github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #46 from dBucik/refactor_models 

refactor: 💡 Updated some DB entities, added missing cascades
pull/1580/head
Dominik František Bučík 2021-11-23 12:52:24 +01:00 committed by GitHub
parent 04c36cce61 b2599cef5a
commit 7155e4adf5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 366 additions and 499 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/AuthenticationHolderEntity.java
View File

@ -17,6 +17,9 @@
*******************************************************************************/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.AuthenticationHolderEntity.QUERY_ALL;
import static cz.muni.ics.oauth2.model.AuthenticationHolderEntity.QUERY_GET_UNUSED;
import cz.muni.ics.oauth2.model.convert.SerializableStringConverter;
import cz.muni.ics.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
import java.io.Serializable;
@ -25,7 +28,6 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
@ -43,48 +45,98 @@ import javax.persistence.NamedQuery;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "authentication_holder")
@NamedQueries ({
@NamedQuery(name = AuthenticationHolderEntity.QUERY_ALL, query = "select a from AuthenticationHolderEntity a"),
@NamedQuery(name = AuthenticationHolderEntity.QUERY_GET_UNUSED, query = "select a from AuthenticationHolderEntity a where " +
"a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and " +
"a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r) and " +
"a.id not in (select c.authenticationHolder.id from AuthorizationCodeEntity c)")
@NamedQuery(name = QUERY_ALL,
query = "SELECT a FROM AuthenticationHolderEntity a"),
@NamedQuery(name = QUERY_GET_UNUSED,
query = "SELECT a FROM AuthenticationHolderEntity a " +
"WHERE a.id NOT IN (SELECT t.authenticationHolder.id FROM OAuth2AccessTokenEntity t) " +
"AND a.id NOT IN (SELECT r.authenticationHolder.id FROM OAuth2RefreshTokenEntity r) " +
"AND a.id NOT IN (SELECT c.authenticationHolder.id FROM AuthorizationCodeEntity c)")
})
public class AuthenticationHolderEntity {
public static final String QUERY_GET_UNUSED = "AuthenticationHolderEntity.getUnusedAuthenticationHolders";
public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll";
private Long id;
private SavedUserAuthentication userAuth;
private Collection<GrantedAuthority> authorities;
private Set<String> resourceIds;
private boolean approved;
private String redirectUri;
private Set<String> responseTypes;
private Map<String, Serializable> extensions;
private String clientId;
private Set<String> scope;
private Map<String, String> requestParameters;
public AuthenticationHolderEntity() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@OneToOne(cascade=CascadeType.ALL)
@JoinColumn(name = "user_auth_id")
@CascadeOnDelete
private SavedUserAuthentication userAuth;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_authority", joinColumns = @JoinColumn(name = "owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name = "authority")
@CascadeOnDelete
private Collection<GrantedAuthority> authorities;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_resource_id", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "resource_id")
@CascadeOnDelete
private Set<String> resourceIds;
@Column(name = "approved")
private boolean approved;
@Column(name = "redirect_uri")
private String redirectUri;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_response_type", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "response_type")
@CascadeOnDelete
private Set<String> responseTypes;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_extension", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "val")
@MapKeyColumn(name = "extension")
@Convert(converter = SerializableStringConverter.class)
@CascadeOnDelete
private Map<String, Serializable> extensions;
@Column(name = "client_id")
private String clientId;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_scope", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "scope")
@CascadeOnDelete
private Set<String> scope;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_request_parameter", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "val")
