github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Refactoring common submodule - part 2

pull/1580/head
Dominik František Bučík 2020-03-30 20:48:22 +02:00 committed by Dominik Frantisek Bucik
parent 6fe33c1ed7
commit 380a2fbcb8
No known key found for this signature in database
GPG Key ID: 25014C8DB2E7E62D
34 changed files with 423 additions and 1643 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openid-connect-common/src/main/java/org/mitre/oauth2/exception/DeviceCodeCreationException.java
View File

@ -18,7 +18,6 @@ package org.mitre.oauth2.exception;
/**
* @author jricher
*
*/
public class DeviceCodeCreationException extends Exception {
@ -30,21 +29,13 @@ public class DeviceCodeCreationException extends Exception {
super(message);
this.error = error;
}
/**
* @return the error
*/
public String getError() {
return error;
}
/**
* @param error the error to set
*/
public void setError(String error) {
this.error = error;
}
}

110
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
View File

@ -64,30 +64,18 @@ public class AuthenticationHolderEntity {
public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll";
private Long id;
private SavedUserAuthentication userAuth;
private Collection<GrantedAuthority> authorities;
private Set<String> resourceIds;
private boolean approved;
private String redirectUri;
private Set<String> responseTypes;
private Map<String, Serializable> extensions;
private String clientId;
private Set<String> scope;
private Map<String, String> requestParameters;
public AuthenticationHolderEntity() {
}
public AuthenticationHolderEntity() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@ -106,15 +94,11 @@ public class AuthenticationHolderEntity {
return new OAuth2Authentication(createOAuth2Request(), getUserAuth());
}
/**
* @return
*/
private OAuth2Request createOAuth2Request() {
return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
}
public void setAuthentication(OAuth2Authentication authentication) {
// pull apart the request and save its bits
OAuth2Request o2Request = authentication.getOAuth2Request();
setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities()));
@ -134,123 +118,72 @@ public class AuthenticationHolderEntity {
}
}
/**
* @return the userAuth
*/
@OneToOne(cascade=CascadeType.ALL)
@JoinColumn(name = "user_auth_id")
public SavedUserAuthentication getUserAuth() {
return userAuth;
}
/**
* @param userAuth the userAuth to set
*/
public void setUserAuth(SavedUserAuthentication userAuth) {
this.userAuth = userAuth;
}
/**
* @return the authorities
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="authentication_holder_authority",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="authentication_holder_authority", joinColumns=@JoinColumn(name="owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name="authority")
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
/**
* @param authorities the authorities to set
*/
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
/**
* @return the resourceIds
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="authentication_holder_resource_id",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="authentication_holder_resource_id", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="resource_id")
public Set<String> getResourceIds() {
return resourceIds;
}
/**
* @param resourceIds the resourceIds to set
*/
public void setResourceIds(Set<String> resourceIds) {
this.resourceIds = resourceIds;
}
/**
* @return the approved
*/
@Basic
@Column(name="approved")
public boolean isApproved() {
return approved;
}
/**
* @param approved the approved to set
*/
public void setApproved(boolean approved) {
this.approved = approved;
}
/**
* @return the redirectUri
*/
@Basic
@Column(name="redirect_uri")
public String getRedirectUri() {
return redirectUri;
}
/**
* @param redirectUri the redirectUri to set
*/
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
/**
* @return the responseTypes
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="authentication_holder_response_type",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="authentication_holder_response_type", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="response_type")
public Set<String> getResponseTypes() {
return responseTypes;
}
/**
* @param responseTypes the responseTypes to set
*/
public void setResponseTypes(Set<String> responseTypes) {
this.responseTypes = responseTypes;
}
/**
* @return the extensions
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="authentication_holder_extension",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="authentication_holder_extension", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="extension")
@Convert(converter=SerializableStringConverter.class)
@ -258,70 +191,41 @@ public class AuthenticationHolderEntity {
return extensions;
}
/**
* @param extensions the extensions to set
*/
public void setExtensions(Map<String, Serializable> extensions) {
this.extensions = extensions;
}
/**
* @return the clientId
*/
@Basic
@Column(name="client_id")
public String getClientId() {
return clientId;
}
/**
* @param clientId the clientId to set
*/
public void setClientId(String clientId) {
this.clientId = clientId;
}
/**
* @return the scope
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="authentication_holder_scope",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="authentication_holder_scope", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="scope")
public Set<String> getScope() {
return scope;
}
/**
* @param scope the scope to set
*/
public void setScope(Set<String> scope) {
this.scope = scope;
}
/**
* @return the requestParameters
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="authentication_holder_request_parameter",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="authentication_holder_request_parameter", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="param")
public Map<String, String> getRequestParameters() {
return requestParameters;
}
/**
* @param requestParameters the requestParameters to set
*/
public void setRequestParameters(Map<String, String> requestParameters) {
this.requestParameters = requestParameters;
}
}

37
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
View File

@ -36,7 +36,6 @@ import javax.persistence.Temporal;
* Entity class for authorization codes
*
* @author aanganes
*
*/
@Entity
@Table(name = "authorization_code")
@ -52,35 +51,18 @@ public class AuthorizationCodeEntity {
public static final String PARAM_DATE = "date";
private Long id;
private String code;
private AuthenticationHolderEntity authenticationHolder;
private Date expiration;
/**
* Default constructor.
*/
public AuthorizationCodeEntity() {
public AuthorizationCodeEntity() { }
}
/**
* Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
*
* @param code the authorization code
* @param authRequest the AuthoriztionRequestHolder associated with the original code request
*/
public AuthorizationCodeEntity(String code, AuthenticationHolderEntity authenticationHolder, Date expiration) {
this.code = code;
this.authenticationHolder = authenticationHolder;
this.expiration = expiration;
}
/**
* @return the id
*/
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -88,42 +70,26 @@ public class AuthorizationCodeEntity {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* @return the code
*/
@Basic
@Column(name = "code")
public String getCode() {
return code;
}
/**
* @param code the code to set
*/
public void setCode(String code) {
this.code = code;
}
/**
* The authentication in place when this token was created.
* @return the authentication
*/
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
/**
* @param authentication the authentication to set
*/
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
@ -138,4 +104,5 @@ public class AuthorizationCodeEntity {
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
}

