diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/exception/DeviceCodeCreationException.java b/openid-connect-common/src/main/java/org/mitre/oauth2/exception/DeviceCodeCreationException.java index 992450507..dd3bd389f 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/exception/DeviceCodeCreationException.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/exception/DeviceCodeCreationException.java @@ -18,7 +18,6 @@ package org.mitre.oauth2.exception; /** * @author jricher - * */ public class DeviceCodeCreationException extends Exception { @@ -30,21 +29,13 @@ public class DeviceCodeCreationException extends Exception { super(message); this.error = error; } - - /** - * @return the error - */ + public String getError() { return error; } - /** - * @param error the error to set - */ public void setError(String error) { this.error = error; } - - - + } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java index 28accd47e..e46e8ceb9 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java @@ -64,30 +64,18 @@ public class AuthenticationHolderEntity { public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll"; private Long id; - private SavedUserAuthentication userAuth; - private Collection authorities; - private Set resourceIds; - private boolean approved; - private String redirectUri; - private Set responseTypes; - private Map extensions; - private String clientId; - private Set scope; - private Map requestParameters; - public AuthenticationHolderEntity() { - - } + public AuthenticationHolderEntity() { } @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @@ -106,15 +94,11 @@ public class AuthenticationHolderEntity { return new OAuth2Authentication(createOAuth2Request(), getUserAuth()); } - /** - * @return - */ private OAuth2Request createOAuth2Request() { return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions); } public void setAuthentication(OAuth2Authentication authentication) { - // pull apart the request and save its bits OAuth2Request o2Request = authentication.getOAuth2Request(); setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities())); @@ -134,123 +118,72 @@ public class AuthenticationHolderEntity { } } - /** - * @return the userAuth - */ @OneToOne(cascade=CascadeType.ALL) @JoinColumn(name = "user_auth_id") public SavedUserAuthentication getUserAuth() { return userAuth; } - /** - * @param userAuth the userAuth to set - */ public void setUserAuth(SavedUserAuthentication userAuth) { this.userAuth = userAuth; } - /** - * @return the authorities - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_authority", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="authentication_holder_authority", joinColumns=@JoinColumn(name="owner_id")) @Convert(converter = SimpleGrantedAuthorityStringConverter.class) @Column(name="authority") public Collection getAuthorities() { return authorities; } - /** - * @param authorities the authorities to set - */ public void setAuthorities(Collection authorities) { this.authorities = authorities; } - /** - * @return the resourceIds - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_resource_id", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="authentication_holder_resource_id", joinColumns=@JoinColumn(name="owner_id")) @Column(name="resource_id") public Set getResourceIds() { return resourceIds; } - /** - * @param resourceIds the resourceIds to set - */ public void setResourceIds(Set resourceIds) { this.resourceIds = resourceIds; } - /** - * @return the approved - */ @Basic @Column(name="approved") public boolean isApproved() { return approved; } - /** - * @param approved the approved to set - */ public void setApproved(boolean approved) { this.approved = approved; } - /** - * @return the redirectUri - */ @Basic @Column(name="redirect_uri") public String getRedirectUri() { return redirectUri; } - /** - * @param redirectUri the redirectUri to set - */ public void setRedirectUri(String redirectUri) { this.redirectUri = redirectUri; } - /** - * @return the responseTypes - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_response_type", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="authentication_holder_response_type", joinColumns=@JoinColumn(name="owner_id")) @Column(name="response_type") public Set getResponseTypes() { return responseTypes; } - /** - * @param responseTypes the responseTypes to set - */ public void setResponseTypes(Set responseTypes) { this.responseTypes = responseTypes; } - /** - * @return the extensions - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_extension", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="authentication_holder_extension", joinColumns=@JoinColumn(name="owner_id")) @Column(name="val") @MapKeyColumn(name="extension") @Convert(converter=SerializableStringConverter.class) @@ -258,70 +191,41 @@ public class AuthenticationHolderEntity { return extensions; } - /** - * @param extensions the extensions to set - */ public void setExtensions(Map extensions) { this.extensions = extensions; } - /** - * @return the clientId - */ @Basic @Column(name="client_id") public String getClientId() { return clientId; } - /** - * @param clientId the clientId to set - */ public void setClientId(String clientId) { this.clientId = clientId; } - /** - * @return the scope - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_scope", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="authentication_holder_scope", joinColumns=@JoinColumn(name="owner_id")) @Column(name="scope") public Set getScope() { return scope; } - /** - * @param scope the scope to set - */ public void setScope(Set scope) { this.scope = scope; } - /** - * @return the requestParameters - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="authentication_holder_request_parameter", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="authentication_holder_request_parameter", joinColumns=@JoinColumn(name="owner_id")) @Column(name="val") @MapKeyColumn(name="param") public Map getRequestParameters() { return requestParameters; } - /** - * @param requestParameters the requestParameters to set - */ public void setRequestParameters(Map requestParameters) { this.requestParameters = requestParameters; } - - } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java index 385f46768..98f697af0 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java @@ -36,7 +36,6 @@ import javax.persistence.Temporal; * Entity class for authorization codes * * @author aanganes - * */ @Entity @Table(name = "authorization_code") @@ -52,35 +51,18 @@ public class AuthorizationCodeEntity { public static final String PARAM_DATE = "date"; private Long id; - private String code; - private AuthenticationHolderEntity authenticationHolder; - private Date expiration; - /** - * Default constructor. - */ - public AuthorizationCodeEntity() { + public AuthorizationCodeEntity() { } - } - - /** - * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder. - * - * @param code the authorization code - * @param authRequest the AuthoriztionRequestHolder associated with the original code request - */ public AuthorizationCodeEntity(String code, AuthenticationHolderEntity authenticationHolder, Date expiration) { this.code = code; this.authenticationHolder = authenticationHolder; this.expiration = expiration; } - /** - * @return the id - */ @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") @@ -88,42 +70,26 @@ public class AuthorizationCodeEntity { return id; } - /** - * @param id the id to set - */ public void setId(Long id) { this.id = id; } - /** - * @return the code - */ @Basic @Column(name = "code") public String getCode() { return code; } - /** - * @param code the code to set - */ public void setCode(String code) { this.code = code; } - /** - * The authentication in place when this token was created. - * @return the authentication - */ @ManyToOne @JoinColumn(name = "auth_holder_id") public AuthenticationHolderEntity getAuthenticationHolder() { return authenticationHolder; } - /** - * @param authentication the authentication to set - */ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.authenticationHolder = authenticationHolder; } @@ -138,4 +104,5 @@ public class AuthorizationCodeEntity { public void setExpiration(Date expiration) { this.expiration = expiration; } + } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index c161c0797..646d78a35 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -86,76 +86,55 @@ public class ClientDetailsEntity implements ClientDetails { private static final long serialVersionUID = -1617727085733786296L; private Long id; - - /** Fields from the OAuth2 Dynamic Registration Specification */ - private String clientId = null; // client_id - private String clientSecret = null; // client_secret - private Set redirectUris = new HashSet<>(); // redirect_uris - private String clientName; // client_name - private String clientUri; // client_uri - private String logoUri; // logo_uri - private Set contacts; // contacts - private String tosUri; // tos_uri - private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC; // token_endpoint_auth_method - private Set scope = new HashSet<>(); // scope - private Set grantTypes = new HashSet<>(); // grant_types - private Set responseTypes = new HashSet<>(); // response_types + private String clientId = null; + private String clientSecret = null; + private Set redirectUris = new HashSet<>(); + private String clientName; + private String clientUri; + private String logoUri; + private Set contacts; + private String tosUri; + private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC; + private Set scope = new HashSet<>(); + private Set grantTypes = new HashSet<>(); + private Set responseTypes = new HashSet<>(); private String policyUri; - private String jwksUri; // URI pointer to keys - private JWKSet jwks; // public key stored by value + private String jwksUri; + private JWKSet jwks; private String softwareId; private String softwareVersion; - - /** Fields from OIDC Client Registration Specification **/ - private AppType applicationType; // application_type - private String sectorIdentifierUri; // sector_identifier_uri - private SubjectType subjectType; // subject_type - - private JWSAlgorithm requestObjectSigningAlg = null; // request_object_signing_alg - - private JWSAlgorithm userInfoSignedResponseAlg = null; // user_info_signed_response_alg - private JWEAlgorithm userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg - private EncryptionMethod userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc - - private JWSAlgorithm idTokenSignedResponseAlg = null; // id_token_signed_response_alg - private JWEAlgorithm idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg - private EncryptionMethod idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc - - private JWSAlgorithm tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg - - private Integer defaultMaxAge; // default_max_age - private Boolean requireAuthTime; // require_auth_time - private Set defaultACRvalues; // default_acr_values - - private String initiateLoginUri; // initiate_login_uri - private Set postLogoutRedirectUris; // post_logout_redirect_uris - - private Set requestUris; // request_uris - - /** Fields to support the ClientDetails interface **/ + private AppType applicationType; + private String sectorIdentifierUri; + private SubjectType subjectType; + private JWSAlgorithm requestObjectSigningAlg = null; + private JWSAlgorithm userInfoSignedResponseAlg = null; + private JWEAlgorithm userInfoEncryptedResponseAlg = null; + private EncryptionMethod userInfoEncryptedResponseEnc = null; + private JWSAlgorithm idTokenSignedResponseAlg = null; + private JWEAlgorithm idTokenEncryptedResponseAlg = null; + private EncryptionMethod idTokenEncryptedResponseEnc = null; + private JWSAlgorithm tokenEndpointAuthSigningAlg = null; + private Integer defaultMaxAge; + private Boolean requireAuthTime; + private Set defaultACRvalues; + private String initiateLoginUri; + private Set postLogoutRedirectUris; + private Set requestUris; private Set authorities = new HashSet<>(); - private Integer accessTokenValiditySeconds = 0; // in seconds - private Integer refreshTokenValiditySeconds = 0; // in seconds + private Integer accessTokenValiditySeconds = 0; + private Integer refreshTokenValiditySeconds = 0; private Set resourceIds = new HashSet<>(); private Map additionalInformation = new HashMap<>(); - - /** Our own fields **/ - private String clientDescription = ""; // human-readable description - private boolean