github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

formatting cleanup

pull/779/head
Justin Richer 2015-02-17 11:08:46 -05:00
parent e2349984b8
commit 685960358c
66 changed files with 5651 additions and 5628 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java
View File

@ -32,21 +32,21 @@ import com.google.gson.JsonObject;
public class OAuth2AccessTokenImpl implements OAuth2AccessToken { public class OAuth2AccessTokenImpl implements OAuth2AccessToken {
private JsonObject token; private JsonObject introspectionResponse;
private String tokenString; private String tokenString;
private Set<String> scopes = new HashSet<String>(); private Set<String> scopes = new HashSet<String>();
private Date expireDate; private Date expireDate;
public OAuth2AccessTokenImpl(JsonObject token, String tokenString) { public OAuth2AccessTokenImpl(JsonObject introspectionResponse, String tokenString) {
this.token = token; this.setIntrospectionResponse(introspectionResponse);
this.tokenString = tokenString; this.tokenString = tokenString;
if (token.get("scope") != null) { if (introspectionResponse.get("scope") != null) {
scopes = Sets.newHashSet(Splitter.on(" ").split(token.get("scope").getAsString())); scopes = Sets.newHashSet(Splitter.on(" ").split(introspectionResponse.get("scope").getAsString()));
} }
if (token.get("exp") != null) { if (introspectionResponse.get("exp") != null) {
expireDate = new Date(token.get("exp").getAsLong() * 1000L); expireDate = new Date(introspectionResponse.get("exp").getAsLong() * 1000L);
} }
} }
@ -97,4 +97,20 @@ public class OAuth2AccessTokenImpl implements OAuth2AccessToken {
return tokenString; return tokenString;
} }
/**
* @return the token
*/
public JsonObject getIntrospectionResponse() {
return introspectionResponse;
}
/**
* @param token the token to set
*/
public void setIntrospectionResponse(JsonObject token) {
this.introspectionResponse = token;
}
} }

12
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
View File

@ -316,10 +316,10 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
.useSystemProperties() .useSystemProperties()
.setDefaultRequestConfig( .setDefaultRequestConfig(
RequestConfig.custom() RequestConfig.custom()
.setSocketTimeout(httpSocketTimeout) .setSocketTimeout(httpSocketTimeout)
.build() .build()
) )
.build(); .build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient); HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
@ -490,7 +490,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
throw new AuthenticationServiceException("Unsigned ID tokens can only be used if explicitly configured in client."); throw new AuthenticationServiceException("Unsigned ID tokens can only be used if explicitly configured in client.");
} }
if (tokenAlg != null && !tokenAlg.equals(JWSAlgorithm.NONE)) { if (tokenAlg != null && !tokenAlg.equals(Algorithm.NONE)) {
throw new AuthenticationServiceException("Unsigned token received, expected signature with " + tokenAlg); throw new AuthenticationServiceException("Unsigned token received, expected signature with " + tokenAlg);
} }
} else if (idToken instanceof SignedJWT) { } else if (idToken instanceof SignedJWT) {
@ -498,8 +498,8 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
SignedJWT signedIdToken = (SignedJWT)idToken; SignedJWT signedIdToken = (SignedJWT)idToken;
if (tokenAlg.equals(JWSAlgorithm.HS256) if (tokenAlg.equals(JWSAlgorithm.HS256)
|| tokenAlg.equals(JWSAlgorithm.HS384) || tokenAlg.equals(JWSAlgorithm.HS384)
|| tokenAlg.equals(JWSAlgorithm.HS512)) { || tokenAlg.equals(JWSAlgorithm.HS512)) {
// generate one based on client secret // generate one based on client secret
jwtValidator = symmetricCacheService.getSymmetricValidtor(clientConfig.getClient()); jwtValidator = symmetricCacheService.getSymmetricValidtor(clientConfig.getClient());

2
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
View File

@ -115,7 +115,7 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
*/ */
@Override @Override
public String getDefaultSignerKeyId() { public String getDefaultSignerKeyId() {
return defaultSignerKeyId; return defaultSignerKeyId;
} }
/** /**

2
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
View File

@ -33,7 +33,7 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
@Entity @Entity
@Table(name = "authentication_holder") @Table(name = "authentication_holder")
@NamedQueries ({ @NamedQueries ({
@NamedQuery(name = "AuthenticationHolderEntity.getAll", query = "select a from AuthenticationHolderEntity a"), @NamedQuery(name = "AuthenticationHolderEntity.getAll", query = "select a from AuthenticationHolderEntity a"),
@NamedQuery(name = "AuthenticationHolderEntity.getByAuthentication", query = "select a from AuthenticationHolderEntity a where a.authentication = :authentication"), @NamedQuery(name = "AuthenticationHolderEntity.getByAuthentication", query = "select a from AuthenticationHolderEntity a where a.authentication = :authentication"),
@NamedQuery(name = "AuthenticationHolderEntity.getUnusedAuthenticationHolders", query = "select a from AuthenticationHolderEntity a where a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r)") @NamedQuery(name = "AuthenticationHolderEntity.getUnusedAuthenticationHolders", query = "select a from AuthenticationHolderEntity a where a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r)")
}) })

4
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
View File

@ -353,8 +353,8 @@ public class ClientDetailsEntity implements ClientDetails {
public boolean isSecretRequired() { public boolean isSecretRequired() {
if (getTokenEndpointAuthMethod() != null && if (getTokenEndpointAuthMethod() != null &&
(getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) || (getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) ||
getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) || getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) ||
getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT))) { getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT))) {
return true; return true;
} else { } else {
return false; return false;

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
View File

@ -22,7 +22,7 @@ import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Authentication;
public interface AuthenticationHolderRepository { public interface AuthenticationHolderRepository {
public List<AuthenticationHolderEntity> getAll(); public List<AuthenticationHolderEntity> getAll();
public AuthenticationHolderEntity getById(Long id); public AuthenticationHolderEntity getById(Long id);

36
openid-connect-common/src/main/java/org/mitre/oauth2/service/IntrospectionResultAssembler.java
View File

@ -16,33 +16,33 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.oauth2.service; package org.mitre.oauth2.service;
import java.util.Map;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.model.UserInfo;
import java.util.Map;
/** /**
* Strategy interface for assembling a token introspection result. * Strategy interface for assembling a token introspection result.
*/ */
public interface IntrospectionResultAssembler { public interface IntrospectionResultAssembler {
/** /**
* Assemble a token introspection result from the given access token and user info. * Assemble a token introspection result from the given access token and user info.
* *
* @param accessToken the access token * @param accessToken the access token
* @param userInfo the user info * @param userInfo the user info
* @return the token introspection result * @return the token introspection result
*/ */
Map<String, Object> assembleFrom(OAuth2AccessTokenEntity accessToken, UserInfo userInfo); Map<String, Object> assembleFrom(OAuth2AccessTokenEntity accessToken, UserInfo userInfo);
/** /**
* Assemble a token introspection result from the given refresh token and user info. * Assemble a token introspection result from the given refresh token and user info.
* *
* @param refreshToken the refresh token * @param refreshToken the refresh token
* @param userInfo the user info * @param userInfo the user info
* @return the token introspection result * @return the token introspection result
*/ */
Map<String, Object> assembleFrom(OAuth2RefreshTokenEntity refreshToken, UserInfo userInfo); Map<String, Object> assembleFrom(OAuth2RefreshTokenEntity refreshToken, UserInfo userInfo);
} }