386
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
View File

@ -86,76 +86,55 @@ public class ClientDetailsEntity implements ClientDetails {
private static final long serialVersionUID = -1617727085733786296L;
private Long id;
/** Fields from the OAuth2 Dynamic Registration Specification */
private String clientId = null; // client_id
private String clientSecret = null; // client_secret
private Set<String> redirectUris = new HashSet<>(); // redirect_uris
private String clientName; // client_name
private String clientUri; // client_uri
private String logoUri; // logo_uri
private Set<String> contacts; // contacts
private String tosUri; // tos_uri
private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC; // token_endpoint_auth_method
private Set<String> scope = new HashSet<>(); // scope
private Set<String> grantTypes = new HashSet<>(); // grant_types
private Set<String> responseTypes = new HashSet<>(); // response_types
private String clientId = null;
private String clientSecret = null;
private Set<String> redirectUris = new HashSet<>();
private String clientName;
private String clientUri;
private String logoUri;
private Set<String> contacts;
private String tosUri;
private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC;
private Set<String> scope = new HashSet<>();
private Set<String> grantTypes = new HashSet<>();
private Set<String> responseTypes = new HashSet<>();
private String policyUri;
private String jwksUri; // URI pointer to keys
private JWKSet jwks; // public key stored by value
private String jwksUri;
private JWKSet jwks;
private String softwareId;
private String softwareVersion;
/** Fields from OIDC Client Registration Specification **/
private AppType applicationType; // application_type
private String sectorIdentifierUri; // sector_identifier_uri
private SubjectType subjectType; // subject_type
private JWSAlgorithm requestObjectSigningAlg = null; // request_object_signing_alg
private JWSAlgorithm userInfoSignedResponseAlg = null; // user_info_signed_response_alg
private JWEAlgorithm userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg
private EncryptionMethod userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc
private JWSAlgorithm idTokenSignedResponseAlg = null; // id_token_signed_response_alg
private JWEAlgorithm idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
private EncryptionMethod idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
private JWSAlgorithm tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg
private Integer defaultMaxAge; // default_max_age
private Boolean requireAuthTime; // require_auth_time
private Set<String> defaultACRvalues; // default_acr_values
private String initiateLoginUri; // initiate_login_uri
private Set<String> postLogoutRedirectUris; // post_logout_redirect_uris
private Set<String> requestUris; // request_uris
/** Fields to support the ClientDetails interface **/
private AppType applicationType;
private String sectorIdentifierUri;
private SubjectType subjectType;
private JWSAlgorithm requestObjectSigningAlg = null;
private JWSAlgorithm userInfoSignedResponseAlg = null;
private JWEAlgorithm userInfoEncryptedResponseAlg = null;
private EncryptionMethod userInfoEncryptedResponseEnc = null;
private JWSAlgorithm idTokenSignedResponseAlg = null;
private JWEAlgorithm idTokenEncryptedResponseAlg = null;
private EncryptionMethod idTokenEncryptedResponseEnc = null;
private JWSAlgorithm tokenEndpointAuthSigningAlg = null;
private Integer defaultMaxAge;
private Boolean requireAuthTime;
private Set<String> defaultACRvalues;
private String initiateLoginUri;
private Set<String> postLogoutRedirectUris;
private Set<String> requestUris;
private Set<GrantedAuthority> authorities = new HashSet<>();
private Integer accessTokenValiditySeconds = 0; // in seconds
private Integer refreshTokenValiditySeconds = 0; // in seconds
private Integer accessTokenValiditySeconds = 0;
private Integer refreshTokenValiditySeconds = 0;
private Set<String> resourceIds = new HashSet<>();
private Map<String, Object> additionalInformation = new HashMap<>();
/** Our own fields **/
private String clientDescription = ""; // human-readable description
private boolean reuseRefreshToken = true; // do we let someone reuse a refresh token?
private boolean dynamicallyRegistered = false; // was this client dynamically registered?
private boolean allowIntrospection = false; // do we let this client call the introspection endpoint?
private Integer idTokenValiditySeconds; //timeout for id tokens
private Date createdAt; // time the client was created
private boolean clearAccessTokensOnRefresh = true; // do we clear access tokens on refresh?
private Integer deviceCodeValiditySeconds; // timeout for device codes
/** fields for UMA */
private String clientDescription = "";
private boolean reuseRefreshToken = true;
private boolean dynamicallyRegistered = false;
private boolean allowIntrospection = false;
private Integer idTokenValiditySeconds;
private Date createdAt;
private boolean clearAccessTokensOnRefresh = true;
private Integer deviceCodeValiditySeconds;
private Set<String> claimsRedirectUris;
/** Software statement **/
private JWT softwareStatement;
/** PKCE **/
private PKCEAlgorithm codeChallengeMethod;
public enum AuthMethod {
@ -240,9 +219,6 @@ public class ClientDetailsEntity implements ClientDetails {
}
}
/**
* Create a blank ClientDetailsEntity
*/
public ClientDetailsEntity() {
}
@ -250,15 +226,11 @@ public class ClientDetailsEntity implements ClientDetails {
@PrePersist
@PreUpdate
private void prePersist() {
// make sure that ID tokens always time out, default to 5 minutes
if (getIdTokenValiditySeconds() == null) {
setIdTokenValiditySeconds(DEFAULT_ID_TOKEN_VALIDITY_SECONDS);
}
}
/**
* @return the id
*/
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -266,33 +238,20 @@ public class ClientDetailsEntity implements ClientDetails {
return id;
}
/**
*
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* @return the clientDescription
*/
@Basic
@Column(name="client_description")
public String getClientDescription() {
return clientDescription;
}
/**
* @param clientDescription Human-readable long description of the client (optional)
*/
public void setClientDescription(String clientDescription) {
this.clientDescription = clientDescription;
}
/**
* @return the allowRefresh
*/
@Transient
public boolean isAllowRefresh() {
if (grantTypes != null) {
@ -312,89 +271,51 @@ public class ClientDetailsEntity implements ClientDetails {
this.reuseRefreshToken = reuseRefreshToken;
}
/**
* Number of seconds ID token is valid for. MUST be a positive integer, can not be null.
*
* @return the idTokenValiditySeconds
*/
@Basic
@Column(name="id_token_validity_seconds")
public Integer getIdTokenValiditySeconds() {
return idTokenValiditySeconds;
}
/**
* @param idTokenValiditySeconds the idTokenValiditySeconds to set
*/
public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) {
this.idTokenValiditySeconds = idTokenValiditySeconds;
}
/**
* @return the dynamicallyRegistered
*/
@Basic
@Column(name="dynamically_registered")
public boolean isDynamicallyRegistered() {
return dynamicallyRegistered;
}
/**
* @param dynamicallyRegistered the dynamicallyRegistered to set
*/
public void setDynamicallyRegistered(boolean dynamicallyRegistered) {
this.dynamicallyRegistered = dynamicallyRegistered;
}
/**
* @return the allowIntrospection
*/
@Basic
@Column(name="allow_introspection")
public boolean isAllowIntrospection() {
return allowIntrospection;
}
/**
* @param allowIntrospection the allowIntrospection to set
*/
public void setAllowIntrospection(boolean allowIntrospection) {
this.allowIntrospection = allowIntrospection;
}
/**
*
*/
@Override
@Transient
public boolean isSecretRequired() {
if (getTokenEndpointAuthMethod() != null &&
(getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) ||
getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) ||
getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT))) {
return true;
} else {
return false;
}
return getTokenEndpointAuthMethod() != null &&
(getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) ||
getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) ||
getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT));
}
/**
* If the scope list is not null or empty, then this client has been scoped.
*/
@Override
@Transient
public boolean isScoped() {
return getScope() != null && !getScope().isEmpty();
}
/**
* @return the clientId
*/
@Basic
@Override
@Column(name="client_id")
@ -402,16 +323,10 @@ public class ClientDetailsEntity implements ClientDetails {
return clientId;
}
/**
* @param clientId The OAuth2 client_id, must be unique to this client
*/
public void setClientId(String clientId) {
this.clientId = clientId;
}
/**
* @return the clientSecret
*/
@Basic
@Override
@Column(name="client_secret")
@ -419,71 +334,41 @@ public class ClientDetailsEntity implements ClientDetails {
return clientSecret;
}
/**
* @param clientSecret the OAuth2 client_secret (optional)
*/
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
/**
* @return the scope
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_scope",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_scope", joinColumns=@JoinColumn(name="owner_id"))
@Override
@Column(name="scope")
public Set<String> getScope() {
return scope;
}
/**
* @param scope the set of scopes allowed to be issued to this client
*/
public void setScope(Set<String> scope) {
this.scope = scope;
}
/**
* @return the authorizedGrantTypes
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_grant_type",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_grant_type", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="grant_type")
public Set<String> getGrantTypes() {
return grantTypes;
}
/**
* @param authorizedGrantTypes the OAuth2 grant types that this client is allowed to use
*/
public void setGrantTypes(Set<String> grantTypes) {
this.grantTypes = grantTypes;
}
/**
* passthrough for SECOAUTH api
*/
@Override
@Transient
public Set<String> getAuthorizedGrantTypes() {
return getGrantTypes();
}
/**
* @return the authorities
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_authority",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_authority", joinColumns=@JoinColumn(name="owner_id"))
@Override
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name="authority")
@ -491,9 +376,6 @@ public class ClientDetailsEntity implements ClientDetails {
return authorities;
}
/**
* @param authorities the Spring Security authorities this client is given
*/
public void setAuthorities(Set<GrantedAuthority> authorities) {
this.authorities = authorities;
}
@ -505,9 +387,6 @@ public class ClientDetailsEntity implements ClientDetails {
return accessTokenValiditySeconds;
}
/**
* @param accessTokenTimeout the accessTokenTimeout to set
*/
public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
this.accessTokenValiditySeconds = accessTokenValiditySeconds;
}
@ -519,81 +398,45 @@ public class ClientDetailsEntity implements ClientDetails {
return refreshTokenValiditySeconds;
}
/**
* @param refreshTokenTimeout Lifetime of refresh tokens, in seconds (optional - leave null for no timeout)
*/
public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
}
/**
* @return the registeredRedirectUri
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_redirect_uri",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_redirect_uri", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="redirect_uri")
public Set<String> getRedirectUris() {
return redirectUris;
}
/**
* @param registeredRedirectUri the registeredRedirectUri to set
*/
public void setRedirectUris(Set<String> redirectUris) {
this.redirectUris = redirectUris;
}
/**
* Pass-through method to fulfill the ClientDetails interface with a bad name
*/
@Override
@Transient
public Set<String> getRegisteredRedirectUri() {
return getRedirectUris();
}
/**
* @return the resourceIds
*/
@Override
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_resource",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_resource", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="resource_id")
public Set<String> getResourceIds() {
return resourceIds;
}
/**
* @param resourceIds the resourceIds to set
*/
public void setResourceIds(Set<String> resourceIds) {
this.resourceIds = resourceIds;
}
/**
* This library does not make use of this field, so it is not
* stored using our persistence layer.
*
* However, it's somehow required by SECOUATH.
*
* @return an empty map
*/
@Override
@Transient
public Map<String, Object> getAdditionalInformation() {
return this.additionalInformation;
}
@Enumerated(EnumType.STRING)
@Column(name="application_type")
public AppType getApplicationType() {
@ -635,10 +478,7 @@ public class ClientDetailsEntity implements ClientDetails {
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_contact",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_contact", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="contact")
public Set<String> getContacts() {
return contacts;
@ -668,34 +508,22 @@ public class ClientDetailsEntity implements ClientDetails {
this.policyUri = policyUri;
}
/**
* @return the clientUrl
*/
@Basic
@Column(name="client_uri")
public String getClientUri() {
return clientUri;
}
/**
* @param clientUrl the clientUrl to set
*/
public void setClientUri(String clientUri) {
this.clientUri = clientUri;
}
/**
* @return the tosUrl
*/
@Basic
@Column(name="tos_uri")
public String getTosUri() {
return tosUri;
}
/**
* @param tosUrl the tosUrl to set
*/
public void setTosUri(String tosUri) {
this.tosUri = tosUri;
}
@ -710,9 +538,6 @@ public class ClientDetailsEntity implements ClientDetails {
this.jwksUri = jwksUri;
}
/**
* @return the jwks
*/
@Basic
@Column(name="jwks")
@Convert(converter = JWKSetStringConverter.class)
@ -720,9 +545,6 @@ public class ClientDetailsEntity implements ClientDetails {
return jwks;
}
/**
* @param jwks the jwks to set
*/
public void setJwks(JWKSet jwks) {
this.jwks = jwks;
}
@ -845,165 +667,96 @@ public class ClientDetailsEntity implements ClientDetails {
this.requireAuthTime = requireAuthTime;
}
/**
* @return the responseTypes
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_response_type",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_response_type", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="response_type")
public Set<String> getResponseTypes() {
return responseTypes;
}
/**
* @param responseTypes the responseTypes to set
*/
public void setResponseTypes(Set<String> responseTypes) {
this.responseTypes = responseTypes;
}
/**
* @return the defaultACRvalues
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_default_acr_value",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_default_acr_value", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="default_acr_value")
public Set<String> getDefaultACRvalues() {
return defaultACRvalues;
}
/**
* @param defaultACRvalues the defaultACRvalues to set
*/
public void setDefaultACRvalues(Set<String> defaultACRvalues) {
this.defaultACRvalues = defaultACRvalues;
}
/**
* @return the initiateLoginUri
*/
@Basic
@Column(name="initiate_login_uri")
public String getInitiateLoginUri() {
return initiateLoginUri;
}
/**
* @param initiateLoginUri the initiateLoginUri to set
*/
public void setInitiateLoginUri(String initiateLoginUri) {
this.initiateLoginUri = initiateLoginUri;
}
/**
* @return the postLogoutRedirectUri
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_post_logout_redirect_uri",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_post_logout_redirect_uri", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="post_logout_redirect_uri")
public Set<String> getPostLogoutRedirectUris() {
return postLogoutRedirectUris;
}
/**
* @param postLogoutRedirectUri the postLogoutRedirectUri to set
*/
public void setPostLogoutRedirectUris(Set<String> postLogoutRedirectUri) {
this.postLogoutRedirectUris = postLogoutRedirectUri;
}
/**
* @return the requestUris
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_request_uri",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_request_uri", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="request_uri")
public Set<String> getRequestUris() {
return requestUris;
}
/**
* @param requestUris the requestUris to set
*/
public void setRequestUris(Set<String> requestUris) {
this.requestUris = requestUris;
}
/**
* @return the createdAt
*/
@Temporal(TemporalType.TIMESTAMP)
@Column(name="created_at")
public Date getCreatedAt() {
return createdAt;
}
/**
* @param createdAt the createdAt to set
*/
public void setCreatedAt(Date createdAt) {
this.createdAt = createdAt;
}
/**
* Our framework doesn't use this construct, we use WhitelistedSites and ApprovedSites instead.
*/
@Override
public boolean isAutoApprove(String scope) {
return false;
}
/**
* @return the clearAccessTokensOnRefresh
*/
@Basic
@Column(name = "clear_access_tokens_on_refresh")
public boolean isClearAccessTokensOnRefresh() {
return clearAccessTokensOnRefresh;
}
/**
* @param clearAccessTokensOnRefresh the clearAccessTokensOnRefresh to set
*/
public void setClearAccessTokensOnRefresh(boolean clearAccessTokensOnRefresh) {
this.clearAccessTokensOnRefresh = clearAccessTokensOnRefresh;
}
/**
* @return the claimsRedirectUris
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="client_claims_redirect_uri",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="client_claims_redirect_uri", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="redirect_uri")
public Set<String> getClaimsRedirectUris() {
return claimsRedirectUris;
}
/**
* @param claimsRedirectUris the claimsRedirectUris to set
*/
public void setClaimsRedirectUris(Set<String> claimsRedirectUris) {
this.claimsRedirectUris = claimsRedirectUris;
}
/**
* @return the softwareStatement
*/
@Basic
@Column(name = "software_statement")
@Convert(converter = JWTStringConverter.class)
@ -1011,16 +764,10 @@ public class ClientDetailsEntity implements ClientDetails {
return softwareStatement;
}
/**
* @param softwareStatement the softwareStatement to set
*/
public void setSoftwareStatement(JWT softwareStatement) {
this.softwareStatement = softwareStatement;
}
/**
* @return the codeChallengeMethod
*/
@Basic
@Column(name = "code_challenge_method")
@Convert(converter = PKCEAlgorithmStringConverter.class)
@ -1028,57 +775,36 @@ public class ClientDetailsEntity implements ClientDetails {
return codeChallengeMethod;
}
/**
* @param codeChallengeMethod the codeChallengeMethod to set
*/
public void setCodeChallengeMethod(PKCEAlgorithm codeChallengeMethod) {
this.codeChallengeMethod = codeChallengeMethod;
}
/**
* @return the deviceCodeValiditySeconds
*/
@Basic
@Column(name="device_code_validity_seconds")
public Integer getDeviceCodeValiditySeconds() {
return deviceCodeValiditySeconds;
}
/**
* @param deviceCodeValiditySeconds the deviceCodeValiditySeconds to set
*/
public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) {
this.deviceCodeValiditySeconds = deviceCodeValiditySeconds;
}
/**
* @return the softwareId
*/
@Basic
@Column(name="software_id")
public String getSoftwareId() {
return softwareId;
}
/**
* @param softwareId the softwareId to set
*/
public void setSoftwareId(String softwareId) {
this.softwareId = softwareId;
}
/**
* @return the softwareVersion
*/
@Basic
@Column(name="software_version")
public String getSoftwareVersion() {
return softwareVersion;
}
/**
* @param softwareVersion the softwareVersion to set
*/
public void setSoftwareVersion(String softwareVersion) {
this.softwareVersion = softwareVersion;
}

