional(value="defaultTransactionManager")
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders() {
DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0,MAXEXPIREDRESULTS);
return getOrphanedAuthenticationHolders(pageCriteria);
DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0,MAXEXPIREDRESULTS);
return getOrphanedAuthenticationHolders(pageCriteria);
}
@Override
@Transactional(value="defaultTransactionManager")
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria) {
TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class);
return JpaUtil.getResultPage(query, pageCriteria);
}
@Override
@Transactional(value="defaultTransactionManager")
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria) {
TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class);
return JpaUtil.getResultPage(query, pageCriteria);
}
}

12
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
View File

@ -92,12 +92,12 @@ public class JpaAuthorizationCodeRepository implements AuthorizationCodeReposito
}
@Override
public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria) {
TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
return JpaUtil.getResultPage(query, pageCriteria);
}
@Override
public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria) {
TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
return JpaUtil.getResultPage(query, pageCriteria);
}

2
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaDeviceCodeRepository.java
View File

@ -24,8 +24,6 @@ import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
import java.util.Collection;
import java.util.Date;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;

32
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
View File

@ -191,29 +191,29 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
@Override
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens() {
DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
return getAllExpiredAccessTokens(pageCriteria);
DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
return getAllExpiredAccessTokens(pageCriteria);
}
@Override
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria) {
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2AccessTokenEntity.class);
query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
}
@Override
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria) {
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2AccessTokenEntity.class);
query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
}
@Override
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens() {
DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
return getAllExpiredRefreshTokens(pageCriteria);
DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
return getAllExpiredRefreshTokens(pageCriteria);
}
@Override
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria) {
TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2RefreshTokenEntity.class);
query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
}
@Override
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria) {
TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2RefreshTokenEntity.class);
query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
}

6
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java
View File

@ -19,6 +19,9 @@
*/
package org.mitre.oauth2.repository.impl;
import static org.mitre.util.jpa.JpaUtil.getSingleResult;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
import java.util.LinkedHashSet;
import java.util.Set;
@ -31,9 +34,6 @@ import org.mitre.oauth2.repository.SystemScopeRepository;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
import static org.mitre.util.jpa.JpaUtil.getSingleResult;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
/**
* @author jricher
*

21
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java
View File

@ -24,7 +24,6 @@ import java.util.Set;
import org.mitre.data.AbstractPageOperationTemplate;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.model.AuthorizationCodeEntity;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.DeviceCode;
import org.mitre.oauth2.repository.impl.DeviceCodeRepository;
@ -114,17 +113,17 @@ public class DefaultDeviceCodeService implements DeviceCodeService {
@Transactional(value="defaultTransactionManager")
public void clearExpiredDeviceCodes() {
new AbstractPageOperationTemplate<DeviceCode>("clearExpiredDeviceCodes"){
@Override
public Collection<DeviceCode> fetchPage() {
return repository.getExpiredCodes();
}
new AbstractPageOperationTemplate<DeviceCode>("clearExpiredDeviceCodes"){
@Override
public Collection<DeviceCode> fetchPage() {
return repository.getExpiredCodes();
}
@Override
protected void doOperation(DeviceCode item) {
repository.remove(item);
}
}.execute();
@Override
protected void doOperation(DeviceCode item) {
repository.remove(item);
}
}.execute();
}
}

4
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
View File

@ -16,6 +16,8 @@
*******************************************************************************/
package org.mitre.oauth2.service.impl;
import static com.google.common.collect.Maps.newLinkedHashMap;
import java.text.ParseException;
import java.util.Map;
import java.util.Set;
@ -33,8 +35,6 @@ import org.springframework.stereotype.Service;
import com.google.common.base.Joiner;
import com.google.common.collect.Sets;
import static com.google.common.collect.Maps.newLinkedHashMap;
/**
* Default implementation of the {@link IntrospectionResultAssembler} interface.
*/

20
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
View File

@ -117,17 +117,17 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS
@Transactional(value="defaultTransactionManager")
public void clearExpiredAuthorizationCodes() {
new AbstractPageOperationTemplate<AuthorizationCodeEntity>("clearExpiredAuthorizationCodes"){
@Override
public Collection<AuthorizationCodeEntity> fetchPage() {
return repository.getExpiredCodes();
}
new AbstractPageOperationTemplate<AuthorizationCodeEntity>("clearExpiredAuthorizationCodes"){
@Override
public Collection<AuthorizationCodeEntity> fetchPage() {
return repository.getExpiredCodes();
}
@Override
protected void doOperation(AuthorizationCodeEntity item) {
repository.remove(item);
}
}.execute();
@Override
protected void doOperation(AuthorizationCodeEntity item) {
repository.remove(item);
}
}.execute();
}
/**

60
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
View File

@ -492,41 +492,41 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
public void clearExpiredTokens() {
logger.debug("Cleaning out all expired tokens");
new AbstractPageOperationTemplate<OAuth2AccessTokenEntity>("clearExpiredAccessTokens") {
@Override
public Collection<OAuth2AccessTokenEntity> fetchPage() {
return tokenRepository.getAllExpiredAccessTokens(new DefaultPageCriteria());
}
new AbstractPageOperationTemplate<OAuth2AccessTokenEntity>("clearExpiredAccessTokens") {
@Override
public Collection<OAuth2AccessTokenEntity> fetchPage() {
return tokenRepository.getAllExpiredAccessTokens(new DefaultPageCriteria());
}
@Override
public void doOperation(OAuth2AccessTokenEntity item) {
revokeAccessToken(item);
}
}.execute();
@Override
public void doOperation(OAuth2AccessTokenEntity item) {
revokeAccessToken(item);
}
}.execute();
new AbstractPageOperationTemplate<OAuth2RefreshTokenEntity>("clearExpiredRefreshTokens") {
@Override
public Collection<OAuth2RefreshTokenEntity> fetchPage() {
return tokenRepository.getAllExpiredRefreshTokens(new DefaultPageCriteria());
}
new AbstractPageOperationTemplate<OAuth2RefreshTokenEntity>("clearExpiredRefreshTokens") {
@Override
public Collection<OAuth2RefreshTokenEntity> fetchPage() {
return tokenRepository.getAllExpiredRefreshTokens(new DefaultPageCriteria());
}
@Override
public void doOperation(OAuth2RefreshTokenEntity item) {
revokeRefreshToken(item);
}
}.execute();
@Override
public void doOperation(OAuth2RefreshTokenEntity item) {
revokeRefreshToken(item);
}
}.execute();
new AbstractPageOperationTemplate<AuthenticationHolderEntity>("clearExpiredAuthenticationHolders") {
@Override
public Collection<AuthenticationHolderEntity> fetchPage() {
return authenticationHolderRepository.getOrphanedAuthenticationHolders(new DefaultPageCriteria());
}
new AbstractPageOperationTemplate<AuthenticationHolderEntity>("clearExpiredAuthenticationHolders") {
@Override
public Collection<AuthenticationHolderEntity> fetchPage() {
return authenticationHolderRepository.getOrphanedAuthenticationHolders(new DefaultPageCriteria());
}
@Override
public void doOperation(AuthenticationHolderEntity item) {
authenticationHolderRepository.remove(item);
}
}.execute();
@Override
public void doOperation(AuthenticationHolderEntity item) {
authenticationHolderRepository.remove(item);
}
}.execute();
}
/* (non-Javadoc)

4
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
View File

@ -20,7 +20,6 @@
package org.mitre.oauth2.service.impl;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.mitre.oauth2.model.SystemScope;
@ -30,13 +29,10 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.google.common.base.Function;
import com.google.common.base.Joiner;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
/**

12
openid-connect-server/src/main/java/org/mitre/oauth2/token/JWTAssertionTokenGranter.java
View File

@ -22,12 +22,10 @@ package org.mitre.oauth2.token;
import java.text.ParseException;
import org.mitre.jwt.assertion.AssertionValidator;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.assertion.JWTBearerAssertionAuthenticationToken;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.AuthenticationException;
@ -51,15 +49,6 @@ public class JWTAssertionTokenGranter extends AbstractTokenGranter {
private static final String grantType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
// keep down-cast versions so we can get to the right queries
private OAuth2TokenEntityService tokenServices;
@Autowired
private JWTSigningAndValidationService jwtService;
@Autowired
private ConfigurationPropertiesBean config;
@Autowired
@Qualifier("jwtAssertionValidator")
private AssertionValidator validator;
@ -70,7 +59,6 @@ public class JWTAssertionTokenGranter extends AbstractTokenGranter {
@Autowired
public JWTAssertionTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService, OAuth2RequestFactory requestFactory) {
super(tokenServices, clientDetailsService, requestFactory, grantType);
this.tokenServices = tokenServices;
}
/* (non-Javadoc)

92
openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java
View File

@ -56,71 +56,71 @@ public class TokenApiView extends AbstractView {
private static final Logger logger = LoggerFactory.getLogger(TokenApiView.class);
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
.setExclusionStrategies(new ExclusionStrategy() {
@Override
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
@Override
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
})
.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
})
.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
@Override
public JsonElement serialize(OAuth2AccessTokenEntity src,
Type typeOfSrc, JsonSerializationContext context) {
@Override
public JsonElement serialize(OAuth2AccessTokenEntity src,
Type typeOfSrc, JsonSerializationContext context) {
JsonObject o = new JsonObject();
JsonObject o = new JsonObject();
o.addProperty("value", src.getValue());
o.addProperty("id", src.getId());
o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null);
o.addProperty("value", src.getValue());
o.addProperty("id", src.getId());
o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null);
o.add("scopes", context.serialize(src.getScope()));
o.add("scopes", context.serialize(src.getScope()));
o.addProperty("clientId", src.getClient().getClientId());
o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName());
o.addProperty("clientId", src.getClient().getClientId());
o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName());
o.add("expiration", context.serialize(src.getExpiration()));
o.add("expiration", context.serialize(src.getExpiration()));
return o;
}
return o;
}
})
.registerTypeAdapter(OAuth2RefreshTokenEntity.class, new JsonSerializer<OAuth2RefreshTokenEntity>() {
})
.registerTypeAdapter(OAuth2RefreshTokenEntity.class, new JsonSerializer<OAuth2RefreshTokenEntity>() {
@Override
public JsonElement serialize(OAuth2RefreshTokenEntity src,
Type typeOfSrc, JsonSerializationContext context) {
JsonObject o = new JsonObject();
@Override
public JsonElement serialize(OAuth2RefreshTokenEntity src,
Type typeOfSrc, JsonSerializationContext context) {
JsonObject o = new JsonObject();
o.addProperty("value", src.getValue());
o.addProperty("id", src.getId());
o.addProperty("value", src.getValue());
o.addProperty("id", src.getId());
o.add("scopes", context.serialize(src.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()));
o.add("scopes", context.serialize(src.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()));
o.addProperty("clientId", src.getClient().getClientId());
o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName());
o.addProperty("clientId", src.getClient().getClientId());
o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName());
o.add("expiration", context.serialize(src.getExpiration()));
o.add("expiration", context.serialize(src.getExpiration()));
return o;
}
return o;
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
@Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

4
openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java
View File

@ -46,7 +46,6 @@ import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
@ -59,7 +58,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Sets;
/**
@ -142,7 +140,7 @@ public class DeviceEndpoint {
// create a user code, should be random but small and typable
String userCode = randomGenerator.generate();
DeviceCode dc = deviceCodeService.createNewDeviceCode(deviceCode, userCode, requestedScopes, client, parameters);
deviceCodeService.createNewDeviceCode(deviceCode, userCode, requestedScopes, client, parameters);
Map<String, Object> response = new HashMap<>();
response.put("device_code", deviceCode);

4
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
View File

@ -16,6 +16,8 @@
*******************************************************************************/
package org.mitre.oauth2.web;
import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
@ -49,8 +51,6 @@ import org.springframework.web.bind.annotation.RequestParam;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
@Controller
public class IntrospectionEndpoint {

6
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -19,6 +19,9 @@
*/
package org.mitre.oauth2.web;
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT;
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR;
import java.net.URISyntaxException;
import java.security.Principal;
import java.util.Date;
@ -57,9 +60,6 @@ import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import com.google.gson.JsonObject;
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT;
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR;
/**
* @author jricher
*

4
openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
View File

@ -18,8 +18,6 @@ package org.mitre.oauth2.web;
import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
import java.util.Collection;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
@ -27,7 +25,6 @@ import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.uma.model.ResourceSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -36,7 +33,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

8
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAuthenticationProvider.java
View File

@ -119,10 +119,10 @@ public class JWTBearerAuthenticationProvider implements AuthenticationProvider {
|| alg.equals(JWSAlgorithm.PS256)
|| alg.equals(JWSAlgorithm.PS384)
|| alg.equals(JWSAlgorithm.PS512)))
|| (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT) &&
(alg.equals(JWSAlgorithm.HS256)
|| alg.equals(JWSAlgorithm.HS384)
|| alg.equals(JWSAlgorithm.HS512)))) {
|| (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT) &&
(alg.equals(JWSAlgorithm.HS256)
|| alg.equals(JWSAlgorithm.HS384)
|| alg.equals(JWSAlgorithm.HS512)))) {
// double-check the method is asymmetrical if we're in HEART mode
if (config.isHeartMode() && !client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {

10
openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java
View File

@ -19,7 +19,15 @@
*/
package org.mitre.openid.connect.filter;
import static org.mitre.openid.connect.request.ConnectRequestParameters.*;
import static org.mitre.openid.connect.request.ConnectRequestParameters.ERROR;
import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT;
import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_REQUIRED;
import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE;
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT;
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_LOGIN;
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_NONE;
import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR;
import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE;
import java.io.IOException;
import java.net.URISyntaxException;

2
openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java
View File

@ -27,8 +27,6 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import com.google.common.collect.ImmutableSet;
/**
* @author jricher
*

4
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java
View File

@ -16,6 +16,8 @@
*******************************************************************************/
package org.mitre.openid.connect.repository.impl;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
import java.util.Collection;
import javax.persistence.EntityManager;
@ -27,8 +29,6 @@ import org.mitre.openid.connect.repository.ApprovedSiteRepository;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
/**
* JPA ApprovedSite repository implementation
*

4
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java
View File

@ -19,6 +19,8 @@
*/
package org.mitre.openid.connect.repository.impl;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
import java.util.Collection;
import javax.persistence.EntityManager;
@ -30,8 +32,6 @@ import org.mitre.openid.connect.repository.BlacklistedSiteRepository;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
/**
* @author jricher
*

6
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java
View File

@ -19,6 +19,9 @@
*/
package org.mitre.openid.connect.repository.impl;
import static org.mitre.util.jpa.JpaUtil.getSingleResult;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
@ -28,9 +31,6 @@ import org.mitre.openid.connect.repository.PairwiseIdentifierRepository;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
import static org.mitre.util.jpa.JpaUtil.getSingleResult;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
/**
* @author jricher
*

4
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
View File

@ -16,6 +16,8 @@
*******************************************************************************/
package org.mitre.openid.connect.repository.impl;
import static org.mitre.util.jpa.JpaUtil.getSingleResult;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery;
@ -25,8 +27,6 @@ import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.repository.UserInfoRepository;
import org.springframework.stereotype.Repository;
import static org.mitre.util.jpa.JpaUtil.getSingleResult;
/**
* JPA UserInfo repository implementation
*

4
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java
View File

@ -16,6 +16,8 @@
*******************************************************************************/
package org.mitre.openid.connect.repository.impl;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
import java.util.Collection;
import javax.persistence.EntityManager;
@ -28,8 +30,6 @@ import org.mitre.util.jpa.JpaUtil;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
/**
* JPA WhitelistedSite repository implementation
*

10
openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java
View File

@ -17,9 +17,11 @@
package org.mitre.openid.connect.request;
import static org.mitre.openid.connect.request.ConnectRequestParameters.*;
import static org.mitre.openid.connect.request.ConnectRequestParameters.AUD;
import static org.mitre.openid.connect.request.ConnectRequestParameters.CLAIMS;
import static org.mitre.openid.connect.request.ConnectRequestParameters.CLIENT_ID;
import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_CHALLENGE;
import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_CHALLENGE_METHOD;
import static org.mitre.openid.connect.request.ConnectRequestParameters.DISPLAY;
import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT;
import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE;
@ -43,7 +45,6 @@ import org.mitre.jwt.signer.service.impl.ClientKeyCacheService;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.PKCEAlgorithm;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.SystemScopeService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -81,9 +82,6 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
@Autowired
private ClientKeyCacheService validators;
@Autowired
private SystemScopeService systemScopes;
@Autowired
private JWTEncryptionAndDecryptionService encryptionService;
@ -179,7 +177,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
*
* @param jwtString
* @param request
*/
*/
private void processRequestObject(String jwtString, AuthorizationRequest request) {
// parse the request object

12
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
View File

@ -271,12 +271,12 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
token.setAuthenticationHolder(authHolder);
JWTClaimsSet claims = new JWTClaimsSet.Builder()
.audience(Lists.newArrayList(client.getClientId()))
.issuer(configBean.getIssuer())
.issueTime(new Date())
.expirationTime(token.getExpiration())
.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
.build();
.audience(Lists.newArrayList(client.getClientId()))
.issuer(configBean.getIssuer())
.issueTime(new Date())
.expirationTime(token.getExpiration())
.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
.build();
JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,

2
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java
View File

@ -17,14 +17,12 @@
package org.mitre.openid.connect.service.impl;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.mitre.openid.connect.service.ScopeClaimTranslationService;
import org.springframework.stereotype.Service;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Maps;
import com.google.common.collect.SetMultimap;
/**