4
openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java
View File

@ -37,6 +37,10 @@ import com.google.gson.JsonObject;
}) })
public class DefaultUserInfo implements UserInfo { public class DefaultUserInfo implements UserInfo {
/**
*
*/
private static final long serialVersionUID = 6078310513185681918L;
private Long id; private Long id;
private String sub; private String sub;
private String preferredUsername; private String preferredUsername;

28
openid-connect-common/src/main/java/org/mitre/openid/connect/service/MITREidDataService.java
View File

@ -31,32 +31,32 @@ public interface MITREidDataService {
* Data member for 1.X configurations * Data member for 1.X configurations
*/ */
public static final String MITREID_CONNECT_1_0 = "mitreid-connect-1.0"; public static final String MITREID_CONNECT_1_0 = "mitreid-connect-1.0";
public static final String MITREID_CONNECT_1_1 = "mitreid-connect-1.1"; public static final String MITREID_CONNECT_1_1 = "mitreid-connect-1.1";
public static final String MITREID_CONNECT_1_2 = "mitreid-connect-1.2"; public static final String MITREID_CONNECT_1_2 = "mitreid-connect-1.2";
// member names // member names
public static final String REFRESHTOKENS = "refreshTokens"; public static final String REFRESHTOKENS = "refreshTokens";
public static final String ACCESSTOKENS = "accessTokens"; public static final String ACCESSTOKENS = "accessTokens";
public static final String WHITELISTEDSITES = "whitelistedSites"; public static final String WHITELISTEDSITES = "whitelistedSites";
public static final String BLACKLISTEDSITES = "blacklistedSites"; public static final String BLACKLISTEDSITES = "blacklistedSites";
public static final String AUTHENTICATIONHOLDERS = "authenticationHolders"; public static final String AUTHENTICATIONHOLDERS = "authenticationHolders";
public static final String GRANTS = "grants"; public static final String GRANTS = "grants";
public static final String CLIENTS = "clients"; public static final String CLIENTS = "clients";
public static final String SYSTEMSCOPES = "systemScopes"; public static final String SYSTEMSCOPES = "systemScopes";
/** /**
* Write out the current server state to the given JSON writer as a JSON object * Write out the current server state to the given JSON writer as a JSON object
* *
* @param writer * @param writer
* @throws IOException * @throws IOException
*/ */
void exportData(JsonWriter writer) throws IOException; void exportData(JsonWriter writer) throws IOException;
/** /**
* Read in the current server state from the given JSON reader as a JSON object * Read in the current server state from the given JSON reader as a JSON object
* *
* @param reader * @param reader
*/ */
void importData(JsonReader reader) throws IOException; void importData(JsonReader reader) throws IOException;
} }

104
openid-connect-common/src/test/java/org/mitre/jose/TestJWKSetKeyStore.java
View File

@ -50,42 +50,42 @@ public class TestJWKSetKeyStore {
private String RSAkid = "rsa_1"; private String RSAkid = "rsa_1";
private JWK RSAjwk = new RSAKey( private JWK RSAjwk = new RSAKey(
new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" + new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
new Base64URL("AQAB"), // e new Base64URL("AQAB"), // e
new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" + new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null); KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null);
private String RSAkid_rsa2 = "rsa_2"; private String RSAkid_rsa2 = "rsa_2";
private JWK RSAjwk_rsa2 = new RSAKey( private JWK RSAjwk_rsa2 = new RSAKey(
new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" + new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
new Base64URL("AQAB"), // e new Base64URL("AQAB"), // e
new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" + new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_rsa2, null, null, null); KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_rsa2, null, null, null);
List<JWK> keys_list = new LinkedList<JWK>(); List<JWK> keys_list = new LinkedList<JWK>();
private JWKSet jwkSet; private JWKSet jwkSet;
private String ks_file = "ks.txt"; private String ks_file = "ks.txt";
private String ks_file_badJWK = "ks_badJWK.txt"; private String ks_file_badJWK = "ks_badJWK.txt";
@Before @Before
public void prepare() throws IOException { public void prepare() throws IOException {
@ -101,8 +101,8 @@ public class TestJWKSetKeyStore {
out.close(); out.close();
} }
@After @After
public void cleanup() throws IOException { public void cleanup() throws IOException {
File f1 = new File(ks_file); File f1 = new File(ks_file);
if (f1.exists()) { if (f1.exists()) {
@ -112,7 +112,7 @@ public class TestJWKSetKeyStore {
if (f2.exists()) { if (f2.exists()) {
f2.delete(); f2.delete();
} }
} }
/* Constructors with no valid Resource setup */ /* Constructors with no valid Resource setup */
@Test @Test
@ -126,7 +126,7 @@ public class TestJWKSetKeyStore {
boolean thrown = false; boolean thrown = false;
try { try {
JWKSetKeyStore ks_null = new JWKSetKeyStore(null); new JWKSetKeyStore(null);
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
thrown = true; thrown = true;
} }
@ -162,36 +162,36 @@ public class TestJWKSetKeyStore {
/* First, test with file without "read" permission */ /* First, test with file without "read" permission */
boolean set = false; boolean set = false;
if (file.exists()) { if (file.exists()) {
set = file.setReadable(false); set = file.setReadable(false);
} }
// skip this part of the test on systems that don't allow the settable function, like Windows // skip this part of the test on systems that don't allow the settable function, like Windows
if (set) { if (set) {
Resource loc_noread = new FileSystemResource(file); Resource loc_noread = new FileSystemResource(file);
assertTrue(loc_noread.exists()); assertTrue(loc_noread.exists());
// assertTrue(!loc_noread.isReadable()); // assertTrue(!loc_noread.isReadable());
boolean thrown = false; boolean thrown = false;
try { try {
ks.setLocation(loc_noread); ks.setLocation(loc_noread);
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
thrown = true; thrown = true;
} }
assertTrue(thrown); assertTrue(thrown);
/* Now, make cache file readable */ /* Now, make cache file readable */
if (file.exists()) { if (file.exists()) {
file.setReadable(true); file.setReadable(true);
} }
} }
Resource loc = new FileSystemResource(file); Resource loc = new FileSystemResource(file);
assertTrue(loc.exists()); assertTrue(loc.exists());
assertTrue(loc.isReadable()); assertTrue(loc.isReadable());