65
openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java
View File

@ -39,7 +39,6 @@ import javax.persistence.Temporal;
/**
* @author jricher
*
*/
@Entity
@Table(name = "device_code")
@ -68,9 +67,7 @@ public class DeviceCode {
private boolean approved;
private AuthenticationHolderEntity authenticationHolder;
public DeviceCode() {
}
public DeviceCode() { }
public DeviceCode(String deviceCode, String userCode, Set<String> scope, String clientId, Map<String, String> params) {
this.deviceCode = deviceCode;
@ -80,9 +77,6 @@ public class DeviceCode {
this.requestParameters = params;
}
/**
* @return the id
*/
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -90,61 +84,37 @@ public class DeviceCode {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* @return the deviceCode
*/
@Basic
@Column(name = "device_code")
public String getDeviceCode() {
return deviceCode;
}
/**
* @param deviceCode the deviceCode to set
*/
public void setDeviceCode(String deviceCode) {
this.deviceCode = deviceCode;
}
/**
* @return the userCode
*/
@Basic
@Column(name = "user_code")
public String getUserCode() {
return userCode;
}
/**
* @param userCode the userCode to set
*/
public void setUserCode(String userCode) {
this.userCode = userCode;
}
/**
* @return the scope
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="device_code_scope",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="device_code_scope", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="scope")
public Set<String> getScope() {
return scope;
}
/**
* @param scope the scope to set
*/
public void setScope(Set<String> scope) {
this.scope = scope;
}
@ -160,75 +130,46 @@ public class DeviceCode {
this.expiration = expiration;
}
/**
* @return the clientId
*/
@Basic
@Column(name = "client_id")
public String getClientId() {
return clientId;
}
/**
* @param clientId the clientId to set
*/
public void setClientId(String clientId) {
this.clientId = clientId;
}
/**
* @return the params
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="device_code_request_parameter",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="device_code_request_parameter", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="param")
public Map<String, String> getRequestParameters() {
return requestParameters;
}
/**
* @param params the params to set
*/
public void setRequestParameters(Map<String, String> params) {
this.requestParameters = params;
}
/**
* @return the approved
*/
@Basic
@Column(name = "approved")
public boolean isApproved() {
return approved;
}
/**
* @param approved the approved to set
*/
public void setApproved(boolean approved) {
this.approved = approved;
}
/**
* The authentication in place when this token was created.
* @return the authentication
*/
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
/**
* @param authentication the authentication to set
*/
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
}

85
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -100,37 +100,19 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String ID_TOKEN_FIELD_NAME = "id_token";
private Long id;
private ClientDetailsEntity client;
private AuthenticationHolderEntity authenticationHolder; // the authentication that made this access
private JWT jwtValue; // JWT-encoded access token value
private AuthenticationHolderEntity authenticationHolder;
private JWT jwtValue;
private Date expiration;
private String tokenType = OAuth2AccessToken.BEARER_TYPE;
private OAuth2RefreshTokenEntity refreshToken;
private Set<String> scope;
private Set<Permission> permissions;
private ApprovedSite approvedSite;
private Map<String, Object> additionalInformation = new HashMap<>();
private Map<String, Object> additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response
public OAuth2AccessTokenEntity() { }
/**
* Create a new, blank access token
*/
public OAuth2AccessTokenEntity() {
}
/**
* @return the id
*/
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -138,59 +120,36 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* Get all additional information to be sent to the serializer as part of the token response.
* This map is not persisted to the database.
*/
@Override
@Transient
public Map<String, Object> getAdditionalInformation() {
return additionalInformation;
}
/**
* The authentication in place when this token was created.
* @return the authentication
*/
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
/**
* @param authentication the authentication to set
*/
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
/**
* @return the client
*/
@ManyToOne
@JoinColumn(name = "client_id")
public ClientDetailsEntity getClient() {
return client;
}
/**
* @param client the client to set
*/
public void setClient(ClientDetailsEntity client) {
this.client = client;
}
/**
* Get the string-encoded value of this access token.
*/
@Override
@Transient
public String getValue() {
@ -235,16 +194,12 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
if (!(refreshToken instanceof OAuth2RefreshTokenEntity)) {
throw new IllegalArgumentException("Not a storable refresh token entity!");
}
// force a pass through to the entity version
setRefreshToken((OAuth2RefreshTokenEntity)refreshToken);
}
@Override
@ElementCollection(fetch=FetchType.EAGER)
@CollectionTable(
joinColumns=@JoinColumn(name="owner_id"),
name="token_scope"
)
@CollectionTable(joinColumns=@JoinColumn(name="owner_id"), name="token_scope")
public Set<String> getScope() {
return scope;
}
@ -256,12 +211,9 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
@Override
@Transient
public boolean isExpired() {
return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime();
return getExpiration() != null && System.currentTimeMillis() > getExpiration().getTime();
}
/**
* @return the jwtValue
*/
@Basic
@Column(name="token_value")
@Convert(converter = JWTStringConverter.class)
@ -269,9 +221,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
return jwtValue;
}
/**
* @param jwtValue the jwtValue to set
*/
public void setJwt(JWT jwt) {
this.jwtValue = jwt;
}
@ -279,35 +228,24 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
@Override
@Transient
public int getExpiresIn() {
if (getExpiration() == null) {
return -1; // no expiration time
} else {
int secondsRemaining = (int) ((getExpiration().getTime() - System.currentTimeMillis()) / 1000);
if (isExpired()) {
return 0; // has an expiration time and expired
} else { // has an expiration time and not expired
return secondsRemaining;
return (int) ((getExpiration().getTime() - System.currentTimeMillis()) / 1000);
}
}
}
/**
* @return the permissions
*/
@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(
name = "access_token_permissions",
joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id")
)
@JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id"))
public Set<Permission> getPermissions() {
return permissions;
}
/**
* @param permissions the permissions to set
*/
public void setPermissions(Set<Permission> permissions) {
this.permissions = permissions;
}
@ -322,14 +260,11 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
this.approvedSite = approvedSite;
}
/**
* Add the ID Token to the additionalInformation map for a token response.
* @param idToken
*/
@Transient
public void setIdToken(JWT idToken) {
if (idToken != null) {
additionalInformation.put(ID_TOKEN_FIELD_NAME, idToken.serialize());
}
}
}

55
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
View File

@ -45,7 +45,6 @@ import com.nimbusds.jwt.JWT;
/**
* @author jricher
*
*/
@Entity
@Table(name = "refresh_token")
@ -70,27 +69,13 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
public static final String PARAM_NAME = "name";
private Long id;
private AuthenticationHolderEntity authenticationHolder;
private ClientDetailsEntity client;
//JWT-encoded representation of this access token entity
private JWT jwt;
// our refresh tokens might expire
private Date expiration;
/**
*
*/
public OAuth2RefreshTokenEntity() {
public OAuth2RefreshTokenEntity() { }
}
/**
* @return the id
*/
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -98,35 +83,20 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* The authentication in place when the original access token was
* created
*
* @return the authentication
*/
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
/**
* @param authentication the authentication to set
*/
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
/**
* Get the JWT-encoded value of this token
*/
@Override
@Transient
public String getValue() {
@ -140,43 +110,25 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
return expiration;
}
/* (non-Javadoc)
* @see org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken#setExpiration(java.util.Date)
*/
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
/**
* Has this token expired?
* @return true if it has a timeout set and the timeout has passed
*/
@Transient
public boolean isExpired() {
return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime();
return getExpiration() != null && System.currentTimeMillis() > getExpiration().getTime();
}
/**
* @return the client
*/
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "client_id")
public ClientDetailsEntity getClient() {
return client;
}
/**
* @param client the client to set
*/
public void setClient(ClientDetailsEntity client) {
this.client = client;
}
/**
* Get the JWT object directly
* @return the jwt
*/
@Basic
@Column(name="token_value")
@Convert(converter = JWTStringConverter.class)
@ -184,9 +136,6 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
return jwt;
}
/**
* @param jwt the jwt to set
*/
public void setJwt(JWT jwt) {
this.jwt = jwt;
}

7
openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java
View File

@ -21,17 +21,12 @@ import com.nimbusds.jose.Requirement;
/**
* @author jricher
*
*/
public final class PKCEAlgorithm extends Algorithm {
/**
*
*/
private static final long serialVersionUID = 7752852583210088925L;
public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);
public PKCEAlgorithm(String name, Requirement req) {
@ -52,6 +47,4 @@ public final class PKCEAlgorithm extends Algorithm {
}
}
}