reuseRefreshToken = true; // do we let someone reuse a refresh token? - private boolean dynamicallyRegistered = false; // was this client dynamically registered? - private boolean allowIntrospection = false; // do we let this client call the introspection endpoint? - private Integer idTokenValiditySeconds; //timeout for id tokens - private Date createdAt; // time the client was created - private boolean clearAccessTokensOnRefresh = true; // do we clear access tokens on refresh? - private Integer deviceCodeValiditySeconds; // timeout for device codes - - /** fields for UMA */ + private String clientDescription = ""; + private boolean reuseRefreshToken = true; + private boolean dynamicallyRegistered = false; + private boolean allowIntrospection = false; + private Integer idTokenValiditySeconds; + private Date createdAt; + private boolean clearAccessTokensOnRefresh = true; + private Integer deviceCodeValiditySeconds; private Set claimsRedirectUris; - - /** Software statement **/ private JWT softwareStatement; - - /** PKCE **/ private PKCEAlgorithm codeChallengeMethod; public enum AuthMethod { @@ -240,9 +219,6 @@ public class ClientDetailsEntity implements ClientDetails { } } - /** - * Create a blank ClientDetailsEntity - */ public ClientDetailsEntity() { } @@ -250,15 +226,11 @@ public class ClientDetailsEntity implements ClientDetails { @PrePersist @PreUpdate private void prePersist() { - // make sure that ID tokens always time out, default to 5 minutes if (getIdTokenValiditySeconds() == null) { setIdTokenValiditySeconds(DEFAULT_ID_TOKEN_VALIDITY_SECONDS); } } - /** - * @return the id - */ @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") @@ -266,33 +238,20 @@ public class ClientDetailsEntity implements ClientDetails { return id; } - /** - * - * @param id the id to set - */ public void setId(Long id) { this.id = id; } - /** - * @return the clientDescription - */ @Basic @Column(name="client_description") public String getClientDescription() { return clientDescription; } - /** - * @param clientDescription Human-readable long description of the client (optional) - */ public void setClientDescription(String clientDescription) { this.clientDescription = clientDescription; } - /** - * @return the allowRefresh - */ @Transient public boolean isAllowRefresh() { if (grantTypes != null) { @@ -312,89 +271,51 @@ public class ClientDetailsEntity implements ClientDetails { this.reuseRefreshToken = reuseRefreshToken; } - /** - * Number of seconds ID token is valid for. MUST be a positive integer, can not be null. - * - * @return the idTokenValiditySeconds - */ @Basic @Column(name="id_token_validity_seconds") public Integer getIdTokenValiditySeconds() { return idTokenValiditySeconds; } - /** - * @param idTokenValiditySeconds the idTokenValiditySeconds to set - */ public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) { this.idTokenValiditySeconds = idTokenValiditySeconds; } - /** - * @return the dynamicallyRegistered - */ @Basic @Column(name="dynamically_registered") public boolean isDynamicallyRegistered() { return dynamicallyRegistered; } - /** - * @param dynamicallyRegistered the dynamicallyRegistered to set - */ public void setDynamicallyRegistered(boolean dynamicallyRegistered) { this.dynamicallyRegistered = dynamicallyRegistered; } - - - - - /** - * @return the allowIntrospection - */ @Basic @Column(name="allow_introspection") public boolean isAllowIntrospection() { return allowIntrospection; } - /** - * @param allowIntrospection the allowIntrospection to set - */ public void setAllowIntrospection(boolean allowIntrospection) { this.allowIntrospection = allowIntrospection; } - /** - * - */ @Override @Transient public boolean isSecretRequired() { - if (getTokenEndpointAuthMethod() != null && - (getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) || - getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) || - getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT))) { - return true; - } else { - return false; - } - + return getTokenEndpointAuthMethod() != null && + (getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) || + getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) || + getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)); } - /** - * If the scope list is not null or empty, then this client has been scoped. - */ @Override @Transient public boolean isScoped() { return getScope() != null && !getScope().isEmpty(); } - /** - * @return the clientId - */ @Basic @Override @Column(name="client_id") @@ -402,16 +323,10 @@ public class ClientDetailsEntity implements ClientDetails { return clientId; } - /** - * @param clientId The OAuth2 client_id, must be unique to this client - */ public void setClientId(String clientId) { this.clientId = clientId; } - /** - * @return the clientSecret - */ @Basic @Override @Column(name="client_secret") @@ -419,71 +334,41 @@ public class ClientDetailsEntity implements ClientDetails { return clientSecret; } - /** - * @param clientSecret the OAuth2 client_secret (optional) - */ public void setClientSecret(String clientSecret) { this.clientSecret = clientSecret; } - /** - * @return the scope - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_scope", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_scope", joinColumns=@JoinColumn(name="owner_id")) @Override @Column(name="scope") public Set getScope() { return scope; } - /** - * @param scope the set of scopes allowed to be issued to this client - */ public void setScope(Set scope) { this.scope = scope; } - /** - * @return the authorizedGrantTypes - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_grant_type", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_grant_type", joinColumns=@JoinColumn(name="owner_id")) @Column(name="grant_type") public Set getGrantTypes() { return grantTypes; } - /** - * @param authorizedGrantTypes the OAuth2 grant types that this client is allowed to use - */ public void setGrantTypes(Set grantTypes) { this.grantTypes = grantTypes; } - /** - * passthrough for SECOAUTH api - */ @Override @Transient public Set getAuthorizedGrantTypes() { return getGrantTypes(); } - /** - * @return the authorities - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_authority", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_authority", joinColumns=@JoinColumn(name="owner_id")) @Override @Convert(converter = SimpleGrantedAuthorityStringConverter.class) @Column(name="authority") @@ -491,9 +376,6 @@ public class ClientDetailsEntity implements ClientDetails { return authorities; } - /** - * @param authorities the Spring Security authorities this client is given - */ public void setAuthorities(Set authorities) { this.authorities = authorities; } @@ -505,9 +387,6 @@ public class ClientDetailsEntity implements ClientDetails { return accessTokenValiditySeconds; } - /** - * @param accessTokenTimeout the accessTokenTimeout to set - */ public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) { this.accessTokenValiditySeconds = accessTokenValiditySeconds; } @@ -519,81 +398,45 @@ public class ClientDetailsEntity implements ClientDetails { return refreshTokenValiditySeconds; } - /** - * @param refreshTokenTimeout Lifetime of refresh tokens, in seconds (optional - leave null for no timeout) - */ public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) { this.refreshTokenValiditySeconds = refreshTokenValiditySeconds; } - /** - * @return the registeredRedirectUri - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_redirect_uri", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_redirect_uri", joinColumns=@JoinColumn(name="owner_id")) @Column(name="redirect_uri") public Set getRedirectUris() { return redirectUris; } - /** - * @param registeredRedirectUri the registeredRedirectUri to set - */ public void setRedirectUris(Set redirectUris) { this.redirectUris = redirectUris; } - /** - * Pass-through method to fulfill the ClientDetails interface with a bad name - */ @Override @Transient public Set getRegisteredRedirectUri() { return getRedirectUris(); } - /** - * @return the resourceIds - */ @Override @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_resource", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_resource", joinColumns=@JoinColumn(name="owner_id")) @Column(name="resource_id") public Set getResourceIds() { return resourceIds; } - /** - * @param resourceIds the resourceIds to set - */ public void setResourceIds(Set resourceIds) { this.resourceIds = resourceIds; } - - /** - * This library does not make use of this field, so it is not - * stored using our persistence layer. - * - * However, it's somehow required by SECOUATH. - * - * @return an empty map - */ @Override @Transient public Map getAdditionalInformation() { return this.additionalInformation; } - - - @Enumerated(EnumType.STRING) @Column(name="application_type") public AppType getApplicationType() { @@ -635,10 +478,7 @@ public class ClientDetailsEntity implements ClientDetails { } @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_contact", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_contact", joinColumns=@JoinColumn(name="owner_id")) @Column(name="contact") public Set getContacts() { return contacts; @@ -668,34 +508,22 @@ public class ClientDetailsEntity implements ClientDetails { this.policyUri = policyUri; } - /** - * @return the clientUrl - */ @Basic @Column(name="client_uri") public String getClientUri() { return clientUri; } - /** - * @param clientUrl the clientUrl to set - */ public void setClientUri(String clientUri) { this.clientUri = clientUri; } - /** - * @return the tosUrl - */ @Basic @Column(name="tos_uri") public String getTosUri() { return tosUri; } - /** - * @param tosUrl the tosUrl to set - */ public void setTosUri(String tosUri) { this.tosUri = tosUri; } @@ -710,9 +538,6 @@ public class ClientDetailsEntity implements ClientDetails { this.jwksUri = jwksUri; } - /** - * @return the jwks - */ @Basic @Column(name="jwks") @Convert(converter = JWKSetStringConverter.class) @@ -720,9 +545,6 @@ public class ClientDetailsEntity implements ClientDetails { return jwks; } - /** - * @param jwks the jwks to set - */ public void setJwks(JWKSet jwks) { this.jwks = jwks; } @@ -845,165 +667,96 @@ public class ClientDetailsEntity implements ClientDetails { this.requireAuthTime = requireAuthTime; } - /** - * @return the responseTypes - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_response_type", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_response_type", joinColumns=@JoinColumn(name="owner_id")) @Column(name="response_type") public Set getResponseTypes() { return responseTypes; } - /** - * @param responseTypes the responseTypes to set - */ public void setResponseTypes(Set responseTypes) { this.responseTypes = responseTypes; } - /** - * @return the defaultACRvalues - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_default_acr_value", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_default_acr_value", joinColumns=@JoinColumn(name="owner_id")) @Column(name="default_acr_value") public Set getDefaultACRvalues() { return defaultACRvalues; } - /** - * @param defaultACRvalues the defaultACRvalues to set - */ public void setDefaultACRvalues(Set defaultACRvalues) { this.defaultACRvalues = defaultACRvalues; } - /** - * @return the initiateLoginUri - */ @Basic @Column(name="initiate_login_uri") public String getInitiateLoginUri() { return initiateLoginUri; } - /** - * @param initiateLoginUri the initiateLoginUri to set - */ public void setInitiateLoginUri(String initiateLoginUri) { this.initiateLoginUri = initiateLoginUri; } - /** - * @return the postLogoutRedirectUri - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_post_logout_redirect_uri", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_post_logout_redirect_uri", joinColumns=@JoinColumn(name="owner_id")) @Column(name="post_logout_redirect_uri") public Set getPostLogoutRedirectUris() { return postLogoutRedirectUris; } - /** - * @param postLogoutRedirectUri the postLogoutRedirectUri to set - */ public void setPostLogoutRedirectUris(Set postLogoutRedirectUri) { this.postLogoutRedirectUris = postLogoutRedirectUri; } - /** - * @return the requestUris - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_request_uri", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_request_uri", joinColumns=@JoinColumn(name="owner_id")) @Column(name="request_uri") public Set getRequestUris() { return requestUris; } - /** - * @param requestUris the requestUris to set - */ public void setRequestUris(Set