@MapKeyColumn(name = "param")
@CascadeOnDelete
private Map<String, String> requestParameters;
@Transient
public OAuth2Authentication getAuthentication() {
@ -92,21 +144,17 @@ public class AuthenticationHolderEntity {
return new OAuth2Authentication(createOAuth2Request(), getUserAuth());
}
private OAuth2Request createOAuth2Request() {
return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
}
public void setAuthentication(OAuth2Authentication authentication) {
// pull apart the request and save its bits
OAuth2Request o2Request = authentication.getOAuth2Request();
setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities()));
setAuthorities(convertToSetOrNull((Set<GrantedAuthority>) o2Request.getAuthorities()));
setClientId(o2Request.getClientId());
setExtensions(o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions()));
setExtensions(convertToMapOrNull(o2Request.getExtensions()));
setRedirectUri(o2Request.getRedirectUri());
setRequestParameters(o2Request.getRequestParameters() == null ? null : new HashMap<>(o2Request.getRequestParameters()));
setResourceIds(o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds()));
setResponseTypes(o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes()));
setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope()));
setRequestParameters(convertToMapOrNull(o2Request.getRequestParameters()));
setResourceIds(convertToSetOrNull(o2Request.getResourceIds()));
setResponseTypes(convertToSetOrNull(o2Request.getResponseTypes()));
setScope(convertToSetOrNull(o2Request.getScope()));
setApproved(o2Request.isApproved());
if (authentication.getUserAuthentication() != null) {
@ -116,114 +164,16 @@ public class AuthenticationHolderEntity {
}
}
@OneToOne(cascade=CascadeType.ALL)
@JoinColumn(name = "user_auth_id")
public SavedUserAuthentication getUserAuth() {
return userAuth;
private <T> Set<T> convertToSetOrNull(Collection<T> obj) {
return obj == null ? null: new HashSet<>(obj);
}
public void setUserAuth(SavedUserAuthentication userAuth) {
this.userAuth = userAuth;
private <T, S> Map<T, S> convertToMapOrNull(Map<T, S> obj) {
return obj == null ? null : new HashMap<>(obj);
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_authority", joinColumns=@JoinColumn(name="owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name="authority")
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_resource_id", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="resource_id")
public Set<String> getResourceIds() {
return resourceIds;
}
public void setResourceIds(Set<String> resourceIds) {
this.resourceIds = resourceIds;
}
@Basic
@Column(name="approved")
public boolean isApproved() {
return approved;
}
public void setApproved(boolean approved) {
this.approved = approved;
}
@Basic
@Column(name="redirect_uri")
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_response_type", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="response_type")
public Set<String> getResponseTypes() {
return responseTypes;
}
public void setResponseTypes(Set<String> responseTypes) {
this.responseTypes = responseTypes;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_extension", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="extension")
@Convert(converter= SerializableStringConverter.class)
public Map<String, Serializable> getExtensions() {
return extensions;
}
public void setExtensions(Map<String, Serializable> extensions) {
this.extensions = extensions;
}
@Basic
@Column(name="client_id")
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_scope", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="scope")
public Set<String> getScope() {
return scope;
}
public void setScope(Set<String> scope) {
this.scope = scope;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_request_parameter", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="param")
public Map<String, String> getRequestParameters() {
return requestParameters;
}
public void setRequestParameters(Map<String, String> requestParameters) {
this.requestParameters = requestParameters;
private OAuth2Request createOAuth2Request() {
return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
}
}