539
openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
View File

@ -38,11 +38,9 @@ import com.nimbusds.jwt.JWT;
/**
* @author jricher
*
*/
public class RegisteredClient {
// these fields are needed in addition to the ones in ClientDetailsEntity
private String registrationAccessToken;
private String registrationClientUri;
private Date clientSecretExpiresAt;
@ -50,851 +48,474 @@ public class RegisteredClient {
private ClientDetailsEntity client;
private JsonObject src;
/**
*
*/
public RegisteredClient() {
this.client = new ClientDetailsEntity();
}
/**
* @param client
*/
public RegisteredClient(ClientDetailsEntity client) {
this.client = client;
}
/**
* @param client
* @param registrationAccessToken
* @param registrationClientUri
*/
public RegisteredClient(ClientDetailsEntity client, String registrationAccessToken, String registrationClientUri) {
this.client = client;
this.registrationAccessToken = registrationAccessToken;
this.registrationClientUri = registrationClientUri;
}
/**
* @return the client
*/
public ClientDetailsEntity getClient() {
return client;
}
/**
* @param client the client to set
*/
public void setClient(ClientDetailsEntity client) {
this.client = client;
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getClientDescription()
*/
public String getClientDescription() {
return client.getClientDescription();
}
/**
* @param clientDescription
* @see org.mitre.oauth2.model.ClientDetailsEntity#setClientDescription(java.lang.String)
*/
public void setClientDescription(String clientDescription) {
client.setClientDescription(clientDescription);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowRefresh()
*/
public boolean isAllowRefresh() {
return client.isAllowRefresh();
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#isReuseRefreshToken()
*/
public boolean isReuseRefreshToken() {
return client.isReuseRefreshToken();
}
/**
* @param reuseRefreshToken
* @see org.mitre.oauth2.model.ClientDetailsEntity#setReuseRefreshToken(boolean)
*/
public void setReuseRefreshToken(boolean reuseRefreshToken) {
client.setReuseRefreshToken(reuseRefreshToken);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenValiditySeconds()
*/
public Integer getIdTokenValiditySeconds() {
return client.getIdTokenValiditySeconds();
}
/**
* @param idTokenValiditySeconds
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenValiditySeconds(java.lang.Integer)
*/
public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) {
client.setIdTokenValiditySeconds(idTokenValiditySeconds);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#isDynamicallyRegistered()
*/
public boolean isDynamicallyRegistered() {
return client.isDynamicallyRegistered();
}
/**
* @param dynamicallyRegistered
* @see org.mitre.oauth2.model.ClientDetailsEntity#setDynamicallyRegistered(boolean)
*/
public void setDynamicallyRegistered(boolean dynamicallyRegistered) {
client.setDynamicallyRegistered(dynamicallyRegistered);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowIntrospection()
*/
public boolean isAllowIntrospection() {
return client.isAllowIntrospection();
}
/**
* @param allowIntrospection
* @see org.mitre.oauth2.model.ClientDetailsEntity#setAllowIntrospection(boolean)
*/
public void setAllowIntrospection(boolean allowIntrospection) {
client.setAllowIntrospection(allowIntrospection);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#isSecretRequired()
*/
public boolean isSecretRequired() {
return client.isSecretRequired();
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#isScoped()
*/
public boolean isScoped() {
return client.isScoped();
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getClientId()
*/
public String getClientId() {
return client.getClientId();
}
/**
* @param clientId
* @see org.mitre.oauth2.model.ClientDetailsEntity#setClientId(java.lang.String)
*/
public void setClientId(String clientId) {
client.setClientId(clientId);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getClientSecret()
*/
public String getClientSecret() {
return client.getClientSecret();
}
/**
* @param clientSecret
* @see org.mitre.oauth2.model.ClientDetailsEntity#setClientSecret(java.lang.String)
*/
public void setClientSecret(String clientSecret) {
client.setClientSecret(clientSecret);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getScope()
*/
public Set<String> getScope() {
return client.getScope();
}
/**
* @param scope
* @see org.mitre.oauth2.model.ClientDetailsEntity#setScope(java.util.Set)
*/
public void setScope(Set<String> scope) {
client.setScope(scope);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getGrantTypes()
*/
public Set<String> getGrantTypes() {
return client.getGrantTypes();
}
/**
* @param grantTypes
* @see org.mitre.oauth2.model.ClientDetailsEntity#setGrantTypes(java.util.Set)
*/
public void setGrantTypes(Set<String> grantTypes) {
client.setGrantTypes(grantTypes);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorizedGrantTypes()
*/
public Set<String> getAuthorizedGrantTypes() {
return client.getAuthorizedGrantTypes();
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorities()
*/
public Set<GrantedAuthority> getAuthorities() {
return client.getAuthorities();
}
/**
* @param authorities
* @see org.mitre.oauth2.model.ClientDetailsEntity#setAuthorities(java.util.Set)
*/
public void setAuthorities(Set<GrantedAuthority> authorities) {
client.setAuthorities(authorities);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getAccessTokenValiditySeconds()
*/
public Integer getAccessTokenValiditySeconds() {
return client.getAccessTokenValiditySeconds();
}
/**
* @param accessTokenValiditySeconds
* @see org.mitre.oauth2.model.ClientDetailsEntity#setAccessTokenValiditySeconds(java.lang.Integer)
*/
public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
client.setAccessTokenValiditySeconds(accessTokenValiditySeconds);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRefreshTokenValiditySeconds()
*/
public Integer getRefreshTokenValiditySeconds() {
return client.getRefreshTokenValiditySeconds();
}
/**
* @param refreshTokenValiditySeconds
* @see org.mitre.oauth2.model.ClientDetailsEntity#setRefreshTokenValiditySeconds(java.lang.Integer)
*/
public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
client.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRedirectUris()
*/
public Set<String> getRedirectUris() {
return client.getRedirectUris();
}
/**
* @param redirectUris
* @see org.mitre.oauth2.model.ClientDetailsEntity#setRedirectUris(java.util.Set)
*/
public void setRedirectUris(Set<String> redirectUris) {
client.setRedirectUris(redirectUris);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRegisteredRedirectUri()
*/
public Set<String> getRegisteredRedirectUri() {
return client.getRegisteredRedirectUri();
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getResourceIds()
*/
public Set<String> getResourceIds() {
return client.getResourceIds();
}
/**
* @param resourceIds
* @see org.mitre.oauth2.model.ClientDetailsEntity#setResourceIds(java.util.Set)
*/
public void setResourceIds(Set<String> resourceIds) {
client.setResourceIds(resourceIds);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getAdditionalInformation()
*/
public Map<String, Object> getAdditionalInformation() {
return client.getAdditionalInformation();
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getApplicationType()
*/
public AppType getApplicationType() {
return client.getApplicationType();
}
/**
* @param applicationType
* @see org.mitre.oauth2.model.ClientDetailsEntity#setApplicationType(org.mitre.oauth2.model.ClientDetailsEntity.AppType)
*/
public void setApplicationType(AppType applicationType) {
client.setApplicationType(applicationType);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getClientName()
*/
public String getClientName() {
return client.getClientName();
}
/**
* @param clientName
* @see org.mitre.oauth2.model.ClientDetailsEntity#setClientName(java.lang.String)
*/
public void setClientName(String clientName) {
client.setClientName(clientName);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthMethod()
*/
public AuthMethod getTokenEndpointAuthMethod() {
return client.getTokenEndpointAuthMethod();
}
/**
* @param tokenEndpointAuthMethod
* @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthMethod(org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod)
*/
public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) {
client.setTokenEndpointAuthMethod(tokenEndpointAuthMethod);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getSubjectType()
*/
public SubjectType getSubjectType() {
return client.getSubjectType();
}
/**
* @param subjectType
* @see org.mitre.oauth2.model.ClientDetailsEntity#setSubjectType(org.mitre.oauth2.model.ClientDetailsEntity.SubjectType)
*/
public void setSubjectType(SubjectType subjectType) {
client.setSubjectType(subjectType);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getContacts()
*/
public Set<String> getContacts() {
return client.getContacts();
}
/**
* @param contacts
* @see org.mitre.oauth2.model.ClientDetailsEntity#setContacts(java.util.Set)
*/
public void setContacts(Set<String> contacts) {
client.setContacts(contacts);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getLogoUri()
*/
public String getLogoUri() {
return client.getLogoUri();
}
/**
* @param logoUri
* @see org.mitre.oauth2.model.ClientDetailsEntity#setLogoUri(java.lang.String)
*/
public void setLogoUri(String logoUri) {
client.setLogoUri(logoUri);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getPolicyUri()
*/
public String getPolicyUri() {
return client.getPolicyUri();
}
/**
* @param policyUri
* @see org.mitre.oauth2.model.ClientDetailsEntity#setPolicyUri(java.lang.String)
*/
public void setPolicyUri(String policyUri) {
client.setPolicyUri(policyUri);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getClientUri()
*/
public String getClientUri() {
return client.getClientUri();
}
/**
* @param clientUri
* @see org.mitre.oauth2.model.ClientDetailsEntity#setClientUri(java.lang.String)
*/
public void setClientUri(String clientUri) {
client.setClientUri(clientUri);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getTosUri()
*/
public String getTosUri() {
return client.getTosUri();
}
/**
* @param tosUri
* @see org.mitre.oauth2.model.ClientDetailsEntity#setTosUri(java.lang.String)
*/
public void setTosUri(String tosUri) {
client.setTosUri(tosUri);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getJwksUri()
*/
public String getJwksUri() {
return client.getJwksUri();
}
/**
* @param jwksUri
* @see org.mitre.oauth2.model.ClientDetailsEntity#setJwksUri(java.lang.String)
*/
public void setJwksUri(String jwksUri) {
client.setJwksUri(jwksUri);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getJwks()
*/
public JWKSet getJwks() {
return client.getJwks();
}
/**
* @param jwks
* @see org.mitre.oauth2.model.ClientDetailsEntity#setJwks(com.nimbusds.jose.jwk.JWKSet)
*/
public void setJwks(JWKSet jwks) {
client.setJwks(jwks);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getSectorIdentifierUri()
*/
public String getSectorIdentifierUri() {
return client.getSectorIdentifierUri();
}
/**
* @param sectorIdentifierUri
* @see org.mitre.oauth2.model.ClientDetailsEntity#setSectorIdentifierUri(java.lang.String)
*/
public void setSectorIdentifierUri(String sectorIdentifierUri) {
client.setSectorIdentifierUri(sectorIdentifierUri);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultMaxAge()
*/
public Integer getDefaultMaxAge() {
return client.getDefaultMaxAge();
}
/**
* @param defaultMaxAge
* @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultMaxAge(java.lang.Integer)
*/
public void setDefaultMaxAge(Integer defaultMaxAge) {
client.setDefaultMaxAge(defaultMaxAge);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRequireAuthTime()
*/
public Boolean getRequireAuthTime() {
return client.getRequireAuthTime();
}
/**
* @param requireAuthTime
* @see org.mitre.oauth2.model.ClientDetailsEntity#setRequireAuthTime(java.lang.Boolean)
*/
public void setRequireAuthTime(Boolean requireAuthTime) {
client.setRequireAuthTime(requireAuthTime);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getResponseTypes()
*/
public Set<String> getResponseTypes() {
return client.getResponseTypes();
}
/**
* @param responseTypes
* @see org.mitre.oauth2.model.ClientDetailsEntity#setResponseTypes(java.util.Set)
*/
public void setResponseTypes(Set<String> responseTypes) {
client.setResponseTypes(responseTypes);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultACRvalues()
*/
public Set<String> getDefaultACRvalues() {
return client.getDefaultACRvalues();
}
/**
* @param defaultACRvalues
* @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultACRvalues(java.util.Set)
*/
public void setDefaultACRvalues(Set<String> defaultACRvalues) {
client.setDefaultACRvalues(defaultACRvalues);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getInitiateLoginUri()
*/
public String getInitiateLoginUri() {
return client.getInitiateLoginUri();
}
/**
* @param initiateLoginUri
* @see org.mitre.oauth2.model.ClientDetailsEntity#setInitiateLoginUri(java.lang.String)
*/
public void setInitiateLoginUri(String initiateLoginUri) {
client.setInitiateLoginUri(initiateLoginUri);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUris()
*/
public Set<String> getPostLogoutRedirectUris() {
return client.getPostLogoutRedirectUris();
}
/**
* @param postLogoutRedirectUri
* @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUris(java.lang.String)
*/
public void setPostLogoutRedirectUris(Set<String> postLogoutRedirectUri) {
client.setPostLogoutRedirectUris(postLogoutRedirectUri);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestUris()
*/
public Set<String> getRequestUris() {
return client.getRequestUris();
}
/**
* @param requestUris
* @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestUris(java.util.Set)
*/
public void setRequestUris(Set<String> requestUris) {
client.setRequestUris(requestUris);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg()
*/
public JWSAlgorithm getRequestObjectSigningAlg() {
return client.getRequestObjectSigningAlg();
}
/**
* @param requestObjectSigningAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlg(com.nimbusds.jose.JWSAlgorithm)
*/
public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
client.setRequestObjectSigningAlg(requestObjectSigningAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlg()
*/
public JWSAlgorithm getUserInfoSignedResponseAlg() {
return client.getUserInfoSignedResponseAlg();
}
/**
* @param userInfoSignedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm)
*/
public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlg()
*/
public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
return client.getUserInfoEncryptedResponseAlg();
}
/**
* @param userInfoEncryptedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm)
*/
public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEnc()
*/
public EncryptionMethod getUserInfoEncryptedResponseEnc() {
return client.getUserInfoEncryptedResponseEnc();
}
/**
* @param userInfoEncryptedResponseEnc
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod)
*/
public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlg()
*/
public JWSAlgorithm getIdTokenSignedResponseAlg() {
return client.getIdTokenSignedResponseAlg();
}
/**
* @param idTokenSignedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm)
*/
public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlg()
*/
public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
return client.getIdTokenEncryptedResponseAlg();
}
/**
* @param idTokenEncryptedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm)
*/
public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEnc()
*/
public EncryptionMethod getIdTokenEncryptedResponseEnc() {
return client.getIdTokenEncryptedResponseEnc();
}
/**
* @param idTokenEncryptedResponseEnc
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod)
*/
public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg()
*/
public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
return client.getTokenEndpointAuthSigningAlg();
}
/**
* @param tokenEndpointAuthSigningAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlg(com.nimbusds.jose.JWSAlgorithm)
*/
public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
client.setTokenEndpointAuthSigningAlg(tokenEndpointAuthSigningAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getCreatedAt()
*/
public Date getCreatedAt() {
return client.getCreatedAt();
}
/**
* @param createdAt
* @see org.mitre.oauth2.model.ClientDetailsEntity#setCreatedAt(java.util.Date)
*/
public void setCreatedAt(Date createdAt) {
client.setCreatedAt(createdAt);
}
/**
* @return the registrationAccessToken
*/
public String getRegistrationAccessToken() {
return registrationAccessToken;
}
/**
* @param registrationAccessToken the registrationAccessToken to set
*/
public void setRegistrationAccessToken(String registrationAccessToken) {
this.registrationAccessToken = registrationAccessToken;
}
/**
* @return the registrationClientUri
*/
public String getRegistrationClientUri() {
return registrationClientUri;
}
/**
* @param registrationClientUri the registrationClientUri to set
*/
public void setRegistrationClientUri(String registrationClientUri) {
this.registrationClientUri = registrationClientUri;
}
/**
* @return the clientSecretExpiresAt
*/
public Date getClientSecretExpiresAt() {
return clientSecretExpiresAt;
}
/**
* @param clientSecretExpiresAt the clientSecretExpiresAt to set
*/
public void setClientSecretExpiresAt(Date expiresAt) {
this.clientSecretExpiresAt = expiresAt;
}
/**
* @return the clientIdIssuedAt
*/
public Date getClientIdIssuedAt() {
return clientIdIssuedAt;
}
/**
* @param clientIdIssuedAt the clientIdIssuedAt to set
*/
public void setClientIdIssuedAt(Date issuedAt) {
this.clientIdIssuedAt = issuedAt;
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getClaimsRedirectUris()
*/
public Set<String> getClaimsRedirectUris() {
return client.getClaimsRedirectUris();
}
/**
* @param claimsRedirectUris
* @see org.mitre.oauth2.model.ClientDetailsEntity#setClaimsRedirectUris(java.util.Set)
*/
public void setClaimsRedirectUris(Set<String> claimsRedirectUris) {
client.setClaimsRedirectUris(claimsRedirectUris);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getSoftwareStatement()
*/
public JWT getSoftwareStatement() {
return client.getSoftwareStatement();
}
/**
* @param softwareStatement
* @see org.mitre.oauth2.model.ClientDetailsEntity#setSoftwareStatement(com.nimbusds.jwt.JWT)
*/
public void setSoftwareStatement(JWT softwareStatement) {
client.setSoftwareStatement(softwareStatement);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getCodeChallengeMethod()
*/
public PKCEAlgorithm getCodeChallengeMethod() {
return client.getCodeChallengeMethod();
}
/**
* @param codeChallengeMethod
* @see org.mitre.oauth2.model.ClientDetailsEntity#setCodeChallengeMethod(org.mitre.oauth2.model.PKCEAlgorithm)
*/
public void setCodeChallengeMethod(PKCEAlgorithm codeChallengeMethod) {
client.setCodeChallengeMethod(codeChallengeMethod);
}
/**
* @return the src
*/
public JsonObject getSource() {
return src;
}
/**
* @param src the src to set
*/
public void setSource(JsonObject src) {
this.src = src;
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getDeviceCodeValiditySeconds()
*/
public Integer getDeviceCodeValiditySeconds() {
return client.getDeviceCodeValiditySeconds();
}
/**
* @param deviceCodeValiditySeconds
* @see org.mitre.oauth2.model.ClientDetailsEntity#setDeviceCodeValiditySeconds(java.lang.Integer)
*/
public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) {
client.setDeviceCodeValiditySeconds(deviceCodeValiditySeconds);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getSoftwareId()
*/
public String getSoftwareId() {
return client.getSoftwareId();
}
/**
* @param softwareId
* @see org.mitre.oauth2.model.ClientDetailsEntity#setSoftwareId(java.lang.String)
*/
public void setSoftwareId(String softwareId) {
client.setSoftwareId(softwareId);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getSoftwareVersion()
*/
public String getSoftwareVersion() {
return client.getSoftwareVersion();
}
/**
* @param softwareVersion
* @see org.mitre.oauth2.model.ClientDetailsEntity#setSoftwareVersion(java.lang.String)
*/
public void setSoftwareVersion(String softwareVersion) {
client.setSoftwareVersion(softwareVersion);
}
}