4
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java
View File

@ -26,8 +26,6 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.model.ClientStat;
import org.mitre.openid.connect.service.ApprovedSiteService;
@ -37,8 +35,6 @@ import org.springframework.stereotype.Service;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.common.collect.HashMultiset;
import com.google.common.collect.Multiset;
/**
* @author jricher

2
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/InMemoryClientLogoLoadingService.java
View File

@ -23,7 +23,6 @@ import java.util.concurrent.TimeUnit;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
@ -31,7 +30,6 @@ import org.apache.http.impl.client.HttpClientBuilder;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.openid.connect.model.CachedImage;
import org.mitre.openid.connect.service.ClientLogoLoadingService;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.stereotype.Service;
import com.google.common.base.Strings;

852
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
View File

@ -16,6 +16,9 @@
*******************************************************************************/
package org.mitre.openid.connect.service.impl;
import static org.mitre.util.JsonUtils.readMap;
import static org.mitre.util.JsonUtils.readSet;
import java.io.IOException;
import java.text.ParseException;
import java.util.Collection;
@ -68,9 +71,6 @@ import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.JWTParser;
import static org.mitre.util.JsonUtils.readMap;
import static org.mitre.util.JsonUtils.readSet;
/**
*
* Data service to import MITREid 1.0 configuration.
@ -135,46 +135,46 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
JsonToken tok = reader.peek();
switch (tok) {
case NAME:
String name = reader.nextName();
// find out which member it is
if (name.equals(CLIENTS)) {
readClients(reader);
} else if (name.equals(GRANTS)) {
readGrants(reader);
} else if (name.equals(WHITELISTEDSITES)) {
readWhitelistedSites(reader);
} else if (name.equals(BLACKLISTEDSITES)) {
readBlacklistedSites(reader);
} else if (name.equals(AUTHENTICATIONHOLDERS)) {
readAuthenticationHolders(reader);
} else if (name.equals(ACCESSTOKENS)) {
readAccessTokens(reader);
} else if (name.equals(REFRESHTOKENS)) {
readRefreshTokens(reader);
} else if (name.equals(SYSTEMSCOPES)) {
readSystemScopes(reader);
} else {
for (MITREidDataServiceExtension extension : extensions) {
if (extension.supportsVersion(THIS_VERSION)) {
case NAME:
String name = reader.nextName();
// find out which member it is
if (name.equals(CLIENTS)) {
readClients(reader);
} else if (name.equals(GRANTS)) {
readGrants(reader);
} else if (name.equals(WHITELISTEDSITES)) {
readWhitelistedSites(reader);
} else if (name.equals(BLACKLISTEDSITES)) {
readBlacklistedSites(reader);
} else if (name.equals(AUTHENTICATIONHOLDERS)) {
readAuthenticationHolders(reader);
} else if (name.equals(ACCESSTOKENS)) {
readAccessTokens(reader);
} else if (name.equals(REFRESHTOKENS)) {
readRefreshTokens(reader);
} else if (name.equals(SYSTEMSCOPES)) {
readSystemScopes(reader);
} else {
for (MITREidDataServiceExtension extension : extensions) {
if (extension.supportsVersion(THIS_VERSION)) {
extension.importExtensionData(name, reader);
break;
if (extension.supportsVersion(THIS_VERSION)) {
extension.importExtensionData(name, reader);
break;
}
}
}
// unknown token, skip it
reader.skipValue();
}
// unknown token, skip it
break;
case END_OBJECT:
// the object ended, we're done here
reader.endObject();
continue;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
case END_OBJECT:
// the object ended, we're done here
reader.endObject();
continue;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue; }
continue; }
}
fixObjectReferences();
for (MITREidDataServiceExtension extension : extensions) {
@ -203,37 +203,37 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
Long authHolderId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("expiration")) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals("value")) {
String value = reader.nextString();
try {
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("expiration")) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals("value")) {
String value = reader.nextString();
try {
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
}
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("authenticationHolderId")) {
authHolderId = reader.nextLong();
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("authenticationHolderId")) {
authHolderId = reader.nextLong();
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -265,45 +265,45 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
Long refreshTokenId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("expiration")) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals("value")) {
String value = reader.nextString();
try {
// all tokens are JWTs
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("expiration")) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals("value")) {
String value = reader.nextString();
try {
// all tokens are JWTs
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
}
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("authenticationHolderId")) {
authHolderId = reader.nextLong();
} else if (name.equals("refreshTokenId")) {
refreshTokenId = reader.nextLong();
} else if (name.equals("scope")) {
Set<String> scope = readSet(reader);
token.setScope(scope);
} else if (name.equals("type")) {
token.setTokenType(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("authenticationHolderId")) {
authHolderId = reader.nextLong();
} else if (name.equals("refreshTokenId")) {
refreshTokenId = reader.nextLong();
} else if (name.equals("scope")) {
Set<String> scope = readSet(reader);
token.setScope(scope);
} else if (name.equals("type")) {
token.setTokenType(reader.nextString());
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -331,61 +331,61 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
Long currentId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("ownerId")) {
//not needed
reader.skipValue();
} else if (name.equals("authentication")) {
OAuth2Request clientAuthorization = null;
Authentication userAuthentication = null;
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String subName = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (subName.equals("clientAuthorization")) {
clientAuthorization = readAuthorizationRequest(reader);
} else if (subName.equals("userAuthentication")) {
// skip binary encoded version
reader.skipValue();
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("ownerId")) {
//not needed
reader.skipValue();
} else if (name.equals("authentication")) {
OAuth2Request clientAuthorization = null;
Authentication userAuthentication = null;
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String subName = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (subName.equals("clientAuthorization")) {
clientAuthorization = readAuthorizationRequest(reader);
} else if (subName.equals("userAuthentication")) {
// skip binary encoded version
reader.skipValue();
} else if (subName.equals("savedUserAuthentication")) {
userAuthentication = readSavedUserAuthentication(reader);
} else if (subName.equals("savedUserAuthentication")) {
userAuthentication = readSavedUserAuthentication(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
reader.endObject();
OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
ahe.setAuthentication(auth);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
reader.endObject();
OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
ahe.setAuthentication(auth);
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -410,47 +410,47 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("authorizationParameters")) {
authorizationParameters = readMap(reader);
} else if (name.equals("approvalParameters")) {
reader.skipValue();
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("scope")) {
scope = readSet(reader);
} else if (name.equals("resourceIds")) {
resourceIds = readSet(reader);
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
authorities = new HashSet<>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("authorizationParameters")) {
authorizationParameters = readMap(reader);
} else if (name.equals("approvalParameters")) {
reader.skipValue();
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("scope")) {
scope = readSet(reader);
} else if (name.equals("resourceIds")) {
resourceIds = readSet(reader);
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
authorities = new HashSet<>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
} else if (name.equals("approved")) {
approved = reader.nextBoolean();
} else if (name.equals("denied")) {
if (approved == false) {
approved = !reader.nextBoolean();
}
} else if (name.equals("redirectUri")) {
redirectUri = reader.nextString();
} else if (name.equals("responseTypes")) {
responseTypes = readSet(reader);
} else {
reader.skipValue();
}
} else if (name.equals("approved")) {
approved = reader.nextBoolean();
} else if (name.equals("denied")) {
if (approved == false) {
approved = !reader.nextBoolean();
}
} else if (name.equals("redirectUri")) {
redirectUri = reader.nextString();
} else if (name.equals("responseTypes")) {
responseTypes = readSet(reader);
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -468,35 +468,35 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
switch(reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("name")) {
savedUserAuth.setName(reader.nextString());
} else if (name.equals("sourceClass")) {
savedUserAuth.setSourceClass(reader.nextString());
} else if (name.equals("authenticated")) {
savedUserAuth.setAuthenticated(reader.nextBoolean());
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("name")) {
savedUserAuth.setName(reader.nextString());
} else if (name.equals("sourceClass")) {
savedUserAuth.setSourceClass(reader.nextString());
} else if (name.equals("authenticated")) {
savedUserAuth.setAuthenticated(reader.nextBoolean());
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
savedUserAuth.setAuthorities(authorities);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
savedUserAuth.setAuthorities(authorities);
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
@ -518,43 +518,43 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("accessDate")) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals("clientId")) {
site.setClientId(reader.nextString());
} else if (name.equals("creationDate")) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals("timeoutDate")) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals("userId")) {
site.setUserId(reader.nextString());
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals("whitelistedSiteId")) {
whitelistedSiteId = reader.nextLong();
} else if (name.equals("approvedAccessTokens")) {
tokenIds = readSet(reader);
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("accessDate")) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals("clientId")) {
site.setClientId(reader.nextString());
} else if (name.equals("creationDate")) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals("timeoutDate")) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals("userId")) {
site.setUserId(reader.nextString());
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals("whitelistedSiteId")) {
whitelistedSiteId = reader.nextLong();
} else if (name.equals("approvedAccessTokens")) {
tokenIds = readSet(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -583,28 +583,28 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("clientId")) {
wlSite.setClientId(reader.nextString());
} else if (name.equals("creatorUserId")) {
wlSite.setCreatorUserId(reader.nextString());
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
wlSite.setAllowedScopes(allowedScopes);
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("clientId")) {
wlSite.setClientId(reader.nextString());
} else if (name.equals("creatorUserId")) {
wlSite.setCreatorUserId(reader.nextString());
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
wlSite.setAllowedScopes(allowedScopes);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -626,23 +626,23 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals("id")) {
reader.skipValue();
} else if (name.equals("uri")) {
blSite.setUri(reader.nextString());
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals("id")) {
reader.skipValue();
} else if (name.equals("uri")) {
blSite.setUri(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -663,125 +663,125 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("clientId")) {
client.setClientId(reader.nextString());
} else if (name.equals("resourceIds")) {
Set<String> resourceIds = readSet(reader);
client.setResourceIds(resourceIds);
} else if (name.equals("secret")) {
client.setClientSecret(reader.nextString());
} else if (name.equals("scope")) {
Set<String> scope = readSet(reader);
client.setScope(scope);
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("clientId")) {
client.setClientId(reader.nextString());
} else if (name.equals("resourceIds")) {
Set<String> resourceIds = readSet(reader);
client.setResourceIds(resourceIds);
} else if (name.equals("secret")) {
client.setClientSecret(reader.nextString());
} else if (name.equals("scope")) {
Set<String> scope = readSet(reader);
client.setScope(scope);
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
client.setAuthorities(authorities);
} else if (name.equals("accessTokenValiditySeconds")) {
client.setAccessTokenValiditySeconds(reader.nextInt());
} else if (name.equals("refreshTokenValiditySeconds")) {
client.setRefreshTokenValiditySeconds(reader.nextInt());
} else if (name.equals("redirectUris")) {
Set<String> redirectUris = readSet(reader);
client.setRedirectUris(redirectUris);
} else if (name.equals("name")) {
client.setClientName(reader.nextString());
} else if (name.equals("uri")) {
client.setClientUri(reader.nextString());
} else if (name.equals("logoUri")) {
client.setLogoUri(reader.nextString());
} else if (name.equals("contacts")) {
Set<String> contacts = readSet(reader);
client.setContacts(contacts);
} else if (name.equals("tosUri")) {
client.setTosUri(reader.nextString());
} else if (name.equals("tokenEndpointAuthMethod")) {
AuthMethod am = AuthMethod.getByValue(reader.nextString());
client.setTokenEndpointAuthMethod(am);
} else if (name.equals("grantTypes")) {
Set<String> grantTypes = readSet(reader);
client.setGrantTypes(grantTypes);
} else if (name.equals("responseTypes")) {
Set<String> responseTypes = readSet(reader);
client.setResponseTypes(responseTypes);
} else if (name.equals("policyUri")) {
client.setPolicyUri(reader.nextString());
} else if (name.equals("applicationType")) {
AppType appType = AppType.getByValue(reader.nextString());
client.setApplicationType(appType);
} else if (name.equals("sectorIdentifierUri")) {
client.setSectorIdentifierUri(reader.nextString());
} else if (name.equals("subjectType")) {
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals("jwks_uri")) {
client.setJwksUri(reader.nextString());
} else if (name.equals("requestObjectSigningAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setRequestObjectSigningAlg(alg);
} else if (name.equals("userInfoEncryptedResponseAlg")) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals("userInfoEncryptedResponseEnc")) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals("userInfoSignedResponseAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setUserInfoSignedResponseAlg(alg);
} else if (name.equals("idTokenSignedResonseAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setIdTokenSignedResponseAlg(alg);
} else if (name.equals("idTokenEncryptedResponseAlg")) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setIdTokenEncryptedResponseAlg(alg);
} else if (name.equals("idTokenEncryptedResponseEnc")) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setIdTokenEncryptedResponseEnc(alg);
} else if (name.equals("tokenEndpointAuthSigningAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals("defaultMaxAge")) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals("requireAuthTime")) {
client.setRequireAuthTime(reader.nextBoolean());
} else if (name.equals("defaultACRValues")) {
Set<String> defaultACRvalues = readSet(reader);
client.setDefaultACRvalues(defaultACRvalues);
} else if (name.equals("initiateLoginUri")) {
client.setInitiateLoginUri(reader.nextString());
} else if (name.equals("postLogoutRedirectUri")) {
HashSet<String> postLogoutUris = Sets.newHashSet(reader.nextString());
client.setPostLogoutRedirectUris(postLogoutUris);
} else if (name.equals("requestUris")) {
Set<String> requestUris = readSet(reader);
client.setRequestUris(requestUris);
} else if (name.equals("description")) {
client.setClientDescription(reader.nextString());
} else if (name.equals("allowIntrospection")) {
client.setAllowIntrospection(reader.nextBoolean());
} else if (name.equals("reuseRefreshToken")) {
client.setReuseRefreshToken(reader.nextBoolean());
} else if (name.equals("dynamicallyRegistered")) {
client.setDynamicallyRegistered(reader.nextBoolean());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
client.setAuthorities(authorities);
} else if (name.equals("accessTokenValiditySeconds")) {
client.setAccessTokenValiditySeconds(reader.nextInt());
} else if (name.equals("refreshTokenValiditySeconds")) {
client.setRefreshTokenValiditySeconds(reader.nextInt());
} else if (name.equals("redirectUris")) {
Set<String> redirectUris = readSet(reader);
client.setRedirectUris(redirectUris);
} else if (name.equals("name")) {
client.setClientName(reader.nextString());
} else if (name.equals("uri")) {
client.setClientUri(reader.nextString());
} else if (name.equals("logoUri")) {
client.setLogoUri(reader.nextString());
} else if (name.equals("contacts")) {
Set<String> contacts = readSet(reader);
client.setContacts(contacts);
} else if (name.equals("tosUri")) {
client.setTosUri(reader.nextString());
} else if (name.equals("tokenEndpointAuthMethod")) {
AuthMethod am = AuthMethod.getByValue(reader.nextString());
client.setTokenEndpointAuthMethod(am);
} else if (name.equals("grantTypes")) {
Set<String> grantTypes = readSet(reader);
client.setGrantTypes(grantTypes);
} else if (name.equals("responseTypes")) {
Set<String> responseTypes = readSet(reader);
client.setResponseTypes(responseTypes);
} else if (name.equals("policyUri")) {
client.setPolicyUri(reader.nextString());
} else if (name.equals("applicationType")) {
AppType appType = AppType.getByValue(reader.nextString());
client.setApplicationType(appType);
} else if (name.equals("sectorIdentifierUri")) {
client.setSectorIdentifierUri(reader.nextString());
} else if (name.equals("subjectType")) {
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals("jwks_uri")) {
client.setJwksUri(reader.nextString());
} else if (name.equals("requestObjectSigningAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setRequestObjectSigningAlg(alg);
} else if (name.equals("userInfoEncryptedResponseAlg")) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals("userInfoEncryptedResponseEnc")) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals("userInfoSignedResponseAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setUserInfoSignedResponseAlg(alg);
} else if (name.equals("idTokenSignedResonseAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setIdTokenSignedResponseAlg(alg);
} else if (name.equals("idTokenEncryptedResponseAlg")) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setIdTokenEncryptedResponseAlg(alg);
} else if (name.equals("idTokenEncryptedResponseEnc")) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setIdTokenEncryptedResponseEnc(alg);
} else if (name.equals("tokenEndpointAuthSigningAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals("defaultMaxAge")) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals("requireAuthTime")) {
client.setRequireAuthTime(reader.nextBoolean());
} else if (name.equals("defaultACRValues")) {
Set<String> defaultACRvalues = readSet(reader);
client.setDefaultACRvalues(defaultACRvalues);
} else if (name.equals("initiateLoginUri")) {
client.setInitiateLoginUri(reader.nextString());
} else if (name.equals("postLogoutRedirectUri")) {
HashSet<String> postLogoutUris = Sets.newHashSet(reader.nextString());
client.setPostLogoutRedirectUris(postLogoutUris);
} else if (name.equals("requestUris")) {
Set<String> requestUris = readSet(reader);
client.setRequestUris(requestUris);
} else if (name.equals("description")) {
client.setClientDescription(reader.nextString());
} else if (name.equals("allowIntrospection")) {
client.setAllowIntrospection(reader.nextBoolean());
} else if (name.equals("reuseRefreshToken")) {
client.setReuseRefreshToken(reader.nextBoolean());
} else if (name.equals("dynamicallyRegistered")) {
client.setDynamicallyRegistered(reader.nextBoolean());
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -805,32 +805,32 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("value")) {
scope.setValue(reader.nextString());
} else if (name.equals("description")) {
scope.setDescription(reader.nextString());
} else if (name.equals("allowDynReg")) {
// previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa
scope.setRestricted(!reader.nextBoolean());
} else if (name.equals("defaultScope")) {
scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals("icon")) {
scope.setIcon(reader.nextString());
} else {
logger.debug("found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
} else if (name.equals("value")) {
scope.setValue(reader.nextString());
} else if (name.equals("description")) {
scope.setDescription(reader.nextString());
} else if (name.equals("allowDynReg")) {
// previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa
scope.setRestricted(!reader.nextBoolean());
} else if (name.equals("defaultScope")) {
scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals("icon")) {
scope.setIcon(reader.nextString());
} else {
logger.debug("found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();

