github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure

pull/306/merge
Justin Richer 2013-03-01 16:52:00 -05:00
parent 385853fa1f
commit 6c1e6b2d74
4 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java
View File

@ -43,7 +43,7 @@ import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair; import org.apache.http.message.BasicNameValuePair;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService; import org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.JWKSetSigningAndValidationServiceCache; import org.mitre.jwt.signer.service.impl.JWKSetSigningAndValidationServiceCacheService;
import org.mitre.key.fetch.KeyFetcher; import org.mitre.key.fetch.KeyFetcher;
import org.mitre.openid.connect.config.OIDCServerConfiguration; import org.mitre.openid.connect.config.OIDCServerConfiguration;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -90,7 +90,7 @@ public class AbstractOIDCAuthenticationFilter extends
private int timeSkewAllowance = 300; private int timeSkewAllowance = 300;
@Autowired @Autowired
JWKSetSigningAndValidationServiceCache validationServices; JWKSetSigningAndValidationServiceCacheService validationServices;
/** /**
* Builds the redirect_uri that will be sent to the Authorization Endpoint. * Builds the redirect_uri that will be sent to the Authorization Endpoint.

6
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetSigningAndValidationServiceCache.java → openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetSigningAndValidationServiceCacheService.java
View File

@ -16,6 +16,7 @@ import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.client.DefaultHttpClient;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate; import org.springframework.web.client.RestTemplate;
import com.google.common.cache.Cache; import com.google.common.cache.Cache;
@ -37,11 +38,12 @@ import com.nimbusds.jose.crypto.RSASSAVerifier;
* @author jricher * @author jricher
* *
*/ */
public class JWKSetSigningAndValidationServiceCache { @Service
public class JWKSetSigningAndValidationServiceCacheService {
private Cache<String, JwtSigningAndValidationService> cache; private Cache<String, JwtSigningAndValidationService> cache;
public JWKSetSigningAndValidationServiceCache() { public JWKSetSigningAndValidationServiceCacheService() {
this.cache = CacheBuilder.newBuilder() this.cache = CacheBuilder.newBuilder()
.maximumSize(100) .maximumSize(100)
.build(new JWKSetFetcher()); .build(new JWKSetFetcher());

7
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
View File

@ -12,6 +12,7 @@ import net.minidev.json.JSONObject;
import org.joda.time.DateTime; import org.joda.time.DateTime;
import org.joda.time.Period; import org.joda.time.Period;
import org.mitre.jwt.signer.service.impl.JWKSetSigningAndValidationServiceCacheService;
import org.mitre.oauth2.exception.NonceReuseException; import org.mitre.oauth2.exception.NonceReuseException;
import org.mitre.openid.connect.model.Nonce; import org.mitre.openid.connect.model.Nonce;
import org.mitre.openid.connect.service.NonceService; import org.mitre.openid.connect.service.NonceService;
@ -34,6 +35,7 @@ import org.springframework.stereotype.Component;
import com.google.common.base.Strings; import com.google.common.base.Strings;
import com.nimbusds.jose.JWSObject; import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.util.JSONObjectUtils; import com.nimbusds.jose.util.JSONObjectUtils;
import com.nimbusds.jwt.SignedJWT;
@Component("authorizationRequestManager") @Component("authorizationRequestManager")
public class ConnectAuthorizationRequestManager implements AuthorizationRequestManager, InitializingBean { public class ConnectAuthorizationRequestManager implements AuthorizationRequestManager, InitializingBean {
@ -46,6 +48,9 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
@Autowired @Autowired
private ClientDetailsService clientDetailsService; private ClientDetailsService clientDetailsService;
@Autowired
private JWKSetSigningAndValidationServiceCacheService validators;
private Period nonceStorageDuration; private Period nonceStorageDuration;
/** /**
@ -151,7 +156,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
// parse the request object // parse the request object
try { try {
JWSObject jwsObject = JWSObject.parse(jwtString); SignedJWT jwsObject = SignedJWT.parse(jwtString);
JSONObject claims = jwsObject.getPayload().toJSONObject(); JSONObject claims = jwsObject.getPayload().toJSONObject();
// TODO: validate JWT signature // TODO: validate JWT signature

4
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java
View File

@ -7,7 +7,7 @@ import java.text.ParseException;
import java.util.Date; import java.util.Date;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.JWKSetSigningAndValidationServiceCache; import org.mitre.jwt.signer.service.impl.JWKSetSigningAndValidationServiceCacheService;
import org.mitre.oauth2.exception.ClientNotFoundException; import org.mitre.oauth2.exception.ClientNotFoundException;
import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
@ -35,7 +35,7 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
// map of verifiers, load keys for clients // map of verifiers, load keys for clients
@Autowired @Autowired
private JWKSetSigningAndValidationServiceCache validators; private JWKSetSigningAndValidationServiceCacheService validators;
// Allow for time sync issues by having a window of X seconds. // Allow for time sync issues by having a window of X seconds.
private int timeSkewAllowance = 300; private int timeSkewAllowance = 300;