86
openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClientFields.java
View File

@ -16,46 +16,48 @@
package org.mitre.oauth2.model;
public interface RegisteredClientFields {
public String SOFTWARE_ID = "software_id";
public String SOFTWARE_VERSION = "software_version";
public String SOFTWARE_STATEMENT = "software_statement";
public String CLAIMS_REDIRECT_URIS = "claims_redirect_uris";
public String CLIENT_SECRET_EXPIRES_AT = "client_secret_expires_at";
public String CLIENT_ID_ISSUED_AT = "client_id_issued_at";
public String REGISTRATION_CLIENT_URI = "registration_client_uri";
public String REGISTRATION_ACCESS_TOKEN = "registration_access_token";
public String REQUEST_URIS = "request_uris";
public String POST_LOGOUT_REDIRECT_URIS = "post_logout_redirect_uris";
public String INITIATE_LOGIN_URI = "initiate_login_uri";
public String DEFAULT_ACR_VALUES = "default_acr_values";
public String REQUIRE_AUTH_TIME = "require_auth_time";
public String DEFAULT_MAX_AGE = "default_max_age";
public String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "token_endpoint_auth_signing_alg";
public String ID_TOKEN_ENCRYPTED_RESPONSE_ENC = "id_token_encrypted_response_enc";
public String ID_TOKEN_ENCRYPTED_RESPONSE_ALG = "id_token_encrypted_response_alg";
public String ID_TOKEN_SIGNED_RESPONSE_ALG = "id_token_signed_response_alg";
public String USERINFO_ENCRYPTED_RESPONSE_ENC = "userinfo_encrypted_response_enc";
public String USERINFO_ENCRYPTED_RESPONSE_ALG = "userinfo_encrypted_response_alg";
public String USERINFO_SIGNED_RESPONSE_ALG = "userinfo_signed_response_alg";
public String REQUEST_OBJECT_SIGNING_ALG = "request_object_signing_alg";
public String SUBJECT_TYPE = "subject_type";
public String SECTOR_IDENTIFIER_URI = "sector_identifier_uri";
public String APPLICATION_TYPE = "application_type";
public String JWKS_URI = "jwks_uri";
public String JWKS = "jwks";
public String SCOPE_SEPARATOR = " ";
public String POLICY_URI = "policy_uri";
public String RESPONSE_TYPES = "response_types";
public String GRANT_TYPES = "grant_types";
public String SCOPE = "scope";
public String TOKEN_ENDPOINT_AUTH_METHOD = "token_endpoint_auth_method";
public String TOS_URI = "tos_uri";
public String CONTACTS = "contacts";
public String LOGO_URI = "logo_uri";
public String CLIENT_URI = "client_uri";
public String CLIENT_NAME = "client_name";
public String REDIRECT_URIS = "redirect_uris";
public String CLIENT_SECRET = "client_secret";
public String CLIENT_ID = "client_id";
public String CODE_CHALLENGE_METHOD = "code_challenge_method";
String SOFTWARE_ID = "software_id";
String SOFTWARE_VERSION = "software_version";
String SOFTWARE_STATEMENT = "software_statement";
String CLAIMS_REDIRECT_URIS = "claims_redirect_uris";
String CLIENT_SECRET_EXPIRES_AT = "client_secret_expires_at";
String CLIENT_ID_ISSUED_AT = "client_id_issued_at";
String REGISTRATION_CLIENT_URI = "registration_client_uri";
String REGISTRATION_ACCESS_TOKEN = "registration_access_token";
String REQUEST_URIS = "request_uris";
String POST_LOGOUT_REDIRECT_URIS = "post_logout_redirect_uris";
String INITIATE_LOGIN_URI = "initiate_login_uri";
String DEFAULT_ACR_VALUES = "default_acr_values";
String REQUIRE_AUTH_TIME = "require_auth_time";
String DEFAULT_MAX_AGE = "default_max_age";
String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "token_endpoint_auth_signing_alg";
String ID_TOKEN_ENCRYPTED_RESPONSE_ENC = "id_token_encrypted_response_enc";
String ID_TOKEN_ENCRYPTED_RESPONSE_ALG = "id_token_encrypted_response_alg";
String ID_TOKEN_SIGNED_RESPONSE_ALG = "id_token_signed_response_alg";
String USERINFO_ENCRYPTED_RESPONSE_ENC = "userinfo_encrypted_response_enc";
String USERINFO_ENCRYPTED_RESPONSE_ALG = "userinfo_encrypted_response_alg";
String USERINFO_SIGNED_RESPONSE_ALG = "userinfo_signed_response_alg";
String REQUEST_OBJECT_SIGNING_ALG = "request_object_signing_alg";
String SUBJECT_TYPE = "subject_type";
String SECTOR_IDENTIFIER_URI = "sector_identifier_uri";
String APPLICATION_TYPE = "application_type";
String JWKS_URI = "jwks_uri";
String JWKS = "jwks";
String SCOPE_SEPARATOR = " ";
String POLICY_URI = "policy_uri";
String RESPONSE_TYPES = "response_types";
String GRANT_TYPES = "grant_types";
String SCOPE = "scope";
String TOKEN_ENDPOINT_AUTH_METHOD = "token_endpoint_auth_method";
String TOS_URI = "tos_uri";
String CONTACTS = "contacts";
String LOGO_URI = "logo_uri";
String CLIENT_URI = "client_uri";
String CLIENT_NAME = "client_name";
String REDIRECT_URIS = "redirect_uris";
String CLIENT_SECRET = "client_secret";
String CLIENT_ID = "client_id";
String CODE_CHALLENGE_METHOD = "code_challenge_method";
}