requestUris) { this.requestUris = requestUris; } - /** - * @return the createdAt - */ @Temporal(TemporalType.TIMESTAMP) @Column(name="created_at") public Date getCreatedAt() { return createdAt; } - /** - * @param createdAt the createdAt to set - */ public void setCreatedAt(Date createdAt) { this.createdAt = createdAt; } - /** - * Our framework doesn't use this construct, we use WhitelistedSites and ApprovedSites instead. - */ @Override public boolean isAutoApprove(String scope) { return false; } - /** - * @return the clearAccessTokensOnRefresh - */ @Basic @Column(name = "clear_access_tokens_on_refresh") public boolean isClearAccessTokensOnRefresh() { return clearAccessTokensOnRefresh; } - /** - * @param clearAccessTokensOnRefresh the clearAccessTokensOnRefresh to set - */ public void setClearAccessTokensOnRefresh(boolean clearAccessTokensOnRefresh) { this.clearAccessTokensOnRefresh = clearAccessTokensOnRefresh; } - /** - * @return the claimsRedirectUris - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="client_claims_redirect_uri", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="client_claims_redirect_uri", joinColumns=@JoinColumn(name="owner_id")) @Column(name="redirect_uri") public Set getClaimsRedirectUris() { return claimsRedirectUris; } - /** - * @param claimsRedirectUris the claimsRedirectUris to set - */ public void setClaimsRedirectUris(Set claimsRedirectUris) { this.claimsRedirectUris = claimsRedirectUris; } - /** - * @return the softwareStatement - */ @Basic @Column(name = "software_statement") @Convert(converter = JWTStringConverter.class) @@ -1011,16 +764,10 @@ public class ClientDetailsEntity implements ClientDetails { return softwareStatement; } - /** - * @param softwareStatement the softwareStatement to set - */ public void setSoftwareStatement(JWT softwareStatement) { this.softwareStatement = softwareStatement; } - /** - * @return the codeChallengeMethod - */ @Basic @Column(name = "code_challenge_method") @Convert(converter = PKCEAlgorithmStringConverter.class) @@ -1028,57 +775,36 @@ public class ClientDetailsEntity implements ClientDetails { return codeChallengeMethod; } - /** - * @param codeChallengeMethod the codeChallengeMethod to set - */ public void setCodeChallengeMethod(PKCEAlgorithm codeChallengeMethod) { this.codeChallengeMethod = codeChallengeMethod; } - /** - * @return the deviceCodeValiditySeconds - */ @Basic @Column(name="device_code_validity_seconds") public Integer getDeviceCodeValiditySeconds() { return deviceCodeValiditySeconds; } - /** - * @param deviceCodeValiditySeconds the deviceCodeValiditySeconds to set - */ public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) { this.deviceCodeValiditySeconds = deviceCodeValiditySeconds; } - /** - * @return the softwareId - */ @Basic @Column(name="software_id") public String getSoftwareId() { return softwareId; } - /** - * @param softwareId the softwareId to set - */ public void setSoftwareId(String softwareId) { this.softwareId = softwareId; } - /** - * @return the softwareVersion - */ @Basic @Column(name="software_version") public String getSoftwareVersion() { return softwareVersion; } - /** - * @param softwareVersion the softwareVersion to set - */ public void setSoftwareVersion(String softwareVersion) { this.softwareVersion = softwareVersion; } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java index c15a95fe1..b34a33ed2 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java @@ -39,7 +39,6 @@ import javax.persistence.Temporal; /** * @author jricher - * */ @Entity @Table(name = "device_code") @@ -68,9 +67,7 @@ public class DeviceCode { private boolean approved; private AuthenticationHolderEntity authenticationHolder; - public DeviceCode() { - - } + public DeviceCode() { } public DeviceCode(String deviceCode, String userCode, Set scope, String clientId, Map params) { this.deviceCode = deviceCode; @@ -80,9 +77,6 @@ public class DeviceCode { this.requestParameters = params; } - /** - * @return the id - */ @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") @@ -90,61 +84,37 @@ public class DeviceCode { return id; } - /** - * @param id the id to set - */ public void setId(Long id) { this.id = id; } - /** - * @return the deviceCode - */ @Basic @Column(name = "device_code") public String getDeviceCode() { return deviceCode; } - /** - * @param deviceCode the deviceCode to set - */ public void setDeviceCode(String deviceCode) { this.deviceCode = deviceCode; } - /** - * @return the userCode - */ @Basic @Column(name = "user_code") public String getUserCode() { return userCode; } - /** - * @param userCode the userCode to set - */ public void setUserCode(String userCode) { this.userCode = userCode; } - /** - * @return the scope - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="device_code_scope", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="device_code_scope", joinColumns=@JoinColumn(name="owner_id")) @Column(name="scope") public Set getScope() { return scope; } - /** - * @param scope the scope to set - */ public void setScope(Set scope) { this.scope = scope; } @@ -160,75 +130,46 @@ public class DeviceCode { this.expiration = expiration; } - /** - * @return the clientId - */ @Basic @Column(name = "client_id") public String getClientId() { return clientId; } - /** - * @param clientId the clientId to set - */ public void setClientId(String clientId) { this.clientId = clientId; } - /** - * @return the params - */ @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="device_code_request_parameter", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="device_code_request_parameter", joinColumns=@JoinColumn(name="owner_id")) @Column(name="val") @MapKeyColumn(name="param") public Map getRequestParameters() { return requestParameters; } - /** - * @param params the params to set - */ public void setRequestParameters(Map params) { this.requestParameters = params; } - /** - * @return the approved - */ @Basic @Column(name = "approved") public boolean isApproved() { return approved; } - /** - * @param approved the approved to set - */ public void setApproved(boolean approved) { this.approved = approved; } - /** - * The authentication in place when this token was created. - * @return the authentication - */ @ManyToOne @JoinColumn(name = "auth_holder_id") public AuthenticationHolderEntity getAuthenticationHolder() { return authenticationHolder; } - /** - * @param authentication the authentication to set - */ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.authenticationHolder = authenticationHolder; } - } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index d1bda807b..8d5847c56 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -100,37 +100,19 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { public static final String ID_TOKEN_FIELD_NAME = "id_token"; private Long id; - private ClientDetailsEntity client; - - private AuthenticationHolderEntity authenticationHolder; // the authentication that made this access - - private JWT jwtValue; // JWT-encoded access token value - + private AuthenticationHolderEntity authenticationHolder; + private JWT jwtValue; private Date expiration; - private String tokenType = OAuth2AccessToken.BEARER_TYPE; - private OAuth2RefreshTokenEntity refreshToken; - private Set scope; - private Set permissions; - private ApprovedSite approvedSite; + private Map additionalInformation = new HashMap<>(); - private Map additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response + public OAuth2AccessTokenEntity() { } - /** - * Create a new, blank access token - */ - public OAuth2AccessTokenEntity() { - - } - - /** - * @return the id - */ @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") @@ -138,59 +120,36 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { return id; } - /** - * @param id the id to set - */ public void setId(Long id) { this.id = id; } - /** - * Get all additional information to be sent to the serializer as part of the token response. - * This map is not persisted to the database. - */ @Override @Transient public Map getAdditionalInformation() { return additionalInformation; } - /** - * The authentication in place when this token was created. - * @return the authentication - */ @ManyToOne @JoinColumn(name = "auth_holder_id") public AuthenticationHolderEntity getAuthenticationHolder() { return authenticationHolder; } - /** - * @param authentication the authentication to set - */ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.authenticationHolder = authenticationHolder; } - /** - * @return the client - */ @ManyToOne @JoinColumn(name = "client_id") public ClientDetailsEntity getClient() { return client; } - /** - * @param client the client to set - */ public void setClient(ClientDetailsEntity client) { this.client = client; } - /** - * Get the string-encoded value of this access token. - */ @Override @Transient public String getValue() { @@ -235,16 +194,12 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { if (!(refreshToken instanceof OAuth2RefreshTokenEntity)) { throw new IllegalArgumentException("Not a storable refresh token entity!"); } - // force a pass through to the entity version setRefreshToken((OAuth2RefreshTokenEntity)refreshToken); } @Override @ElementCollection(fetch=FetchType.EAGER) - @CollectionTable( - joinColumns=@JoinColumn(name="owner_id"), - name="token_scope" - ) + @CollectionTable(joinColumns=@JoinColumn(name="owner_id"), name="token_scope") public Set getScope() { return scope; } @@ -256,12 +211,9 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { @Override @Transient public boolean isExpired() { - return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime(); + return getExpiration() != null && System.currentTimeMillis() > getExpiration().getTime(); } - /** - * @return the jwtValue - */ @Basic @Column(name="token_value") @Convert(converter = JWTStringConverter.class) @@ -269,9 +221,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { return jwtValue; } - /** - * @param jwtValue the jwtValue to set - */ public void setJwt(JWT jwt) { this.jwtValue = jwt; } @@ -279,35 +228,24 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { @Override @Transient public int getExpiresIn() { - if (getExpiration() == null) { return -1; // no expiration time } else { - int secondsRemaining = (int) ((getExpiration().getTime() - System.currentTimeMillis()) / 1000); if (isExpired()) { return 0; // has an expiration time and expired } else { // has an expiration time and not expired - return secondsRemaining; + return (int) ((getExpiration().getTime() - System.currentTimeMillis()) / 1000); } } } - /** - * @return the permissions - */ @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL) - @JoinTable( - name = "access_token_permissions", - joinColumns = @JoinColumn(name = "access_token_id"), - inverseJoinColumns = @JoinColumn(name = "permission_id") - ) + @JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"), + inverseJoinColumns = @JoinColumn(name = "permission_id")) public Set getPermissions() { return permissions; } - /** - * @param permissions the permissions to set - */ public void setPermissions(Set permissions) { this.permissions = permissions; } @@ -322,14 +260,11 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { this.approvedSite = approvedSite; } - /** - * Add the ID Token to the additionalInformation map for a token response. - * @param idToken - */ @Transient public void setIdToken(JWT idToken) { if (idToken != null) { additionalInformation.put(ID_TOKEN_FIELD_NAME, idToken.serialize()); } } + } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java index f6c2d2153..a1bd2288c 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java @@ -45,7 +45,6 @@ import com.nimbusds.jwt.JWT; /** * @author jricher - * */ @Entity @Table(name = "refresh_token") @@ -70,27 +69,13 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { public static final String PARAM_NAME = "name"; private Long id; - private AuthenticationHolderEntity authenticationHolder; - private ClientDetailsEntity client; - - //JWT-encoded representation of this access token entity private JWT jwt; - - // our refresh tokens might expire private Date expiration; - /** - * - */ - public OAuth2RefreshTokenEntity() { + public OAuth2RefreshTokenEntity() { } - } - - /** - * @return the id - */ @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") @@ -98,35 +83,20 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { return id; } - /** - * @param id the id to set - */ public void setId(Long id) { this.id = id; } - /** - * The authentication