77
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/AuthorizationCodeEntity.java
View File

@ -18,7 +18,6 @@
package cz.muni.ics.oauth2.model;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@ -30,17 +29,36 @@ import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
/**
* Entity class for authorization codes
*
* @author aanganes
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "authorization_code")
@NamedQueries({
@NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE, query = "select a from AuthorizationCodeEntity a where a.code = :code"),
@NamedQuery(name = AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, query = "select a from AuthorizationCodeEntity a where a.expiration <= :" + AuthorizationCodeEntity.PARAM_DATE)
@NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE,
query = "SELECT a FROM AuthorizationCodeEntity a " +
"WHERE a.code = :code"),
@NamedQuery(name = AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE,
query = "SELECT a FROM AuthorizationCodeEntity a " +
"WHERE a.expiration <= :" + AuthorizationCodeEntity.PARAM_DATE)
})
public class AuthorizationCodeEntity {
@ -49,58 +67,29 @@ public class AuthorizationCodeEntity {
public static final String PARAM_DATE = "date";
private Long id;
private String code;
private AuthenticationHolderEntity authenticationHolder;
private Date expiration;
public AuthorizationCodeEntity() { }
public AuthorizationCodeEntity(String code, AuthenticationHolderEntity authenticationHolder, Date expiration) {
this.code = code;
this.authenticationHolder = authenticationHolder;
this.expiration = expiration;
}
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "code")
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
private String code;
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
@CascadeOnDelete
private AuthenticationHolderEntity authenticationHolder;
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
private Date expiration;
public void setExpiration(Date expiration) {
public AuthorizationCodeEntity(String code,
AuthenticationHolderEntity authenticationHolder,
Date expiration)
{
this.code = code;
this.authenticationHolder = authenticationHolder;
this.expiration = expiration;
}