39
openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java
View File

@ -41,7 +41,6 @@ import org.springframework.security.core.GrantedAuthority;
* This class stands in for an original Authentication object.
*
* @author jricher
*
*/
@Entity
@Table(name="saved_user_auth")
@ -50,18 +49,11 @@ public class SavedUserAuthentication implements Authentication {
private static final long serialVersionUID = -1804249963940323488L;
private Long id;
private String name;
private Collection<GrantedAuthority> authorities;
private boolean authenticated;
private String sourceClass;
/**
* Create a Saved Auth from an existing Auth token
*/
public SavedUserAuthentication(Authentication src) {
setName(src.getName());
setAuthorities(new HashSet<>(src.getAuthorities()));
@ -75,16 +67,8 @@ public class SavedUserAuthentication implements Authentication {
}
}
/**
* Create an empty saved auth
*/
public SavedUserAuthentication() {
public SavedUserAuthentication() { }
}
/**
* @return the id
*/
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@ -92,9 +76,6 @@ public class SavedUserAuthentication implements Authentication {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
@ -108,10 +89,7 @@ public class SavedUserAuthentication implements Authentication {
@Override
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name="saved_user_auth_authority",
joinColumns=@JoinColumn(name="owner_id")
)
@CollectionTable(name="saved_user_auth_authority", joinColumns=@JoinColumn(name="owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name="authority")
public Collection<GrantedAuthority> getAuthorities() {
@ -148,35 +126,22 @@ public class SavedUserAuthentication implements Authentication {
this.authenticated = isAuthenticated;
}
/**
* @return the sourceClass
*/
@Basic
@Column(name="source_class")
public String getSourceClass() {
return sourceClass;
}
/**
* @param sourceClass the sourceClass to set
*/
public void setSourceClass(String sourceClass) {
this.sourceClass = sourceClass;
}
/**
* @param name the name to set
*/
public void setName(String name) {
this.name = name;
}
/**
* @param authorities the authorities to set
*/
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
}

73
openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
View File

@ -32,7 +32,6 @@ import javax.persistence.Table;
/**
* @author jricher
*
*/
@Entity
@Table(name = "system_scope")
@ -54,114 +53,73 @@ public class SystemScope {
private boolean defaultScope = false; // is this a default scope for newly-registered clients?
private boolean restricted = false; // is this scope restricted to admin-only registration access?
/**
* Make a blank system scope with no value
*/
public SystemScope() {
public SystemScope() { }
}
/**
* Make a system scope with the given scope value
* @param value
*/
public SystemScope(String value) {
this.value = value;
}
/**
* @return the id
*/
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* @return the value
*/
@Basic
@Column(name = "scope")
public String getValue() {
return value;
}
/**
* @param value the value to set
*/
public void setValue(String value) {
this.value = value;
}
/**
* @return the description
*/
@Basic
@Column(name = "description")
public String getDescription() {
return description;
}
/**
* @param description the description to set
*/
public void setDescription(String description) {
this.description = description;
}
/**
* @return the icon
*/
@Basic
@Column(name = "icon")
public String getIcon() {
return icon;
}
/**
* @param icon the icon to set
*/
public void setIcon(String icon) {
this.icon = icon;
}
/**
* @return the defaultScope
*/
@Basic
@Column(name = "default_scope")
public boolean isDefaultScope() {
return defaultScope;
}
/**
* @param defaultScope the defaultScope to set
*/
public void setDefaultScope(boolean defaultScope) {
this.defaultScope = defaultScope;
}
/**
* @return the restricted
*/
@Basic
@Column(name = "restricted")
public boolean isRestricted() {
return restricted;
}
/**
* @param restricted the restricted to set
*/
public void setRestricted(boolean restricted) {
this.restricted = restricted;
}
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode() {
final int prime = 31;
@ -176,9 +134,6 @@ public class SystemScope {
return result;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj) {
if (this == obj) {
@ -219,18 +174,12 @@ public class SystemScope {
return false;
}
if (value == null) {
if (other.value != null) {
return false;
}
} else if (!value.equals(other.value)) {
return false;
return other.value == null;
} else {
return value.equals(other.value);
}
return true;
}
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
return "SystemScope [id=" + id + ", value=" + value + ", description="

18
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java
View File

@ -26,22 +26,12 @@ public class JWEAlgorithmStringConverter implements AttributeConverter<JWEAlgori
@Override
public String convertToDatabaseColumn(JWEAlgorithm attribute) {
if (attribute != null) {
return attribute.getName();
} else {
return null;
}
return attribute != null ? attribute.getName() : null;
}
/* (non-Javadoc)
* @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
*/
@Override
public JWEAlgorithm convertToEntityAttribute(String dbData) {
if (dbData != null) {
return JWEAlgorithm.parse(dbData);
} else {
return null;
}
return dbData != null ? JWEAlgorithm.parse(dbData) : null;
}
}
}

18
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEEncryptionMethodStringConverter.java
View File

@ -26,22 +26,12 @@ public class JWEEncryptionMethodStringConverter implements AttributeConverter<En
@Override
public String convertToDatabaseColumn(EncryptionMethod attribute) {
if (attribute != null) {
return attribute.getName();
} else {
return null;
}
return attribute != null ? attribute.getName() : null;
}
/* (non-Javadoc)
* @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
*/
@Override
public EncryptionMethod convertToEntityAttribute(String dbData) {
if (dbData != null) {
return EncryptionMethod.parse(dbData);
} else {
return null;
}
return dbData != null ? EncryptionMethod.parse(dbData) : null;
}
}
}

14
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java
View File

@ -28,7 +28,6 @@ import com.nimbusds.jose.jwk.JWKSet;
/**
* @author jricher
*
*/
@Converter
public class JWKSetStringConverter implements AttributeConverter<JWKSet, String> {
@ -37,22 +36,14 @@ public class JWKSetStringConverter implements AttributeConverter<JWKSet, String>
@Override
public String convertToDatabaseColumn(JWKSet attribute) {
if (attribute != null) {
return attribute.toString();
} else {
return null;
}
return attribute != null ? attribute.toString() : null;
}
/* (non-Javadoc)
* @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
*/
@Override
public JWKSet convertToEntityAttribute(String dbData) {
if (dbData != null) {
try {
JWKSet jwks = JWKSet.parse(dbData);
return jwks;
return JWKSet.parse(dbData);
} catch (ParseException e) {
logger.error("Unable to parse JWK Set", e);
return null;
@ -60,7 +51,6 @@ public class JWKSetStringConverter implements AttributeConverter<JWKSet, String>
} else {
return null;
}
}
}

18
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java
View File

@ -26,22 +26,12 @@ public class JWSAlgorithmStringConverter implements AttributeConverter<JWSAlgori
@Override
public String convertToDatabaseColumn(JWSAlgorithm attribute) {
if (attribute != null) {
return attribute.getName();
} else {
return null;
}
return attribute != null ? attribute.getName() : null;
}
/* (non-Javadoc)
* @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
*/
@Override
public JWSAlgorithm convertToEntityAttribute(String dbData) {
if (dbData != null) {
return JWSAlgorithm.parse(dbData);
} else {
return null;
}
return dbData != null ? JWSAlgorithm.parse(dbData) : null;
}
}
}

13
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java
View File

@ -29,7 +29,6 @@ import com.nimbusds.jwt.JWTParser;
/**
* @author jricher
*
*/
@Converter
public class JWTStringConverter implements AttributeConverter<JWT, String> {
@ -38,22 +37,14 @@ public class JWTStringConverter implements AttributeConverter<JWT, String> {
@Override
public String convertToDatabaseColumn(JWT attribute) {
if (attribute != null) {
return attribute.serialize();
} else {
return null;
}
return attribute != null ? attribute.serialize() : null;
}
/* (non-Javadoc)
* @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
*/
@Override
public JWT convertToEntityAttribute(String dbData) {
if (dbData != null) {
try {
JWT jwt = JWTParser.parse(dbData);
return jwt;
return JWTParser.parse(dbData);
} catch (ParseException e) {
logger.error("Unable to parse JWT", e);
return null;

18
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java
View File

@ -19,13 +19,12 @@ package org.mitre.oauth2.model.convert;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
import com.google.common.base.Strings;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import org.springframework.util.StringUtils;
/**
* @author jricher
*
*/
@Converter
public class JsonElementStringConverter implements AttributeConverter<JsonElement, String> {
@ -34,23 +33,12 @@ public class JsonElementStringConverter implements AttributeConverter<JsonElemen
@Override
public String convertToDatabaseColumn(JsonElement attribute) {
if (attribute != null) {
return attribute.toString();
} else {
return null;
}
return attribute != null ? attribute.toString() : null;
}
/* (non-Javadoc)
* @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
*/
@Override
public JsonElement convertToEntityAttribute(String dbData) {
if (!Strings.isNullOrEmpty(dbData)) {
return parser.parse(dbData);
} else {
return null;
}
return !StringUtils.isEmpty(dbData) ? parser.parse(dbData) : null;
}
}

15
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/PKCEAlgorithmStringConverter.java
View File