872
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
View File

@ -16,6 +16,9 @@
*******************************************************************************/
package org.mitre.openid.connect.service.impl;
import static org.mitre.util.JsonUtils.readMap;
import static org.mitre.util.JsonUtils.readSet;
import java.io.IOException;
import java.io.Serializable;
import java.text.ParseException;
@ -71,9 +74,6 @@ import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.JWTParser;
import static org.mitre.util.JsonUtils.readMap;
import static org.mitre.util.JsonUtils.readSet;
/**
*
* Data service to import MITREid 1.1 configuration.
@ -137,46 +137,46 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
JsonToken tok = reader.peek();
switch (tok) {
case NAME:
String name = reader.nextName();
// find out which member it is
if (name.equals(CLIENTS)) {
readClients(reader);
} else if (name.equals(GRANTS)) {
readGrants(reader);
} else if (name.equals(WHITELISTEDSITES)) {
readWhitelistedSites(reader);
} else if (name.equals(BLACKLISTEDSITES)) {
readBlacklistedSites(reader);
} else if (name.equals(AUTHENTICATIONHOLDERS)) {
readAuthenticationHolders(reader);
} else if (name.equals(ACCESSTOKENS)) {
readAccessTokens(reader);
} else if (name.equals(REFRESHTOKENS)) {
readRefreshTokens(reader);
} else if (name.equals(SYSTEMSCOPES)) {
readSystemScopes(reader);
} else {
for (MITREidDataServiceExtension extension : extensions) {
if (extension.supportsVersion(THIS_VERSION)) {
case NAME:
String name = reader.nextName();
// find out which member it is
if (name.equals(CLIENTS)) {
readClients(reader);
} else if (name.equals(GRANTS)) {
readGrants(reader);
} else if (name.equals(WHITELISTEDSITES)) {
readWhitelistedSites(reader);
} else if (name.equals(BLACKLISTEDSITES)) {
readBlacklistedSites(reader);
} else if (name.equals(AUTHENTICATIONHOLDERS)) {
readAuthenticationHolders(reader);
} else if (name.equals(ACCESSTOKENS)) {
readAccessTokens(reader);
} else if (name.equals(REFRESHTOKENS)) {
readRefreshTokens(reader);
} else if (name.equals(SYSTEMSCOPES)) {
readSystemScopes(reader);
} else {
for (MITREidDataServiceExtension extension : extensions) {
if (extension.supportsVersion(THIS_VERSION)) {
extension.importExtensionData(name, reader);
break;
if (extension.supportsVersion(THIS_VERSION)) {
extension.importExtensionData(name, reader);
break;
}
}
}
// unknown token, skip it
reader.skipValue();
}
// unknown token, skip it
break;
case END_OBJECT:
// the object ended, we're done here
reader.endObject();
continue;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
case END_OBJECT:
// the object ended, we're done here
reader.endObject();
continue;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
fixObjectReferences();
@ -206,37 +206,37 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
Long authHolderId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("expiration")) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals("value")) {
String value = reader.nextString();
try {
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("expiration")) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals("value")) {
String value = reader.nextString();
try {
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
}
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("authenticationHolderId")) {
authHolderId = reader.nextLong();
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("authenticationHolderId")) {
authHolderId = reader.nextLong();
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -268,45 +268,45 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
Long refreshTokenId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("expiration")) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals("value")) {
String value = reader.nextString();
try {
// all tokens are JWTs
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("expiration")) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals("value")) {
String value = reader.nextString();
try {
// all tokens are JWTs
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
}
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("authenticationHolderId")) {
authHolderId = reader.nextLong();
} else if (name.equals("refreshTokenId")) {
refreshTokenId = reader.nextLong();
} else if (name.equals("scope")) {
Set<String> scope = readSet(reader);
token.setScope(scope);
} else if (name.equals("type")) {
token.setTokenType(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("authenticationHolderId")) {
authHolderId = reader.nextLong();
} else if (name.equals("refreshTokenId")) {
refreshTokenId = reader.nextLong();
} else if (name.equals("scope")) {
Set<String> scope = readSet(reader);
token.setScope(scope);
} else if (name.equals("type")) {
token.setTokenType(reader.nextString());
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -334,61 +334,61 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
Long currentId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("ownerId")) {
//not needed
reader.skipValue();
} else if (name.equals("authentication")) {
OAuth2Request clientAuthorization = null;
Authentication userAuthentication = null;
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String subName = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue(); // skip null values
} else if (subName.equals("clientAuthorization")) {
clientAuthorization = readAuthorizationRequest(reader);
} else if (subName.equals("userAuthentication")) {
// skip binary encoded version
reader.skipValue();
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("ownerId")) {
//not needed
reader.skipValue();
} else if (name.equals("authentication")) {
OAuth2Request clientAuthorization = null;
Authentication userAuthentication = null;
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String subName = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue(); // skip null values
} else if (subName.equals("clientAuthorization")) {
clientAuthorization = readAuthorizationRequest(reader);
} else if (subName.equals("userAuthentication")) {
// skip binary encoded version
reader.skipValue();
} else if (subName.equals("savedUserAuthentication")) {
userAuthentication = readSavedUserAuthentication(reader);
} else if (subName.equals("savedUserAuthentication")) {
userAuthentication = readSavedUserAuthentication(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
reader.endObject();
OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
ahe.setAuthentication(auth);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
reader.endObject();
OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
ahe.setAuthentication(auth);
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -414,53 +414,53 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("requestParameters")) {
requestParameters = readMap(reader);
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("scope")) {
scope = readSet(reader);
} else if (name.equals("resourceIds")) {
resourceIds = readSet(reader);
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
authorities = new HashSet<>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("requestParameters")) {
requestParameters = readMap(reader);
} else if (name.equals("clientId")) {
clientId = reader.nextString();
} else if (name.equals("scope")) {
scope = readSet(reader);
} else if (name.equals("resourceIds")) {
resourceIds = readSet(reader);
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
authorities = new HashSet<>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
} else if (name.equals("approved")) {
approved = reader.nextBoolean();
} else if (name.equals("denied")) {
if (approved == false) {
approved = !reader.nextBoolean();
}
} else if (name.equals("redirectUri")) {
redirectUri = reader.nextString();
} else if (name.equals("responseTypes")) {
responseTypes = readSet(reader);
} else if (name.equals("extensions")) {
// skip the binary encoded version
reader.skipValue();
} else if (name.equals("extensionStrings")) {
Map<String, String> extEnc = readMap(reader);
for (Entry<String, String> entry : extEnc.entrySet()) {
extensions.put(entry.getKey(), entry.getValue());
}
} else {
reader.skipValue();
}
} else if (name.equals("approved")) {
approved = reader.nextBoolean();
} else if (name.equals("denied")) {
if (approved == false) {
approved = !reader.nextBoolean();
}
} else if (name.equals("redirectUri")) {
redirectUri = reader.nextString();
} else if (name.equals("responseTypes")) {
responseTypes = readSet(reader);
} else if (name.equals("extensions")) {
// skip the binary encoded version
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
} else if (name.equals("extensionStrings")) {
Map<String, String> extEnc = readMap(reader);
for (Entry<String, String> entry : extEnc.entrySet()) {
extensions.put(entry.getKey(), entry.getValue());
}
} else {
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -478,35 +478,35 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
switch(reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("name")) {
savedUserAuth.setName(reader.nextString());
} else if (name.equals("sourceClass")) {
savedUserAuth.setSourceClass(reader.nextString());
} else if (name.equals("authenticated")) {
savedUserAuth.setAuthenticated(reader.nextBoolean());
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("name")) {
savedUserAuth.setName(reader.nextString());
} else if (name.equals("sourceClass")) {
savedUserAuth.setSourceClass(reader.nextString());
} else if (name.equals("authenticated")) {
savedUserAuth.setAuthenticated(reader.nextBoolean());
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
savedUserAuth.setAuthorities(authorities);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
savedUserAuth.setAuthorities(authorities);
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
@ -528,43 +528,43 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("accessDate")) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals("clientId")) {
site.setClientId(reader.nextString());
} else if (name.equals("creationDate")) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals("timeoutDate")) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals("userId")) {
site.setUserId(reader.nextString());
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals("whitelistedSiteId")) {
whitelistedSiteId = reader.nextLong();
} else if (name.equals("approvedAccessTokens")) {
tokenIds = readSet(reader);
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("accessDate")) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals("clientId")) {
site.setClientId(reader.nextString());
} else if (name.equals("creationDate")) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals("timeoutDate")) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals("userId")) {
site.setUserId(reader.nextString());
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals("whitelistedSiteId")) {
whitelistedSiteId = reader.nextLong();
} else if (name.equals("approvedAccessTokens")) {
tokenIds = readSet(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -593,28 +593,28 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("clientId")) {
wlSite.setClientId(reader.nextString());
} else if (name.equals("creatorUserId")) {
wlSite.setCreatorUserId(reader.nextString());
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
wlSite.setAllowedScopes(allowedScopes);
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals("id")) {
currentId = reader.nextLong();
} else if (name.equals("clientId")) {
wlSite.setClientId(reader.nextString());
} else if (name.equals("creatorUserId")) {
wlSite.setCreatorUserId(reader.nextString());
} else if (name.equals("allowedScopes")) {
Set<String> allowedScopes = readSet(reader);
wlSite.setAllowedScopes(allowedScopes);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -636,23 +636,23 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals("id")) {
reader.skipValue();
} else if (name.equals("uri")) {
blSite.setUri(reader.nextString());
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals("id")) {
reader.skipValue();
} else if (name.equals("uri")) {
blSite.setUri(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -673,125 +673,125 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("clientId")) {
client.setClientId(reader.nextString());
} else if (name.equals("resourceIds")) {
Set<String> resourceIds = readSet(reader);
client.setResourceIds(resourceIds);
} else if (name.equals("secret")) {
client.setClientSecret(reader.nextString());
} else if (name.equals("scope")) {
Set<String> scope = readSet(reader);
client.setScope(scope);
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("clientId")) {
client.setClientId(reader.nextString());
} else if (name.equals("resourceIds")) {
Set<String> resourceIds = readSet(reader);
client.setResourceIds(resourceIds);
} else if (name.equals("secret")) {
client.setClientSecret(reader.nextString());
} else if (name.equals("scope")) {
Set<String> scope = readSet(reader);
client.setScope(scope);
} else if (name.equals("authorities")) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
client.setAuthorities(authorities);
} else if (name.equals("accessTokenValiditySeconds")) {
client.setAccessTokenValiditySeconds(reader.nextInt());
} else if (name.equals("refreshTokenValiditySeconds")) {
client.setRefreshTokenValiditySeconds(reader.nextInt());
} else if (name.equals("redirectUris")) {
Set<String> redirectUris = readSet(reader);
client.setRedirectUris(redirectUris);
} else if (name.equals("name")) {
client.setClientName(reader.nextString());
} else if (name.equals("uri")) {
client.setClientUri(reader.nextString());
} else if (name.equals("logoUri")) {
client.setLogoUri(reader.nextString());
} else if (name.equals("contacts")) {
Set<String> contacts = readSet(reader);
client.setContacts(contacts);
} else if (name.equals("tosUri")) {
client.setTosUri(reader.nextString());
} else if (name.equals("tokenEndpointAuthMethod")) {
AuthMethod am = AuthMethod.getByValue(reader.nextString());
client.setTokenEndpointAuthMethod(am);
} else if (name.equals("grantTypes")) {
Set<String> grantTypes = readSet(reader);
client.setGrantTypes(grantTypes);
} else if (name.equals("responseTypes")) {
Set<String> responseTypes = readSet(reader);
client.setResponseTypes(responseTypes);
} else if (name.equals("policyUri")) {
client.setPolicyUri(reader.nextString());
} else if (name.equals("applicationType")) {
AppType appType = AppType.getByValue(reader.nextString());
client.setApplicationType(appType);
} else if (name.equals("sectorIdentifierUri")) {
client.setSectorIdentifierUri(reader.nextString());
} else if (name.equals("subjectType")) {
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals("jwks_uri")) {
client.setJwksUri(reader.nextString());
} else if (name.equals("requestObjectSigningAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setRequestObjectSigningAlg(alg);
} else if (name.equals("userInfoEncryptedResponseAlg")) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals("userInfoEncryptedResponseEnc")) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals("userInfoSignedResponseAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setUserInfoSignedResponseAlg(alg);
} else if (name.equals("idTokenSignedResonseAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setIdTokenSignedResponseAlg(alg);
} else if (name.equals("idTokenEncryptedResponseAlg")) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setIdTokenEncryptedResponseAlg(alg);
} else if (name.equals("idTokenEncryptedResponseEnc")) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setIdTokenEncryptedResponseEnc(alg);
} else if (name.equals("tokenEndpointAuthSigningAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals("defaultMaxAge")) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals("requireAuthTime")) {
client.setRequireAuthTime(reader.nextBoolean());
} else if (name.equals("defaultACRValues")) {
Set<String> defaultACRvalues = readSet(reader);
client.setDefaultACRvalues(defaultACRvalues);
} else if (name.equals("initiateLoginUri")) {
client.setInitiateLoginUri(reader.nextString());
} else if (name.equals("postLogoutRedirectUri")) {
HashSet<String> postLogoutUris = Sets.newHashSet(reader.nextString());
client.setPostLogoutRedirectUris(postLogoutUris);
} else if (name.equals("requestUris")) {
Set<String> requestUris = readSet(reader);
client.setRequestUris(requestUris);
} else if (name.equals("description")) {
client.setClientDescription(reader.nextString());
} else if (name.equals("allowIntrospection")) {
client.setAllowIntrospection(reader.nextBoolean());
} else if (name.equals("reuseRefreshToken")) {
client.setReuseRefreshToken(reader.nextBoolean());
} else if (name.equals("dynamicallyRegistered")) {
client.setDynamicallyRegistered(reader.nextBoolean());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
client.setAuthorities(authorities);
} else if (name.equals("accessTokenValiditySeconds")) {
client.setAccessTokenValiditySeconds(reader.nextInt());
} else if (name.equals("refreshTokenValiditySeconds")) {
client.setRefreshTokenValiditySeconds(reader.nextInt());
} else if (name.equals("redirectUris")) {
Set<String> redirectUris = readSet(reader);
client.setRedirectUris(redirectUris);
} else if (name.equals("name")) {
client.setClientName(reader.nextString());
} else if (name.equals("uri")) {
client.setClientUri(reader.nextString());
} else if (name.equals("logoUri")) {
client.setLogoUri(reader.nextString());
} else if (name.equals("contacts")) {
Set<String> contacts = readSet(reader);
client.setContacts(contacts);
} else if (name.equals("tosUri")) {
client.setTosUri(reader.nextString());
} else if (name.equals("tokenEndpointAuthMethod")) {
AuthMethod am = AuthMethod.getByValue(reader.nextString());
client.setTokenEndpointAuthMethod(am);
} else if (name.equals("grantTypes")) {
Set<String> grantTypes = readSet(reader);
client.setGrantTypes(grantTypes);
} else if (name.equals("responseTypes")) {
Set<String> responseTypes = readSet(reader);
client.setResponseTypes(responseTypes);
} else if (name.equals("policyUri")) {
client.setPolicyUri(reader.nextString());
} else if (name.equals("applicationType")) {
AppType appType = AppType.getByValue(reader.nextString());
client.setApplicationType(appType);
} else if (name.equals("sectorIdentifierUri")) {
client.setSectorIdentifierUri(reader.nextString());
} else if (name.equals("subjectType")) {
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals("jwks_uri")) {
client.setJwksUri(reader.nextString());
} else if (name.equals("requestObjectSigningAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setRequestObjectSigningAlg(alg);
} else if (name.equals("userInfoEncryptedResponseAlg")) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals("userInfoEncryptedResponseEnc")) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals("userInfoSignedResponseAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setUserInfoSignedResponseAlg(alg);
} else if (name.equals("idTokenSignedResonseAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setIdTokenSignedResponseAlg(alg);
} else if (name.equals("idTokenEncryptedResponseAlg")) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setIdTokenEncryptedResponseAlg(alg);
} else if (name.equals("idTokenEncryptedResponseEnc")) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setIdTokenEncryptedResponseEnc(alg);
} else if (name.equals("tokenEndpointAuthSigningAlg")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals("defaultMaxAge")) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals("requireAuthTime")) {
client.setRequireAuthTime(reader.nextBoolean());
} else if (name.equals("defaultACRValues")) {
Set<String> defaultACRvalues = readSet(reader);
client.setDefaultACRvalues(defaultACRvalues);
} else if (name.equals("initiateLoginUri")) {
client.setInitiateLoginUri(reader.nextString());
} else if (name.equals("postLogoutRedirectUri")) {
HashSet<String> postLogoutUris = Sets.newHashSet(reader.nextString());
client.setPostLogoutRedirectUris(postLogoutUris);
} else if (name.equals("requestUris")) {
Set<String> requestUris = readSet(reader);
client.setRequestUris(requestUris);
} else if (name.equals("description")) {
client.setClientDescription(reader.nextString());
} else if (name.equals("allowIntrospection")) {
client.setAllowIntrospection(reader.nextBoolean());
} else if (name.equals("reuseRefreshToken")) {
client.setReuseRefreshToken(reader.nextBoolean());
} else if (name.equals("dynamicallyRegistered")) {
client.setDynamicallyRegistered(reader.nextBoolean());
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -815,36 +815,36 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals("value")) {
scope.setValue(reader.nextString());
} else if (name.equals("description")) {
scope.setDescription(reader.nextString());
} else if (name.equals("allowDynReg")) {
// previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa
scope.setRestricted(!reader.nextBoolean());
} else if (name.equals("defaultScope")) {
scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals("structured")) {
logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals("structuredParameter")) {
logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals("icon")) {
scope.setIcon(reader.nextString());
} else {
logger.debug("found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
} else if (name.equals("value")) {
scope.setValue(reader.nextString());
} else if (name.equals("description")) {
scope.setDescription(reader.nextString());
} else if (name.equals("allowDynReg")) {
// previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa
scope.setRestricted(!reader.nextBoolean());
} else if (name.equals("defaultScope")) {
scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals("structured")) {
logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals("structuredParameter")) {
logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals("icon")) {
scope.setIcon(reader.nextString());
} else {
logger.debug("found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();

