From 66e837f650c95716e386f3bd1d3fc6dc67fbe8c3 Mon Sep 17 00:00:00 2001
From: Amanda Anganes <aanganes@mitre.org>
Date: Tue, 17 Sep 2013 10:53:33 -0400
Subject: [PATCH] Move extension parameters into OAuth2Request.extensions map;
 remove all calls to OAuth2Request.getRequestParameters.

---
 .../oauth2/web/OAuthConfirmationController.java |  4 +---
 .../connect/ConnectOAuth2RequestFactory.java    | 17 ++++++++++++++++-
 .../connect/token/ConnectTokenEnhancer.java     |  6 ++----
 .../connect/token/TofuUserApprovalHandler.java  |  3 +--
 .../openid/connect/web/UserInfoEndpoint.java    |  2 +-
 5 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
index 6088bd87a..41e2964d3 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
@@ -19,7 +19,6 @@
  */
 package org.mitre.oauth2.web;
 
-import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
@@ -72,8 +71,7 @@ public class OAuthConfirmationController {
 
 		// Check the "prompt" parameter to see if we need to do special processing
 
-		// TODO (issue #450)
-		String prompt = clientAuth.getRequestParameters().get("prompt");
+		String prompt = (String)clientAuth.getExtensions().get("prompt");
 		if ("none".equals(prompt)) {
 			// we're not supposed to prompt, so "return an error"
 			logger.info("Client requested no prompt, returning 403 from confirmation endpoint");
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
index 47ef55e5b..d518282e0 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
@@ -16,6 +16,7 @@
  ******************************************************************************/
 package org.mitre.openid.connect;
 
+import java.io.Serializable;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.text.ParseException;
@@ -34,7 +35,6 @@ import org.mitre.oauth2.service.SystemScopeService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
@@ -45,6 +45,7 @@ import org.springframework.stereotype.Component;
 
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Maps;
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.JWEObject.State;
 import com.nimbusds.jose.JWSAlgorithm;
@@ -119,6 +120,20 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
 		}
 
 		request.setScope(scopes);
+		
+		//Add extension parameters to the 'extensions' map
+		Map<String, Serializable> extensions = Maps.newHashMap();
+		if (parameters.containsKey("prompt")) {
+			extensions.put("prompt", parameters.get("prompt"));
+		}
+		if (parameters.containsKey("request")) {
+			extensions.put("request", parameters.get("request"));
+		}
+		if (parameters.containsKey("nonce")) {
+			extensions.put("nonce", parameters.get("nonce"));
+		}
+		
+		request.setExtensions(extensions);
 
 		return request;
 	}
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
index 5efcc0043..3d232d379 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
@@ -137,14 +137,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 			idClaims.setSubject(userInfo.getSub());
 			idClaims.setAudience(Lists.newArrayList(clientId));
 
-
-			// TODO: issue #450
-			String nonce = originalAuthRequest.getRequestParameters().get("nonce");
+			String nonce = (String)originalAuthRequest.getExtensions().get("nonce");
 			if (!Strings.isNullOrEmpty(nonce)) {
 				idClaims.setCustomClaim("nonce", nonce);
 			}
 
-			// TODO: this ought to be getResponseType
+			// TODO: this ought to be getResponseType; issue #482
 			String responseType = authentication.getOAuth2Request().getRequestParameters().get("response_type");
 			
 			Set<String> responseTypes = OAuth2Utils.parseParameterList(responseType);
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
index b12901cd5..00919f068 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
@@ -126,8 +126,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 		boolean alreadyApproved = false;
 
 		// find out if we're supposed to force a prompt on the user or not
-		// TODO (issue #450)
-		String prompt = authorizationRequest.getRequestParameters().get("prompt");
+		String prompt = (String) authorizationRequest.getExtensions().get("prompt");
 		if (!"consent".equals(prompt)) {
 			// if the prompt parameter is set to "consent" then we can't use approved sites or whitelisted sites
 			// otherwise, we need to check them below
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
index 343140c5f..cac41f90f 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@@ -73,7 +73,7 @@ public class UserInfoEndpoint {
 		}
 
 		model.addAttribute("scope", auth.getOAuth2Request().getScope());
-		model.addAttribute("requestObject", auth.getOAuth2Request().getRequestParameters().get("request"));
+		model.addAttribute("requestObject", auth.getOAuth2Request().getExtensions().get("request"));
 
 		model.addAttribute("userInfo", userInfo);