155
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/DeviceCode.java
View File

@ -16,10 +16,16 @@
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.DeviceCode.PARAM_DATE;
import static cz.muni.ics.oauth2.model.DeviceCode.PARAM_DEVICE_CODE;
import static cz.muni.ics.oauth2.model.DeviceCode.PARAM_USER_CODE;
import static cz.muni.ics.oauth2.model.DeviceCode.QUERY_BY_DEVICE_CODE;
import static cz.muni.ics.oauth2.model.DeviceCode.QUERY_BY_USER_CODE;
import static cz.muni.ics.oauth2.model.DeviceCode.QUERY_EXPIRED_BY_DATE;
import java.util.Date;
import java.util.Map;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
@ -35,16 +41,37 @@ import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
/**
* @author jricher
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "device_code")
@NamedQueries({
@NamedQuery(name = DeviceCode.QUERY_BY_USER_CODE, query = "select d from DeviceCode d where d.userCode = :" + DeviceCode.PARAM_USER_CODE),
@NamedQuery(name = DeviceCode.QUERY_BY_DEVICE_CODE, query = "select d from DeviceCode d where d.deviceCode = :" + DeviceCode.PARAM_DEVICE_CODE),
@NamedQuery(name = DeviceCode.QUERY_EXPIRED_BY_DATE, query = "select d from DeviceCode d where d.expiration <= :" + DeviceCode.PARAM_DATE)
@NamedQuery(name = QUERY_BY_USER_CODE,
query = "SELECT d FROM DeviceCode d " +
"WHERE d.userCode = :" + PARAM_USER_CODE),
@NamedQuery(name = QUERY_BY_DEVICE_CODE,
query = "SELECT d FROM DeviceCode d " +
"WHERE d.deviceCode = :" + PARAM_DEVICE_CODE),
@NamedQuery(name = QUERY_EXPIRED_BY_DATE,
query = "SELECT d FROM DeviceCode d " +
"WHERE d.expiration <= :" + PARAM_DATE)
})
public class DeviceCode {
@ -56,119 +83,55 @@ public class DeviceCode {
public static final String PARAM_DEVICE_CODE = "deviceCode";
public static final String PARAM_DATE = "date";
private Long id;
private String deviceCode;
private String userCode;
private Set<String> scope;
private Date expiration;
private String clientId;
private Map<String, String> requestParameters;
private boolean approved;
private AuthenticationHolderEntity authenticationHolder;
public DeviceCode() { }
public DeviceCode(String deviceCode, String userCode, Set<String> scope, String clientId, Map<String, String> params) {
this.deviceCode = deviceCode;
this.userCode = userCode;
this.scope = scope;
this.clientId = clientId;
this.requestParameters = params;
}
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "device_code")
public String getDeviceCode() {
return deviceCode;
}
private String deviceCode;
public void setDeviceCode(String deviceCode) {
this.deviceCode = deviceCode;
}
@Basic
@Column(name = "user_code")
public String getUserCode() {
return userCode;
}
public void setUserCode(String userCode) {
this.userCode = userCode;
}
private String userCode;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="device_code_scope", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="scope")
public Set<String> getScope() {
return scope;
}
@CollectionTable(name = "device_code_scope", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "scope")
@CascadeOnDelete
private Set<String> scope;
public void setScope(Set<String> scope) {
this.scope = scope;
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
private Date expiration;
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
@Basic
@Column(name = "client_id")
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
private String clientId;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="device_code_request_parameter", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="param")
public Map<String, String> getRequestParameters() {
return requestParameters;
}
@CollectionTable(name = "device_code_request_parameter", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "val")
@MapKeyColumn(name = "param")
@CascadeOnDelete
private Map<String, String> requestParameters;
public void setRequestParameters(Map<String, String> params) {
this.requestParameters = params;
}
@Basic
@Column(name = "approved")
public boolean isApproved() {
return approved;
}
public void setApproved(boolean approved) {
this.approved = approved;
}
private boolean approved;
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
private AuthenticationHolderEntity authenticationHolder;
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
public DeviceCode(String deviceCode,
String userCode,
Set<String> scope,
String clientId,
Map<String, String> params)
{
this.deviceCode = deviceCode;
this.userCode = userCode;
this.scope = scope;
this.clientId = clientId;
this.requestParameters = params;
}
}