787
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
View File

@ -16,16 +16,15 @@
*******************************************************************************/
package org.mitre.openid.connect.service.impl;
import static org.mitre.util.JsonUtils.readMap;
import static org.mitre.util.JsonUtils.readSet;
import java.io.IOException;
import java.io.Serializable;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
@ -66,10 +65,6 @@ import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.JWTParser;
import static org.mitre.util.JsonUtils.readMap;
import static org.mitre.util.JsonUtils.readSet;
import static org.mitre.util.JsonUtils.writeNullSafeArray;
/**
*
* Data service to import and export MITREid 1.2 configuration.
@ -201,44 +196,44 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
JsonToken tok = reader.peek();
switch (tok) {
case NAME:
String name = reader.nextName();
// find out which member it is
if (name.equals(CLIENTS)) {
readClients(reader);
} else if (name.equals(GRANTS)) {
readGrants(reader);
} else if (name.equals(WHITELISTEDSITES)) {
readWhitelistedSites(reader);
} else if (name.equals(BLACKLISTEDSITES)) {
readBlacklistedSites(reader);
} else if (name.equals(AUTHENTICATIONHOLDERS)) {
readAuthenticationHolders(reader);
} else if (name.equals(ACCESSTOKENS)) {
readAccessTokens(reader);
} else if (name.equals(REFRESHTOKENS)) {
readRefreshTokens(reader);
} else if (name.equals(SYSTEMSCOPES)) {
readSystemScopes(reader);
} else {
for (MITREidDataServiceExtension extension : extensions) {
if (extension.supportsVersion(THIS_VERSION)) {
extension.importExtensionData(name, reader);
break;
case NAME:
String name = reader.nextName();
// find out which member it is
if (name.equals(CLIENTS)) {
readClients(reader);
} else if (name.equals(GRANTS)) {
readGrants(reader);
} else if (name.equals(WHITELISTEDSITES)) {
readWhitelistedSites(reader);
} else if (name.equals(BLACKLISTEDSITES)) {
readBlacklistedSites(reader);
} else if (name.equals(AUTHENTICATIONHOLDERS)) {
readAuthenticationHolders(reader);
} else if (name.equals(ACCESSTOKENS)) {
readAccessTokens(reader);
} else if (name.equals(REFRESHTOKENS)) {
readRefreshTokens(reader);
} else if (name.equals(SYSTEMSCOPES)) {
readSystemScopes(reader);
} else {
for (MITREidDataServiceExtension extension : extensions) {
if (extension.supportsVersion(THIS_VERSION)) {
extension.importExtensionData(name, reader);
break;
}
}
// unknown token, skip it
reader.skipValue();
}
// unknown token, skip it
break;
case END_OBJECT:
// the object ended, we're done here
reader.endObject();
continue;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
case END_OBJECT:
// the object ended, we're done here
reader.endObject();
continue;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
fixObjectReferences();
@ -268,37 +263,37 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
Long authHolderId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(EXPIRATION)) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals(VALUE)) {
String value = reader.nextString();
try {
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(EXPIRATION)) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals(VALUE)) {
String value = reader.nextString();
try {
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
}
} else if (name.equals(CLIENT_ID)) {
clientId = reader.nextString();
} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
authHolderId = reader.nextLong();
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
} else if (name.equals(CLIENT_ID)) {
clientId = reader.nextString();
} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
authHolderId = reader.nextLong();
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -330,45 +325,45 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
Long refreshTokenId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(EXPIRATION)) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals(VALUE)) {
String value = reader.nextString();
try {
// all tokens are JWTs
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(EXPIRATION)) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals(VALUE)) {
String value = reader.nextString();
try {
// all tokens are JWTs
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
}
} else if (name.equals(CLIENT_ID)) {
clientId = reader.nextString();
} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
authHolderId = reader.nextLong();
} else if (name.equals(REFRESH_TOKEN_ID)) {
refreshTokenId = reader.nextLong();
} else if (name.equals(SCOPE)) {
Set<String> scope = readSet(reader);
token.setScope(scope);
} else if (name.equals(TYPE)) {
token.setTokenType(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
} else if (name.equals(CLIENT_ID)) {
clientId = reader.nextString();
} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
authHolderId = reader.nextLong();
} else if (name.equals(REFRESH_TOKEN_ID)) {
refreshTokenId = reader.nextLong();
} else if (name.equals(SCOPE)) {
Set<String> scope = readSet(reader);
token.setScope(scope);
} else if (name.equals(TYPE)) {
token.setTokenType(reader.nextString());
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -396,49 +391,49 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
Long currentId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(REQUEST_PARAMETERS)) {
ahe.setRequestParameters(readMap(reader));
} else if (name.equals(CLIENT_ID)) {
ahe.setClientId(reader.nextString());
} else if (name.equals(SCOPE)) {
ahe.setScope(readSet(reader));
} else if (name.equals(RESOURCE_IDS)) {
ahe.setResourceIds(readSet(reader));
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(REQUEST_PARAMETERS)) {
ahe.setRequestParameters(readMap(reader));
} else if (name.equals(CLIENT_ID)) {
ahe.setClientId(reader.nextString());
} else if (name.equals(SCOPE)) {
ahe.setScope(readSet(reader));
} else if (name.equals(RESOURCE_IDS)) {
ahe.setResourceIds(readSet(reader));
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
ahe.setAuthorities(authorities);
} else if (name.equals(APPROVED)) {
ahe.setApproved(reader.nextBoolean());
} else if (name.equals(REDIRECT_URI)) {
ahe.setRedirectUri(reader.nextString());
} else if (name.equals(RESPONSE_TYPES)) {
ahe.setResponseTypes(readSet(reader));
} else if (name.equals(EXTENSIONS)) {
ahe.setExtensions(readMap(reader));
} else if (name.equals(SAVED_USER_AUTHENTICATION)) {
ahe.setUserAuth(readSavedUserAuthentication(reader));
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
ahe.setAuthorities(authorities);
} else if (name.equals(APPROVED)) {
ahe.setApproved(reader.nextBoolean());
} else if (name.equals(REDIRECT_URI)) {
ahe.setRedirectUri(reader.nextString());
} else if (name.equals(RESPONSE_TYPES)) {
ahe.setResponseTypes(readSet(reader));
} else if (name.equals(EXTENSIONS)) {
ahe.setExtensions(readMap(reader));
} else if (name.equals(SAVED_USER_AUTHENTICATION)) {
ahe.setUserAuth(readSavedUserAuthentication(reader));
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -461,35 +456,35 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
switch(reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(NAME)) {
savedUserAuth.setName(reader.nextString());
} else if (name.equals(SOURCE_CLASS)) {
savedUserAuth.setSourceClass(reader.nextString());
} else if (name.equals(AUTHENTICATED)) {
savedUserAuth.setAuthenticated(reader.nextBoolean());
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(NAME)) {
savedUserAuth.setName(reader.nextString());
} else if (name.equals(SOURCE_CLASS)) {
savedUserAuth.setSourceClass(reader.nextString());
} else if (name.equals(AUTHENTICATED)) {
savedUserAuth.setAuthenticated(reader.nextBoolean());
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
savedUserAuth.setAuthorities(authorities);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
savedUserAuth.setAuthorities(authorities);
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
@ -510,41 +505,41 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(ACCESS_DATE)) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals(CLIENT_ID)) {
site.setClientId(reader.nextString());
} else if (name.equals(CREATION_DATE)) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals(TIMEOUT_DATE)) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals(USER_ID)) {
site.setUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
tokenIds = readSet(reader);
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(ACCESS_DATE)) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals(CLIENT_ID)) {
site.setClientId(reader.nextString());
} else if (name.equals(CREATION_DATE)) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals(TIMEOUT_DATE)) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals(USER_ID)) {
site.setUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
tokenIds = readSet(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -570,28 +565,28 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(CLIENT_ID)) {
wlSite.setClientId(reader.nextString());
} else if (name.equals(CREATOR_USER_ID)) {
wlSite.setCreatorUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
wlSite.setAllowedScopes(allowedScopes);
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(CLIENT_ID)) {
wlSite.setClientId(reader.nextString());
} else if (name.equals(CREATOR_USER_ID)) {
wlSite.setCreatorUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
wlSite.setAllowedScopes(allowedScopes);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -613,23 +608,23 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals(ID)) {
reader.skipValue();
} else if (name.equals(URI)) {
blSite.setUri(reader.nextString());
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals(ID)) {
reader.skipValue();
} else if (name.equals(URI)) {
blSite.setUri(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -650,136 +645,136 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(CLIENT_ID)) {
client.setClientId(reader.nextString());
} else if (name.equals(RESOURCE_IDS)) {
Set<String> resourceIds = readSet(reader);
client.setResourceIds(resourceIds);
} else if (name.equals(SECRET)) {
client.setClientSecret(reader.nextString());
} else if (name.equals(SCOPE)) {
Set<String> scope = readSet(reader);
client.setScope(scope);
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(CLIENT_ID)) {
client.setClientId(reader.nextString());
} else if (name.equals(RESOURCE_IDS)) {
Set<String> resourceIds = readSet(reader);
client.setResourceIds(resourceIds);
} else if (name.equals(SECRET)) {
client.setClientSecret(reader.nextString());
} else if (name.equals(SCOPE)) {
Set<String> scope = readSet(reader);
client.setScope(scope);
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
client.setAuthorities(authorities);
} else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) {
client.setAccessTokenValiditySeconds(reader.nextInt());
} else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) {
client.setRefreshTokenValiditySeconds(reader.nextInt());
} else if (name.equals(REDIRECT_URIS)) {
Set<String> redirectUris = readSet(reader);
client.setRedirectUris(redirectUris);
} else if (name.equals(CLAIMS_REDIRECT_URIS)) {
Set<String> claimsRedirectUris = readSet(reader);
client.setClaimsRedirectUris(claimsRedirectUris);
} else if (name.equals(NAME)) {
client.setClientName(reader.nextString());
} else if (name.equals(URI)) {
client.setClientUri(reader.nextString());
} else if (name.equals(LOGO_URI)) {
client.setLogoUri(reader.nextString());
} else if (name.equals(CONTACTS)) {
Set<String> contacts = readSet(reader);
client.setContacts(contacts);
} else if (name.equals(TOS_URI)) {
client.setTosUri(reader.nextString());
} else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) {
AuthMethod am = AuthMethod.getByValue(reader.nextString());
client.setTokenEndpointAuthMethod(am);
} else if (name.equals(GRANT_TYPES)) {
Set<String> grantTypes = readSet(reader);
client.setGrantTypes(grantTypes);
} else if (name.equals(RESPONSE_TYPES)) {
Set<String> responseTypes = readSet(reader);
client.setResponseTypes(responseTypes);
} else if (name.equals(POLICY_URI)) {
client.setPolicyUri(reader.nextString());
} else if (name.equals(APPLICATION_TYPE)) {
AppType appType = AppType.getByValue(reader.nextString());
client.setApplicationType(appType);
} else if (name.equals(SECTOR_IDENTIFIER_URI)) {
client.setSectorIdentifierUri(reader.nextString());
} else if (name.equals(SUBJECT_TYPE)) {
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals(JWKS_URI)) {
client.setJwksUri(reader.nextString());
} else if (name.equals(JWKS)) {
try {
client.setJwks(JWKSet.parse(reader.nextString()));
} catch (ParseException e) {
logger.error("Couldn't parse JWK Set", e);
}
} else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setRequestObjectSigningAlg(alg);
} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setUserInfoSignedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setIdTokenSignedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setIdTokenEncryptedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setIdTokenEncryptedResponseEnc(alg);
} else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals(DEFAULT_MAX_AGE)) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals(REQUIRE_AUTH_TIME)) {
client.setRequireAuthTime(reader.nextBoolean());
} else if (name.equals(DEFAULT_ACR_VALUES)) {
Set<String> defaultACRvalues = readSet(reader);
client.setDefaultACRvalues(defaultACRvalues);
} else if (name.equals("initiateLoginUri")) {
client.setInitiateLoginUri(reader.nextString());
} else if (name.equals(POST_LOGOUT_REDIRECT_URI)) {
Set<String> postLogoutUris = readSet(reader);
client.setPostLogoutRedirectUris(postLogoutUris);
} else if (name.equals(REQUEST_URIS)) {
Set<String> requestUris = readSet(reader);
client.setRequestUris(requestUris);
} else if (name.equals(DESCRIPTION)) {
client.setClientDescription(reader.nextString());
} else if (name.equals(ALLOW_INTROSPECTION)) {
client.setAllowIntrospection(reader.nextBoolean());
} else if (name.equals(REUSE_REFRESH_TOKEN)) {
client.setReuseRefreshToken(reader.nextBoolean());
} else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) {
client.setClearAccessTokensOnRefresh(reader.nextBoolean());
} else if (name.equals(DYNAMICALLY_REGISTERED)) {
client.setDynamicallyRegistered(reader.nextBoolean());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
client.setAuthorities(authorities);
} else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) {
client.setAccessTokenValiditySeconds(reader.nextInt());
} else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) {
client.setRefreshTokenValiditySeconds(reader.nextInt());
} else if (name.equals(REDIRECT_URIS)) {
Set<String> redirectUris = readSet(reader);
client.setRedirectUris(redirectUris);
} else if (name.equals(CLAIMS_REDIRECT_URIS)) {
Set<String> claimsRedirectUris = readSet(reader);
client.setClaimsRedirectUris(claimsRedirectUris);
} else if (name.equals(NAME)) {
client.setClientName(reader.nextString());
} else if (name.equals(URI)) {
client.setClientUri(reader.nextString());
} else if (name.equals(LOGO_URI)) {
client.setLogoUri(reader.nextString());
} else if (name.equals(CONTACTS)) {
Set<String> contacts = readSet(reader);
client.setContacts(contacts);
} else if (name.equals(TOS_URI)) {
client.setTosUri(reader.nextString());
} else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) {
AuthMethod am = AuthMethod.getByValue(reader.nextString());
client.setTokenEndpointAuthMethod(am);
} else if (name.equals(GRANT_TYPES)) {
Set<String> grantTypes = readSet(reader);
client.setGrantTypes(grantTypes);
} else if (name.equals(RESPONSE_TYPES)) {
Set<String> responseTypes = readSet(reader);
client.setResponseTypes(responseTypes);
} else if (name.equals(POLICY_URI)) {
client.setPolicyUri(reader.nextString());
} else if (name.equals(APPLICATION_TYPE)) {
AppType appType = AppType.getByValue(reader.nextString());
client.setApplicationType(appType);
} else if (name.equals(SECTOR_IDENTIFIER_URI)) {
client.setSectorIdentifierUri(reader.nextString());
} else if (name.equals(SUBJECT_TYPE)) {
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals(JWKS_URI)) {
client.setJwksUri(reader.nextString());
} else if (name.equals(JWKS)) {
try {
client.setJwks(JWKSet.parse(reader.nextString()));
} catch (ParseException e) {
logger.error("Couldn't parse JWK Set", e);
}
} else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setRequestObjectSigningAlg(alg);
} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setUserInfoSignedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setIdTokenSignedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setIdTokenEncryptedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setIdTokenEncryptedResponseEnc(alg);
} else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals(DEFAULT_MAX_AGE)) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals(REQUIRE_AUTH_TIME)) {
client.setRequireAuthTime(reader.nextBoolean());
} else if (name.equals(DEFAULT_ACR_VALUES)) {
Set<String> defaultACRvalues = readSet(reader);
client.setDefaultACRvalues(defaultACRvalues);
} else if (name.equals("initiateLoginUri")) {
client.setInitiateLoginUri(reader.nextString());
} else if (name.equals(POST_LOGOUT_REDIRECT_URI)) {
Set<String> postLogoutUris = readSet(reader);
client.setPostLogoutRedirectUris(postLogoutUris);
} else if (name.equals(REQUEST_URIS)) {
Set<String> requestUris = readSet(reader);
client.setRequestUris(requestUris);
} else if (name.equals(DESCRIPTION)) {
client.setClientDescription(reader.nextString());
} else if (name.equals(ALLOW_INTROSPECTION)) {
client.setAllowIntrospection(reader.nextBoolean());
} else if (name.equals(REUSE_REFRESH_TOKEN)) {
client.setReuseRefreshToken(reader.nextBoolean());
} else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) {
client.setClearAccessTokensOnRefresh(reader.nextBoolean());
} else if (name.equals(DYNAMICALLY_REGISTERED)) {
client.setDynamicallyRegistered(reader.nextBoolean());
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -803,35 +798,35 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(VALUE)) {
scope.setValue(reader.nextString());
} else if (name.equals(DESCRIPTION)) {
scope.setDescription(reader.nextString());
} else if (name.equals(RESTRICTED)) {
scope.setRestricted(reader.nextBoolean());
} else if (name.equals(DEFAULT_SCOPE)) {
scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals(ICON)) {
scope.setIcon(reader.nextString());
} else if (name.equals(STRUCTURED)) {
logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals(STRUCTURED_PARAMETER)) {
logger.warn("Found a structured scope, ignoring structure");
} else {
logger.debug("found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
} else if (name.equals(VALUE)) {
scope.setValue(reader.nextString());
} else if (name.equals(DESCRIPTION)) {
scope.setDescription(reader.nextString());
} else if (name.equals(RESTRICTED)) {
scope.setRestricted(reader.nextBoolean());
} else if (name.equals(DEFAULT_SCOPE)) {
scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals(ICON)) {
scope.setIcon(reader.nextString());
} else if (name.equals(STRUCTURED)) {
logger.warn("Found a structured scope, ignoring structure");
} else if (name.equals(STRUCTURED_PARAMETER)) {
logger.warn("Found a structured scope, ignoring structure");
} else {
logger.debug("found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();