@ -30,23 +30,12 @@ public class PKCEAlgorithmStringConverter implements AttributeConverter<PKCEAlgo
@Override
public String convertToDatabaseColumn(PKCEAlgorithm attribute) {
if (attribute != null) {
return attribute.getName();
} else {
return null;
}
return attribute != null ? attribute.getName() : null;
}
/* (non-Javadoc)
* @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
*/
@Override
public PKCEAlgorithm convertToEntityAttribute(String dbData) {
if (dbData != null) {
return PKCEAlgorithm.parse(dbData);
} else {
return null;
}
return dbData != null ? PKCEAlgorithm.parse(dbData) : null;
}
}

3
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java
View File

@ -33,7 +33,6 @@ import org.slf4j.LoggerFactory;
* This class does allow some extension data to be lost.
*
* @author jricher
*
*/
@Converter
public class SerializableStringConverter implements AttributeConverter<Serializable, String> {
@ -51,7 +50,7 @@ public class SerializableStringConverter implements AttributeConverter<Serializa
} else if (attribute instanceof Date) {
return Long.toString(((Date)attribute).getTime());
} else {
logger.warn("Dropping data from request: " + attribute + " :: " + attribute.getClass());
logger.warn("Dropping data from request: {} :: {}", attribute, attribute.getClass());
return null;
}
}

13
openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java
View File

@ -23,27 +23,18 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
/**
* @author jricher
*
*/
@Converter
public class SimpleGrantedAuthorityStringConverter implements AttributeConverter<SimpleGrantedAuthority, String> {
@Override
public String convertToDatabaseColumn(SimpleGrantedAuthority attribute) {
if (attribute != null) {
return attribute.getAuthority();
} else {
return null;
}
return attribute != null ? attribute.getAuthority() : null;
}
@Override
public SimpleGrantedAuthority convertToEntityAttribute(String dbData) {
if (dbData != null) {
return new SimpleGrantedAuthority(dbData);
} else {
return null;
}
return dbData != null ? new SimpleGrantedAuthority(dbData) : null;
}
}

14
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
View File

@ -23,15 +23,17 @@ import org.mitre.data.PageCriteria;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
public interface AuthenticationHolderRepository {
public List<AuthenticationHolderEntity> getAll();
public AuthenticationHolderEntity getById(Long id);
List<AuthenticationHolderEntity> getAll();
public void remove(AuthenticationHolderEntity a);
AuthenticationHolderEntity getById(Long id);
public AuthenticationHolderEntity save(AuthenticationHolderEntity a);
void remove(AuthenticationHolderEntity a);
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders();
AuthenticationHolderEntity save(AuthenticationHolderEntity a);
List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders();
List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
}

11
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
View File

@ -26,7 +26,6 @@ import org.mitre.oauth2.model.AuthorizationCodeEntity;
* Interface for saving and consuming OAuth2 authorization codes as AuthorizationCodeEntitys.
*
* @author aanganes
*
*/
public interface AuthorizationCodeRepository {
@ -36,7 +35,7 @@ public interface AuthorizationCodeRepository {
* @param authorizationCode the AuthorizationCodeEntity to save
* @return the saved AuthorizationCodeEntity
*/
public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode);
AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode);
/**
* Get an authorization code from the repository by value.
@ -44,24 +43,24 @@ public interface AuthorizationCodeRepository {
* @param code the authorization code value
* @return the authentication associated with the code
*/
public AuthorizationCodeEntity getByCode(String code);
AuthorizationCodeEntity getByCode(String code);
/**
* Remove an authorization code from the repository
*
* @param authorizationCodeEntity
*/
public void remove(AuthorizationCodeEntity authorizationCodeEntity);
void remove(AuthorizationCodeEntity authorizationCodeEntity);
/**
* @return A collection of all expired codes.
*/
public Collection<AuthorizationCodeEntity> getExpiredCodes();
Collection<AuthorizationCodeEntity> getExpiredCodes();
/**
* @return A collection of all expired codes, limited by the given
* PageCriteria.
*/
public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
}

13
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java
View File

@ -23,17 +23,16 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
public interface OAuth2ClientRepository {
public ClientDetailsEntity getById(Long id);
ClientDetailsEntity getById(Long id);
public ClientDetailsEntity getClientByClientId(String clientId);
ClientDetailsEntity getClientByClientId(String clientId);
public ClientDetailsEntity saveClient(ClientDetailsEntity client);
ClientDetailsEntity saveClient(ClientDetailsEntity client);
public void deleteClient(ClientDetailsEntity client);
void deleteClient(ClientDetailsEntity client);
public ClientDetailsEntity updateClient(Long id, ClientDetailsEntity client);
public Collection<ClientDetailsEntity> getAllClients();
ClientDetailsEntity updateClient(Long id, ClientDetailsEntity client);
Collection<ClientDetailsEntity> getAllClients();
}

50
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
View File

@ -29,47 +29,47 @@ import org.mitre.uma.model.ResourceSet;
public interface OAuth2TokenRepository {
public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity token);
OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity token);
public OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue);
OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue);
public OAuth2RefreshTokenEntity getRefreshTokenById(Long Id);
OAuth2RefreshTokenEntity getRefreshTokenById(Long Id);
public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken);
void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken);
public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken);
void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken);
public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken);
OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken);
public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue);
OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue);
public OAuth2AccessTokenEntity getAccessTokenById(Long id);
OAuth2AccessTokenEntity getAccessTokenById(Long id);
public void removeAccessToken(OAuth2AccessTokenEntity accessToken);
void removeAccessToken(OAuth2AccessTokenEntity accessToken);
public void clearTokensForClient(ClientDetailsEntity client);
void clearTokensForClient(ClientDetailsEntity client);
public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client);
List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client);
public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client);
List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client);
public Set<OAuth2AccessTokenEntity> getAccessTokensByUserName(String name);
Set<OAuth2AccessTokenEntity> getAccessTokensByUserName(String name);
public Set<OAuth2RefreshTokenEntity> getRefreshTokensByUserName(String name);
Set<OAuth2RefreshTokenEntity> getRefreshTokensByUserName(String name);
public Set<OAuth2AccessTokenEntity> getAllAccessTokens();
Set<OAuth2AccessTokenEntity> getAllAccessTokens();
public Set<OAuth2RefreshTokenEntity> getAllRefreshTokens();
Set<OAuth2RefreshTokenEntity> getAllRefreshTokens();
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens();
Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens();
public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens();
Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens();
public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
/**
* removes duplicate access tokens.
@ -78,10 +78,9 @@ public interface OAuth2TokenRepository {
* so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
* removeAccessToken method has been updated so as it will not fail in the event that an
* accessToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
public void clearDuplicateAccessTokens();
void clearDuplicateAccessTokens();
/**
* removes duplicate refresh tokens.
@ -90,11 +89,10 @@ public interface OAuth2TokenRepository {
* so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
* removeRefreshToken method has been updated so as it will not fail in the event that
* refreshToken has been duplicated, so this method is unnecessary.
*
*/
@Deprecated
public void clearDuplicateRefreshTokens();
void clearDuplicateRefreshTokens();
public List<OAuth2AccessTokenEntity> getAccessTokensForApprovedSite(ApprovedSite approvedSite);
List<OAuth2AccessTokenEntity> getAccessTokensForApprovedSite(ApprovedSite approvedSite);
}

11
openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java
View File

@ -26,18 +26,17 @@ import org.mitre.oauth2.model.SystemScope;
/**
* @author jricher
*
*/
public interface SystemScopeRepository {
public Set<SystemScope> getAll();
Set<SystemScope> getAll();
public SystemScope getById(Long id);
SystemScope getById(Long id);
public SystemScope getByValue(String value);
SystemScope getByValue(String value);
public void remove(SystemScope scope);
void remove(SystemScope scope);
public SystemScope save(SystemScope scope);
SystemScope save(SystemScope scope);
}

35
openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java
View File

@ -22,42 +22,19 @@ import org.mitre.oauth2.model.DeviceCode;
/**
* @author jricher
*
*/
public interface DeviceCodeRepository {
/**
* @param id
* @return
*/
public DeviceCode getById(Long id);
DeviceCode getById(Long id);
/**
* @param deviceCode
* @return
*/
public DeviceCode getByDeviceCode(String deviceCode);
DeviceCode getByDeviceCode(String deviceCode);
/**
* @param scope
*/
public void remove(DeviceCode scope);
void remove(DeviceCode scope);
/**
* @param scope
* @return
*/
public DeviceCode save(DeviceCode scope);
DeviceCode save(DeviceCode scope);
/**
* @param userCode
* @return
*/
public DeviceCode getByUserCode(String userCode);
DeviceCode getByUserCode(String userCode);
/**
* @return
*/
public Collection<DeviceCode> getExpiredCodes();
Collection<DeviceCode> getExpiredCodes();
}

41
openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java
View File

@ -27,47 +27,18 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
/**
* @author jricher
*
*/
public interface DeviceCodeService {
/**
* @param userCode
* @return
*/
public DeviceCode lookUpByUserCode(String userCode);
DeviceCode lookUpByUserCode(String userCode);
/**
* @param dc
* @param o2Auth
*/
public DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication o2Auth);
DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication o2Auth);
/**
* @param deviceCode
* @param client
* @return
*/
public DeviceCode findDeviceCode(String deviceCode, ClientDetails client);
DeviceCode findDeviceCode(String deviceCode, ClientDetails client);
void clearDeviceCode(String deviceCode, ClientDetails client);
/**
*
* @param deviceCode
* @param client
*/
public void clearDeviceCode(String deviceCode, ClientDetails client);
/**
* @param deviceCode
* @param userCode
* @param requestedScopes
* @param client
* @param parameters
* @return
*/
public DeviceCode createNewDeviceCode(Set<String> requestedScopes, ClientDetailsEntity client, Map<String, String> parameters) throws DeviceCodeCreationException;
DeviceCode createNewDeviceCode(Set<String> requestedScopes, ClientDetailsEntity client, Map<String, String> parameters) throws DeviceCodeCreationException;
public void clearExpiredDeviceCodes();
void clearExpiredDeviceCodes();
}

20
openid-connect-common/src/main/java/org/mitre/oauth2/service/IntrospectionResultAssembler.java
View File

@ -30,16 +30,16 @@ import org.mitre.openid.connect.model.UserInfo;
*/
public interface IntrospectionResultAssembler {
public String TOKEN_TYPE = "token_type";
public String CLIENT_ID = "client_id";
public String USER_ID = "user_id";
public String SUB = "sub";
public String EXP = "exp";
public String EXPIRES_AT = "expires_at";
public String SCOPE_SEPARATOR = " ";
public String SCOPE = "scope";
public String ACTIVE = "active";
public DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"));
String TOKEN_TYPE = "token_type";
String CLIENT_ID = "client_id";
String USER_ID = "user_id";
String SUB = "sub";
String EXP = "exp";
String EXPIRES_AT = "expires_at";
String SCOPE_SEPARATOR = " ";
String SCOPE = "scope";
String ACTIVE = "active";
DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"));
/**
* Assemble a token introspection result from the given access token and user info.