59
openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java
View File

@ -78,37 +78,38 @@ public class TestDefaultJwtEncryptionAndDecryptionService {
"XFBoMYUZodetZdvTiFvSkQ"; "XFBoMYUZodetZdvTiFvSkQ";
private String RSAkid = "rsa321"; private String RSAkid = "rsa321";
private JWK RSAjwk = new RSAKey(new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" + private JWK RSAjwk = new RSAKey(
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" + new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
new Base64URL("AQAB"), // e new Base64URL("AQAB"), // e
new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" + new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null); KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null);
private String RSAkid_2 = "rsa3210"; private String RSAkid_2 = "rsa3210";
private JWK RSAjwk_2 = new RSAKey( private JWK RSAjwk_2 = new RSAKey(
new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" + new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
new Base64URL("AQAB"), // e new Base64URL("AQAB"), // e
new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" + new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_2, null, null, null); KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_2, null, null, null);
private String AESkid = "aes123"; private String AESkid = "aes123";
private JWK AESjwk = new OctetSequenceKey( new Base64URL("GawgguFyGrWKav7AX4VKUg"), private JWK AESjwk = new OctetSequenceKey( new Base64URL("GawgguFyGrWKav7AX4VKUg"),
@ -290,13 +291,13 @@ public class TestDefaultJwtEncryptionAndDecryptionService {
Map<String,JWK> keys2check = service_2.getAllPublicKeys(); Map<String,JWK> keys2check = service_2.getAllPublicKeys();
assertEquals( assertEquals(
JSONObjectUtils.getString(RSAjwk.toPublicJWK().toJSONObject(), "e"), JSONObjectUtils.getString(RSAjwk.toPublicJWK().toJSONObject(), "e"),
JSONObjectUtils.getString(keys2check.get(RSAkid).toJSONObject(), "e") JSONObjectUtils.getString(keys2check.get(RSAkid).toJSONObject(), "e")
); );
assertEquals( assertEquals(
JSONObjectUtils.getString(RSAjwk_2.toPublicJWK().toJSONObject(), "e"), JSONObjectUtils.getString(RSAjwk_2.toPublicJWK().toJSONObject(), "e"),
JSONObjectUtils.getString(keys2check.get(RSAkid_2).toJSONObject(), "e") JSONObjectUtils.getString(keys2check.get(RSAkid_2).toJSONObject(), "e")
); );
assertTrue(service_3.getAllPublicKeys().isEmpty()); assertTrue(service_3.getAllPublicKeys().isEmpty());
} }

2
openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
View File

@ -263,7 +263,7 @@ public class DiscoveryEndpoint {
Collection<JWSAlgorithm> serverSigningAlgs = signService.getAllSigningAlgsSupported(); Collection<JWSAlgorithm> serverSigningAlgs = signService.getAllSigningAlgsSupported();
Collection<JWSAlgorithm> clientSymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512); Collection<JWSAlgorithm> clientSymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512);
Collection<JWSAlgorithm> clientSymmetricAndAsymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512, JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512); Collection<JWSAlgorithm> clientSymmetricAndAsymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512, JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512);
Collection<Algorithm> clientSymmetricAndAsymmetricSigningAlgsWithNone = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512, JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512, JWSAlgorithm.NONE); Collection<Algorithm> clientSymmetricAndAsymmetricSigningAlgsWithNone = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512, JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512, Algorithm.NONE);
Map<String, Object> m = new HashMap<String, Object>(); Map<String, Object> m = new HashMap<String, Object>();
m.put("issuer", config.getIssuer()); m.put("issuer", config.getIssuer());

6
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java
View File

@ -38,11 +38,11 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe
@PersistenceContext @PersistenceContext
private EntityManager manager; private EntityManager manager;
@Override @Override
public List<AuthenticationHolderEntity> getAll() { public List<AuthenticationHolderEntity> getAll() {
TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("AuthenticationHolderEntity.getAll", AuthenticationHolderEntity.class); TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery("AuthenticationHolderEntity.getAll", AuthenticationHolderEntity.class);
return query.getResultList(); return query.getResultList();
} }
@Override @Override
public AuthenticationHolderEntity getById(Long id) { public AuthenticationHolderEntity getById(Long id) {

82
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
View File

@ -45,74 +45,74 @@ public class DefaultIntrospectionResultAssembler implements IntrospectionResultA
private static DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")); private static DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"));
@Override @Override
public Map<String, Object> assembleFrom(OAuth2AccessTokenEntity accessToken, UserInfo userInfo) { public Map<String, Object> assembleFrom(OAuth2AccessTokenEntity accessToken, UserInfo userInfo) {
Map<String, Object> result = newLinkedHashMap(); Map<String, Object> result = newLinkedHashMap();
OAuth2Authentication authentication = accessToken.getAuthenticationHolder().getAuthentication(); OAuth2Authentication authentication = accessToken.getAuthenticationHolder().getAuthentication();
result.put("active", true); result.put("active", true);
result.put("scope", Joiner.on(" ").join(accessToken.getScope())); result.put("scope", Joiner.on(" ").join(accessToken.getScope()));
if (accessToken.getExpiration() != null) { if (accessToken.getExpiration() != null) {
try { try {
result.put("expires_at", dateFormat.valueToString(accessToken.getExpiration())); result.put("expires_at", dateFormat.valueToString(accessToken.getExpiration()));
result.put("exp", accessToken.getExpiration().getTime() / 1000L); result.put("exp", accessToken.getExpiration().getTime() / 1000L);
} catch (ParseException e) { } catch (ParseException e) {
log.error("Parse exception in token introspection", e); log.error("Parse exception in token introspection", e);
} }
} }
if (userInfo != null) { if (userInfo != null) {
// if we have a UserInfo, use that for the subject // if we have a UserInfo, use that for the subject
result.put("sub", userInfo.getSub()); result.put("sub", userInfo.getSub());
} else { } else {
// otherwise, use the authentication's username // otherwise, use the authentication's username
result.put("sub", authentication.getName()); result.put("sub", authentication.getName());
} }
result.put("user_id", authentication.getName()); result.put("user_id", authentication.getName());
result.put("client_id", authentication.getOAuth2Request().getClientId()); result.put("client_id", authentication.getOAuth2Request().getClientId());
result.put("token_type", accessToken.getTokenType()); result.put("token_type", accessToken.getTokenType());
return result; return result;
} }
@Override @Override
public Map<String, Object> assembleFrom(OAuth2RefreshTokenEntity refreshToken, UserInfo userInfo) { public Map<String, Object> assembleFrom(OAuth2RefreshTokenEntity refreshToken, UserInfo userInfo) {
Map<String, Object> result = newLinkedHashMap(); Map<String, Object> result = newLinkedHashMap();
OAuth2Authentication authentication = refreshToken.getAuthenticationHolder().getAuthentication(); OAuth2Authentication authentication = refreshToken.getAuthenticationHolder().getAuthentication();
result.put("active", true); result.put("active", true);
result.put("scope", Joiner.on(" ").join(authentication.getOAuth2Request().getScope())); result.put("scope", Joiner.on(" ").join(authentication.getOAuth2Request().getScope()));
if (refreshToken.getExpiration() != null) { if (refreshToken.getExpiration() != null) {
try { try {
result.put("expires_at", dateFormat.valueToString(refreshToken.getExpiration())); result.put("expires_at", dateFormat.valueToString(refreshToken.getExpiration()));
result.put("exp", refreshToken.getExpiration().getTime() / 1000L); result.put("exp", refreshToken.getExpiration().getTime() / 1000L);
} catch (ParseException e) { } catch (ParseException e) {
log.error("Parse exception in token introspection", e); log.error("Parse exception in token introspection", e);
} }
} }
if (userInfo != null) { if (userInfo != null) {
// if we have a UserInfo, use that for the subject // if we have a UserInfo, use that for the subject
result.put("sub", userInfo.getSub()); result.put("sub", userInfo.getSub());
} else { } else {
// otherwise, use the authentication's username // otherwise, use the authentication's username
result.put("sub", authentication.getName()); result.put("sub", authentication.getName());
} }
result.put("user_id", authentication.getName()); result.put("user_id", authentication.getName());
result.put("client_id", authentication.getOAuth2Request().getClientId()); result.put("client_id", authentication.getOAuth2Request().getClientId());
return result; return result;
} }
} }