816
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_3.java
View File

@ -574,51 +574,51 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
JsonToken tok = reader.peek();
switch (tok) {
case NAME:
String name = reader.nextName();
// find out which member it is
if (name.equals(CLIENTS)) {
readClients(reader);
} else if (name.equals(GRANTS)) {
readGrants(reader);
} else if (name.equals(WHITELISTEDSITES)) {
readWhitelistedSites(reader);
} else if (name.equals(BLACKLISTEDSITES)) {
readBlacklistedSites(reader);
} else if (name.equals(AUTHENTICATIONHOLDERS)) {
readAuthenticationHolders(reader);
} else if (name.equals(ACCESSTOKENS)) {
readAccessTokens(reader);
} else if (name.equals(REFRESHTOKENS)) {
readRefreshTokens(reader);
} else if (name.equals(SYSTEMSCOPES)) {
readSystemScopes(reader);
} else {
boolean processed = false;
for (MITREidDataServiceExtension extension : extensions) {
if (extension.supportsVersion(THIS_VERSION)) {
processed = extension.importExtensionData(name, reader);
if (processed) {
// if the extension processed data, break out of this inner loop
// (only the first extension to claim an extension point gets it)
break;
case NAME:
String name = reader.nextName();
// find out which member it is
if (name.equals(CLIENTS)) {
readClients(reader);
} else if (name.equals(GRANTS)) {
readGrants(reader);
} else if (name.equals(WHITELISTEDSITES)) {
readWhitelistedSites(reader);
} else if (name.equals(BLACKLISTEDSITES)) {
readBlacklistedSites(reader);
} else if (name.equals(AUTHENTICATIONHOLDERS)) {
readAuthenticationHolders(reader);
} else if (name.equals(ACCESSTOKENS)) {
readAccessTokens(reader);
} else if (name.equals(REFRESHTOKENS)) {
readRefreshTokens(reader);
} else if (name.equals(SYSTEMSCOPES)) {
readSystemScopes(reader);
} else {
boolean processed = false;
for (MITREidDataServiceExtension extension : extensions) {
if (extension.supportsVersion(THIS_VERSION)) {
processed = extension.importExtensionData(name, reader);
if (processed) {
// if the extension processed data, break out of this inner loop
// (only the first extension to claim an extension point gets it)
break;
}
}
}
if (!processed) {
// unknown token, skip it
reader.skipValue();
}
}
if (!processed) {
// unknown token, skip it
reader.skipValue();
}
}
break;
case END_OBJECT:
// the object ended, we're done here
reader.endObject();
continue;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
break;
case END_OBJECT:
// the object ended, we're done here
reader.endObject();
continue;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
}
fixObjectReferences();
@ -649,37 +649,37 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
Long authHolderId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(EXPIRATION)) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals(VALUE)) {
String value = reader.nextString();
try {
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(EXPIRATION)) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals(VALUE)) {
String value = reader.nextString();
try {
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
}
} else if (name.equals(CLIENT_ID)) {
clientId = reader.nextString();
} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
authHolderId = reader.nextLong();
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
} else if (name.equals(CLIENT_ID)) {
clientId = reader.nextString();
} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
authHolderId = reader.nextLong();
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -711,45 +711,45 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
Long refreshTokenId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(EXPIRATION)) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals(VALUE)) {
String value = reader.nextString();
try {
// all tokens are JWTs
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(EXPIRATION)) {
Date date = utcToDate(reader.nextString());
token.setExpiration(date);
} else if (name.equals(VALUE)) {
String value = reader.nextString();
try {
// all tokens are JWTs
token.setJwt(JWTParser.parse(value));
} catch (ParseException ex) {
logger.error("Unable to set refresh token value to {}", value, ex);
}
} else if (name.equals(CLIENT_ID)) {
clientId = reader.nextString();
} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
authHolderId = reader.nextLong();
} else if (name.equals(REFRESH_TOKEN_ID)) {
refreshTokenId = reader.nextLong();
} else if (name.equals(SCOPE)) {
Set<String> scope = readSet(reader);
token.setScope(scope);
} else if (name.equals(TYPE)) {
token.setTokenType(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
} else if (name.equals(CLIENT_ID)) {
clientId = reader.nextString();
} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
authHolderId = reader.nextLong();
} else if (name.equals(REFRESH_TOKEN_ID)) {
refreshTokenId = reader.nextLong();
} else if (name.equals(SCOPE)) {
Set<String> scope = readSet(reader);
token.setScope(scope);
} else if (name.equals(TYPE)) {
token.setTokenType(reader.nextString());
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -777,49 +777,49 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
Long currentId = null;
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(REQUEST_PARAMETERS)) {
ahe.setRequestParameters(readMap(reader));
} else if (name.equals(CLIENT_ID)) {
ahe.setClientId(reader.nextString());
} else if (name.equals(SCOPE)) {
ahe.setScope(readSet(reader));
} else if (name.equals(RESOURCE_IDS)) {
ahe.setResourceIds(readSet(reader));
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(REQUEST_PARAMETERS)) {
ahe.setRequestParameters(readMap(reader));
} else if (name.equals(CLIENT_ID)) {
ahe.setClientId(reader.nextString());
} else if (name.equals(SCOPE)) {
ahe.setScope(readSet(reader));
} else if (name.equals(RESOURCE_IDS)) {
ahe.setResourceIds(readSet(reader));
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
ahe.setAuthorities(authorities);
} else if (name.equals(APPROVED)) {
ahe.setApproved(reader.nextBoolean());
} else if (name.equals(REDIRECT_URI)) {
ahe.setRedirectUri(reader.nextString());
} else if (name.equals(RESPONSE_TYPES)) {
ahe.setResponseTypes(readSet(reader));
} else if (name.equals(EXTENSIONS)) {
ahe.setExtensions(readMap(reader));
} else if (name.equals(SAVED_USER_AUTHENTICATION)) {
ahe.setUserAuth(readSavedUserAuthentication(reader));
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
ahe.setAuthorities(authorities);
} else if (name.equals(APPROVED)) {
ahe.setApproved(reader.nextBoolean());
} else if (name.equals(REDIRECT_URI)) {
ahe.setRedirectUri(reader.nextString());
} else if (name.equals(RESPONSE_TYPES)) {
ahe.setResponseTypes(readSet(reader));
} else if (name.equals(EXTENSIONS)) {
ahe.setExtensions(readMap(reader));
} else if (name.equals(SAVED_USER_AUTHENTICATION)) {
ahe.setUserAuth(readSavedUserAuthentication(reader));
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -842,35 +842,35 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
while (reader.hasNext()) {
switch(reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(NAME)) {
savedUserAuth.setName(reader.nextString());
} else if (name.equals(SOURCE_CLASS)) {
savedUserAuth.setSourceClass(reader.nextString());
} else if (name.equals(AUTHENTICATED)) {
savedUserAuth.setAuthenticated(reader.nextBoolean());
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(NAME)) {
savedUserAuth.setName(reader.nextString());
} else if (name.equals(SOURCE_CLASS)) {
savedUserAuth.setSourceClass(reader.nextString());
} else if (name.equals(AUTHENTICATED)) {
savedUserAuth.setAuthenticated(reader.nextBoolean());
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
savedUserAuth.setAuthorities(authorities);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
savedUserAuth.setAuthorities(authorities);
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
@ -891,41 +891,41 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(ACCESS_DATE)) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals(CLIENT_ID)) {
site.setClientId(reader.nextString());
} else if (name.equals(CREATION_DATE)) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals(TIMEOUT_DATE)) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals(USER_ID)) {
site.setUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
tokenIds = readSet(reader);
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(ACCESS_DATE)) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals(CLIENT_ID)) {
site.setClientId(reader.nextString());
} else if (name.equals(CREATION_DATE)) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals(TIMEOUT_DATE)) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals(USER_ID)) {
site.setUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
tokenIds = readSet(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -952,28 +952,28 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(CLIENT_ID)) {
wlSite.setClientId(reader.nextString());
} else if (name.equals(CREATOR_USER_ID)) {
wlSite.setCreatorUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
wlSite.setAllowedScopes(allowedScopes);
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(CLIENT_ID)) {
wlSite.setClientId(reader.nextString());
} else if (name.equals(CREATOR_USER_ID)) {
wlSite.setCreatorUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
wlSite.setAllowedScopes(allowedScopes);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -995,23 +995,23 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals(ID)) {
reader.skipValue();
} else if (name.equals(URI)) {
blSite.setUri(reader.nextString());
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (name.equals(ID)) {
reader.skipValue();
} else if (name.equals(URI)) {
blSite.setUri(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -1032,152 +1032,152 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(CLIENT_ID)) {
client.setClientId(reader.nextString());
} else if (name.equals(RESOURCE_IDS)) {
Set<String> resourceIds = readSet(reader);
client.setResourceIds(resourceIds);
} else if (name.equals(SECRET)) {
client.setClientSecret(reader.nextString());
} else if (name.equals(SCOPE)) {
Set<String> scope = readSet(reader);
client.setScope(scope);
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(CLIENT_ID)) {
client.setClientId(reader.nextString());
} else if (name.equals(RESOURCE_IDS)) {
Set<String> resourceIds = readSet(reader);
client.setResourceIds(resourceIds);
} else if (name.equals(SECRET)) {
client.setClientSecret(reader.nextString());
} else if (name.equals(SCOPE)) {
Set<String> scope = readSet(reader);
client.setScope(scope);
} else if (name.equals(AUTHORITIES)) {
Set<String> authorityStrs = readSet(reader);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (String s : authorityStrs) {
GrantedAuthority ga = new SimpleGrantedAuthority(s);
authorities.add(ga);
}
client.setAuthorities(authorities);
} else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) {
client.setAccessTokenValiditySeconds(reader.nextInt());
} else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) {
client.setRefreshTokenValiditySeconds(reader.nextInt());
} else if (name.equals(ID_TOKEN_VALIDITY_SECONDS)) {
client.setIdTokenValiditySeconds(reader.nextInt());
} else if (name.equals(DEVICE_CODE_VALIDITY_SECONDS)) {
client.setDeviceCodeValiditySeconds(reader.nextInt());
} else if (name.equals(REDIRECT_URIS)) {
Set<String> redirectUris = readSet(reader);
client.setRedirectUris(redirectUris);
} else if (name.equals(CLAIMS_REDIRECT_URIS)) {
Set<String> claimsRedirectUris = readSet(reader);
client.setClaimsRedirectUris(claimsRedirectUris);
} else if (name.equals(NAME)) {
client.setClientName(reader.nextString());
} else if (name.equals(URI)) {
client.setClientUri(reader.nextString());
} else if (name.equals(LOGO_URI)) {
client.setLogoUri(reader.nextString());
} else if (name.equals(CONTACTS)) {
Set<String> contacts = readSet(reader);
client.setContacts(contacts);
} else if (name.equals(TOS_URI)) {
client.setTosUri(reader.nextString());
} else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) {
AuthMethod am = AuthMethod.getByValue(reader.nextString());
client.setTokenEndpointAuthMethod(am);
} else if (name.equals(GRANT_TYPES)) {
Set<String> grantTypes = readSet(reader);
client.setGrantTypes(grantTypes);
} else if (name.equals(RESPONSE_TYPES)) {
Set<String> responseTypes = readSet(reader);
client.setResponseTypes(responseTypes);
} else if (name.equals(POLICY_URI)) {
client.setPolicyUri(reader.nextString());
} else if (name.equals(APPLICATION_TYPE)) {
AppType appType = AppType.getByValue(reader.nextString());
client.setApplicationType(appType);
} else if (name.equals(SECTOR_IDENTIFIER_URI)) {
client.setSectorIdentifierUri(reader.nextString());
} else if (name.equals(SUBJECT_TYPE)) {
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals(JWKS_URI)) {
client.setJwksUri(reader.nextString());
} else if (name.equals(JWKS)) {
try {
client.setJwks(JWKSet.parse(reader.nextString()));
} catch (ParseException e) {
logger.error("Couldn't parse JWK Set", e);
}
} else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setRequestObjectSigningAlg(alg);
} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setUserInfoSignedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setIdTokenSignedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setIdTokenEncryptedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setIdTokenEncryptedResponseEnc(alg);
} else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals(DEFAULT_MAX_AGE)) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals(REQUIRE_AUTH_TIME)) {
client.setRequireAuthTime(reader.nextBoolean());
} else if (name.equals(DEFAULT_ACR_VALUES)) {
Set<String> defaultACRvalues = readSet(reader);
client.setDefaultACRvalues(defaultACRvalues);
} else if (name.equals("initiateLoginUri")) {
client.setInitiateLoginUri(reader.nextString());
} else if (name.equals(POST_LOGOUT_REDIRECT_URI)) {
Set<String> postLogoutUris = readSet(reader);
client.setPostLogoutRedirectUris(postLogoutUris);
} else if (name.equals(REQUEST_URIS)) {
Set<String> requestUris = readSet(reader);
client.setRequestUris(requestUris);
} else if (name.equals(DESCRIPTION)) {
client.setClientDescription(reader.nextString());
} else if (name.equals(ALLOW_INTROSPECTION)) {
client.setAllowIntrospection(reader.nextBoolean());
} else if (name.equals(REUSE_REFRESH_TOKEN)) {
client.setReuseRefreshToken(reader.nextBoolean());
} else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) {
client.setClearAccessTokensOnRefresh(reader.nextBoolean());
} else if (name.equals(DYNAMICALLY_REGISTERED)) {
client.setDynamicallyRegistered(reader.nextBoolean());
} else if (name.equals(CODE_CHALLENGE_METHOD)) {
client.setCodeChallengeMethod(PKCEAlgorithm.parse(reader.nextString()));
} else if (name.equals(SOFTWARE_ID)) {
client.setSoftwareId(reader.nextString());
} else if (name.equals(SOFTWARE_VERSION)) {
client.setSoftwareVersion(reader.nextString());
} else if (name.equals(SOFTWARE_STATEMENT)) {
try {
client.setSoftwareStatement(JWTParser.parse(reader.nextString()));
} catch (ParseException e) {
logger.error("Couldn't parse software statement", e);
}
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
client.setAuthorities(authorities);
} else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) {
client.setAccessTokenValiditySeconds(reader.nextInt());
} else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) {
client.setRefreshTokenValiditySeconds(reader.nextInt());
} else if (name.equals(ID_TOKEN_VALIDITY_SECONDS)) {
client.setIdTokenValiditySeconds(reader.nextInt());
} else if (name.equals(DEVICE_CODE_VALIDITY_SECONDS)) {
client.setDeviceCodeValiditySeconds(reader.nextInt());
} else if (name.equals(REDIRECT_URIS)) {
Set<String> redirectUris = readSet(reader);
client.setRedirectUris(redirectUris);
} else if (name.equals(CLAIMS_REDIRECT_URIS)) {
Set<String> claimsRedirectUris = readSet(reader);
client.setClaimsRedirectUris(claimsRedirectUris);
} else if (name.equals(NAME)) {
client.setClientName(reader.nextString());
} else if (name.equals(URI)) {
client.setClientUri(reader.nextString());
} else if (name.equals(LOGO_URI)) {
client.setLogoUri(reader.nextString());
} else if (name.equals(CONTACTS)) {
Set<String> contacts = readSet(reader);
client.setContacts(contacts);
} else if (name.equals(TOS_URI)) {
client.setTosUri(reader.nextString());
} else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) {
AuthMethod am = AuthMethod.getByValue(reader.nextString());
client.setTokenEndpointAuthMethod(am);
} else if (name.equals(GRANT_TYPES)) {
Set<String> grantTypes = readSet(reader);
client.setGrantTypes(grantTypes);
} else if (name.equals(RESPONSE_TYPES)) {
Set<String> responseTypes = readSet(reader);
client.setResponseTypes(responseTypes);
} else if (name.equals(POLICY_URI)) {
client.setPolicyUri(reader.nextString());
} else if (name.equals(APPLICATION_TYPE)) {
AppType appType = AppType.getByValue(reader.nextString());
client.setApplicationType(appType);
} else if (name.equals(SECTOR_IDENTIFIER_URI)) {
client.setSectorIdentifierUri(reader.nextString());
} else if (name.equals(SUBJECT_TYPE)) {
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals(JWKS_URI)) {
client.setJwksUri(reader.nextString());
} else if (name.equals(JWKS)) {
try {
client.setJwks(JWKSet.parse(reader.nextString()));
} catch (ParseException e) {
logger.error("Couldn't parse JWK Set", e);
}
} else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setRequestObjectSigningAlg(alg);
} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setUserInfoSignedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setIdTokenSignedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) {
JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
client.setIdTokenEncryptedResponseAlg(alg);
} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) {
EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
client.setIdTokenEncryptedResponseEnc(alg);
} else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals(DEFAULT_MAX_AGE)) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals(REQUIRE_AUTH_TIME)) {
client.setRequireAuthTime(reader.nextBoolean());
} else if (name.equals(DEFAULT_ACR_VALUES)) {
Set<String> defaultACRvalues = readSet(reader);
client.setDefaultACRvalues(defaultACRvalues);
} else if (name.equals("initiateLoginUri")) {
client.setInitiateLoginUri(reader.nextString());
} else if (name.equals(POST_LOGOUT_REDIRECT_URI)) {
Set<String> postLogoutUris = readSet(reader);
client.setPostLogoutRedirectUris(postLogoutUris);
} else if (name.equals(REQUEST_URIS)) {
Set<String> requestUris = readSet(reader);
client.setRequestUris(requestUris);
} else if (name.equals(DESCRIPTION)) {
client.setClientDescription(reader.nextString());
} else if (name.equals(ALLOW_INTROSPECTION)) {
client.setAllowIntrospection(reader.nextBoolean());
} else if (name.equals(REUSE_REFRESH_TOKEN)) {
client.setReuseRefreshToken(reader.nextBoolean());
} else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) {
client.setClearAccessTokensOnRefresh(reader.nextBoolean());
} else if (name.equals(DYNAMICALLY_REGISTERED)) {
client.setDynamicallyRegistered(reader.nextBoolean());
} else if (name.equals(CODE_CHALLENGE_METHOD)) {
client.setCodeChallengeMethod(PKCEAlgorithm.parse(reader.nextString()));
} else if (name.equals(SOFTWARE_ID)) {
client.setSoftwareId(reader.nextString());
} else if (name.equals(SOFTWARE_VERSION)) {
client.setSoftwareVersion(reader.nextString());
} else if (name.equals(SOFTWARE_STATEMENT)) {
try {
client.setSoftwareStatement(JWTParser.parse(reader.nextString()));
} catch (ParseException e) {
logger.error("Couldn't parse software statement", e);
}
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -1201,31 +1201,31 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(VALUE)) {
scope.setValue(reader.nextString());
} else if (name.equals(DESCRIPTION)) {
scope.setDescription(reader.nextString());
} else if (name.equals(RESTRICTED)) {
scope.setRestricted(reader.nextBoolean());
} else if (name.equals(DEFAULT_SCOPE)) {
scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals(ICON)) {
scope.setIcon(reader.nextString());
} else {
logger.debug("found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
} else if (name.equals(VALUE)) {
scope.setValue(reader.nextString());
} else if (name.equals(DESCRIPTION)) {
scope.setDescription(reader.nextString());
} else if (name.equals(RESTRICTED)) {
scope.setRestricted(reader.nextBoolean());
} else if (name.equals(DEFAULT_SCOPE)) {
scope.setDefaultScope(reader.nextBoolean());
} else if (name.equals(ICON)) {
scope.setIcon(reader.nextString());
} else {
logger.debug("found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -1304,7 +1304,7 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
refreshTokenOldToNewIdMap.clear();
accessTokenOldToNewIdMap.clear();
grantOldToNewIdMap.clear();
*/
*/
logger.info("Done fixing object references.");
}

