github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #47 from dBucik/refactor_models 

Refactor
pull/1580/head
Dominik František Bučík 2021-11-30 12:37:37 +01:00 committed by GitHub
parent 7155e4adf5 e721d7abe9
commit 809e7317bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
61 changed files with 819 additions and 3752 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
perun-oidc-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
View File

@ -14,11 +14,6 @@ CREATE TABLE IF NOT EXISTS access_token (
UNIQUE(token_value)
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
formatted VARCHAR(256),
@ -284,83 +279,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS permission (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
device_code VARCHAR(1024),

84
perun-oidc-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
View File

@ -13,11 +13,6 @@ CREATE TABLE IF NOT EXISTS access_token (
approved_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
formatted VARCHAR(256),
@ -87,7 +82,7 @@ CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
acr VARCHAR(1024),
name VARCHAR(1024),
authenticated BOOLEAN,
authenticated BOOLEAN
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
@ -283,83 +278,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP NULL
);
CREATE TABLE IF NOT EXISTS permission (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
device_code VARCHAR(1024),

85
perun-oidc-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
View File

@ -14,11 +14,6 @@ CREATE TABLE IF NOT EXISTS access_token (
UNIQUE(token_value)
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGSERIAL PRIMARY KEY,
formatted VARCHAR(256),
@ -88,7 +83,7 @@ CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGSERIAL PRIMARY KEY,
acr VARCHAR(1024),
name VARCHAR(1024),
authenticated BOOLEAN,
authenticated BOOLEAN
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
@ -284,83 +279,6 @@ CREATE TABLE IF NOT EXISTS pairwise_identifier (
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGSERIAL PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS permission (
id BIGSERIAL PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGSERIAL PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGSERIAL PRIMARY KEY,
device_code VARCHAR(1024),
@ -381,4 +299,3 @@ CREATE TABLE IF NOT EXISTS device_code_request_parameter (
param VARCHAR(2048),
val VARCHAR(2048)
);

959
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/ClientDetailsEntity.java
View File

File diff suppressed because it is too large Load Diff

28
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -20,20 +20,29 @@
*/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.*;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_APPROVED_SITE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_CLIENT;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_DATE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_NAME;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_ALL;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_CLIENT;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_NAME;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.nimbusds.jwt.JWT;
import cz.muni.ics.oauth2.model.convert.JWTStringConverter;
import cz.muni.ics.openid.connect.model.ApprovedSite;
import cz.muni.ics.uma.model.Permission;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.Convert;
@ -44,11 +53,9 @@ import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
@ -96,9 +103,6 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken;
@NamedQuery(name = QUERY_BY_APPROVED_SITE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.approvedSite = :" + PARAM_APPROVED_SITE),
@NamedQuery(name = QUERY_BY_RESOURCE_SET,
query = "SELECT a FROM OAuth2AccessTokenEntity a JOIN a.permissions p " +
"WHERE p.resourceSet.id = :" + PARAM_RESOURCE_SET_ID),
@NamedQuery(name = QUERY_BY_NAME,
query = "SELECT r FROM OAuth2AccessTokenEntity r " +
"WHERE r.authenticationHolder.userAuth.name = :" + PARAM_NAME)
@ -160,12 +164,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
@CascadeOnDelete
private Set<String> scope;
@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id"))
@CascadeOnDelete
private Set<Permission> permissions;
@ManyToOne
@JoinColumn(name = "approved_site_id")
private ApprovedSite approvedSite;

33
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/RegisteredClient.java
View File

@ -26,14 +26,27 @@ import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.JWT;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import java.util.Date;
import java.util.Map;
import java.util.Set;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import org.springframework.security.core.GrantedAuthority;
/**
* @author jricher
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@AllArgsConstructor
public class RegisteredClient {
private String registrationAccessToken;
@ -57,14 +70,6 @@ public class RegisteredClient {
this.registrationClientUri = registrationClientUri;
}
public ClientDetailsEntity getClient() {
return client;
}
public void setClient(ClientDetailsEntity client) {
this.client = client;
}
public String getClientDescription() {
return client.getClientDescription();
}
@ -201,11 +206,11 @@ public class RegisteredClient {
return client.getAdditionalInformation();
}
public ClientDetailsEntity.AppType getApplicationType() {
public AppType getApplicationType() {
return client.getApplicationType();
}
public void setApplicationType(ClientDetailsEntity.AppType applicationType) {
public void setApplicationType(AppType applicationType) {
client.setApplicationType(applicationType);
}
@ -217,19 +222,19 @@ public class RegisteredClient {
client.setClientName(clientName);
}
public ClientDetailsEntity.AuthMethod getTokenEndpointAuthMethod() {
public AuthMethod getTokenEndpointAuthMethod() {
return client.getTokenEndpointAuthMethod();
}
public void setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod tokenEndpointAuthMethod) {
public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) {
client.setTokenEndpointAuthMethod(tokenEndpointAuthMethod);
}
public ClientDetailsEntity.SubjectType getSubjectType() {
public SubjectType getSubjectType() {
return client.getSubjectType();
}
public void setSubjectType(ClientDetailsEntity.SubjectType subjectType) {
public void setSubjectType(SubjectType subjectType) {
client.setSubjectType(subjectType);
}

173
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/SystemScope.java
View File