191
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -20,6 +20,10 @@
*/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.*;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.nimbusds.jwt.JWT;
import cz.muni.ics.oauth2.model.convert.JWTStringConverter;
import cz.muni.ics.openid.connect.model.ApprovedSite;
@ -47,7 +51,15 @@ import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Deserializer;
import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Serializer;
@ -57,20 +69,42 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken;
* @author jricher
*
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "access_token")
@NamedQueries({
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_ALL, query = "select a from OAuth2AccessTokenEntity a"),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :" + OAuth2AccessTokenEntity.PARAM_DATE),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME)
@NamedQuery(name = QUERY_ALL,
query = "SELECT a FROM OAuth2AccessTokenEntity a"),
@NamedQuery(name = QUERY_EXPIRED_BY_DATE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.expiration <= :" + PARAM_DATE),
@NamedQuery(name = QUERY_BY_REFRESH_TOKEN,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.refreshToken = :" + PARAM_REFRESH_TOKEN),
@NamedQuery(name = QUERY_BY_CLIENT,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.client = :" + PARAM_CLIENT),
@NamedQuery(name = QUERY_BY_TOKEN_VALUE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.jwtValue = :" + PARAM_TOKEN_VALUE),
@NamedQuery(name = QUERY_BY_APPROVED_SITE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.approvedSite = :" + PARAM_APPROVED_SITE),
@NamedQuery(name = QUERY_BY_RESOURCE_SET,
query = "SELECT a FROM OAuth2AccessTokenEntity a JOIN a.permissions p " +
"WHERE p.resourceSet.id = :" + PARAM_RESOURCE_SET_ID),
@NamedQuery(name = QUERY_BY_NAME,
query = "SELECT r FROM OAuth2AccessTokenEntity r " +
"WHERE r.authenticationHolder.userAuth.name = :" + PARAM_NAME)
})
@com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class)
@com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class)
@JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class)
@JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class)
public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String QUERY_BY_APPROVED_SITE = "OAuth2AccessTokenEntity.getByApprovedSite";
@ -84,7 +118,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String PARAM_TOKEN_VALUE = "tokenValue";
public static final String PARAM_CLIENT = "client";
public static final String PARAM_REFERSH_TOKEN = "refreshToken";
public static final String PARAM_REFRESH_TOKEN = "refreshToken";
public static final String PARAM_DATE = "date";
public static final String PARAM_RESOURCE_SET_ID = "rsid";
public static final String PARAM_APPROVED_SITE = "approvedSite";
@ -92,30 +126,52 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String ID_TOKEN_FIELD_NAME = "id_token";
private Long id;
private ClientDetailsEntity client;
private AuthenticationHolderEntity authenticationHolder;
private JWT jwtValue;
private Date expiration;
private String tokenType = OAuth2AccessToken.BEARER_TYPE;
private OAuth2RefreshTokenEntity refreshToken;
private Set<String> scope;
private Set<Permission> permissions;
private ApprovedSite approvedSite;
private Map<String, Object> additionalInformation = new HashMap<>();
public OAuth2AccessTokenEntity() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@ManyToOne
@JoinColumn(name = "client_id")
private ClientDetailsEntity client;
@ManyToOne
@JoinColumn(name = "auth_holder_id")
@CascadeOnDelete
private AuthenticationHolderEntity authenticationHolder;
@Column(name = "token_value")
@Convert(converter = JWTStringConverter.class)
private JWT jwtValue;
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
private Date expiration;
@Column(name = "token_type")
private String tokenType = OAuth2AccessToken.BEARER_TYPE;
@ManyToOne
@JoinColumn(name = "refresh_token_id")
private OAuth2RefreshTokenEntity refreshToken;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "token_scope", joinColumns = @JoinColumn(name = "owner_id"))
@CascadeOnDelete
private Set<String> scope;
@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id"))
@CascadeOnDelete
private Set<Permission> permissions;
@ManyToOne
@JoinColumn(name = "approved_site_id")
private ApprovedSite approvedSite;
@Transient
private Map<String, Object> additionalInformation = new HashMap<>();
@Override
@Transient
@ -123,26 +179,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
return additionalInformation;
}
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
@ManyToOne
@JoinColumn(name = "client_id")
public ClientDetailsEntity getClient() {
return client;
}
public void setClient(ClientDetailsEntity client) {
this.client = client;
}
@Override
@Transient
public String getValue() {
@ -150,31 +186,16 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
}
@Override
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
@Override
@Basic
@Column(name="token_type")
public String getTokenType() {
return tokenType;
}
public void setTokenType(String tokenType) {
this.tokenType = tokenType;
}
@Override
@ManyToOne
@JoinColumn(name="refresh_token_id")
public OAuth2RefreshTokenEntity getRefreshToken() {
return refreshToken;
}
@ -191,33 +212,16 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
}
@Override
@ElementCollection(fetch=FetchType.EAGER)
@CollectionTable(joinColumns=@JoinColumn(name="owner_id"), name="token_scope")
public Set<String> getScope() {
return scope;
}
public void setScope(Set<String> scope) {
this.scope = scope;
}
@Override
@Transient
public boolean isExpired() {
return getExpiration() != null && System.currentTimeMillis() > getExpiration().getTime();
}
@Basic
@Column(name="token_value")
@Convert(converter = JWTStringConverter.class)
public JWT getJwt() {
return jwtValue;
}
public void setJwt(JWT jwt) {
this.jwtValue = jwt;
}
@Override
@Transient
public int getExpiresIn() {
@ -232,27 +236,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
}
}
@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id"))
public Set<Permission> getPermissions() {
return permissions;
}
public void setPermissions(Set<Permission> permissions) {
this.permissions = permissions;
}
@ManyToOne
@JoinColumn(name="approved_site_id")
public ApprovedSite getApprovedSite() {
return approvedSite;
}
public void setApprovedSite(ApprovedSite approvedSite) {
this.approvedSite = approvedSite;
}
@Transient
public void setIdToken(JWT idToken) {
if (idToken != null) {