1
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
View File

@ -52,7 +52,6 @@ import com.google.common.base.Strings;
import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader; import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache; import com.google.common.cache.LoadingCache;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.google.gson.JsonElement; import com.google.gson.JsonElement;
import com.google.gson.JsonParser; import com.google.gson.JsonParser;

63
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
View File

@ -16,8 +16,10 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.oauth2.web; package org.mitre.oauth2.web;
import com.google.common.base.Strings; import java.security.Principal;
import com.google.common.collect.ImmutableMap; import java.util.Map;
import java.util.Set;
import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
@ -40,9 +42,8 @@ import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import java.security.Principal; import com.google.common.base.Strings;
import java.util.Map; import com.google.common.collect.ImmutableMap;
import java.util.Set;
@Controller @Controller
public class IntrospectionEndpoint { public class IntrospectionEndpoint {
@ -56,8 +57,8 @@ public class IntrospectionEndpoint {
@Autowired @Autowired
private IntrospectionAuthorizer introspectionAuthorizer; private IntrospectionAuthorizer introspectionAuthorizer;
@Autowired @Autowired
private IntrospectionResultAssembler introspectionResultAssembler; private IntrospectionResultAssembler introspectionResultAssembler;
@Autowired @Autowired
private UserInfoService userInfoService; private UserInfoService userInfoService;
@ -86,8 +87,8 @@ public class IntrospectionEndpoint {
return JsonEntityView.VIEWNAME; return JsonEntityView.VIEWNAME;
} }
OAuth2AccessTokenEntity accessToken = null; OAuth2AccessTokenEntity accessToken = null;
OAuth2RefreshTokenEntity refreshToken = null; OAuth2RefreshTokenEntity refreshToken = null;
ClientDetailsEntity tokenClient; ClientDetailsEntity tokenClient;
Set<String> scopes; Set<String> scopes;
UserInfo user; UserInfo user;
@ -100,7 +101,7 @@ public class IntrospectionEndpoint {
tokenClient = accessToken.getClient(); tokenClient = accessToken.getClient();
scopes = accessToken.getScope(); scopes = accessToken.getScope();
user = userInfoService.getByUsernameAndClientId(accessToken.getAuthenticationHolder().getAuthentication().getName(), tokenClient.getClientId()); user = userInfoService.getByUsernameAndClientId(accessToken.getAuthenticationHolder().getAuthentication().getName(), tokenClient.getClientId());
} catch (InvalidTokenException e) { } catch (InvalidTokenException e) {
logger.info("Verify failed; Invalid access token. Checking refresh token."); logger.info("Verify failed; Invalid access token. Checking refresh token.");
@ -122,28 +123,28 @@ public class IntrospectionEndpoint {
} }
} }
// clientID is the principal name in the authentication // clientID is the principal name in the authentication
String clientId = p.getName(); String clientId = p.getName();
ClientDetailsEntity authClient = clientService.loadClientByClientId(clientId); ClientDetailsEntity authClient = clientService.loadClientByClientId(clientId);
if (authClient.isAllowIntrospection()) { if (authClient.isAllowIntrospection()) {
if (introspectionAuthorizer.isIntrospectionPermitted(authClient, tokenClient, scopes)) { if (introspectionAuthorizer.isIntrospectionPermitted(authClient, tokenClient, scopes)) {
// if it's a valid token, we'll print out information on it // if it's a valid token, we'll print out information on it
Map<String, Object> entity = accessToken != null Map<String, Object> entity = accessToken != null
? introspectionResultAssembler.assembleFrom(accessToken, user) ? introspectionResultAssembler.assembleFrom(accessToken, user)
: introspectionResultAssembler.assembleFrom(refreshToken, user); : introspectionResultAssembler.assembleFrom(refreshToken, user);
model.addAttribute("entity", entity); model.addAttribute("entity", entity);
return JsonEntityView.VIEWNAME; return JsonEntityView.VIEWNAME;
} else { } else {
logger.error("Verify failed; client configuration or scope don't permit token introspection"); logger.error("Verify failed; client configuration or scope don't permit token introspection");
model.addAttribute("code", HttpStatus.FORBIDDEN); model.addAttribute("code", HttpStatus.FORBIDDEN);
return HttpCodeView.VIEWNAME; return HttpCodeView.VIEWNAME;
} }
} else { } else {
logger.error("Verify failed; client " + clientId + " is not allowed to call introspection endpoint"); logger.error("Verify failed; client " + clientId + " is not allowed to call introspection endpoint");
model.addAttribute("code", HttpStatus.FORBIDDEN); model.addAttribute("code", HttpStatus.FORBIDDEN);
return HttpCodeView.VIEWNAME; return HttpCodeView.VIEWNAME;
} }
} }

2
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
View File

@ -19,8 +19,6 @@ package org.mitre.openid.connect.repository.impl;
import static org.mitre.util.jpa.JpaUtil.getSingleResult; import static org.mitre.util.jpa.JpaUtil.getSingleResult;
import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
import java.util.Collection;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext; import javax.persistence.PersistenceContext;
import javax.persistence.TypedQuery; import javax.persistence.TypedQuery;

2
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
View File

@ -159,7 +159,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
JWT idToken; JWT idToken;
if (signingAlg.equals(JWSAlgorithm.NONE)) { if (signingAlg.equals(Algorithm.NONE)) {
// unsigned ID token // unsigned ID token
idToken = new PlainJWT(idClaims); idToken = new PlainJWT(idClaims);