30
openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
View File

@ -30,34 +30,34 @@ import org.springframework.security.oauth2.provider.token.ResourceServerTokenSer
public interface OAuth2TokenEntityService extends AuthorizationServerTokenServices, ResourceServerTokenServices {
@Override
public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue);
OAuth2AccessTokenEntity readAccessToken(String accessTokenValue);
public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue);
OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue);
public void revokeRefreshToken(OAuth2RefreshTokenEntity refreshToken);
void revokeRefreshToken(OAuth2RefreshTokenEntity refreshToken);
public void revokeAccessToken(OAuth2AccessTokenEntity accessToken);
void revokeAccessToken(OAuth2AccessTokenEntity accessToken);
public List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client);
List<OAuth2AccessTokenEntity> getAccessTokensForClient(ClientDetailsEntity client);
public List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client);
List<OAuth2RefreshTokenEntity> getRefreshTokensForClient(ClientDetailsEntity client);
public void clearExpiredTokens();
void clearExpiredTokens();
public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken);
OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken);
public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken);
OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken);
@Override
public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication);
OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication);
public OAuth2AccessTokenEntity getAccessTokenById(Long id);
OAuth2AccessTokenEntity getAccessTokenById(Long id);
public OAuth2RefreshTokenEntity getRefreshTokenById(Long id);
OAuth2RefreshTokenEntity getRefreshTokenById(Long id);
public Set<OAuth2AccessTokenEntity> getAllAccessTokensForUser(String name);
Set<OAuth2AccessTokenEntity> getAllAccessTokensForUser(String name);
public Set<OAuth2RefreshTokenEntity> getAllRefreshTokensForUser(String name);
Set<OAuth2RefreshTokenEntity> getAllRefreshTokensForUser(String name);
public OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client);
OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client);
}

50
openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
View File

@ -20,6 +20,8 @@
*/
package org.mitre.oauth2.service;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.mitre.oauth2.model.SystemScope;
@ -28,30 +30,26 @@ import com.google.common.collect.Sets;
/**
* @author jricher
*
*/
public interface SystemScopeService {
public static final String OFFLINE_ACCESS = "offline_access";
public static final String OPENID_SCOPE = "openid";
public static final String REGISTRATION_TOKEN_SCOPE = "registration-token"; // this scope manages dynamic client registrations
public static final String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources
public static final String UMA_PROTECTION_SCOPE = "uma_protection";
public static final String UMA_AUTHORIZATION_SCOPE = "uma_authorization";
String OFFLINE_ACCESS = "offline_access";
String OPENID_SCOPE = "openid";
String REGISTRATION_TOKEN_SCOPE = "registration-token"; // this scope manages dynamic client registrations
String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources
String UMA_PROTECTION_SCOPE = "uma_protection";
String UMA_AUTHORIZATION_SCOPE = "uma_authorization";
public static final Set<SystemScope> reservedScopes =
Sets.newHashSet(
new SystemScope(REGISTRATION_TOKEN_SCOPE),
new SystemScope(RESOURCE_TOKEN_SCOPE)
);
Set<SystemScope> reservedScopes = new HashSet<>(
Arrays.asList(new SystemScope(REGISTRATION_TOKEN_SCOPE), new SystemScope(RESOURCE_TOKEN_SCOPE)));
public Set<SystemScope> getAll();
Set<SystemScope> getAll();
/**
* Get all scopes that are defaulted to new clients on this system
* @return
*/
public Set<SystemScope> getDefaults();
Set<SystemScope> getDefaults();
/**
* Get all the reserved system scopes. These can't be used
@ -60,46 +58,46 @@ public interface SystemScopeService {
*
* @return
*/
public Set<SystemScope> getReserved();
Set<SystemScope> getReserved();
/**
* Get all the registered scopes that are restricted.
* @return
*/
public Set<SystemScope> getRestricted();
Set<SystemScope> getRestricted();
/**
* Get all the registered scopes that aren't restricted.
* @return
*/
public Set<SystemScope> getUnrestricted();
Set<SystemScope> getUnrestricted();
public SystemScope getById(Long id);
SystemScope getById(Long id);
public SystemScope getByValue(String value);
SystemScope getByValue(String value);
public void remove(SystemScope scope);
void remove(SystemScope scope);
public SystemScope save(SystemScope scope);
SystemScope save(SystemScope scope);
/**
* Translate the set of scope strings into a set of SystemScope objects.
* @param scope
* @return
*/
public Set<SystemScope> fromStrings(Set<String> scope);
Set<SystemScope> fromStrings(Set<String> scope);
/**
* Pluck the scope values from the set of SystemScope objects and return a list of strings
* @param scope
* @return
*/
public Set<String> toStrings(Set<SystemScope> scope);
Set<String> toStrings(Set<SystemScope> scope);
/**
* Test whether the scopes in both sets are compatible. All scopes in "actual" must exist in "expected".
*/
public boolean scopesMatch(Set<String> expected, Set<String> actual);
boolean scopesMatch(Set<String> expected, Set<String> actual);
/**
* Remove any system-reserved or registered restricted scopes from the
@ -107,13 +105,13 @@ public interface SystemScopeService {
* @param scopes
* @return
*/
public Set<SystemScope> removeRestrictedAndReservedScopes(Set<SystemScope> scopes);
Set<SystemScope> removeRestrictedAndReservedScopes(Set<SystemScope> scopes);
/**
* Remove any system-reserved scopes from the set and return the result.
* @param scopes
* @return
*/
public Set<SystemScope> removeReservedScopes(Set<SystemScope> scopes);
Set<SystemScope> removeReservedScopes(Set<SystemScope> scopes);
}

67
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
View File

@ -17,19 +17,12 @@
*******************************************************************************/
package org.mitre.oauth2.service.impl;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.HashSet;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@ -42,55 +35,19 @@ import com.google.common.base.Strings;
* Shim layer to convert a ClientDetails service into a UserDetails service
*
* @author AANGANES
*
*/
@Service("clientUserDetailsService")
public class DefaultClientUserDetailsService implements UserDetailsService {
private static GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT");
@Autowired
private ClientDetailsEntityService clientDetailsService;
private final ConfigurationPropertiesBean config;
@Autowired
private ConfigurationPropertiesBean config;
@Override
public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException {
try {
ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientId);
if (client != null) {
String password = Strings.nullToEmpty(client.getClientSecret());
if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
(client.getTokenEndpointAuthMethod() != null &&
(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
// Issue a random password each time to prevent password auth from being used (or skipped)
// for private key or shared key clients, see #715
password = new BigInteger(512, new SecureRandom()).toString(16);
}
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Collection<GrantedAuthority> authorities = new HashSet<>(client.getAuthorities());
authorities.add(ROLE_CLIENT);
return new User(clientId, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
} else {
throw new UsernameNotFoundException("Client not found: " + clientId);
}
} catch (InvalidClientException e) {
throw new UsernameNotFoundException("Client not found: " + clientId);
}
public DefaultClientUserDetailsService(ClientDetailsEntityService clientDetailsService, ConfigurationPropertiesBean config) {
this.clientDetailsService = clientDetailsService;
this.config = config;
}
public ClientDetailsEntityService getClientDetailsService() {
@ -101,4 +58,20 @@ public class DefaultClientUserDetailsService implements UserDetailsService {
this.clientDetailsService = clientDetailsService;
}
@Override
public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException {
try {
ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientId);
if (client != null) {
String password = Strings.nullToEmpty(client.getClientSecret());
return ServiceUtils.getUserDetails(clientId, client, password, config, ROLE_CLIENT);
} else {
throw new UsernameNotFoundException("Client not found: " + clientId);
}
} catch (InvalidClientException e) {
throw new UsernameNotFoundException("Client not found: " + clientId);
}
}
}

30
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/ServiceUtils.java Normal file
View File

@ -0,0 +1,30 @@
package org.mitre.oauth2.service.impl;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.HashSet;
public class ServiceUtils {
public static UserDetails getUserDetails(String decodedClientId, ClientDetailsEntity client, String encodedPassword, ConfigurationPropertiesBean config, GrantedAuthority roleClient) {
if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
(client.getTokenEndpointAuthMethod() != null &&
(client.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.PRIVATE_KEY) ||
client.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_JWT)))) {
encodedPassword = new BigInteger(512, new SecureRandom()).toString(16);
}
Collection<GrantedAuthority> authorities = new HashSet<>(client.getAuthorities());
authorities.add(roleClient);
return new User(decodedClientId, encodedPassword, true, true, true, true, authorities);
}
}

69
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
View File

@ -16,19 +16,13 @@
package org.mitre.oauth2.service.impl;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.HashSet;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@ -44,57 +38,19 @@ import com.google.common.base.Strings;
* Should only get called if non-encoded provider fails.
*
* @author AANGANES
*
*/
@Service("uriEncodedClientUserDetailsService")
public class UriEncodedClientUserDetailsService implements UserDetailsService {
private static GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT");
@Autowired
private ClientDetailsEntityService clientDetailsService;
private final ConfigurationPropertiesBean config;
@Autowired
private ConfigurationPropertiesBean config;
@Override
public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException {
try {
String decodedClientId = UriUtils.decode(clientId, "UTF-8");
ClientDetailsEntity client = clientDetailsService.loadClientByClientId(decodedClientId);
if (client != null) {
String encodedPassword = UriUtils.encodePathSegment(Strings.nullToEmpty(client.getClientSecret()), "UTF-8");
if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
(client.getTokenEndpointAuthMethod() != null &&
(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
// Issue a random password each time to prevent password auth from being used (or skipped)
// for private key or shared key clients, see #715
encodedPassword = new BigInteger(512, new SecureRandom()).toString(16);
}
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Collection<GrantedAuthority> authorities = new HashSet<>(client.getAuthorities());
authorities.add(ROLE_CLIENT);
return new User(decodedClientId, encodedPassword, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
} else {
throw new UsernameNotFoundException("Client not found: " + clientId);
}
} catch (UnsupportedEncodingException | InvalidClientException e) {
throw new UsernameNotFoundException("Client not found: " + clientId);
}
public UriEncodedClientUserDetailsService(ClientDetailsEntityService clientDetailsService, ConfigurationPropertiesBean config) {
this.clientDetailsService = clientDetailsService;
this.config = config;
}
public ClientDetailsEntityService getClientDetailsService() {
@ -105,4 +61,21 @@ public class UriEncodedClientUserDetailsService implements UserDetailsService {
this.clientDetailsService = clientDetailsService;
}
@Override
public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException {
try {
String decodedClientId = UriUtils.decode(clientId, "UTF-8");
ClientDetailsEntity client = clientDetailsService.loadClientByClientId(decodedClientId);
if (client != null) {
String encodedPassword = UriUtils.encodePathSegment(Strings.nullToEmpty(client.getClientSecret()), "UTF-8");
return ServiceUtils.getUserDetails(decodedClientId, client, encodedPassword, config, ROLE_CLIENT);
} else {
throw new UsernameNotFoundException("Client not found: " + clientId);
}
} catch (UnsupportedEncodingException | InvalidClientException e) {
throw new UsernameNotFoundException("Client not found: " + clientId);
}
}
}