13
openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
View File

@ -20,15 +20,12 @@ import java.util.Date;
import java.util.UUID;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.service.UserInfoService;
import org.slf4j.Logger;
@ -66,22 +63,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
@Autowired
private ClientDetailsEntityService clientService;
@Autowired
private ApprovedSiteService approvedSiteService;
@Autowired
private UserInfoService userInfoService;
@Autowired
private OIDCTokenService connectTokenService;
@Autowired
private JWKSetCacheService encryptors;
@Autowired
private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {

1
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
View File

@ -31,7 +31,6 @@ import java.util.Set;
import javax.servlet.http.HttpSession;
import org.mitre.oauth2.model.SystemScope;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.model.WhitelistedSite;

131
openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
View File

@ -37,15 +37,11 @@ import org.springframework.web.servlet.view.AbstractView;
import com.google.gson.ExclusionStrategy;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonDeserializationContext;
import com.google.gson.JsonDeserializer;
import com.google.gson.JsonElement;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import com.google.gson.JsonPrimitive;
import com.google.gson.JsonSerializationContext;
import com.google.gson.JsonSerializer;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
@ -71,70 +67,71 @@ public abstract class AbstractClientEntityView extends AbstractView {
private JsonParser parser = new JsonParser();
private Gson gson = new GsonBuilder()
.setExclusionStrategies(getExclusionStrategy())
.registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer<JWSAlgorithm>() {
@Override
public JsonElement serialize(JWSAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
.registerTypeAdapter(JWEAlgorithm.class, new JsonSerializer<JWEAlgorithm>() {
@Override
public JsonElement serialize(JWEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
.registerTypeAdapter(EncryptionMethod.class, new JsonSerializer<EncryptionMethod>() {
@Override
public JsonElement serialize(EncryptionMethod src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
.registerTypeAdapter(JWKSet.class, new JsonSerializer<JWKSet>() {
@Override
public JsonElement serialize(JWKSet src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return parser.parse(src.toString());
} else {
return null;
}
}
})
.registerTypeAdapter(JWT.class, new JsonSerializer<JWT>() {
@Override
public JsonElement serialize(JWT src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.serialize());
} else {
return null;
}
}
.setExclusionStrategies(getExclusionStrategy())
.registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer<JWSAlgorithm>() {
@Override
public JsonElement serialize(JWSAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
.registerTypeAdapter(JWEAlgorithm.class, new JsonSerializer<JWEAlgorithm>() {
@Override
public JsonElement serialize(JWEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
.registerTypeAdapter(EncryptionMethod.class, new JsonSerializer<EncryptionMethod>() {
@Override
public JsonElement serialize(EncryptionMethod src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
.registerTypeAdapter(JWKSet.class, new JsonSerializer<JWKSet>() {
@Override
public JsonElement serialize(JWKSet src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return parser.parse(src.toString());
} else {
return null;
}
}
})
.registerTypeAdapter(JWT.class, new JsonSerializer<JWT>() {
@Override
public JsonElement serialize(JWT src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.serialize());
} else {
return null;
}
}
})
.registerTypeAdapter(PKCEAlgorithm.class, new JsonSerializer<PKCEAlgorithm>() {
public JsonPrimitive serialize(PKCEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
})
.registerTypeAdapter(PKCEAlgorithm.class, new JsonSerializer<PKCEAlgorithm>() {
@Override
public JsonPrimitive serialize(PKCEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
/**

60
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java
View File

@ -61,40 +61,40 @@ public class JsonApprovedSiteView extends AbstractView {
public static final String VIEWNAME = "jsonApprovedSiteView";
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
.setExclusionStrategies(new ExclusionStrategy() {
@Override
public boolean shouldSkipField(FieldAttributes f) {
@Override
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
})
.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
@Override
public JsonElement serialize(OAuth2AccessTokenEntity src,
Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getId());
}
})
.registerTypeAdapter(WhitelistedSite.class, new JsonSerializer<WhitelistedSite>() {
@Override
public JsonElement serialize(WhitelistedSite src, Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getId());
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
})
.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
@Override
public JsonElement serialize(OAuth2AccessTokenEntity src,
Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getId());
}
})
.registerTypeAdapter(WhitelistedSite.class, new JsonSerializer<WhitelistedSite>() {
@Override
public JsonElement serialize(WhitelistedSite src, Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getId());
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
@Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

34
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
View File

@ -56,27 +56,27 @@ public class JsonEntityView extends AbstractView {
public static final String VIEWNAME = "jsonEntityView";
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
.setExclusionStrategies(new ExclusionStrategy() {
@Override
public boolean shouldSkipField(FieldAttributes f) {
@Override
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
@Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

34
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java
View File

@ -63,27 +63,27 @@ public class JsonErrorView extends AbstractView {
public static final String VIEWNAME = "jsonErrorView";
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
.setExclusionStrategies(new ExclusionStrategy() {
@Override
public boolean shouldSkipField(FieldAttributes f) {
@Override
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
@Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

10
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java
View File

@ -99,11 +99,11 @@ public class UserInfoJWTView extends UserInfoView {
response.setContentType(JOSE_MEDIA_TYPE_VALUE);
JWTClaimsSet claims = new JWTClaimsSet.Builder(JWTClaimsSet.parse(writer.toString()))
.audience(Lists.newArrayList(client.getClientId()))
.issuer(config.getIssuer())
.issueTime(new Date())
.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
.build();
.audience(Lists.newArrayList(client.getClientId()))
.issuer(config.getIssuer())
.issueTime(new Date())
.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
.build();
if (client.getUserInfoEncryptedResponseAlg() != null && !client.getUserInfoEncryptedResponseAlg().equals(Algorithm.NONE)

4
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
View File

@ -22,7 +22,6 @@ package org.mitre.openid.connect.web;
import java.security.Principal;
import java.util.Collection;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mitre.openid.connect.view.HttpCodeView;
@ -55,9 +54,6 @@ public class ApprovedSiteAPI {
@Autowired
private ApprovedSiteService approvedSiteService;
@Autowired
private OAuth2TokenEntityService tokenServices;
/**
* Logger for this class
*/

207
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
View File

@ -142,76 +142,77 @@ public class ClientAPI {
private JsonParser parser = new JsonParser();
private Gson gson = new GsonBuilder()
.serializeNulls()
.registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer<Algorithm>() {
@Override
public JWSAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
return JWSAlgorithm.parse(json.getAsString());
} else {
return null;
}
}
})
.registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer<Algorithm>() {
@Override
public JWEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
return JWEAlgorithm.parse(json.getAsString());
} else {
return null;
}
}
})
.registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer<Algorithm>() {
@Override
public EncryptionMethod deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
return EncryptionMethod.parse(json.getAsString());
} else {
return null;
}
}
})
.registerTypeAdapter(JWKSet.class, new JsonDeserializer<JWKSet>() {
@Override
public JWKSet deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonObject()) {
try {
return JWKSet.parse(json.toString());
} catch (ParseException e) {
return null;
.serializeNulls()
.registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer<Algorithm>() {
@Override
public JWSAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
return JWSAlgorithm.parse(json.getAsString());
} else {
return null;
}
}
} else {
return null;
}
}
})
.registerTypeAdapter(JWT.class, new JsonDeserializer<JWT>() {
@Override
public JWT deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
try {
return JWTParser.parse(json.getAsString());
} catch (ParseException e) {
return null;
})
.registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer<Algorithm>() {
@Override
public JWEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
return JWEAlgorithm.parse(json.getAsString());
} else {
return null;
}
}
} else {
return null;
}
}
})
.registerTypeAdapter(PKCEAlgorithm.class, new JsonDeserializer<Algorithm>() {
public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
return PKCEAlgorithm.parse(json.getAsString());
} else {
return null;
}
}
})
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
})
.registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer<Algorithm>() {
@Override
public EncryptionMethod deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
return EncryptionMethod.parse(json.getAsString());
} else {
return null;
}
}
})
.registerTypeAdapter(JWKSet.class, new JsonDeserializer<JWKSet>() {
@Override
public JWKSet deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonObject()) {
try {
return JWKSet.parse(json.toString());
} catch (ParseException e) {
return null;
}
} else {
return null;
}
}
})
.registerTypeAdapter(JWT.class, new JsonDeserializer<JWT>() {
@Override
public JWT deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
try {
return JWTParser.parse(json.getAsString());
} catch (ParseException e) {
return null;
}
} else {
return null;
}
}
})
.registerTypeAdapter(PKCEAlgorithm.class, new JsonDeserializer<Algorithm>() {
@Override
public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
return PKCEAlgorithm.parse(json.getAsString());
} else {
return null;
}
}
})
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.create();
/**
* Logger for this class
@ -508,37 +509,37 @@ public class ClientAPI {
* Get the logo image for a client
* @param id
*/
@RequestMapping(value = "/{id}/logo", method=RequestMethod.GET, produces = { MediaType.IMAGE_GIF_VALUE, MediaType.IMAGE_JPEG_VALUE, MediaType.IMAGE_PNG_VALUE })
public ResponseEntity<byte[]> getClientLogo(@PathVariable("id") Long id, Model model) {
@RequestMapping(value = "/{id}/logo", method=RequestMethod.GET, produces = { MediaType.IMAGE_GIF_VALUE, MediaType.IMAGE_JPEG_VALUE, MediaType.IMAGE_PNG_VALUE })
public ResponseEntity<byte[]> getClientLogo(@PathVariable("id") Long id, Model model) {
ClientDetailsEntity client = clientService.getClientById(id);
ClientDetailsEntity client = clientService.getClientById(id);
if (client == null) {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
} else if (Strings.isNullOrEmpty(client.getLogoUri())) {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
} else {
// get the image from cache
CachedImage image = clientLogoLoadingService.getLogo(client);
if (client == null) {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
} else if (Strings.isNullOrEmpty(client.getLogoUri())) {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
} else {
// get the image from cache
CachedImage image = clientLogoLoadingService.getLogo(client);
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.parseMediaType(image.getContentType()));
headers.setContentLength(image.getLength());
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.parseMediaType(image.getContentType()));
headers.setContentLength(image.getLength());
return new ResponseEntity<>(image.getData(), headers, HttpStatus.OK);
}
}
return new ResponseEntity<>(image.getData(), headers, HttpStatus.OK);
}
}
private ClientDetailsEntity validateSoftwareStatement(ClientDetailsEntity newClient) throws ValidationException {
if (newClient.getSoftwareStatement() != null) {
if (assertionValidator.isValid(newClient.getSoftwareStatement())) {
// we have a software statement and its envelope passed all the checks from our validator
private ClientDetailsEntity validateSoftwareStatement(ClientDetailsEntity newClient) throws ValidationException {
if (newClient.getSoftwareStatement() != null) {
if (assertionValidator.isValid(newClient.getSoftwareStatement())) {
// we have a software statement and its envelope passed all the checks from our validator
// swap out all of the client's fields for the associated parts of the software statement
try {
JWTClaimsSet claimSet = newClient.getSoftwareStatement().getJWTClaimsSet();
for (String claim : claimSet.getClaims().keySet()) {
switch (claim) {
// swap out all of the client's fields for the associated parts of the software statement
try {
JWTClaimsSet claimSet = newClient.getSoftwareStatement().getJWTClaimsSet();
for (String claim : claimSet.getClaims().keySet()) {
switch (claim) {
case SOFTWARE_STATEMENT:
throw new ValidationException("invalid_client_metadata", "Software statement can't include another software statement", HttpStatus.BAD_REQUEST);
case CLAIMS_REDIRECT_URIS:
@ -650,21 +651,21 @@ public class ClientAPI {
default:
logger.warn("Software statement contained unknown field: " + claim + " with value " + claimSet.getClaim(claim));
break;
}
}
return newClient;
} catch (ParseException e) {
throw new ValidationException("invalid_client_metadata", "Software statement claims didn't parse", HttpStatus.BAD_REQUEST);
}
} else {
throw new ValidationException("invalid_client_metadata", "Software statement rejected by validator", HttpStatus.BAD_REQUEST);
return newClient;
} catch (ParseException e) {
throw new ValidationException("invalid_client_metadata", "Software statement claims didn't parse", HttpStatus.BAD_REQUEST);
}
} else {
// nothing to see here, carry on
return newClient;
throw new ValidationException("invalid_client_metadata", "Software statement rejected by validator", HttpStatus.BAD_REQUEST);
}
} else {
// nothing to see here, carry on
return newClient;
}
}
}

49
openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java
View File

@ -27,9 +27,6 @@ import javax.servlet.http.HttpServletResponse;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.service.MITREidDataService;
import org.mitre.openid.connect.service.impl.MITREidDataService_1_0;
import org.mitre.openid.connect.service.impl.MITREidDataService_1_1;
import org.mitre.openid.connect.service.impl.MITREidDataService_1_2;
import org.mitre.openid.connect.service.impl.MITREidDataService_1_3;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -74,10 +71,10 @@ public class DataAPI {
private List<MITREidDataService> importers;
private List<String> supportedVersions = ImmutableList.of(
MITREidDataService.MITREID_CONNECT_1_0,
MITREidDataService.MITREID_CONNECT_1_1,
MITREidDataService.MITREID_CONNECT_1_2,
MITREidDataService.MITREID_CONNECT_1_3);
MITREidDataService.MITREID_CONNECT_1_0,
MITREidDataService.MITREID_CONNECT_1_1,
MITREidDataService.MITREID_CONNECT_1_2,
MITREidDataService.MITREID_CONNECT_1_3);
@Autowired
private MITREidDataService_1_3 exporter;
@ -92,28 +89,28 @@ public class DataAPI {
while (reader.hasNext()) {
JsonToken tok = reader.peek();
switch (tok) {
case NAME:
String name = reader.nextName();
case NAME:
String name = reader.nextName();
if (supportedVersions.contains(name)) {
// we're working with a known data version tag
for (MITREidDataService dataService : importers) {
// dispatch to the correct service
if (dataService.supportsVersion(name)) {
dataService.importData(reader);
break;
if (supportedVersions.contains(name)) {
// we're working with a known data version tag
for (MITREidDataService dataService : importers) {
// dispatch to the correct service
if (dataService.supportsVersion(name)) {
dataService.importData(reader);
break;
}
}
} else {
// consume the next bit silently for now
logger.debug("Skipping value for " + name); // TODO: write these out?
reader.skipValue();
}
} else {
// consume the next bit silently for now
logger.debug("Skipping value for " + name); // TODO: write these out?
reader.skipValue();
}
break;
case END_OBJECT:
break;
case END_DOCUMENT:
break;
break;
case END_OBJECT:
break;
case END_DOCUMENT:
break;
}
}