1518
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
View File

File diff suppressed because it is too large Load Diff

1520
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
View File

File diff suppressed because it is too large Load Diff

2146
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
View File

File diff suppressed because it is too large Load Diff

178
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java
View File

@ -16,9 +16,6 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.openid.connect.service.impl; package org.mitre.openid.connect.service.impl;
import com.google.common.io.BaseEncoding;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -29,10 +26,15 @@ import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.mitre.openid.connect.service.MITREidDataService; import org.mitre.openid.connect.service.MITREidDataService;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import com.google.common.io.BaseEncoding;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;
/** /**
* *
* @author arielak * @author arielak
@ -40,98 +42,98 @@ import org.slf4j.LoggerFactory;
public abstract class MITREidDataService_1_X implements MITREidDataService { public abstract class MITREidDataService_1_X implements MITREidDataService {
private static Logger logger = LoggerFactory.getLogger(MITREidDataService_1_X.class); private static Logger logger = LoggerFactory.getLogger(MITREidDataService_1_X.class);
protected static <T> T base64UrlDecodeObject(String encoded, Class<T> type) { protected static <T> T base64UrlDecodeObject(String encoded, Class<T> type) {
if (encoded == null) { if (encoded == null) {
return null; return null;
} else { } else {
T deserialized = null; T deserialized = null;
try { try {
byte[] decoded = BaseEncoding.base64Url().decode(encoded); byte[] decoded = BaseEncoding.base64Url().decode(encoded);
ByteArrayInputStream bais = new ByteArrayInputStream(decoded); ByteArrayInputStream bais = new ByteArrayInputStream(decoded);
ObjectInputStream ois = new ObjectInputStream(bais); ObjectInputStream ois = new ObjectInputStream(bais);
deserialized = type.cast(ois.readObject()); deserialized = type.cast(ois.readObject());
ois.close(); ois.close();
bais.close(); bais.close();
} catch (Exception ex) { } catch (Exception ex) {
logger.error("Unable to decode object", ex); logger.error("Unable to decode object", ex);
} }
return deserialized; return deserialized;
} }
} }
protected static String base64UrlEncodeObject(Serializable obj) { protected static String base64UrlEncodeObject(Serializable obj) {
if (obj == null) { if (obj == null) {
return null; return null;
} else { } else {
String encoded = null; String encoded = null;
try { try {
ByteArrayOutputStream baos = new ByteArrayOutputStream(); ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(baos); ObjectOutputStream oos = new ObjectOutputStream(baos);
oos.writeObject(obj); oos.writeObject(obj);
encoded = BaseEncoding.base64Url().encode(baos.toByteArray()); encoded = BaseEncoding.base64Url().encode(baos.toByteArray());
oos.close(); oos.close();
baos.close(); baos.close();
} catch (IOException ex) { } catch (IOException ex) {
logger.error("Unable to encode object", ex); logger.error("Unable to encode object", ex);
} }
return encoded; return encoded;
} }
} }
protected static Set readSet(JsonReader reader) throws IOException { protected static Set readSet(JsonReader reader) throws IOException {
Set arraySet = null; Set arraySet = null;
reader.beginArray(); reader.beginArray();
switch (reader.peek()) { switch (reader.peek()) {
case STRING: case STRING:
arraySet = new HashSet<String>(); arraySet = new HashSet<String>();
while (reader.hasNext()) { while (reader.hasNext()) {
arraySet.add(reader.nextString()); arraySet.add(reader.nextString());
} }
break; break;
case NUMBER: case NUMBER:
arraySet = new HashSet<Long>(); arraySet = new HashSet<Long>();
while (reader.hasNext()) { while (reader.hasNext()) {
arraySet.add(reader.nextLong()); arraySet.add(reader.nextLong());
} }
break; break;
default: default:
arraySet = new HashSet(); arraySet = new HashSet();
break; break;
} }
reader.endArray(); reader.endArray();
return arraySet; return arraySet;
} }
protected static Map readMap(JsonReader reader) throws IOException { protected static Map readMap(JsonReader reader) throws IOException {
Map map = new HashMap<String, Object>(); Map map = new HashMap<String, Object>();
reader.beginObject(); reader.beginObject();
while(reader.hasNext()) { while(reader.hasNext()) {
String name = reader.nextName(); String name = reader.nextName();
Object value = null; Object value = null;
switch(reader.peek()) { switch(reader.peek()) {
case STRING: case STRING:
value = reader.nextString(); value = reader.nextString();
break; break;
case BOOLEAN: case BOOLEAN:
value = reader.nextBoolean(); value = reader.nextBoolean();
break; break;
case NUMBER: case NUMBER:
value = reader.nextLong(); value = reader.nextLong();
break; break;
} }
map.put(name, value); map.put(name, value);
} }
reader.endObject(); reader.endObject();
return map; return map;
} }
protected void writeNullSafeArray(JsonWriter writer, Set<String> items) protected void writeNullSafeArray(JsonWriter writer, Set<String> items)
throws IOException { throws IOException {
if (items != null) { if (items != null) {
writer.beginArray(); writer.beginArray();
for (String s : items) { for (String s : items) {
writer.value(s); writer.value(s);
} }
writer.endArray(); writer.endArray();
} else { } else {
writer.nullValue(); writer.nullValue();
} }

47
openid-connect-server/src/main/java/org/mitre/openid/connect/util/DateUtil.java
View File

@ -20,6 +20,7 @@ import java.text.ParseException;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
import java.util.TimeZone; import java.util.TimeZone;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -28,29 +29,29 @@ import org.slf4j.LoggerFactory;
* @author arielak * @author arielak
*/ */
public class DateUtil { public class DateUtil {
private static final Logger log = LoggerFactory.getLogger(DateUtil.class); private static final Logger log = LoggerFactory.getLogger(DateUtil.class);
private static final String ISO_FORMAT = "yyyy-MM-dd'T'HH:mm:ss.SSSZ"; private static final String ISO_FORMAT = "yyyy-MM-dd'T'HH:mm:ss.SSSZ";
private static final SimpleDateFormat sdf = new SimpleDateFormat(ISO_FORMAT); private static final SimpleDateFormat sdf = new SimpleDateFormat(ISO_FORMAT);
private static final TimeZone utc = TimeZone.getTimeZone("UTC"); private static final TimeZone utc = TimeZone.getTimeZone("UTC");
public static String toUTCString(Date date) { public static String toUTCString(Date date) {
if (date == null) { if (date == null) {
return null; return null;
} }
sdf.setTimeZone(utc); sdf.setTimeZone(utc);
return sdf.format(date); return sdf.format(date);
} }
public static Date utcToDate(String s) { public static Date utcToDate(String s) {
if (s == null) { if (s == null) {
return null; return null;
} }
Date d = null; Date d = null;
try { try {
d = sdf.parse(s); d = sdf.parse(s);
} catch(ParseException ex) { } catch(ParseException ex) {
log.error("Unable to parse date string {}", s, ex); log.error("Unable to parse date string {}", s, ex);
} }
return d; return d;
} }
} }

6
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
View File

@ -401,9 +401,9 @@ public class ClientDynamicRegistrationEndpoint {
// TODO: make this a pluggable service // TODO: make this a pluggable service
Set<String> requestedGrantTypes = new HashSet<String>(newClient.getGrantTypes()); Set<String> requestedGrantTypes = new HashSet<String>(newClient.getGrantTypes());
requestedGrantTypes.retainAll( requestedGrantTypes.retainAll(
ImmutableSet.of("authorization_code", "implicit", ImmutableSet.of("authorization_code", "implicit",
"password", "client_credentials", "refresh_token", "password", "client_credentials", "refresh_token",
"urn:ietf:params:oauth:grant_type:redelegate")); "urn:ietf:params:oauth:grant_type:redelegate"));
// don't allow "password" grant type for dynamic registration // don't allow "password" grant type for dynamic registration
if (newClient.getGrantTypes().contains("password")) { if (newClient.getGrantTypes().contains("password")) {