112
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2RefreshTokenEntity.java
View File

@ -20,10 +20,19 @@
*/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.PARAM_CLIENT;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.PARAM_DATE;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.PARAM_NAME;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_ALL;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_BY_CLIENT;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_BY_NAME;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE;
import com.nimbusds.jwt.JWT;
import cz.muni.ics.oauth2.model.convert.JWTStringConverter;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Convert;
import javax.persistence.Entity;
@ -37,20 +46,44 @@ import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
/**
* @author jricher
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "refresh_token")
@NamedQueries({
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2RefreshTokenEntity.PARAM_NAME)
@NamedQuery(name = QUERY_ALL,
query = "SELECT r FROM OAuth2RefreshTokenEntity r"),
@NamedQuery(name = QUERY_EXPIRED_BY_DATE,
query = "SELECT r FROM OAuth2RefreshTokenEntity r " +
"WHERE r.expiration <= :" + PARAM_DATE),
@NamedQuery(name = QUERY_BY_CLIENT,
query = "SELECT r FROM OAuth2RefreshTokenEntity r " +
"WHERE r.client = :" + PARAM_CLIENT),
@NamedQuery(name = QUERY_BY_TOKEN_VALUE,
query = "SELECT r FROM OAuth2RefreshTokenEntity r " +
"WHERE r.jwt = :" + PARAM_TOKEN_VALUE),
@NamedQuery(name = QUERY_BY_NAME,
query = "SELECT r FROM OAuth2RefreshTokenEntity r " +
"WHERE r.authenticationHolder.userAuth.name = :" + PARAM_NAME)
})
public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
@ -65,34 +98,27 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
public static final String PARAM_DATE = "date";
public static final String PARAM_NAME = "name";
private Long id;
private AuthenticationHolderEntity authenticationHolder;
private ClientDetailsEntity client;
private JWT jwt;
private Date expiration;
public OAuth2RefreshTokenEntity() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
private Long id;
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
@CascadeOnDelete
private AuthenticationHolderEntity authenticationHolder;
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "client_id")
private ClientDetailsEntity client;
@Column(name = "token_value")
@Convert(converter = JWTStringConverter.class)
private JWT jwt;
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
private Date expiration;
@Override
@Transient
@ -100,41 +126,9 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
return jwt.serialize();
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
@Transient
public boolean isExpired() {
return getExpiration() != null && System.currentTimeMillis() > getExpiration().getTime();
}
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "client_id")
public ClientDetailsEntity getClient() {
return client;
}
public void setClient(ClientDetailsEntity client) {
this.client = client;
}
@Basic
@Column(name="token_value")
@Convert(converter = JWTStringConverter.class)
public JWT getJwt() {
return jwt;
}
public void setJwt(JWT jwt) {
this.jwt = jwt;
}
}

72
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/SavedUserAuthentication.java
View File

@ -34,8 +34,14 @@ import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.Table;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.persistence.annotations.CascadeOnDelete;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
@ -48,18 +54,39 @@ import org.springframework.security.providers.ExpiringUsernameAuthenticationToke
*
* @author jricher
*/
@Entity
@Table(name="saved_user_auth")
@Slf4j
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "saved_user_auth")
public class SavedUserAuthentication implements Authentication {
private static final long serialVersionUID = -1804249963940323488L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private Long id;
@Basic
@Column(name="name")
private String name;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "saved_user_auth_authority", joinColumns = @JoinColumn(name = "owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name = "authority")
@CascadeOnDelete
private Collection<GrantedAuthority> authorities;
@Column(name="authenticated")
private boolean authenticated;
@Column(name = "acr")
private String acr;
public SavedUserAuthentication(Authentication src) {
@ -80,56 +107,17 @@ public class SavedUserAuthentication implements Authentication {
}
}
public SavedUserAuthentication() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Override
@Basic
@Column(name="name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Override
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="saved_user_auth_authority", joinColumns=@JoinColumn(name="owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name="authority")
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
@Basic
@Column(name = "acr")
public String getAcr() {
return acr;
}
public void setAcr(String acr) {
this.acr = acr;
}
@Override
@Basic
@Column(name="authenticated")
public boolean isAuthenticated() {
return authenticated;
}

2
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/impl/JpaOAuth2TokenRepository.java
View File

@ -106,7 +106,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
@Transactional(value="defaultTransactionManager")
public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, OAuth2AccessTokenEntity.class);
query.setParameter(OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN, refreshToken);
query.setParameter(OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN, refreshToken);
List<OAuth2AccessTokenEntity> accessTokens = query.getResultList();
for (OAuth2AccessTokenEntity accessToken : accessTokens) {
removeAccessToken(accessToken);

2
perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/PerunAccessTokenEnhancer.java
View File

@ -108,7 +108,7 @@ public class PerunAccessTokenEnhancer implements TokenEnhancer {
SignedJWT signed = new SignedJWT(header, claims);
jwtService.signJwt(signed);
token.setJwt(signed);
token.setJwtValue(signed);
if (userInfo != null) {
//needs access token

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/service/impl/DefaultOIDCTokenService.java
View File

@ -281,7 +281,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
jwtService.signJwt(signed);
token.setJwt(signed);
token.setJwtValue(signed);
return token;
}