in place when the original access token was - * created - * - * @return the authentication - */ @ManyToOne @JoinColumn(name = "auth_holder_id") public AuthenticationHolderEntity getAuthenticationHolder() { return authenticationHolder; } - /** - * @param authentication the authentication to set - */ public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) { this.authenticationHolder = authenticationHolder; } - /** - * Get the JWT-encoded value of this token - */ @Override @Transient public String getValue() { @@ -140,43 +110,25 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { return expiration; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken#setExpiration(java.util.Date) - */ - public void setExpiration(Date expiration) { this.expiration = expiration; } - /** - * Has this token expired? - * @return true if it has a timeout set and the timeout has passed - */ @Transient public boolean isExpired() { - return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime(); + return getExpiration() != null && System.currentTimeMillis() > getExpiration().getTime(); } - /** - * @return the client - */ @ManyToOne(fetch = FetchType.EAGER) @JoinColumn(name = "client_id") public ClientDetailsEntity getClient() { return client; } - /** - * @param client the client to set - */ public void setClient(ClientDetailsEntity client) { this.client = client; } - /** - * Get the JWT object directly - * @return the jwt - */ @Basic @Column(name="token_value") @Convert(converter = JWTStringConverter.class) @@ -184,9 +136,6 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { return jwt; } - /** - * @param jwt the jwt to set - */ public void setJwt(JWT jwt) { this.jwt = jwt; } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java index 5b5d5a547..ab86effcc 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java @@ -21,17 +21,12 @@ import com.nimbusds.jose.Requirement; /** * @author jricher - * */ public final class PKCEAlgorithm extends Algorithm { - /** - * - */ private static final long serialVersionUID = 7752852583210088925L; public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED); - public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL); public PKCEAlgorithm(String name, Requirement req) { @@ -52,6 +47,4 @@ public final class PKCEAlgorithm extends Algorithm { } } - - } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java index 6e4003937..a746a6b02 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java @@ -38,11 +38,9 @@ import com.nimbusds.jwt.JWT; /** * @author jricher - * */ public class RegisteredClient { - // these fields are needed in addition to the ones in ClientDetailsEntity private String registrationAccessToken; private String registrationClientUri; private Date clientSecretExpiresAt; @@ -50,851 +48,474 @@ public class RegisteredClient { private ClientDetailsEntity client; private JsonObject src; - /** - * - */ public RegisteredClient() { this.client = new ClientDetailsEntity(); } - /** - * @param client - */ public RegisteredClient(ClientDetailsEntity client) { this.client = client; } - /** - * @param client - * @param registrationAccessToken - * @param registrationClientUri - */ public RegisteredClient(ClientDetailsEntity client, String registrationAccessToken, String registrationClientUri) { this.client = client; this.registrationAccessToken = registrationAccessToken; this.registrationClientUri = registrationClientUri; } - /** - * @return the client - */ public ClientDetailsEntity getClient() { return client; } - /** - * @param client the client to set - */ + public void setClient(ClientDetailsEntity client) { this.client = client; } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientDescription() - */ + public String getClientDescription() { return client.getClientDescription(); } - /** - * @param clientDescription - * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientDescription(java.lang.String) - */ + public void setClientDescription(String clientDescription) { client.setClientDescription(clientDescription); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowRefresh() - */ + public boolean isAllowRefresh() { return client.isAllowRefresh(); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#isReuseRefreshToken() - */ + public boolean isReuseRefreshToken() { return client.isReuseRefreshToken(); } - /** - * @param reuseRefreshToken - * @see org.mitre.oauth2.model.ClientDetailsEntity#setReuseRefreshToken(boolean) - */ + public void setReuseRefreshToken(boolean reuseRefreshToken) { client.setReuseRefreshToken(reuseRefreshToken); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenValiditySeconds() - */ + public Integer getIdTokenValiditySeconds() { return client.getIdTokenValiditySeconds(); } - /** - * @param idTokenValiditySeconds - * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenValiditySeconds(java.lang.Integer) - */ + public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) { client.setIdTokenValiditySeconds(idTokenValiditySeconds); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#isDynamicallyRegistered() - */ + public boolean isDynamicallyRegistered() { return client.isDynamicallyRegistered(); } - /** - * @param dynamicallyRegistered - * @see org.mitre.oauth2.model.ClientDetailsEntity#setDynamicallyRegistered(boolean) - */ + public void setDynamicallyRegistered(boolean dynamicallyRegistered) { client.setDynamicallyRegistered(dynamicallyRegistered); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowIntrospection() - */ + public boolean isAllowIntrospection() { return client.isAllowIntrospection(); } - /** - * @param allowIntrospection - * @see org.mitre.oauth2.model.ClientDetailsEntity#setAllowIntrospection(boolean) - */ + public void setAllowIntrospection(boolean allowIntrospection) { client.setAllowIntrospection(allowIntrospection); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#isSecretRequired() - */ + public boolean isSecretRequired() { return client.isSecretRequired(); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#isScoped() - */ + public boolean isScoped() { return client.isScoped(); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientId() - */ + public String getClientId() { return client.getClientId(); } - /** - * @param clientId - * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientId(java.lang.String) - */ + public void setClientId(String clientId) { client.setClientId(clientId); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientSecret() - */ + public String getClientSecret() { return client.getClientSecret(); } - /** - * @param clientSecret - * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientSecret(java.lang.String) - */ + public void setClientSecret(String clientSecret) { client.setClientSecret(clientSecret); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getScope() - */ + public Set getScope() { return client.getScope(); } - /** - * @param scope - * @see org.mitre.oauth2.model.ClientDetailsEntity#setScope(java.util.Set) - */ + public void setScope(Set scope) { client.setScope(scope); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getGrantTypes() - */ + public Set getGrantTypes() { return client.getGrantTypes(); } - /** - * @param grantTypes - * @see org.mitre.oauth2.model.ClientDetailsEntity#setGrantTypes(java.util.Set) - */ + public void setGrantTypes(Set grantTypes) { client.setGrantTypes(grantTypes); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorizedGrantTypes() - */ + public Set getAuthorizedGrantTypes() { return client.getAuthorizedGrantTypes(); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorities() - */ + public Set getAuthorities() { return client.getAuthorities(); } - /** - * @param authorities - * @see org.mitre.oauth2.model.ClientDetailsEntity#setAuthorities(java.util.Set) - */ + public void setAuthorities(Set authorities) { client.setAuthorities(authorities); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getAccessTokenValiditySeconds() - */ + public Integer getAccessTokenValiditySeconds() { return client.getAccessTokenValiditySeconds(); } - /** - * @param accessTokenValiditySeconds - * @see org.mitre.oauth2.model.ClientDetailsEntity#setAccessTokenValiditySeconds(java.lang.Integer) - */ + public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) { client.setAccessTokenValiditySeconds(accessTokenValiditySeconds); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getRefreshTokenValiditySeconds() - */ + public Integer getRefreshTokenValiditySeconds() { return client.getRefreshTokenValiditySeconds(); } - /** - * @param refreshTokenValiditySeconds - * @see org.mitre.oauth2.model.ClientDetailsEntity#setRefreshTokenValiditySeconds(java.lang.Integer) - */ + public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) { client.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getRedirectUris() - */ + public Set getRedirectUris() { return client.getRedirectUris(); } - /** - * @param redirectUris - * @see org.mitre.oauth2.model.ClientDetailsEntity#setRedirectUris(java.util.Set) - */ + public void setRedirectUris(Set redirectUris) { client.setRedirectUris(redirectUris); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getRegisteredRedirectUri() - */ + public Set getRegisteredRedirectUri() { return client.getRegisteredRedirectUri(); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getResourceIds() - */ + public Set getResourceIds() { return client.getResourceIds(); } - /** - * @param resourceIds - * @see org.mitre.oauth2.model.ClientDetailsEntity#setResourceIds(java.util.Set) - */ + public void setResourceIds(Set resourceIds) { client.setResourceIds(resourceIds); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getAdditionalInformation() - */ + public Map getAdditionalInformation() { return client.getAdditionalInformation(); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getApplicationType() - */ + public AppType getApplicationType() { return client.getApplicationType(); } - /** - * @param applicationType - * @see org.mitre.oauth2.model.ClientDetailsEntity#setApplicationType(org.mitre.oauth2.model.ClientDetailsEntity.AppType) - */ + public void setApplicationType(AppType applicationType) { client.setApplicationType(applicationType); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientName() - */ + public String getClientName() { return client.getClientName(); } - /** - * @param clientName - * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientName(java.lang.String) - */ + public void setClientName(String clientName) { client.setClientName(clientName); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthMethod() - */ + public AuthMethod getTokenEndpointAuthMethod() { return client.getTokenEndpointAuthMethod(); } - /** - * @param tokenEndpointAuthMethod - * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthMethod(org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod) - */ + public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) { client.setTokenEndpointAuthMethod(tokenEndpointAuthMethod); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getSubjectType() - */ + public SubjectType getSubjectType() { return client.getSubjectType(); } - /** - * @param subjectType - * @see org.mitre.oauth2.model.ClientDetailsEntity#setSubjectType(org.mitre.oauth2.model.ClientDetailsEntity.SubjectType) - */ + public void setSubjectType(SubjectType subjectType) { client.setSubjectType(subjectType); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getContacts() - */ + public Set getContacts() { return client.getContacts(); } - /** - * @param contacts - * @see org.mitre.oauth2.model.ClientDetailsEntity#setContacts(java.util.Set) - */ + public void setContacts(Set contacts) { client.setContacts(contacts); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getLogoUri() - */ + public String getLogoUri() { return client.getLogoUri(); } - /** - * @param logoUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setLogoUri(java.lang.String) - */ + public void setLogoUri(String logoUri) { client.setLogoUri(logoUri); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getPolicyUri() - */ + public String getPolicyUri() { return client.getPolicyUri(); } - /** - * @param policyUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setPolicyUri(java.lang.String) - */ + public void setPolicyUri(String policyUri) { client.setPolicyUri(policyUri); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientUri() - */ + public String getClientUri() { return client.getClientUri(); } - /** - * @param clientUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientUri(java.lang.String) - */ + public void setClientUri(String clientUri) { client.setClientUri(clientUri); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getTosUri() - */ + public String getTosUri() { return client.getTosUri(); } - /** - * @param tosUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setTosUri(java.lang.String) - */ + public void setTosUri(String tosUri) { client.setTosUri(tosUri); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getJwksUri() - */ + public String getJwksUri() { return client.getJwksUri(); } - /** - * @param jwksUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setJwksUri(java.lang.String) - */ + public void setJwksUri(String jwksUri) { client.setJwksUri(jwksUri); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getJwks() - */ + public JWKSet getJwks() { return client.getJwks(); } - /** - * @param jwks - * @see org.mitre.oauth2.model.ClientDetailsEntity#setJwks(com.nimbusds.jose.jwk.JWKSet) - */ public void setJwks(JWKSet jwks) { client.setJwks(jwks); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getSectorIdentifierUri() - */ public String getSectorIdentifierUri() { return client.getSectorIdentifierUri(); } - /** - * @param sectorIdentifierUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setSectorIdentifierUri(java.lang.String) - */ + public void setSectorIdentifierUri(String sectorIdentifierUri) { client.setSectorIdentifierUri(sectorIdentifierUri); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultMaxAge() - */ + public Integer getDefaultMaxAge() { return client.getDefaultMaxAge(); } - /** - * @param defaultMaxAge - * @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultMaxAge(java.lang.Integer) - */ + public void setDefaultMaxAge(Integer defaultMaxAge) { client.setDefaultMaxAge(defaultMaxAge); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequireAuthTime() - */ + public Boolean getRequireAuthTime() { return client.getRequireAuthTime(); } - /** - * @param requireAuthTime - * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequireAuthTime(java.lang.Boolean) - */ + public void setRequireAuthTime(Boolean requireAuthTime) { client.setRequireAuthTime(requireAuthTime); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getResponseTypes() - */ + public Set getResponseTypes() { return client.getResponseTypes(); } - /** - * @param responseTypes - * @see org.mitre.oauth2.model.ClientDetailsEntity#setResponseTypes(java.util.Set) - */ + public void setResponseTypes(Set responseTypes) { client.setResponseTypes(responseTypes); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultACRvalues() - */ + public Set getDefaultACRvalues() { return client.getDefaultACRvalues(); } - /** - * @param defaultACRvalues - * @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultACRvalues(java.util.Set) - */ + public void setDefaultACRvalues(Set defaultACRvalues) { client.setDefaultACRvalues(defaultACRvalues); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getInitiateLoginUri() - */ + public String getInitiateLoginUri() { return client.getInitiateLoginUri(); } - /** - * @param initiateLoginUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setInitiateLoginUri(java.lang.String) - */ + public void setInitiateLoginUri(String initiateLoginUri) { client.setInitiateLoginUri(initiateLoginUri); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUris() - */ + public Set getPostLogoutRedirectUris() { return client.getPostLogoutRedirectUris(); } - /** - * @param postLogoutRedirectUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUris(java.lang.String) - */ + public void setPostLogoutRedirectUris(Set postLogoutRedirectUri) { client.setPostLogoutRedirectUris(postLogoutRedirectUri); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestUris() - */ + public Set getRequestUris() { return client.getRequestUris(); } - /** - * @param requestUris - * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestUris(java.util.Set) - */ + public void setRequestUris(Set requestUris) { client.setRequestUris(requestUris); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg() - */ public JWSAlgorithm getRequestObjectSigningAlg() { return client.getRequestObjectSigningAlg(); } - /** - * @param requestObjectSigningAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlg(com.nimbusds.jose.JWSAlgorithm) - */ public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) { client.setRequestObjectSigningAlg(requestObjectSigningAlg); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlg() - */ public JWSAlgorithm getUserInfoSignedResponseAlg() { return client.getUserInfoSignedResponseAlg(); } - /** - * @param userInfoSignedResponseAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm) - */ public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) { client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlg() - */ public JWEAlgorithm getUserInfoEncryptedResponseAlg() { return client.getUserInfoEncryptedResponseAlg(); } - /** - * @param userInfoEncryptedResponseAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm) - */ public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) { client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEnc() - */ public EncryptionMethod getUserInfoEncryptedResponseEnc() { return client.getUserInfoEncryptedResponseEnc(); } - /** - * @param userInfoEncryptedResponseEnc - * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod) - */ public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) { client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlg() - */ public JWSAlgorithm getIdTokenSignedResponseAlg() { return client.getIdTokenSignedResponseAlg(); } - /** - * @param idTokenSignedResponseAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm) - */ public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) { client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlg() - */ public JWEAlgorithm getIdTokenEncryptedResponseAlg() { return client.getIdTokenEncryptedResponseAlg(); } - /** - * @param idTokenEncryptedResponseAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm) - */ public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) { client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEnc() - */ public EncryptionMethod getIdTokenEncryptedResponseEnc() { return client.getIdTokenEncryptedResponseEnc(); } - /** - * @param idTokenEncryptedResponseEnc - * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod) - */ public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) { client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg() - */ public JWSAlgorithm getTokenEndpointAuthSigningAlg() { return client.getTokenEndpointAuthSigningAlg(); } - /** - * @param tokenEndpointAuthSigningAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlg(com.nimbusds.jose.JWSAlgorithm) - */ public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) { client.setTokenEndpointAuthSigningAlg(tokenEndpointAuthSigningAlg); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getCreatedAt() - */ public Date getCreatedAt() { return client.getCreatedAt(); } - /** - * @param createdAt - * @see org.mitre.oauth2.model.ClientDetailsEntity#setCreatedAt(java.util.Date) - */ + public void setCreatedAt(Date createdAt) { client.setCreatedAt(createdAt); } - /** - * @return the registrationAccessToken - */ + public String getRegistrationAccessToken() { return registrationAccessToken; } - /** - * @param registrationAccessToken the registrationAccessToken to set - */ + public void setRegistrationAccessToken(String registrationAccessToken) { this.registrationAccessToken = registrationAccessToken; } - /** - * @return the registrationClientUri - */ + public String getRegistrationClientUri() { return registrationClientUri; } - /** - * @param registrationClientUri the registrationClientUri to set - */ + public void setRegistrationClientUri(String registrationClientUri) { this.registrationClientUri = registrationClientUri; } - /** - * @return the clientSecretExpiresAt - */ + public Date getClientSecretExpiresAt() { return clientSecretExpiresAt; } - /** - * @param clientSecretExpiresAt the clientSecretExpiresAt to set - */ + public void setClientSecretExpiresAt(Date expiresAt) { this.clientSecretExpiresAt = expiresAt; } - /** - * @return the clientIdIssuedAt - */ + public Date getClientIdIssuedAt() { return clientIdIssuedAt; } - /** - * @param clientIdIssuedAt the clientIdIssuedAt to set - */ + public void setClientIdIssuedAt(Date issuedAt) { this.clientIdIssuedAt = issuedAt; } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getClaimsRedirectUris() - */ public Set getClaimsRedirectUris() { return client.getClaimsRedirectUris(); } - /** - * @param claimsRedirectUris - * @see org.mitre.oauth2.model.ClientDetailsEntity#setClaimsRedirectUris(java.util.Set) - */ public void setClaimsRedirectUris(Set claimsRedirectUris) { client.setClaimsRedirectUris(claimsRedirectUris); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getSoftwareStatement() - */ public JWT getSoftwareStatement() { return client.getSoftwareStatement(); } - /** - * @param softwareStatement - * @see org.mitre.oauth2.model.ClientDetailsEntity#setSoftwareStatement(com.nimbusds.jwt.JWT) - */ public void setSoftwareStatement(JWT softwareStatement) { client.setSoftwareStatement(softwareStatement); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getCodeChallengeMethod() - */ public PKCEAlgorithm getCodeChallengeMethod() { return client.getCodeChallengeMethod(); } - /** - * @param codeChallengeMethod - * @see org.mitre.oauth2.model.ClientDetailsEntity#setCodeChallengeMethod(org.mitre.oauth2.model.PKCEAlgorithm) - */ public void setCodeChallengeMethod(PKCEAlgorithm codeChallengeMethod) { client.setCodeChallengeMethod(codeChallengeMethod); } - /** - * @return the src - */ public JsonObject getSource() { return src; } - /** - * @param src the src to set - */ public void setSource(JsonObject src) { this.src = src; } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getDeviceCodeValiditySeconds() - */ public Integer getDeviceCodeValiditySeconds() { return client.getDeviceCodeValiditySeconds(); } - /** - * @param deviceCodeValiditySeconds - * @see org.mitre.oauth2.model.ClientDetailsEntity#setDeviceCodeValiditySeconds(java.lang.Integer) - */ public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) { client.setDeviceCodeValiditySeconds(deviceCodeValiditySeconds); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getSoftwareId() - */ public String getSoftwareId() { return client.getSoftwareId(); } - /** - * @param softwareId - * @see org.mitre.oauth2.model.ClientDetailsEntity#setSoftwareId(java.lang.String) - */ public void setSoftwareId(String softwareId) { client.setSoftwareId(softwareId); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getSoftwareVersion() - */ public String getSoftwareVersion() { return client.getSoftwareVersion(); } - /** - * @param softwareVersion - * @see org.mitre.oauth2.model.ClientDetailsEntity#setSoftwareVersion(java.lang.String) - */ public void setSoftwareVersion(String softwareVersion) { client.setSoftwareVersion(softwareVersion); } - - } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClientFields.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClientFields.java index 79231b523..b334c4827 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClientFields.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClientFields.java @@ -16,46 +16,48 @@ package org.mitre.oauth2.model; public interface RegisteredClientFields { - public String SOFTWARE_ID = "software_id"; - public String SOFTWARE_VERSION = "software_version"; - public String SOFTWARE_STATEMENT = "software_statement"; - public String CLAIMS_REDIRECT_URIS = "claims_redirect_uris"; - public String CLIENT_SECRET_EXPIRES_AT = "client_secret_expires_at"; - public String CLIENT_ID_ISSUED_AT = "client_id_issued_at"; - public String REGISTRATION_CLIENT_URI = "registration_client_uri"; - public String REGISTRATION_ACCESS_TOKEN = "registration_access_token"; - public String REQUEST_URIS = "request_uris"; - public String POST_LOGOUT_REDIRECT_URIS = "post_logout_redirect_uris"; - public String INITIATE_LOGIN_URI = "initiate_login_uri"; - public String DEFAULT_ACR_VALUES = "default_acr_values"; - public String REQUIRE_AUTH_TIME = "require_auth_time"; - public String DEFAULT_MAX_AGE = "default_max_age"; - public String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "token_endpoint_auth_signing_alg"; - public String ID_TOKEN_ENCRYPTED_RESPONSE_ENC = "id_token_encrypted_response_enc"; - public String ID_TOKEN_ENCRYPTED_RESPONSE_ALG = "id_token_encrypted_response_alg"; - public String ID_TOKEN_SIGNED_RESPONSE_ALG = "id_token_signed_response_alg"; - public String USERINFO_ENCRYPTED_RESPONSE_ENC = "userinfo_encrypted_response_enc"; - public String USERINFO_ENCRYPTED_RESPONSE_ALG = "userinfo_encrypted_response_alg"; - public String USERINFO_SIGNED_RESPONSE_ALG = "userinfo_signed_response_alg"; - public String REQUEST_OBJECT_SIGNING_ALG = "request_object_signing_alg"; - public String SUBJECT_TYPE = "subject_type"; - public String SECTOR_IDENTIFIER_URI = "sector_identifier_uri"; - public String APPLICATION_TYPE = "application_type"; - public String JWKS_URI = "jwks_uri"; - public String JWKS = "jwks"; - public String SCOPE_SEPARATOR = " "; - public String POLICY_URI = "policy_uri"; - public String RESPONSE_TYPES = "response_types"; - public String GRANT_TYPES = "grant_types"; - public String SCOPE = "scope"; - public String TOKEN_ENDPOINT_AUTH_METHOD = "token_endpoint_auth_method"; - public String TOS_URI = "tos_uri"; - public String CONTACTS = "contacts"; - public String LOGO_URI = "logo_uri"; - public String CLIENT_URI = "client_uri"; - public String CLIENT_NAME = "client_name"; - public String REDIRECT_URIS = "redirect_uris"; - public String CLIENT_SECRET = "client_secret"; - public String CLIENT_ID = "client_id"; - public String CODE_CHALLENGE_METHOD = "code_challenge_method"; + + String SOFTWARE_ID = "software_id"; + String SOFTWARE_VERSION = "software_version"; + String SOFTWARE_STATEMENT = "software_statement"; + String CLAIMS_REDIRECT_URIS = "claims_redirect_uris"; + String CLIENT_SECRET_EXPIRES_AT = "client_secret_expires_at"; + String CLIENT_ID_ISSUED_AT = "client_id_issued_at"; + String REGISTRATION_CLIENT_URI = "registration_client_uri"; + String REGISTRATION_ACCESS_TOKEN = "registration_access_token"; + String REQUEST_URIS = "request_uris"; + String POST_LOGOUT_REDIRECT_URIS = "post_logout_redirect_uris"; + String INITIATE_LOGIN_URI = "initiate_login_uri"; + String DEFAULT_ACR_VALUES = "default_acr_values"; + String REQUIRE_AUTH_TIME = "require_auth_time"; + String DEFAULT_MAX_AGE = "default_max_age"; + String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "token_endpoint_auth_signing_alg"; + String ID_TOKEN_ENCRYPTED_RESPONSE_ENC = "id_token_encrypted_response_enc"; + String ID_TOKEN_ENCRYPTED_RESPONSE_ALG = "id_token_encrypted_response_alg"; + String ID_TOKEN_SIGNED_RESPONSE_ALG = "id_token_signed_response_alg"; + String USERINFO_ENCRYPTED_RESPONSE_ENC = "userinfo_encrypted_response_enc"; + String USERINFO_ENCRYPTED_RESPONSE_ALG = "userinfo_encrypted_response_alg"; + String USERINFO_SIGNED_RESPONSE_ALG = "userinfo_signed_response_alg"; + String REQUEST_OBJECT_SIGNING_ALG = "request_object_signing_alg"; + String SUBJECT_TYPE = "subject_type"; + String SECTOR_IDENTIFIER_URI = "sector_identifier_uri"; + String APPLICATION_TYPE = "application_type"; + String JWKS_URI = "jwks_uri"; + String JWKS = "jwks"; + String SCOPE_SEPARATOR = " "; + String POLICY_URI = "policy_uri"; + String RESPONSE_TYPES = "response_types"; + String GRANT_TYPES = "grant_types"; + String SCOPE = "scope"; + String TOKEN_ENDPOINT_AUTH_METHOD = "token_endpoint_auth_method"; + String TOS_URI = "tos_uri"; + String CONTACTS = "contacts"; + String LOGO_URI = "logo_uri"; + String CLIENT_URI = "client_uri"; + String CLIENT_NAME = "client_name"; + String REDIRECT_URIS = "redirect_uris"; + String CLIENT_SECRET = "client_secret"; + String CLIENT_ID = "client_id"; + String CODE_CHALLENGE_METHOD = "code_challenge_method"; + } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java index 21fa34a83..dfe4829e8 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java @@ -41,7 +41,6 @@ import org.springframework.security.core.GrantedAuthority; * This class stands in for an original Authentication object. * * @author jricher - * */ @Entity @Table(name="saved_user_auth") @@ -50,18 +49,11 @@ public class SavedUserAuthentication implements Authentication { private static final long serialVersionUID = -1804249963940323488L; private Long id; - private String name; - private Collection authorities; - private boolean authenticated; - private String sourceClass; - /** - * Create a Saved Auth from an existing Auth token - */ public SavedUserAuthentication(Authentication src) { setName(src.getName()); setAuthorities(new HashSet<>(src.getAuthorities())); @@ -75,16 +67,8 @@ public class SavedUserAuthentication implements Authentication { } } - /** - * Create an empty saved auth - */ - public SavedUserAuthentication() { + public SavedUserAuthentication() { } - } - - /** - * @return the id - */ @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") @@ -92,9 +76,6 @@ public class SavedUserAuthentication implements Authentication { return id; } - /** - * @param id the id to set - */ public void setId(Long id) { this.id = id; } @@ -108,10 +89,7 @@ public class SavedUserAuthentication implements Authentication { @Override @ElementCollection(fetch = FetchType.EAGER) - @CollectionTable( - name="saved_user_auth_authority", - joinColumns=@JoinColumn(name="owner_id") - ) + @CollectionTable(name="saved_user_auth_authority", joinColumns=@JoinColumn(name="owner_id")) @Convert(converter = SimpleGrantedAuthorityStringConverter.class) @Column(name="authority") public Collection getAuthorities() { @@ -148,35 +126,22 @@ public class SavedUserAuthentication implements Authentication { this.authenticated = isAuthenticated; } - /** - * @return the sourceClass - */ @Basic @Column(name="source_class") public String getSourceClass() { return sourceClass; } - /** - * @param sourceClass the sourceClass to set - */ public void setSourceClass(String sourceClass) { this.sourceClass = sourceClass; } - /** - * @param name the name to set - */ public void setName(String name) { this.name = name; } - /** - * @param authorities the authorities to set - */ public void setAuthorities(Collection authorities) { this.authorities = authorities; } - } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java index 0807b160e..78f858dbc 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java @@ -32,7 +32,6 @@ import javax.persistence.Table; /** * @author jricher - * */ @Entity @Table(name = "system_scope") @@ -54,114 +53,73 @@ public class SystemScope { private boolean defaultScope = false; // is this a default scope for newly-registered clients? private boolean restricted = false; // is this scope restricted to admin-only registration access? - /** - * Make a blank system scope with no value - */ - public SystemScope() { + public SystemScope() { } - } - - /** - * Make a system scope with the given scope value - * @param value - */ public SystemScope(String value) { this.value = value; } - /** - * @return the id - */ @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") public Long getId() { return id; } - /** - * @param id the id to set - */ + public void setId(Long id) { this.id = id; } - /** - * @return the value - */ + @Basic @Column(name = "scope") public String getValue() { return value; } - /** - * @param value the value to set - */ + public void setValue(String value) { this.value = value; } - /** - * @return the description - */ + @Basic @Column(name = "description") public String getDescription() { return description; } - /** - * @param description the description to set - */ + public void setDescription(String description) { this.description = description; } - /** - * @return the icon - */ + @Basic @Column(name = "icon") public String getIcon() { return icon; } - /** - * @param icon the icon to set - */ + public void setIcon(String icon) { this.icon = icon; } - /** - * @return the defaultScope - */ @Basic @Column(name = "default_scope") public boolean isDefaultScope() { return defaultScope; } - /** - * @param defaultScope the defaultScope to set - */ public void setDefaultScope(boolean defaultScope) { this.defaultScope = defaultScope; } - /** - * @return the restricted - */ @Basic @Column(name = "restricted") public boolean isRestricted() { return restricted; } - /** - * @param restricted the restricted to set - */ public void setRestricted(boolean restricted) { this.restricted = restricted; } - /* (non-Javadoc) - * @see java.lang.Object#hashCode() - */ @Override public int hashCode() { final int prime = 31; @@ -176,9 +134,6 @@ public class SystemScope { return result; } - /* (non-Javadoc) - * @see java.lang.Object#equals(java.lang.Object) - */ @Override public boolean equals(Object obj) { if (this == obj) { @@ -219,18 +174,12 @@ public class SystemScope { return false; } if (value == null) { - if (other.value != null) { - return false; - } - } else if (!value.equals(other.value)) { - return false; + return other.value == null; + } else { + return value.equals(other.value); } - return true; } - /* (non-Javadoc) - * @see java.lang.Object#toString() - */ @Override public String toString() { return "SystemScope [id=" + id + ", value=" + value + ", description=" diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java index 1341cb4bc..729e36b66 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java @@ -26,22 +26,12 @@ public class JWEAlgorithmStringConverter implements AttributeConverter { @@ -37,22 +36,14 @@ public class JWKSetStringConverter implements AttributeConverter @Override public String convertToDatabaseColumn(JWKSet attribute) { - if (attribute != null) { - return attribute.toString(); - } else { - return null; - } + return attribute != null ? attribute.toString() : null; } - /* (non-Javadoc) - * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) - */ @Override public JWKSet convertToEntityAttribute(String dbData) { if (dbData != null) { try { - JWKSet jwks = JWKSet.parse(dbData); - return jwks; + return JWKSet.parse(dbData); } catch (ParseException e) { logger.error("Unable to parse JWK Set", e); return null; @@ -60,7 +51,6 @@ public class JWKSetStringConverter implements AttributeConverter } else { return null; } - } } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java index c671c50fa..6d35d0044 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java @@ -26,22 +26,12 @@ public class JWSAlgorithmStringConverter implements AttributeConverter { @@ -38,22 +37,14 @@ public class JWTStringConverter implements AttributeConverter { @Override public String convertToDatabaseColumn(JWT attribute) { - if (attribute != null) { - return attribute.serialize(); - } else { - return null; - } + return attribute != null ? attribute.serialize() : null; } - /* (non-Javadoc) - * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) - */ @Override public JWT convertToEntityAttribute(String dbData) { if (dbData != null) { try { - JWT jwt = JWTParser.parse(dbData); - return jwt; + return JWTParser.parse(dbData); } catch (ParseException e) { logger.error("Unable to parse JWT", e); return null; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java index 3ee630537..7a8010c3a 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java @@ -19,13 +19,12 @@ package org.mitre.oauth2.model.convert; import javax.persistence.AttributeConverter; import javax.persistence.Converter; -import com.google.common.base.Strings; import com.google.gson.JsonElement; import com.google.gson.JsonParser; +import org.springframework.util.StringUtils; /** * @author jricher - * */ @Converter public class JsonElementStringConverter implements AttributeConverter { @@ -34,23 +33,12 @@ public class JsonElementStringConverter implements AttributeConverter { @@ -51,7 +50,7 @@ public class SerializableStringConverter implements AttributeConverter { @Override public String convertToDatabaseColumn(SimpleGrantedAuthority attribute) { - if (attribute != null) { - return attribute.getAuthority(); - } else { - return null; - } + return attribute != null ? attribute.getAuthority() : null; } @Override public SimpleGrantedAuthority convertToEntityAttribute(String dbData) { - if (dbData != null) { - return new SimpleGrantedAuthority(dbData); - } else { - return null; - } + return dbData != null ? new SimpleGrantedAuthority(dbData) : null; } } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java index 1b217de3e..9666d910f 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java @@ -23,15 +23,17 @@ import org.mitre.data.PageCriteria; import org.mitre.oauth2.model.AuthenticationHolderEntity; public interface AuthenticationHolderRepository { - public List getAll(); - public AuthenticationHolderEntity getById(Long id); + List