46
openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java
View File

@ -60,13 +60,13 @@ public class DataAPI {
@Autowired @Autowired
private ConfigurationPropertiesBean config; private ConfigurationPropertiesBean config;
@Autowired @Autowired
private MITREidDataService_1_0 dataService_1_0; private MITREidDataService_1_0 dataService_1_0;
@Autowired @Autowired
private MITREidDataService_1_1 dataService_1_1; private MITREidDataService_1_1 dataService_1_1;
@Autowired @Autowired
private MITREidDataService_1_1 dataService_1_2; private MITREidDataService_1_1 dataService_1_2;
@RequestMapping(method = RequestMethod.POST, consumes = "application/json") @RequestMapping(method = RequestMethod.POST, consumes = "application/json")
@ -79,25 +79,25 @@ public class DataAPI {
while (reader.hasNext()) { while (reader.hasNext()) {
JsonToken tok = reader.peek(); JsonToken tok = reader.peek();
switch (tok) { switch (tok) {
case NAME: case NAME:
String name = reader.nextName(); String name = reader.nextName();
if (name.equals(MITREidDataService.MITREID_CONNECT_1_0)) { if (name.equals(MITREidDataService.MITREID_CONNECT_1_0)) {
dataService_1_0.importData(reader); dataService_1_0.importData(reader);
} else if (name.equals(MITREidDataService.MITREID_CONNECT_1_1)) { } else if (name.equals(MITREidDataService.MITREID_CONNECT_1_1)) {
dataService_1_1.importData(reader); dataService_1_1.importData(reader);
} else if (name.equals(MITREidDataService.MITREID_CONNECT_1_2)) { } else if (name.equals(MITREidDataService.MITREID_CONNECT_1_2)) {
dataService_1_2.importData(reader); dataService_1_2.importData(reader);
} else { } else {
// consume the next bit silently for now // consume the next bit silently for now
logger.debug("Skipping value for " + name); // TODO: write these out? logger.debug("Skipping value for " + name); // TODO: write these out?
reader.skipValue(); reader.skipValue();
} }
break; break;
case END_OBJECT: case END_OBJECT:
reader.endObject(); reader.endObject();
break; break;
case END_DOCUMENT: case END_DOCUMENT:
break; break;
} }
} }
@ -115,7 +115,7 @@ public class DataAPI {
try { try {
writer.beginObject(); writer.beginObject();
writer.name("exported-at"); writer.name("exported-at");
writer.value(dateFormat.format(new Date())); writer.value(dateFormat.format(new Date()));

1
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -55,7 +55,6 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.util.UriUtils; import org.springframework.web.util.UriUtils;
import com.google.common.base.Strings; import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import com.google.gson.JsonSyntaxException; import com.google.gson.JsonSyntaxException;
@Controller @Controller

6
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
View File

@ -83,8 +83,7 @@ public class TestDefaultIntrospectionAuthorizer {
String tokenClient = "token"; String tokenClient = "token";
Set<String> authScope = scope("scope1", "scope2"); Set<String> authScope = scope("scope1", "scope2");
Set<String> tokenScope = scope("scope1", "scope2", "scope3"); Set<String> tokenScope = scope("scope1", "scope2", "scope3");
given(scopeService.scopesMatch(authScope, tokenScope)) given(scopeService.scopesMatch(authScope, tokenScope)).willReturn(false);
.willReturn(false);
// when // when
boolean permitted = introspectionPermitter.isIntrospectionPermitted( boolean permitted = introspectionPermitter.isIntrospectionPermitted(
@ -101,8 +100,7 @@ public class TestDefaultIntrospectionAuthorizer {
return client; return client;
} }
private ClientDetails clientWithIdAndScope(String clientId, private ClientDetails clientWithIdAndScope(String clientId, Set<String> scope) {
Set<String> scope) {
ClientDetails client = clientWithId(clientId); ClientDetails client = clientWithId(clientId);
given(client.getScope()).willReturn(scope); given(client.getScope()).willReturn(scope);
return client; return client;