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/token/ConnectTokenEnhancer.java
View File

@ -96,7 +96,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
jwtService.signJwt(signed);
token.setJwt(signed);
token.setJwtValue(signed);
/**
* Authorization request scope MUST include "openid" in OIDC, but access token request

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/util/IdTokenHashUtils.java
View File

@ -56,7 +56,7 @@ public class IdTokenHashUtils {
*/
public static Base64URL getAccessTokenHash(JWSAlgorithm signingAlg, OAuth2AccessTokenEntity token) {
byte[] tokenBytes = token.getJwt().serialize().getBytes();
byte[] tokenBytes = token.getJwtValue().serialize().getBytes();
return getHash(signingAlg, tokenBytes);

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/DynamicClientRegistrationEndpoint.java
View File

@ -752,7 +752,7 @@ public class DynamicClientRegistrationEndpoint {
try {
// Re-issue the token if it has been issued before [currentTime - validity]
Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) {
if(token.getJwtValue().getJWTClaimsSet().getIssueTime().before(validToDate)) {
log.info("Rotating the registration access token for " + client.getClientId());
tokenService.revokeAccessToken(token);
OAuth2AccessTokenEntity newToken = connectTokenService.createRegistrationAccessToken(client);

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -440,7 +440,7 @@ public class ProtectedResourceRegistrationEndpoint {
try {
// Re-issue the token if it has been issued before [currentTime - validity]
Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) {
if(token.getJwtValue().getJWTClaimsSet().getIssueTime().before(validToDate)) {
log.info("Rotating the registration access token for " + client.getClientId());
tokenService.revokeAccessToken(token);
OAuth2AccessTokenEntity newToken = connectTokenService.createResourceAccessToken(client);

2
perun-oidc-server/src/test/java/cz/muni/ics/openid/connect/token/TestConnectTokenEnhancer.java
View File

@ -92,7 +92,7 @@ public class TestConnectTokenEnhancer {
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
OAuth2AccessTokenEntity enhanced = (OAuth2AccessTokenEntity) enhancer.enhance(token, authentication);
Assert.assertEquals("foo", enhanced.getJwt().getJWTClaimsSet().getClaim("test"));
Assert.assertEquals("foo", enhanced.getJwtValue().getJWTClaimsSet().getClaim("test"));
}
private void configure(ConnectTokenEnhancer e) {

12
perun-oidc-server/src/test/java/cz/muni/ics/openid/connect/util/TestIdTokenHashUtils.java
View File

@ -58,7 +58,7 @@ public class TestIdTokenHashUtils {
claims.setSubject("example_user");
claims.setClaim("alg", "HS256");
*/
Mockito.when(mockToken256.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9."));
Mockito.when(mockToken256.getJwtValue()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9."));
/*
* Claims for second token
@ -68,7 +68,7 @@ public class TestIdTokenHashUtils {
claims.setSubject("another_user");
claims.setClaim("alg", "ES384");
*/
Mockito.when(mockToken384.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0."));
Mockito.when(mockToken384.getJwtValue()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0."));
/*
* Claims for third token:
@ -78,13 +78,13 @@ public class TestIdTokenHashUtils {
claims.setSubject("different_user");
claims.setClaim("alg", "RS512");
*/
Mockito.when(mockToken512.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ."));
Mockito.when(mockToken512.getJwtValue()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ."));
}
@Test
public void getAccessTokenHash256() {
mockToken256.getJwt().serialize();
mockToken256.getJwtValue().serialize();
Base64URL expectedHash = new Base64URL("EP1gXNeESRH-n57baopfTQ");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256);
@ -101,7 +101,7 @@ public class TestIdTokenHashUtils {
base64url of hash = BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK
*/
mockToken384.getJwt().serialize();
mockToken384.getJwtValue().serialize();
Base64URL expectedHash = new Base64URL("BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384);
@ -118,7 +118,7 @@ public class TestIdTokenHashUtils {
base64url of hash = vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k
*/
mockToken512.getJwt().serialize();
mockToken512.getJwtValue().serialize();
Base64URL expectedHash = new Base64URL("vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512);