265
openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java
View File

@ -16,8 +16,6 @@
*******************************************************************************/
package org.mitre.openid.connect.web;
import static org.mitre.oauth2.model.RegisteredClientFields.*;
import java.io.UnsupportedEncodingException;
import java.text.ParseException;
import java.util.Date;
@ -26,7 +24,6 @@ import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.mitre.jwt.assertion.AssertionValidator;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
@ -73,6 +70,45 @@ import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.JWTClaimsSet;
import static org.mitre.oauth2.model.RegisteredClientFields.APPLICATION_TYPE;
import static org.mitre.oauth2.model.RegisteredClientFields.CLAIMS_REDIRECT_URIS;
import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID;
import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID_ISSUED_AT;
import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_NAME;
import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET;
import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET_EXPIRES_AT;
import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_URI;
import static org.mitre.oauth2.model.RegisteredClientFields.CONTACTS;
import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_ACR_VALUES;
import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_MAX_AGE;
import static org.mitre.oauth2.model.RegisteredClientFields.GRANT_TYPES;
import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_ENCRYPTED_RESPONSE_ALG;
import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_ENCRYPTED_RESPONSE_ENC;
import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_SIGNED_RESPONSE_ALG;
import static org.mitre.oauth2.model.RegisteredClientFields.INITIATE_LOGIN_URI;
import static org.mitre.oauth2.model.RegisteredClientFields.JWKS;
import static org.mitre.oauth2.model.RegisteredClientFields.JWKS_URI;
import static org.mitre.oauth2.model.RegisteredClientFields.LOGO_URI;
import static org.mitre.oauth2.model.RegisteredClientFields.POLICY_URI;
import static org.mitre.oauth2.model.RegisteredClientFields.POST_LOGOUT_REDIRECT_URIS;
import static org.mitre.oauth2.model.RegisteredClientFields.REDIRECT_URIS;
import static org.mitre.oauth2.model.RegisteredClientFields.REGISTRATION_ACCESS_TOKEN;
import static org.mitre.oauth2.model.RegisteredClientFields.REGISTRATION_CLIENT_URI;
import static org.mitre.oauth2.model.RegisteredClientFields.REQUEST_OBJECT_SIGNING_ALG;
import static org.mitre.oauth2.model.RegisteredClientFields.REQUEST_URIS;
import static org.mitre.oauth2.model.RegisteredClientFields.REQUIRE_AUTH_TIME;
import static org.mitre.oauth2.model.RegisteredClientFields.RESPONSE_TYPES;
import static org.mitre.oauth2.model.RegisteredClientFields.SCOPE;
import static org.mitre.oauth2.model.RegisteredClientFields.SECTOR_IDENTIFIER_URI;
import static org.mitre.oauth2.model.RegisteredClientFields.SOFTWARE_STATEMENT;
import static org.mitre.oauth2.model.RegisteredClientFields.SUBJECT_TYPE;
import static org.mitre.oauth2.model.RegisteredClientFields.TOKEN_ENDPOINT_AUTH_METHOD;
import static org.mitre.oauth2.model.RegisteredClientFields.TOKEN_ENDPOINT_AUTH_SIGNING_ALG;
import static org.mitre.oauth2.model.RegisteredClientFields.TOS_URI;
import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ALG;
import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ENC;
import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_SIGNED_RESPONSE_ALG;
@Controller
@RequestMapping(value = DynamicClientRegistrationEndpoint.URL)
public class DynamicClientRegistrationEndpoint {
@ -85,9 +121,6 @@ public class DynamicClientRegistrationEndpoint {
@Autowired
private OAuth2TokenEntityService tokenService;
@Autowired
private JWTSigningAndValidationService jwtService;
@Autowired
private SystemScopeService scopeService;
@ -587,117 +620,117 @@ public class DynamicClientRegistrationEndpoint {
JWTClaimsSet claimSet = newClient.getSoftwareStatement().getJWTClaimsSet();
for (String claim : claimSet.getClaims().keySet()) {
switch (claim) {
case SOFTWARE_STATEMENT:
throw new ValidationException("invalid_client_metadata", "Software statement can't include another software statement", HttpStatus.BAD_REQUEST);
case CLAIMS_REDIRECT_URIS:
newClient.setClaimsRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case CLIENT_SECRET_EXPIRES_AT:
throw new ValidationException("invalid_client_metadata", "Software statement can't include a client secret expiration time", HttpStatus.BAD_REQUEST);
case CLIENT_ID_ISSUED_AT:
throw new ValidationException("invalid_client_metadata", "Software statement can't include a client ID issuance time", HttpStatus.BAD_REQUEST);
case REGISTRATION_CLIENT_URI:
throw new ValidationException("invalid_client_metadata", "Software statement can't include a client configuration endpoint", HttpStatus.BAD_REQUEST);
case REGISTRATION_ACCESS_TOKEN:
throw new ValidationException("invalid_client_metadata", "Software statement can't include a client registration access token", HttpStatus.BAD_REQUEST);
case REQUEST_URIS:
newClient.setRequestUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case POST_LOGOUT_REDIRECT_URIS:
newClient.setPostLogoutRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case INITIATE_LOGIN_URI:
newClient.setInitiateLoginUri(claimSet.getStringClaim(claim));
break;
case DEFAULT_ACR_VALUES:
newClient.setDefaultACRvalues(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case REQUIRE_AUTH_TIME:
newClient.setRequireAuthTime(claimSet.getBooleanClaim(claim));
break;
case DEFAULT_MAX_AGE:
newClient.setDefaultMaxAge(claimSet.getIntegerClaim(claim));
break;
case TOKEN_ENDPOINT_AUTH_SIGNING_ALG:
newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case ID_TOKEN_ENCRYPTED_RESPONSE_ENC:
newClient.setIdTokenEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim)));
break;
case ID_TOKEN_ENCRYPTED_RESPONSE_ALG:
newClient.setIdTokenEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case ID_TOKEN_SIGNED_RESPONSE_ALG:
newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case USERINFO_ENCRYPTED_RESPONSE_ENC:
newClient.setUserInfoEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim)));
break;
case USERINFO_ENCRYPTED_RESPONSE_ALG:
newClient.setUserInfoEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case USERINFO_SIGNED_RESPONSE_ALG:
newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case REQUEST_OBJECT_SIGNING_ALG:
newClient.setRequestObjectSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case SUBJECT_TYPE:
newClient.setSubjectType(SubjectType.getByValue(claimSet.getStringClaim(claim)));
break;
case SECTOR_IDENTIFIER_URI:
newClient.setSectorIdentifierUri(claimSet.getStringClaim(claim));
break;
case APPLICATION_TYPE:
newClient.setApplicationType(AppType.getByValue(claimSet.getStringClaim(claim)));
break;
case JWKS_URI:
newClient.setJwksUri(claimSet.getStringClaim(claim));
break;
case JWKS:
newClient.setJwks(JWKSet.parse(claimSet.getStringClaim(claim)));
break;
case POLICY_URI:
newClient.setPolicyUri(claimSet.getStringClaim(claim));
break;
case RESPONSE_TYPES:
newClient.setResponseTypes(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case GRANT_TYPES:
newClient.setGrantTypes(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case SCOPE:
newClient.setScope(OAuth2Utils.parseParameterList(claimSet.getStringClaim(claim)));
break;
case TOKEN_ENDPOINT_AUTH_METHOD:
newClient.setTokenEndpointAuthMethod(AuthMethod.getByValue(claimSet.getStringClaim(claim)));
break;
case TOS_URI:
newClient.setTosUri(claimSet.getStringClaim(claim));
break;
case CONTACTS:
newClient.setContacts(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case LOGO_URI:
newClient.setLogoUri(claimSet.getStringClaim(claim));
break;
case CLIENT_URI:
newClient.setClientUri(claimSet.getStringClaim(claim));
break;
case CLIENT_NAME:
newClient.setClientName(claimSet.getStringClaim(claim));
break;
case REDIRECT_URIS:
newClient.setRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case CLIENT_SECRET:
throw new ValidationException("invalid_client_metadata", "Software statement can't contain client secret", HttpStatus.BAD_REQUEST);
case CLIENT_ID:
throw new ValidationException("invalid_client_metadata", "Software statement can't contain client ID", HttpStatus.BAD_REQUEST);
case SOFTWARE_STATEMENT:
throw new ValidationException("invalid_client_metadata", "Software statement can't include another software statement", HttpStatus.BAD_REQUEST);
case CLAIMS_REDIRECT_URIS:
newClient.setClaimsRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case CLIENT_SECRET_EXPIRES_AT:
throw new ValidationException("invalid_client_metadata", "Software statement can't include a client secret expiration time", HttpStatus.BAD_REQUEST);
case CLIENT_ID_ISSUED_AT:
throw new ValidationException("invalid_client_metadata", "Software statement can't include a client ID issuance time", HttpStatus.BAD_REQUEST);
case REGISTRATION_CLIENT_URI:
throw new ValidationException("invalid_client_metadata", "Software statement can't include a client configuration endpoint", HttpStatus.BAD_REQUEST);
case REGISTRATION_ACCESS_TOKEN:
throw new ValidationException("invalid_client_metadata", "Software statement can't include a client registration access token", HttpStatus.BAD_REQUEST);
case REQUEST_URIS:
newClient.setRequestUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case POST_LOGOUT_REDIRECT_URIS:
newClient.setPostLogoutRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case INITIATE_LOGIN_URI:
newClient.setInitiateLoginUri(claimSet.getStringClaim(claim));
break;
case DEFAULT_ACR_VALUES:
newClient.setDefaultACRvalues(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case REQUIRE_AUTH_TIME:
newClient.setRequireAuthTime(claimSet.getBooleanClaim(claim));
break;
case DEFAULT_MAX_AGE:
newClient.setDefaultMaxAge(claimSet.getIntegerClaim(claim));
break;
case TOKEN_ENDPOINT_AUTH_SIGNING_ALG:
newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case ID_TOKEN_ENCRYPTED_RESPONSE_ENC:
newClient.setIdTokenEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim)));
break;
case ID_TOKEN_ENCRYPTED_RESPONSE_ALG:
newClient.setIdTokenEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case ID_TOKEN_SIGNED_RESPONSE_ALG:
newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case USERINFO_ENCRYPTED_RESPONSE_ENC:
newClient.setUserInfoEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim)));
break;
case USERINFO_ENCRYPTED_RESPONSE_ALG:
newClient.setUserInfoEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case USERINFO_SIGNED_RESPONSE_ALG:
newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case REQUEST_OBJECT_SIGNING_ALG:
newClient.setRequestObjectSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
break;
case SUBJECT_TYPE:
newClient.setSubjectType(SubjectType.getByValue(claimSet.getStringClaim(claim)));
break;
case SECTOR_IDENTIFIER_URI:
newClient.setSectorIdentifierUri(claimSet.getStringClaim(claim));
break;
case APPLICATION_TYPE:
newClient.setApplicationType(AppType.getByValue(claimSet.getStringClaim(claim)));
break;
case JWKS_URI:
newClient.setJwksUri(claimSet.getStringClaim(claim));
break;
case JWKS:
newClient.setJwks(JWKSet.parse(claimSet.getStringClaim(claim)));
break;
case POLICY_URI:
newClient.setPolicyUri(claimSet.getStringClaim(claim));
break;
case RESPONSE_TYPES:
newClient.setResponseTypes(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case GRANT_TYPES:
newClient.setGrantTypes(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case SCOPE:
newClient.setScope(OAuth2Utils.parseParameterList(claimSet.getStringClaim(claim)));
break;
case TOKEN_ENDPOINT_AUTH_METHOD:
newClient.setTokenEndpointAuthMethod(AuthMethod.getByValue(claimSet.getStringClaim(claim)));
break;
case TOS_URI:
newClient.setTosUri(claimSet.getStringClaim(claim));
break;
case CONTACTS:
newClient.setContacts(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case LOGO_URI:
newClient.setLogoUri(claimSet.getStringClaim(claim));
break;
case CLIENT_URI:
newClient.setClientUri(claimSet.getStringClaim(claim));
break;
case CLIENT_NAME:
newClient.setClientName(claimSet.getStringClaim(claim));
break;
case REDIRECT_URIS:
newClient.setRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
break;
case CLIENT_SECRET:
throw new ValidationException("invalid_client_metadata", "Software statement can't contain client secret", HttpStatus.BAD_REQUEST);
case CLIENT_ID:
throw new ValidationException("invalid_client_metadata", "Software statement can't contain client ID", HttpStatus.BAD_REQUEST);
default:
logger.warn("Software statement contained unknown field: " + claim + " with value " + claimSet.getClaim(claim));
break;
default:
logger.warn("Software statement contained unknown field: " + claim + " with value " + claimSet.getClaim(claim));
break;
}
}

8
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -22,7 +22,6 @@ import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
@ -34,7 +33,6 @@ import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.exception.ValidationException;
import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.view.ClientInformationResponseView;
import org.mitre.openid.connect.view.HttpCodeView;
@ -73,15 +71,9 @@ public class ProtectedResourceRegistrationEndpoint {
@Autowired
private OAuth2TokenEntityService tokenService;
@Autowired
private JWTSigningAndValidationService jwtService;
@Autowired
private SystemScopeService scopeService;
@Autowired
private BlacklistedSiteService blacklistService;
@Autowired
private ConfigurationPropertiesBean config;

20
openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java
View File

@ -54,16 +54,16 @@ public class StatsAPI {
}
// @PreAuthorize("hasRole('ROLE_USER')")
// @RequestMapping(value = "byclientid", produces = MediaType.APPLICATION_JSON_VALUE)
// public String statsByClient(ModelMap m) {
// Map<Long, Integer> e = statsService.getByClientId();
//
// m.put(JsonEntityView.ENTITY, e);
//
// return JsonEntityView.VIEWNAME;
// }
//
// @PreAuthorize("hasRole('ROLE_USER')")
// @RequestMapping(value = "byclientid", produces = MediaType.APPLICATION_JSON_VALUE)
// public String statsByClient(ModelMap m) {
// Map<Long, Integer> e = statsService.getByClientId();
//
// m.put(JsonEntityView.ENTITY, e);
//
// return JsonEntityView.VIEWNAME;
// }
//
@PreAuthorize("hasRole('ROLE_USER')")
@RequestMapping(value = "byclientid/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
public String statsByClientId(@PathVariable("id") String clientId, ModelMap m) {

4
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java
View File

@ -17,6 +17,8 @@
package org.mitre.oauth2.service.impl;
import static org.mockito.Matchers.anyString;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@ -33,8 +35,6 @@ import com.google.common.collect.ImmutableSet;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.when;
import static org.junit.Assert.assertThat;

95
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
View File

@ -16,6 +16,9 @@
*******************************************************************************/
package org.mitre.oauth2.service.impl;
import static com.google.common.collect.Sets.newHashSet;
import static org.mockito.BDDMockito.given;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
@ -38,13 +41,9 @@ import org.springframework.security.oauth2.provider.OAuth2Request;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import static com.google.common.collect.Sets.newHashSet;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
import static org.mockito.Mockito.mock;
@ -61,7 +60,7 @@ public class TestDefaultIntrospectionResultAssembler {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@ -91,7 +90,7 @@ public class TestDefaultIntrospectionResultAssembler {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"),
permissions(permission(1L, "foo", "bar")),
"Bearer", oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
"Bearer", oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@ -156,7 +155,7 @@ public class TestDefaultIntrospectionResultAssembler {
// given
OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), null, "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@ -179,36 +178,36 @@ public class TestDefaultIntrospectionResultAssembler {
}
@Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
oauth2Authentication(oauth2Request("clientId"), null));
public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
oauth2Authentication(oauth2Request("clientId"), null));
Set<String> authScopes = scopes("foo", "bar", "baz");
Set<String> authScopes = scopes("foo", "bar", "baz");
// when
Map<String, Object> result = assembler.assembleFrom(accessToken, null, authScopes);
// when
Map<String, Object> result = assembler.assembleFrom(accessToken, null, authScopes);
// then `user_id` should not be present
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "clientId")
.put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("scope", "bar foo")
.put("active", Boolean.TRUE)
.put("client_id", "clientId")
.put("token_type", "Bearer")
.build();
assertThat(result, is(equalTo(expected)));
}
// then `user_id` should not be present
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "clientId")
.put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("scope", "bar foo")
.put("active", Boolean.TRUE)
.put("client_id", "clientId")
.put("token_type", "Bearer")
.build();
assertThat(result, is(equalTo(expected)));
}
@Test
public void shouldAssembleExpectedResultForRefreshToken() throws ParseException {
// given
OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123 * 1000L),
oauth2AuthenticationWithUser(oauth2Request("clientId", scopes("foo", "bar")), "name"));
oauth2AuthenticationWithUser(oauth2Request("clientId", scopes("foo", "bar")), "name"));
UserInfo userInfo = userInfo("sub");
@ -283,27 +282,27 @@ public class TestDefaultIntrospectionResultAssembler {
assertThat(result, is(equalTo(expected)));
}
@Test
public void shouldAssembleExpectedResultForRefreshTokenWithoutUserAuthentication() throws ParseException {
// given
OAuth2RefreshTokenEntity refreshToken = refreshToken(null,
oauth2Authentication(oauth2Request("clientId", scopes("foo", "bar")), null));
@Test
public void shouldAssembleExpectedResultForRefreshTokenWithoutUserAuthentication() throws ParseException {
// given
OAuth2RefreshTokenEntity refreshToken = refreshToken(null,
oauth2Authentication(oauth2Request("clientId", scopes("foo", "bar")), null));
Set<String> authScopes = scopes("foo", "bar", "baz");
Set<String> authScopes = scopes("foo", "bar", "baz");
// when
Map<String, Object> result = assembler.assembleFrom(refreshToken, null, authScopes);
// when
Map<String, Object> result = assembler.assembleFrom(refreshToken, null, authScopes);
// then `user_id` should not be present
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "clientId")
.put("scope", "bar foo")
.put("active", Boolean.TRUE)
.put("client_id", "clientId")
.build();
assertThat(result, is(equalTo(expected)));
}
// then `user_id` should not be present
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "clientId")
.put("scope", "bar foo")
.put("active", Boolean.TRUE)
.put("client_id", "clientId")
.build();
assertThat(result, is(equalTo(expected)));
}
@ -332,12 +331,12 @@ public class TestDefaultIntrospectionResultAssembler {
private OAuth2Authentication oauth2AuthenticationWithUser(OAuth2Request request, String username) {
UsernamePasswordAuthenticationToken userAuthentication = new UsernamePasswordAuthenticationToken(username, "somepassword");
return oauth2Authentication(request, userAuthentication);
return oauth2Authentication(request, userAuthentication);
}
private OAuth2Authentication oauth2Authentication(OAuth2Request request, Authentication userAuthentication) {
return new OAuth2Authentication(request, userAuthentication);
}
private OAuth2Authentication oauth2Authentication(OAuth2Request request, Authentication userAuthentication) {
return new OAuth2Authentication(request, userAuthentication);
}
private OAuth2Request oauth2Request(String clientId) {
return oauth2Request(clientId, null);