333
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
View File

@ -16,13 +16,13 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.oauth2.service.impl; package org.mitre.oauth2.service.impl;
import com.google.common.collect.ImmutableMap; import static com.google.common.collect.Sets.newHashSet;
import org.junit.Test; import static org.hamcrest.CoreMatchers.equalTo;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import static org.hamcrest.CoreMatchers.is;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import static org.junit.Assert.assertThat;
import org.mitre.openid.connect.model.UserInfo; import static org.mockito.BDDMockito.given;
import org.springframework.security.oauth2.provider.OAuth2Authentication; import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
import org.springframework.security.oauth2.provider.OAuth2Request; import static org.mockito.Mockito.mock;
import java.text.ParseException; import java.text.ParseException;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
@ -32,209 +32,210 @@ import java.util.Set;
import javax.swing.text.DateFormatter; import javax.swing.text.DateFormatter;
import static com.google.common.collect.Sets.newHashSet; import org.junit.Test;
import static org.hamcrest.CoreMatchers.equalTo; import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import static org.hamcrest.CoreMatchers.is; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import static org.junit.Assert.assertThat; import org.mitre.openid.connect.model.UserInfo;
import static org.mockito.BDDMockito.given; import org.springframework.security.oauth2.provider.OAuth2Authentication;
import static org.mockito.Mockito.RETURNS_DEEP_STUBS; import org.springframework.security.oauth2.provider.OAuth2Request;
import static org.mockito.Mockito.mock;
import com.google.common.collect.ImmutableMap;
public class TestDefaultIntrospectionResultAssembler { public class TestDefaultIntrospectionResultAssembler {
private DefaultIntrospectionResultAssembler assembler = new DefaultIntrospectionResultAssembler(); private DefaultIntrospectionResultAssembler assembler = new DefaultIntrospectionResultAssembler();
private static DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")); private static DateFormatter dateFormat = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"));
@Test @Test
public void shouldAssembleExpectedResultForAccessToken() throws ParseException { public void shouldAssembleExpectedResultForAccessToken() throws ParseException {
// given // given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer", OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
authentication("name", request("clientId"))); authentication("name", request("clientId")));
UserInfo userInfo = userInfo("sub"); UserInfo userInfo = userInfo("sub");
// when // when
Map<String, Object> result = assembler.assembleFrom(accessToken, userInfo); Map<String, Object> result = assembler.assembleFrom(accessToken, userInfo);
// then // then
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>() Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "sub") .put("sub", "sub")
.put("exp", 123L) .put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("scope", "bar foo") .put("scope", "bar foo")
.put("active", Boolean.TRUE) .put("active", Boolean.TRUE)
.put("user_id", "name") .put("user_id", "name")
.put("client_id", "clientId") .put("client_id", "clientId")
.put("token_type", "Bearer") .put("token_type", "Bearer")
.build(); .build();
assertThat(result, is(equalTo(expected))); assertThat(result, is(equalTo(expected)));
} }
@Test @Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserInfo() throws ParseException { public void shouldAssembleExpectedResultForAccessTokenWithoutUserInfo() throws ParseException {
// given // given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer", OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
authentication("name", request("clientId"))); authentication("name", request("clientId")));
// when // when
Map<String, Object> result = assembler.assembleFrom(accessToken, null); Map<String, Object> result = assembler.assembleFrom(accessToken, null);
// then // then
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>() Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "name") .put("sub", "name")
.put("exp", 123L) .put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("scope", "bar foo") .put("scope", "bar foo")
.put("active", Boolean.TRUE) .put("active", Boolean.TRUE)
.put("user_id", "name") .put("user_id", "name")
.put("client_id", "clientId") .put("client_id", "clientId")
.put("token_type", "Bearer") .put("token_type", "Bearer")
.build(); .build();
assertThat(result, is(equalTo(expected))); assertThat(result, is(equalTo(expected)));
} }
@Test @Test
public void shouldAssembleExpectedResultForAccessTokenWithoutExpiry() { public void shouldAssembleExpectedResultForAccessTokenWithoutExpiry() {
// given // given
OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), "Bearer", OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), "Bearer",
authentication("name", request("clientId"))); authentication("name", request("clientId")));
UserInfo userInfo = userInfo("sub"); UserInfo userInfo = userInfo("sub");
// when // when
Map<String, Object> result = assembler.assembleFrom(accessToken, userInfo); Map<String, Object> result = assembler.assembleFrom(accessToken, userInfo);
// then // then
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>() Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "sub") .put("sub", "sub")
.put("scope", "bar foo") .put("scope", "bar foo")
.put("active", Boolean.TRUE) .put("active", Boolean.TRUE)
.put("user_id", "name") .put("user_id", "name")
.put("client_id", "clientId") .put("client_id", "clientId")
.put("token_type", "Bearer") .put("token_type", "Bearer")
.build(); .build();
assertThat(result, is(equalTo(expected))); assertThat(result, is(equalTo(expected)));
} }
@Test @Test
public void shouldAssembleExpectedResultForRefreshToken() throws ParseException { public void shouldAssembleExpectedResultForRefreshToken() throws ParseException {
// given // given
OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123 * 1000L), OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123 * 1000L),
authentication("name", request("clientId", scopes("foo", "bar")))); authentication("name", request("clientId", scopes("foo", "bar"))));
UserInfo userInfo = userInfo("sub"); UserInfo userInfo = userInfo("sub");
// when // when
Map<String, Object> result = assembler.assembleFrom(refreshToken, userInfo); Map<String, Object> result = assembler.assembleFrom(refreshToken, userInfo);
// then // then
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>() Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "sub") .put("sub", "sub")
.put("exp", 123L) .put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("scope", "bar foo") .put("scope", "bar foo")
.put("active", Boolean.TRUE) .put("active", Boolean.TRUE)
.put("user_id", "name") .put("user_id", "name")
.put("client_id", "clientId") .put("client_id", "clientId")
.build(); .build();
assertThat(result, is(equalTo(expected))); assertThat(result, is(equalTo(expected)));
} }
@Test @Test
public void shouldAssembleExpectedResultForRefreshTokenWithoutUserInfo() throws ParseException { public void shouldAssembleExpectedResultForRefreshTokenWithoutUserInfo() throws ParseException {
// given // given
OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123 * 1000L), OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123 * 1000L),
authentication("name", request("clientId", scopes("foo", "bar")))); authentication("name", request("clientId", scopes("foo", "bar"))));
// when // when
Map<String, Object> result = assembler.assembleFrom(refreshToken, null); Map<String, Object> result = assembler.assembleFrom(refreshToken, null);
// then // then
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>() Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "name") .put("sub", "name")
.put("exp", 123L) .put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L))) .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("scope", "bar foo") .put("scope", "bar foo")
.put("active", Boolean.TRUE) .put("active", Boolean.TRUE)
.put("user_id", "name") .put("user_id", "name")
.put("client_id", "clientId") .put("client_id", "clientId")
.build(); .build();
assertThat(result, is(equalTo(expected))); assertThat(result, is(equalTo(expected)));
} }
@Test @Test
public void shouldAssembleExpectedResultForRefreshTokenWithoutExpiry() { public void shouldAssembleExpectedResultForRefreshTokenWithoutExpiry() {
// given // given
OAuth2RefreshTokenEntity refreshToken = refreshToken(null, OAuth2RefreshTokenEntity refreshToken = refreshToken(null,
authentication("name", request("clientId", scopes("foo", "bar")))); authentication("name", request("clientId", scopes("foo", "bar"))));
UserInfo userInfo = userInfo("sub"); UserInfo userInfo = userInfo("sub");
// when // when
Map<String, Object> result = assembler.assembleFrom(refreshToken, userInfo); Map<String, Object> result = assembler.assembleFrom(refreshToken, userInfo);
// then // then
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>() Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "sub") .put("sub", "sub")
.put("scope", "bar foo") .put("scope", "bar foo")
.put("active", Boolean.TRUE) .put("active", Boolean.TRUE)
.put("user_id", "name") .put("user_id", "name")
.put("client_id", "clientId") .put("client_id", "clientId")
.build(); .build();
assertThat(result, is(equalTo(expected))); assertThat(result, is(equalTo(expected)));
} }
private UserInfo userInfo(String sub) { private UserInfo userInfo(String sub) {
UserInfo userInfo = mock(UserInfo.class); UserInfo userInfo = mock(UserInfo.class);
given(userInfo.getSub()).willReturn(sub); given(userInfo.getSub()).willReturn(sub);
return userInfo; return userInfo;
} }
private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, String tokenType, OAuth2Authentication authentication) { private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, String tokenType, OAuth2Authentication authentication) {
OAuth2AccessTokenEntity accessToken = mock(OAuth2AccessTokenEntity.class, RETURNS_DEEP_STUBS); OAuth2AccessTokenEntity accessToken = mock(OAuth2AccessTokenEntity.class, RETURNS_DEEP_STUBS);
given(accessToken.getExpiration()).willReturn(exp); given(accessToken.getExpiration()).willReturn(exp);
given(accessToken.getScope()).willReturn(scopes); given(accessToken.getScope()).willReturn(scopes);
given(accessToken.getTokenType()).willReturn(tokenType); given(accessToken.getTokenType()).willReturn(tokenType);
given(accessToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication); given(accessToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
return accessToken; return accessToken;
} }
private OAuth2RefreshTokenEntity refreshToken(Date exp, OAuth2Authentication authentication) { private OAuth2RefreshTokenEntity refreshToken(Date exp, OAuth2Authentication authentication) {
OAuth2RefreshTokenEntity refreshToken = mock(OAuth2RefreshTokenEntity.class, RETURNS_DEEP_STUBS); OAuth2RefreshTokenEntity refreshToken = mock(OAuth2RefreshTokenEntity.class, RETURNS_DEEP_STUBS);
given(refreshToken.getExpiration()).willReturn(exp); given(refreshToken.getExpiration()).willReturn(exp);
given(refreshToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication); given(refreshToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
return refreshToken; return refreshToken;
} }
private OAuth2Authentication authentication(String name, OAuth2Request request) { private OAuth2Authentication authentication(String name, OAuth2Request request) {
OAuth2Authentication authentication = mock(OAuth2Authentication.class); OAuth2Authentication authentication = mock(OAuth2Authentication.class);
given(authentication.getName()).willReturn(name); given(authentication.getName()).willReturn(name);
given(authentication.getOAuth2Request()).willReturn(request); given(authentication.getOAuth2Request()).willReturn(request);
return authentication; return authentication;
} }
private OAuth2Request request(String clientId) { private OAuth2Request request(String clientId) {
return request(clientId, null); return request(clientId, null);
} }
private OAuth2Request request(String clientId, Set<String> scopes) { private OAuth2Request request(String clientId, Set<String> scopes) {
return new OAuth2Request(null, clientId, null, true, scopes, null, null, null, null); return new OAuth2Request(null, clientId, null, true, scopes, null, null, null, null);
} }
private Set<String> scopes(String... scopes) { private Set<String> scopes(String... scopes) {
return newHashSet(scopes); return newHashSet(scopes);
} }
} }