getAll(); - public void remove(AuthenticationHolderEntity a); + AuthenticationHolderEntity getById(Long id); - public AuthenticationHolderEntity save(AuthenticationHolderEntity a); + void remove(AuthenticationHolderEntity a); - public List getOrphanedAuthenticationHolders(); + AuthenticationHolderEntity save(AuthenticationHolderEntity a); + + List getOrphanedAuthenticationHolders(); + + List getOrphanedAuthenticationHolders(PageCriteria pageCriteria); - public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java index 11375e7e6..0cff24b10 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java @@ -26,7 +26,6 @@ import org.mitre.oauth2.model.AuthorizationCodeEntity; * Interface for saving and consuming OAuth2 authorization codes as AuthorizationCodeEntitys. * * @author aanganes - * */ public interface AuthorizationCodeRepository { @@ -36,7 +35,7 @@ public interface AuthorizationCodeRepository { * @param authorizationCode the AuthorizationCodeEntity to save * @return the saved AuthorizationCodeEntity */ - public AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode); + AuthorizationCodeEntity save(AuthorizationCodeEntity authorizationCode); /** * Get an authorization code from the repository by value. @@ -44,24 +43,24 @@ public interface AuthorizationCodeRepository { * @param code the authorization code value * @return the authentication associated with the code */ - public AuthorizationCodeEntity getByCode(String code); + AuthorizationCodeEntity getByCode(String code); /** * Remove an authorization code from the repository * * @param authorizationCodeEntity */ - public void remove(AuthorizationCodeEntity authorizationCodeEntity); + void remove(AuthorizationCodeEntity authorizationCodeEntity); /** * @return A collection of all expired codes. */ - public Collection getExpiredCodes(); + Collection getExpiredCodes(); /** * @return A collection of all expired codes, limited by the given * PageCriteria. */ - public Collection getExpiredCodes(PageCriteria pageCriteria); + Collection getExpiredCodes(PageCriteria pageCriteria); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java index 56936ac80..00c70ee34 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java @@ -23,17 +23,16 @@ import org.mitre.oauth2.model.ClientDetailsEntity; public interface OAuth2ClientRepository { - public ClientDetailsEntity getById(Long id); + ClientDetailsEntity getById(Long id); - public ClientDetailsEntity getClientByClientId(String clientId); + ClientDetailsEntity getClientByClientId(String clientId); - public ClientDetailsEntity saveClient(ClientDetailsEntity client); + ClientDetailsEntity saveClient(ClientDetailsEntity client); - public void deleteClient(ClientDetailsEntity client); + void deleteClient(ClientDetailsEntity client); - public ClientDetailsEntity updateClient(Long id, ClientDetailsEntity client); - - public Collection getAllClients(); + ClientDetailsEntity updateClient(Long id, ClientDetailsEntity client); + Collection getAllClients(); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java index e71d0a597..8465fcb0d 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java @@ -29,47 +29,47 @@ import org.mitre.uma.model.ResourceSet; public interface OAuth2TokenRepository { - public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity token); + OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity token); - public OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue); + OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue); - public OAuth2RefreshTokenEntity getRefreshTokenById(Long Id); + OAuth2RefreshTokenEntity getRefreshTokenById(Long Id); - public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken); + void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken); - public void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken); + void removeRefreshToken(OAuth2RefreshTokenEntity refreshToken); - public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken); + OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken); - public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue); + OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue); - public OAuth2AccessTokenEntity getAccessTokenById(Long id); + OAuth2AccessTokenEntity getAccessTokenById(Long id); - public void removeAccessToken(OAuth2AccessTokenEntity accessToken); + void removeAccessToken(OAuth2AccessTokenEntity accessToken); - public void clearTokensForClient(ClientDetailsEntity client); + void clearTokensForClient(ClientDetailsEntity client); - public List getAccessTokensForClient(ClientDetailsEntity client); + List getAccessTokensForClient(ClientDetailsEntity client); - public List getRefreshTokensForClient(ClientDetailsEntity client); + List getRefreshTokensForClient(ClientDetailsEntity client); - public Set getAccessTokensByUserName(String name); + Set getAccessTokensByUserName(String name); - public Set getRefreshTokensByUserName(String name); + Set getRefreshTokensByUserName(String name); - public Set getAllAccessTokens(); + Set getAllAccessTokens(); - public Set getAllRefreshTokens(); + Set getAllRefreshTokens(); - public Set getAllExpiredAccessTokens(); + Set getAllExpiredAccessTokens(); - public Set getAllExpiredAccessTokens(PageCriteria pageCriteria); + Set getAllExpiredAccessTokens(PageCriteria pageCriteria); - public Set getAllExpiredRefreshTokens(); + Set getAllExpiredRefreshTokens(); - public Set getAllExpiredRefreshTokens(PageCriteria pageCriteria); + Set getAllExpiredRefreshTokens(PageCriteria pageCriteria); - public Set getAccessTokensForResourceSet(ResourceSet rs); + Set getAccessTokensForResourceSet(ResourceSet rs); /** * removes duplicate access tokens. @@ -78,10 +78,9 @@ public interface OAuth2TokenRepository { * so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the * removeAccessToken method has been updated so as it will not fail in the event that an * accessToken has been duplicated, so this method is unnecessary. - * */ @Deprecated - public void clearDuplicateAccessTokens(); + void clearDuplicateAccessTokens(); /** * removes duplicate refresh tokens. @@ -90,11 +89,10 @@ public interface OAuth2TokenRepository { * so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the * removeRefreshToken method has been updated so as it will not fail in the event that * refreshToken has been duplicated, so this method is unnecessary. - * */ @Deprecated - public void clearDuplicateRefreshTokens(); + void clearDuplicateRefreshTokens(); - public List getAccessTokensForApprovedSite(ApprovedSite approvedSite); + List getAccessTokensForApprovedSite(ApprovedSite approvedSite); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java index 8c891d566..022ef8388 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java @@ -26,18 +26,17 @@ import org.mitre.oauth2.model.SystemScope; /** * @author jricher - * */ public interface SystemScopeRepository { - public Set getAll(); + Set getAll(); - public SystemScope getById(Long id); + SystemScope getById(Long id); - public SystemScope getByValue(String value); + SystemScope getByValue(String value); - public void remove(SystemScope scope); + void remove(SystemScope scope); - public SystemScope save(SystemScope scope); + SystemScope save(SystemScope scope); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java index 392932642..94d408689 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java @@ -22,42 +22,19 @@ import org.mitre.oauth2.model.DeviceCode; /** * @author jricher - * */ public interface DeviceCodeRepository { - /** - * @param id - * @return - */ - public DeviceCode getById(Long id); + DeviceCode getById(Long id); - /** - * @param deviceCode - * @return - */ - public DeviceCode getByDeviceCode(String deviceCode); + DeviceCode getByDeviceCode(String deviceCode); - /** - * @param scope - */ - public void remove(DeviceCode scope); + void remove(DeviceCode scope); - /** - * @param scope - * @return - */ - public DeviceCode save(DeviceCode scope); + DeviceCode save(DeviceCode scope); - /** - * @param userCode - * @return - */ - public DeviceCode getByUserCode(String userCode); + DeviceCode getByUserCode(String userCode); - /** - * @return - */ - public Collection getExpiredCodes(); + Collection getExpiredCodes(); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java index b9601292e..85e6adf55 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java @@ -27,47 +27,18 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; /** * @author jricher - * */ public interface DeviceCodeService { - /** - * @param userCode - * @return - */ - public DeviceCode lookUpByUserCode(String userCode); + DeviceCode lookUpByUserCode(String userCode); - /** - * @param dc - * @param o2Auth - */ - public DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication o2Auth); + DeviceCode approveDeviceCode(DeviceCode dc, OAuth2Authentication o2Auth); - /** - * @param deviceCode - * @param client - * @return - */ - public DeviceCode findDeviceCode(String deviceCode, ClientDetails client); + DeviceCode findDeviceCode(String deviceCode, ClientDetails client); + void clearDeviceCode(String deviceCode, ClientDetails client); - /** - * - * @param deviceCode - * @param client - */ - public void clearDeviceCode(String deviceCode, ClientDetails client); - - /** - * @param deviceCode - * @param userCode - * @param requestedScopes - * @param client - * @param parameters - * @return - */ - public DeviceCode createNewDeviceCode(Set requestedScopes, ClientDetailsEntity client, Map parameters) throws DeviceCodeCreationException; + DeviceCode createNewDeviceCode(Set requestedScopes, ClientDetailsEntity client, Map parameters) throws DeviceCodeCreationException; - - public void clearExpiredDeviceCodes(); + void clearExpiredDeviceCodes(); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/IntrospectionResultAssembler.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/IntrospectionResultAssembler.java index e0250a503..84b715c4d 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/IntrospectionResultAssembler.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/IntrospectionResultAssembler.java @@ -30,16 +30,16 @@ import org.mitre.openid.connect.model.UserInfo; */ public interface IntrospectionResultAssembler { - public String TOKEN_TYPE = "token_type"; - public String CLIENT_ID = "client_id"; - public String USER_ID = "user_id"; - public String SUB = "sub"; - public String EXP = "exp"; - public String EXPIRES_AT = "expires_at"; - public String SCOPE_SEPARATOR = " "; - public String SCOPE = "scope"; - public String ACTIVE = "active"; - public DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")); + String TOKEN_TYPE = "token_type"; + String CLIENT_ID = "client_id"; + String USER_ID = "user_id"; + String SUB = "sub"; + String EXP = "exp"; + String EXPIRES_AT = "expires_at"; + String SCOPE_SEPARATOR = " "; + String SCOPE = "scope"; + String ACTIVE = "active"; + DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")); /** * Assemble a token introspection result from the given access token and user info. diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java index c39ccd90d..76af302e7 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java @@ -30,34 +30,34 @@ import org.springframework.security.oauth2.provider.token.ResourceServerTokenSer public interface OAuth2TokenEntityService extends AuthorizationServerTokenServices, ResourceServerTokenServices { @Override - public OAuth2AccessTokenEntity readAccessToken(String accessTokenValue); + OAuth2AccessTokenEntity readAccessToken(String accessTokenValue); - public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue); + OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue); - public void revokeRefreshToken(OAuth2RefreshTokenEntity refreshToken); + void revokeRefreshToken(OAuth2RefreshTokenEntity refreshToken); - public void revokeAccessToken(OAuth2AccessTokenEntity accessToken); + void revokeAccessToken(OAuth2AccessTokenEntity accessToken); - public List getAccessTokensForClient(ClientDetailsEntity client); + List getAccessTokensForClient(ClientDetailsEntity client); - public List getRefreshTokensForClient(ClientDetailsEntity client); + List getRefreshTokensForClient(ClientDetailsEntity client); - public void clearExpiredTokens(); + void clearExpiredTokens(); - public OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken); + OAuth2AccessTokenEntity saveAccessToken(OAuth2AccessTokenEntity accessToken); - public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken); + OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken); @Override - public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication); + OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication); - public OAuth2AccessTokenEntity getAccessTokenById(Long id); + OAuth2AccessTokenEntity getAccessTokenById(Long id); - public OAuth2RefreshTokenEntity getRefreshTokenById(Long id); + OAuth2RefreshTokenEntity getRefreshTokenById(Long id); - public Set getAllAccessTokensForUser(String name); + Set getAllAccessTokensForUser(String name); - public Set getAllRefreshTokensForUser(String name); + Set getAllRefreshTokensForUser(String name); - public OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client); + OAuth2AccessTokenEntity getRegistrationAccessTokenForClient(ClientDetailsEntity client); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java index dad93f171..c4e7f4561 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java @@ -20,6 +20,8 @@ */ package org.mitre.oauth2.service; +import java.util.Arrays; +import java.util.HashSet; import java.util.Set; import org.mitre.oauth2.model.SystemScope; @@ -28,30 +30,26 @@ import com.google.common.collect.Sets; /** * @author jricher - * */ public interface SystemScopeService { - public static final String OFFLINE_ACCESS = "offline_access"; - public static final String OPENID_SCOPE = "openid"; - public static final String REGISTRATION_TOKEN_SCOPE = "registration-token"; // this scope manages dynamic client registrations - public static final String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources - public static final String UMA_PROTECTION_SCOPE = "uma_protection"; - public static final String UMA_AUTHORIZATION_SCOPE = "uma_authorization"; + String OFFLINE_ACCESS = "offline_access"; + String OPENID_SCOPE = "openid"; + String REGISTRATION_TOKEN_SCOPE = "registration-token"; // this scope manages dynamic client registrations + String RESOURCE_TOKEN_SCOPE = "resource-token"; // this scope manages client-style protected resources + String UMA_PROTECTION_SCOPE = "uma_protection"; + String UMA_AUTHORIZATION_SCOPE = "uma_authorization"; - public static final Set reservedScopes = - Sets.newHashSet( - new SystemScope(REGISTRATION_TOKEN_SCOPE), - new SystemScope(RESOURCE_TOKEN_SCOPE) - ); + Set reservedScopes = new HashSet<>( + Arrays.asList(new SystemScope(REGISTRATION_TOKEN_SCOPE), new SystemScope(RESOURCE_TOKEN_SCOPE))); - public Set getAll(); + Set getAll(); /** * Get all scopes that are defaulted to new clients on this system * @return */ - public Set getDefaults(); + Set getDefaults(); /** * Get all the reserved system scopes. These can't be used @@ -60,46 +58,46 @@ public interface SystemScopeService { * * @return */ - public Set getReserved(); + Set getReserved(); /** * Get all the registered scopes that are restricted. * @return */ - public Set getRestricted(); + Set getRestricted(); /** * Get all the registered scopes that aren't restricted. * @return */ - public Set getUnrestricted(); + Set getUnrestricted(); - public SystemScope getById(Long id); + SystemScope getById(Long id); - public SystemScope getByValue(String value); + SystemScope getByValue(String value); - public void remove(SystemScope scope); + void remove(SystemScope scope); - public SystemScope save(SystemScope scope); + SystemScope save(SystemScope scope); /** * Translate the set of scope strings into a set of SystemScope objects. * @param scope * @return */ - public Set fromStrings(Set scope); + Set fromStrings(Set scope); /** * Pluck the scope values from the set of SystemScope objects and return a list of strings * @param scope * @return */ - public Set toStrings(Set scope); + Set toStrings(Set scope); /** * Test whether the scopes in both sets are compatible. All scopes in "actual" must exist in "expected". */ - public boolean scopesMatch(Set expected, Set actual); + boolean scopesMatch(Set expected, Set actual); /** * Remove any system-reserved or registered restricted scopes from the @@ -107,13 +105,13 @@ public interface SystemScopeService { * @param scopes * @return */ - public Set removeRestrictedAndReservedScopes(Set scopes); + Set removeRestrictedAndReservedScopes(Set scopes); /** * Remove any system-reserved scopes from the set and return the result. * @param scopes * @return */ - public Set removeReservedScopes(Set scopes); + Set removeReservedScopes(Set scopes); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java index da7a177c8..81e384352 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java @@ -17,19 +17,12 @@ *******************************************************************************/ package org.mitre.oauth2.service.impl; -import java.math.BigInteger; -import java.security.SecureRandom; -import java.util.Collection; -import java.util.HashSet; - import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; @@ -42,55 +35,19 @@ import com.google.common.base.Strings; * Shim layer to convert a ClientDetails service into a UserDetails service * * @author AANGANES - * */ @Service("clientUserDetailsService") public class DefaultClientUserDetailsService implements UserDetailsService { private static GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT"); - @Autowired private ClientDetailsEntityService clientDetailsService; + private final ConfigurationPropertiesBean config; @Autowired - private ConfigurationPropertiesBean config; - - @Override - public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException { - - try { - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientId); - - if (client != null) { - - String password = Strings.nullToEmpty(client.getClientSecret()); - - if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets - (client.getTokenEndpointAuthMethod() != null && - (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) || - client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) { - - // Issue a random password each time to prevent password auth from being used (or skipped) - // for private key or shared key clients, see #715 - - password = new BigInteger(512, new SecureRandom()).toString(16); - } - - boolean enabled = true; - boolean accountNonExpired = true; - boolean credentialsNonExpired = true; - boolean accountNonLocked = true; - Collection authorities = new HashSet<>(client.getAuthorities()); - authorities.add(ROLE_CLIENT); - - return new User(clientId, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); - } else { - throw new UsernameNotFoundException("Client not found: " + clientId); - } - } catch (InvalidClientException e) { - throw new UsernameNotFoundException("Client not found: " + clientId); - } - + public DefaultClientUserDetailsService(ClientDetailsEntityService clientDetailsService, ConfigurationPropertiesBean config) { + this.clientDetailsService = clientDetailsService; + this.config = config; } public ClientDetailsEntityService getClientDetailsService() { @@ -101,4 +58,20 @@ public class DefaultClientUserDetailsService implements UserDetailsService { this.clientDetailsService = clientDetailsService; } + @Override + public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException { + try { + ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientId); + if (client != null) { + String password = Strings.nullToEmpty(client.getClientSecret()); + + return ServiceUtils.getUserDetails(clientId, client, password, config, ROLE_CLIENT); + } else { + throw new UsernameNotFoundException("Client not found: " + clientId); + } + } catch (InvalidClientException e) { + throw new UsernameNotFoundException("Client not found: " + clientId); + } + } + } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/ServiceUtils.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/ServiceUtils.java new file mode 100644 index 000000000..4940c77e8 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/ServiceUtils.java @@ -0,0 +1,30 @@ +package org.mitre.oauth2.service.impl; + +import org.mitre.oauth2.model.ClientDetailsEntity; +import org.mitre.openid.connect.config.ConfigurationPropertiesBean; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; + +import java.math.BigInteger; +import java.security.SecureRandom; +import java.util.Collection; +import java.util.HashSet; + +public class ServiceUtils { + + public static UserDetails getUserDetails(String decodedClientId, ClientDetailsEntity client, String encodedPassword, ConfigurationPropertiesBean config, GrantedAuthority roleClient) { + if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets + (client.getTokenEndpointAuthMethod() != null && + (client.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.PRIVATE_KEY) || + client.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_JWT)))) { + encodedPassword = new BigInteger(512, new SecureRandom()).toString(16); + } + + Collection authorities = new HashSet<>(client.getAuthorities()); + authorities.add(roleClient); + + return new User(decodedClientId, encodedPassword, true, true, true, true, authorities); + } + +} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java index 335efbf18..8baab7d71 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java @@ -16,19 +16,13 @@ package org.mitre.oauth2.service.impl; import java.io.UnsupportedEncodingException; -import java.math.BigInteger; -import java.security.SecureRandom; -import java.util.Collection; -import java.util.HashSet; import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; @@ -44,57 +38,19 @@ import com.google.common.base.Strings; * Should only get called if non-encoded provider fails. * * @author AANGANES - * */ @Service("uriEncodedClientUserDetailsService") public class UriEncodedClientUserDetailsService implements UserDetailsService { private static GrantedAuthority ROLE_CLIENT = new SimpleGrantedAuthority("ROLE_CLIENT"); - @Autowired private ClientDetailsEntityService clientDetailsService; + private final ConfigurationPropertiesBean config; @Autowired - private ConfigurationPropertiesBean config; - - @Override - public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException { - - try { - String decodedClientId = UriUtils.decode(clientId, "UTF-8"); - - ClientDetailsEntity client = clientDetailsService.loadClientByClientId(decodedClientId); - - if (client != null) { - - String encodedPassword = UriUtils.encodePathSegment(Strings.nullToEmpty(client.getClientSecret()), "UTF-8"); - - if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets - (client.getTokenEndpointAuthMethod() != null && - (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) || - client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) { - - // Issue a random password each time to prevent password auth from being used (or skipped) - // for private key or shared key clients, see #715 - - encodedPassword = new BigInteger(512, new SecureRandom()).toString(16); - } - - boolean enabled = true; - boolean accountNonExpired = true; - boolean credentialsNonExpired = true; - boolean accountNonLocked = true; - Collection authorities = new HashSet<>(client.getAuthorities()); - authorities.add(ROLE_CLIENT); - - return new User(decodedClientId, encodedPassword, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); - } else { - throw new UsernameNotFoundException("Client not found: " + clientId); - } - } catch (UnsupportedEncodingException | InvalidClientException e) { - throw new UsernameNotFoundException("Client not found: " + clientId); - } - + public UriEncodedClientUserDetailsService(ClientDetailsEntityService clientDetailsService, ConfigurationPropertiesBean config) { + this.clientDetailsService = clientDetailsService; + this.config = config; } public ClientDetailsEntityService getClientDetailsService() { @@ -105,4 +61,21 @@ public class UriEncodedClientUserDetailsService implements UserDetailsService { this.clientDetailsService = clientDetailsService; } + @Override + public UserDetails loadUserByUsername(String clientId) throws UsernameNotFoundException { + try { + String decodedClientId = UriUtils.decode(clientId, "UTF-8"); + ClientDetailsEntity client = clientDetailsService.loadClientByClientId(decodedClientId); + + if (client != null) { + String encodedPassword = UriUtils.encodePathSegment(Strings.nullToEmpty(client.getClientSecret()), "UTF-8"); + return ServiceUtils.getUserDetails(decodedClientId, client, encodedPassword, config, ROLE_CLIENT); + } else { + throw new UsernameNotFoundException("Client not found: " + clientId); + } + } catch (UnsupportedEncodingException | InvalidClientException e) { + throw new UsernameNotFoundException("Client not found: " + clientId); + } + } + }