3
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
View File

@ -16,8 +16,6 @@
*******************************************************************************/
package org.mitre.oauth2.service.impl;
import static org.mockito.Matchers.anyString;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
@ -51,7 +49,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidClientExcept
import com.google.common.collect.Sets;
import static org.hamcrest.CoreMatchers.any;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.notNullValue;

2
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java
View File

@ -26,9 +26,7 @@ import org.mitre.oauth2.repository.SystemScopeRepository;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.runners.MockitoJUnitRunner;
import org.mockito.stubbing.Answer;
import com.google.common.collect.Sets;

5
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java
View File

@ -16,7 +16,8 @@
*******************************************************************************/
package org.mitre.openid.connect.service.impl;
import java.util.ArrayList;
import static org.mockito.Matchers.any;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@ -40,8 +41,6 @@ import org.springframework.test.annotation.Rollback;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.times;

1
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java
View File

@ -23,7 +23,6 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mockito.InjectMocks;

10
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java
View File

@ -16,6 +16,11 @@
*******************************************************************************/
package org.mitre.openid.connect.service.impl;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.isA;
import static org.mockito.Matchers.isNull;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
@ -73,11 +78,6 @@ import com.nimbusds.jwt.JWTParser;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.isA;
import static org.mockito.Matchers.isNull;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;

10
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
View File

@ -16,6 +16,11 @@
*******************************************************************************/
package org.mitre.openid.connect.service.impl;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.isA;
import static org.mockito.Matchers.isNull;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
@ -72,11 +77,6 @@ import com.nimbusds.jwt.JWTParser;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.isA;
import static org.mockito.Matchers.isNull;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;

21
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
View File

@ -16,9 +16,13 @@
*******************************************************************************/
package org.mitre.openid.connect.service.impl;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.isA;
import static org.mockito.Matchers.isNull;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
@ -62,42 +66,27 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.format.annotation.DateTimeFormat.ISO;
import org.springframework.format.datetime.DateFormatter;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;
import com.nimbusds.jwt.JWTParser;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.isA;
import static org.mockito.Matchers.isNull;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.mockito.Mockito.withSettings;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@RunWith(MockitoJUnitRunner.class)
@SuppressWarnings(value = {"rawtypes", "unchecked"})

11
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java
View File

@ -16,6 +16,11 @@
*******************************************************************************/
package org.mitre.openid.connect.service.impl;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.isA;
import static org.mockito.Matchers.isNull;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
@ -83,18 +88,12 @@ import com.nimbusds.jwt.JWTParser;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.isA;
import static org.mockito.Matchers.isNull;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.mockito.Mockito.withSettings;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;

488
uma-server/src/main/java/org/mitre/uma/service/impl/UmaDataServiceExtension_1_3.java
View File

@ -63,70 +63,10 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
private static final String THIS_VERSION = MITREidDataService.MITREID_CONNECT_1_3;
private static final String REGISTERED_CLIENT = "registeredClient";
private static final String DEFAULT_SCOPE = "defaultScope";
private static final String STRUCTURED_PARAMETER = "structuredParameter";
private static final String STRUCTURED = "structured";
private static final String RESTRICTED = "restricted";
private static final String ICON = "icon";
private static final String DYNAMICALLY_REGISTERED = "dynamicallyRegistered";
private static final String CLEAR_ACCESS_TOKENS_ON_REFRESH = "clearAccessTokensOnRefresh";
private static final String REUSE_REFRESH_TOKEN = "reuseRefreshToken";
private static final String ALLOW_INTROSPECTION = "allowIntrospection";
private static final String DESCRIPTION = "description";
private static final String REQUEST_URIS = "requestUris";
private static final String POST_LOGOUT_REDIRECT_URI = "postLogoutRedirectUri";
private static final String INTITATE_LOGIN_URI = "intitateLoginUri";
private static final String DEFAULT_ACR_VALUES = "defaultACRValues";
private static final String REQUIRE_AUTH_TIME = "requireAuthTime";
private static final String DEFAULT_MAX_AGE = "defaultMaxAge";
private static final String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "tokenEndpointAuthSigningAlg";
private static final String USER_INFO_ENCRYPTED_RESPONSE_ENC = "userInfoEncryptedResponseEnc";
private static final String USER_INFO_ENCRYPTED_RESPONSE_ALG = "userInfoEncryptedResponseAlg";
private static final String USER_INFO_SIGNED_RESPONSE_ALG = "userInfoSignedResponseAlg";
private static final String ID_TOKEN_ENCRYPTED_RESPONSE_ENC = "idTokenEncryptedResponseEnc";
private static final String ID_TOKEN_ENCRYPTED_RESPONSE_ALG = "idTokenEncryptedResponseAlg";
private static final String ID_TOKEN_SIGNED_RESPONSE_ALG = "idTokenSignedResponseAlg";
private static final String REQUEST_OBJECT_SIGNING_ALG = "requestObjectSigningAlg";
private static final String SUBJECT_TYPE = "subjectType";
private static final String SECTOR_IDENTIFIER_URI = "sectorIdentifierUri";
private static final String APPLICATION_TYPE = "applicationType";
private static final String JWKS = "jwks";
private static final String JWKS_URI = "jwksUri";
private static final String POLICY_URI = "policyUri";
private static final String GRANT_TYPES = "grantTypes";
private static final String TOKEN_ENDPOINT_AUTH_METHOD = "tokenEndpointAuthMethod";
private static final String TOS_URI = "tosUri";
private static final String CONTACTS = "contacts";
private static final String LOGO_URI = "logoUri";
private static final String REDIRECT_URIS = "redirectUris";
private static final String REFRESH_TOKEN_VALIDITY_SECONDS = "refreshTokenValiditySeconds";
private static final String ACCESS_TOKEN_VALIDITY_SECONDS = "accessTokenValiditySeconds";
private static final String SECRET = "secret";
private static final String URI = "uri";
private static final String CREATOR_USER_ID = "creatorUserId";
private static final String APPROVED_ACCESS_TOKENS = "approvedAccessTokens";
private static final String ALLOWED_SCOPES = "allowedScopes";
private static final String USER_ID = "userId";
private static final String TIMEOUT_DATE = "timeoutDate";
private static final String CREATION_DATE = "creationDate";
private static final String ACCESS_DATE = "accessDate";
private static final String AUTHENTICATED = "authenticated";
private static final String SOURCE_CLASS = "sourceClass";
private static final String NAME = "name";
private static final String SAVED_USER_AUTHENTICATION = "savedUserAuthentication";
private static final String EXTENSIONS = "extensions";
private static final String RESPONSE_TYPES = "responseTypes";
private static final String REDIRECT_URI = "redirectUri";
private static final String APPROVED = "approved";
private static final String AUTHORITIES = "authorities";
private static final String RESOURCE_IDS = "resourceIds";
private static final String REQUEST_PARAMETERS = "requestParameters";
private static final String TYPE = "type";
private static final String SCOPE = "scope";
private static final String ID_TOKEN_ID = "idTokenId";
private static final String REFRESH_TOKEN_ID = "refreshTokenId";
private static final String VALUE = "value";
private static final String AUTHENTICATION_HOLDER_ID = "authenticationHolderId";
private static final String CLIENT_ID = "clientId";
private static final String EXPIRATION = "expiration";
private static final String ID = "id";
@ -410,25 +350,25 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String pname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (pname.equals(RESOURCE_SET)) {
rsid = reader.nextLong();
} else if (pname.equals(SCOPES)) {
scope = readSet(reader);
} else {
case END_OBJECT:
continue;
case NAME:
String pname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (pname.equals(RESOURCE_SET)) {
rsid = reader.nextLong();
} else if (pname.equals(SCOPES)) {
scope = readSet(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -466,99 +406,99 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(CLAIMS_SUPPLIED)) {
Set<Claim> claimsSupplied = new HashSet<>();
reader.beginArray();
while (reader.hasNext()) {
Claim c = new Claim();
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(CLAIMS_SUPPLIED)) {
Set<Claim> claimsSupplied = new HashSet<>();
reader.beginArray();
while (reader.hasNext()) {
Claim c = new Claim();
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String cname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (cname.equals(ISSUER)) {
c.setIssuer(readSet(reader));
} else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
c.setClaimTokenFormat(readSet(reader));
} else if (cname.equals(CLAIM_TYPE)) {
c.setClaimType(reader.nextString());
} else if (cname.equals(FRIENDLY_NAME)) {
c.setFriendlyName(reader.nextString());
} else if (cname.equals(NAME)) {
c.setName(reader.nextString());
} else if (cname.equals(VALUE)) {
JsonElement e = parser.parse(reader.nextString());
c.setValue(e);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
}
reader.endObject();
claimsSupplied.add(c);
}
reader.endArray();
ticket.setClaimsSupplied(claimsSupplied);
} else if (name.equals(EXPIRATION)) {
ticket.setExpiration(utcToDate(reader.nextString()));
} else if (name.equals(PERMISSION)) {
Permission p = new Permission();
Long rsid = null;
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String cname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (cname.equals(ISSUER)) {
c.setIssuer(readSet(reader));
} else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
c.setClaimTokenFormat(readSet(reader));
} else if (cname.equals(CLAIM_TYPE)) {
c.setClaimType(reader.nextString());
} else if (cname.equals(FRIENDLY_NAME)) {
c.setFriendlyName(reader.nextString());
} else if (cname.equals(NAME)) {
c.setName(reader.nextString());
} else if (cname.equals(VALUE)) {
JsonElement e = parser.parse(reader.nextString());
c.setValue(e);
} else {
case END_OBJECT:
continue;
case NAME:
String pname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (pname.equals(RESOURCE_SET)) {
rsid = reader.nextLong();
} else if (pname.equals(SCOPES)) {
p.setScopes(readSet(reader));
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
claimsSupplied.add(c);
Permission saved = permissionRepository.saveRawPermission(p);
permissionToResourceRefs.put(saved.getId(), rsid);
ticket.setPermission(saved);
} else if (name.equals(TICKET)) {
ticket.setTicket(reader.nextString());
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
reader.endArray();
ticket.setClaimsSupplied(claimsSupplied);
} else if (name.equals(EXPIRATION)) {
ticket.setExpiration(utcToDate(reader.nextString()));
} else if (name.equals(PERMISSION)) {
Permission p = new Permission();
Long rsid = null;
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String pname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (pname.equals(RESOURCE_SET)) {
rsid = reader.nextLong();
} else if (pname.equals(SCOPES)) {
p.setScopes(readSet(reader));
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
}
reader.endObject();
Permission saved = permissionRepository.saveRawPermission(p);
permissionToResourceRefs.put(saved.getId(), rsid);
ticket.setPermission(saved);
} else if (name.equals(TICKET)) {
ticket.setTicket(reader.nextString());
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -582,114 +522,114 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
oldId = reader.nextLong();
} else if (name.equals(CLIENT_ID)) {
rs.setClientId(reader.nextString());
} else if (name.equals(ICON_URI)) {
rs.setIconUri(reader.nextString());
} else if (name.equals(NAME)) {
rs.setName(reader.nextString());
} else if (name.equals(TYPE)) {
rs.setType(reader.nextString());
} else if (name.equals(URI)) {
rs.setUri(reader.nextString());
} else if (name.equals(OWNER)) {
rs.setOwner(reader.nextString());
} else if (name.equals(POLICIES)) {
Set<Policy> policies = new HashSet<>();
reader.beginArray();
while (reader.hasNext()) {
Policy p = new Policy();
reader.beginObject();
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
oldId = reader.nextLong();
} else if (name.equals(CLIENT_ID)) {
rs.setClientId(reader.nextString());
} else if (name.equals(ICON_URI)) {
rs.setIconUri(reader.nextString());
} else if (name.equals(NAME)) {
rs.setName(reader.nextString());
} else if (name.equals(TYPE)) {
rs.setType(reader.nextString());
} else if (name.equals(URI)) {
rs.setUri(reader.nextString());
} else if (name.equals(OWNER)) {
rs.setOwner(reader.nextString());
} else if (name.equals(POLICIES)) {
Set<Policy> policies = new HashSet<>();
reader.beginArray();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String pname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (pname.equals(NAME)) {
p.setName(reader.nextString());
} else if (pname.equals(SCOPES)) {
p.setScopes(readSet(reader));
} else if (pname.equals(CLAIMS_REQUIRED)) {
Set<Claim> claimsRequired = new HashSet<>();
reader.beginArray();
while (reader.hasNext()) {
Claim c = new Claim();
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String cname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (cname.equals(ISSUER)) {
c.setIssuer(readSet(reader));
} else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
c.setClaimTokenFormat(readSet(reader));
} else if (cname.equals(CLAIM_TYPE)) {
c.setClaimType(reader.nextString());
} else if (cname.equals(FRIENDLY_NAME)) {
c.setFriendlyName(reader.nextString());
} else if (cname.equals(NAME)) {
c.setName(reader.nextString());
} else if (cname.equals(VALUE)) {
JsonElement e = parser.parse(reader.nextString());
c.setValue(e);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
Policy p = new Policy();
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String pname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (pname.equals(NAME)) {
p.setName(reader.nextString());
} else if (pname.equals(SCOPES)) {
p.setScopes(readSet(reader));
} else if (pname.equals(CLAIMS_REQUIRED)) {
Set<Claim> claimsRequired = new HashSet<>();
reader.beginArray();
while (reader.hasNext()) {
Claim c = new Claim();
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String cname = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (cname.equals(ISSUER)) {
c.setIssuer(readSet(reader));
} else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
c.setClaimTokenFormat(readSet(reader));
} else if (cname.equals(CLAIM_TYPE)) {
c.setClaimType(reader.nextString());
} else if (cname.equals(FRIENDLY_NAME)) {
c.setFriendlyName(reader.nextString());
} else if (cname.equals(NAME)) {
c.setName(reader.nextString());
} else if (cname.equals(VALUE)) {
JsonElement e = parser.parse(reader.nextString());
c.setValue(e);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
reader.endObject();
claimsRequired.add(c);
}
reader.endArray();
p.setClaimsRequired(claimsRequired);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
reader.endObject();
claimsRequired.add(c);
}
reader.endArray();
p.setClaimsRequired(claimsRequired);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
reader.endObject();
policies.add(p);
}
reader.endObject();
policies.add(p);
reader.endArray();
rs.setPolicies(policies);
} else if (name.equals(SCOPES)) {
rs.setScopes(readSet(reader));
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
reader.endArray();
rs.setPolicies(policies);
} else if (name.equals(SCOPES)) {
rs.setScopes(readSet(reader));
} else {
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();
@ -711,25 +651,25 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
reader.beginObject();
while (reader.hasNext()) {
switch (reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ISSUER)) {
issuer = reader.nextString();
} else if (name.equals(REGISTERED_CLIENT)) {
clientString = reader.nextString();
} else {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ISSUER)) {
issuer = reader.nextString();
} else if (name.equals(REGISTERED_CLIENT)) {
clientString = reader.nextString();
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
continue;
}
}
reader.endObject();

36
uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java
View File

@ -56,28 +56,28 @@ public class ResourceSetEntityAbbreviatedView extends AbstractView {
private ConfigurationPropertiesBean config;
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
.setExclusionStrategies(new ExclusionStrategy() {
@Override
public boolean shouldSkipField(FieldAttributes f) {
@Override
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.setLongSerializationPolicy(LongSerializationPolicy.STRING)
.create();
})
.serializeNulls()
.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.setLongSerializationPolicy(LongSerializationPolicy.STRING)
.create();
@Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

Some files were not shown because too many files have changed in this diff Show More