6
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
View File

@ -83,7 +83,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
public void prepare() { public void prepare() {
Mockito.reset(clientRepository, tokenRepository, approvedSiteService, whitelistedSiteService, blacklistedSiteService, scopeService, statsService); Mockito.reset(clientRepository, tokenRepository, approvedSiteService, whitelistedSiteService, blacklistedSiteService, scopeService, statsService);
Mockito.when(clientRepository.saveClient(Mockito.any(ClientDetailsEntity.class))).thenAnswer(new Answer<ClientDetailsEntity>() { Mockito.when(clientRepository.saveClient(Matchers.any(ClientDetailsEntity.class))).thenAnswer(new Answer<ClientDetailsEntity>() {
@Override @Override
public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments(); Object[] args = invocation.getArguments();
@ -91,7 +91,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
} }
}); });
Mockito.when(clientRepository.updateClient(Mockito.anyLong(), Mockito.any(ClientDetailsEntity.class))).thenAnswer(new Answer<ClientDetailsEntity>() { Mockito.when(clientRepository.updateClient(Matchers.anyLong(), Matchers.any(ClientDetailsEntity.class))).thenAnswer(new Answer<ClientDetailsEntity>() {
@Override @Override
public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable { public ClientDetailsEntity answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments(); Object[] args = invocation.getArguments();
@ -99,7 +99,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
} }
}); });
Mockito.when(scopeService.removeRestrictedScopes(Mockito.anySet())).thenAnswer(new Answer<Set<String>>() { Mockito.when(scopeService.removeRestrictedScopes(Matchers.anySet())).thenAnswer(new Answer<Set<String>>() {
@Override @Override
public Set<String> answer(InvocationOnMock invocation) throws Throwable { public Set<String> answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments(); Object[] args = invocation.getArguments();

34
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
View File

@ -147,8 +147,8 @@ public class TestDefaultOAuth2ProviderTokenService {
Mockito.when(scopeService.removeRestrictedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg()); Mockito.when(scopeService.removeRestrictedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg());
Mockito.when(tokenEnhancer.enhance(Matchers.any(OAuth2AccessTokenEntity.class), Matchers.any(OAuth2Authentication.class))) Mockito.when(tokenEnhancer.enhance(Matchers.any(OAuth2AccessTokenEntity.class), Matchers.any(OAuth2Authentication.class)))
.thenAnswer(new Answer<OAuth2AccessTokenEntity>(){ .thenAnswer(new Answer<OAuth2AccessTokenEntity>(){
@Override @Override
public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments(); Object[] args = invocation.getArguments();
return (OAuth2AccessTokenEntity) args[0]; return (OAuth2AccessTokenEntity) args[0];
@ -156,23 +156,23 @@ public class TestDefaultOAuth2ProviderTokenService {
}); });
Mockito.when(tokenRepository.saveAccessToken(Matchers.any(OAuth2AccessTokenEntity.class))) Mockito.when(tokenRepository.saveAccessToken(Matchers.any(OAuth2AccessTokenEntity.class)))
.thenAnswer(new Answer<OAuth2AccessTokenEntity>() { .thenAnswer(new Answer<OAuth2AccessTokenEntity>() {
@Override @Override
public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable { public OAuth2AccessTokenEntity answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments(); Object[] args = invocation.getArguments();
return (OAuth2AccessTokenEntity) args[0]; return (OAuth2AccessTokenEntity) args[0];
} }
}); });
Mockito.when(tokenRepository.saveRefreshToken(Matchers.any(OAuth2RefreshTokenEntity.class))) Mockito.when(tokenRepository.saveRefreshToken(Matchers.any(OAuth2RefreshTokenEntity.class)))
.thenAnswer(new Answer<OAuth2RefreshTokenEntity>() { .thenAnswer(new Answer<OAuth2RefreshTokenEntity>() {
@Override @Override
public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable { public OAuth2RefreshTokenEntity answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments(); Object[] args = invocation.getArguments();
return (OAuth2RefreshTokenEntity) args[0]; return (OAuth2RefreshTokenEntity) args[0];
} }
}); });
} }
@ -222,7 +222,7 @@ public class TestDefaultOAuth2ProviderTokenService {
Mockito.verify(clientDetailsService).loadClientByClientId(Matchers.anyString()); Mockito.verify(clientDetailsService).loadClientByClientId(Matchers.anyString());
Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class)); Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class));
Mockito.verify(tokenEnhancer).enhance(Matchers.any(OAuth2AccessTokenEntity.class), Mockito.eq(authentication)); Mockito.verify(tokenEnhancer).enhance(Matchers.any(OAuth2AccessTokenEntity.class), Matchers.eq(authentication));
Mockito.verify(tokenRepository).saveAccessToken(Matchers.any(OAuth2AccessTokenEntity.class)); Mockito.verify(tokenRepository).saveAccessToken(Matchers.any(OAuth2AccessTokenEntity.class));
Mockito.verify(tokenRepository, Mockito.never()).saveRefreshToken(Matchers.any(OAuth2RefreshTokenEntity.class)); Mockito.verify(tokenRepository, Mockito.never()).saveRefreshToken(Matchers.any(OAuth2RefreshTokenEntity.class));

952
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java
View File

File diff suppressed because it is too large Load Diff

986
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
View File

File diff suppressed because it is too large Load Diff

1374
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
View File

File diff suppressed because it is too large Load Diff

13
openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java
View File

@ -58,7 +58,7 @@ public class TestIdTokenHashUtils {
claims.setIssuer("www.example.com"); claims.setIssuer("www.example.com");
claims.setSubject("example_user"); claims.setSubject("example_user");
claims.setClaim("alg", "HS256"); claims.setClaim("alg", "HS256");
*/ */
Mockito.when(mockToken256.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9.")); Mockito.when(mockToken256.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9."));
/* /*
@ -85,12 +85,7 @@ public class TestIdTokenHashUtils {
@Test @Test
public void getAccessTokenHash256() { public void getAccessTokenHash256() {
/* mockToken256.getJwt().serialize();
* independently generate hash
ascii of token = eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9.
base64url of hash = EP1gXNeESRH-n57baopfTQ
*/
String token = mockToken256.getJwt().serialize();
Base64URL expectedHash = new Base64URL("EP1gXNeESRH-n57baopfTQ"); Base64URL expectedHash = new Base64URL("EP1gXNeESRH-n57baopfTQ");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256); Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256);
@ -107,7 +102,7 @@ public class TestIdTokenHashUtils {
base64url of hash = BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK base64url of hash = BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK
*/ */
String token = mockToken384.getJwt().serialize(); mockToken384.getJwt().serialize();
Base64URL expectedHash = new Base64URL("BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK"); Base64URL expectedHash = new Base64URL("BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384); Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384);
@ -124,7 +119,7 @@ public class TestIdTokenHashUtils {
base64url of hash = vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k base64url of hash = vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k
*/ */
String token = mockToken512.getJwt().serialize(); mockToken512.getJwt().serialize();
Base64URL expectedHash = new Base64URL("vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k"); Base64URL expectedHash = new Base64URL("vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512); Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512);