@ -20,6 +20,8 @@
*/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.SystemScope.*;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
@ -29,15 +31,31 @@ import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
/**
* @author jricher
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "system_scope")
@NamedQueries({
@NamedQuery(name = SystemScope.QUERY_ALL, query = "select s from SystemScope s ORDER BY s.id"),
@NamedQuery(name = SystemScope.QUERY_BY_VALUE, query = "select s from SystemScope s WHERE s.value = :" + SystemScope.PARAM_VALUE)
@NamedQuery(name = QUERY_ALL,
query = "SELECT s FROM SystemScope s ORDER BY s.id"),
@NamedQuery(name = QUERY_BY_VALUE,
query = "SELECT s FROM SystemScope s " +
"WHERE s.value = :" + PARAM_VALUE)
})
public class SystemScope {
@ -46,145 +64,28 @@ public class SystemScope {
public static final String PARAM_VALUE = "value";
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private Long id;
private String value; // scope value
private String description; // human-readable description
private String icon; // class of the icon to display on the auth page
private boolean defaultScope = false; // is this a default scope for newly-registered clients?
private boolean restricted = false; // is this scope restricted to admin-only registration access?
public SystemScope() { }
@Column(name = "scope")
private String value;
@Column(name = "description")
private String description; // human-readable description
@Column(name = "icon")
private String icon; // class of the icon to display on the auth page
@Column(name = "default_scope")
private boolean defaultScope = false; // is this a default scope for newly-registered clients?
@Column(name = "restricted")
private boolean restricted = false; // is this scope restricted to admin-only registration access?
public SystemScope(String value) {
this.value = value;
}
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "scope")
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
@Basic
@Column(name = "description")
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
@Basic
@Column(name = "icon")
public String getIcon() {
return icon;
}
public void setIcon(String icon) {
this.icon = icon;
}
@Basic
@Column(name = "default_scope")
public boolean isDefaultScope() {
return defaultScope;
}
public void setDefaultScope(boolean defaultScope) {
this.defaultScope = defaultScope;
}
@Basic
@Column(name = "restricted")
public boolean isRestricted() {
return restricted;
}
public void setRestricted(boolean restricted) {
this.restricted = restricted;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + (defaultScope ? 1231 : 1237);
result = prime * result
+ ((description == null) ? 0 : description.hashCode());
result = prime * result + ((icon == null) ? 0 : icon.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + (restricted ? 1231 : 1237);
result = prime * result + ((value == null) ? 0 : value.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
SystemScope other = (SystemScope) obj;
if (defaultScope != other.defaultScope) {
return false;
}
if (description == null) {
if (other.description != null) {
return false;
}
} else if (!description.equals(other.description)) {
return false;
}
if (icon == null) {
if (other.icon != null) {
return false;
}
} else if (!icon.equals(other.icon)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (restricted != other.restricted) {
return false;
}
if (value == null) {
return other.value == null;
} else {
return value.equals(other.value);
}
}
@Override
public String toString() {
return "SystemScope [id=" + id + ", value=" + value + ", description="
+ description + ", icon=" + icon + ", defaultScope="
+ defaultScope + ", restricted=" + restricted + "]";
}
}

27
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/enums/AppType.java Normal file
View File

@ -0,0 +1,27 @@
package cz.muni.ics.oauth2.model.enums;
import java.util.HashMap;
import java.util.Map;
import lombok.AllArgsConstructor;
import lombok.Getter;
@Getter
@AllArgsConstructor
public enum AppType {
WEB("web"), NATIVE("native");
private final String value;
// map to aid reverse lookup
private static final Map<String, AppType> lookup = new HashMap<>();
static {
for (AppType a : AppType.values()) {
lookup.put(a.getValue(), a);
}
}
public static AppType getByValue(String value) {
return lookup.get(value);
}
}

31
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/enums/AuthMethod.java Normal file
View File

@ -0,0 +1,31 @@
package cz.muni.ics.oauth2.model.enums;
import java.util.HashMap;
import java.util.Map;
import lombok.AllArgsConstructor;
import lombok.Getter;
@Getter
@AllArgsConstructor
public enum AuthMethod {
SECRET_POST("client_secret_post"),
SECRET_BASIC("client_secret_basic"),
SECRET_JWT("client_secret_jwt"),
PRIVATE_KEY("private_key_jwt"),
NONE("none");
private final String value;
// map to aid reverse lookup
private static final Map<String, AuthMethod> lookup = new HashMap<>();
static {
for (AuthMethod a : AuthMethod.values()) {
lookup.put(a.getValue(), a);
}
}
public static AuthMethod getByValue(String value) {
return lookup.get(value);
}
}

27
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/enums/SubjectType.java Normal file
View File

@ -0,0 +1,27 @@
package cz.muni.ics.oauth2.model.enums;
import java.util.HashMap;
import java.util.Map;
import lombok.AllArgsConstructor;
import lombok.Getter;
@Getter
@AllArgsConstructor
public enum SubjectType {
PAIRWISE("pairwise"), PUBLIC("public");
private final String value;
// map to aid reverse lookup
private static final Map<String, SubjectType> lookup = new HashMap<>();
static {
for (SubjectType u : SubjectType.values()) {
lookup.put(u.getValue(), u);
}
}
public static SubjectType getByValue(String value) {
return lookup.get(value);
}
}

3
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/OAuth2TokenRepository.java
View File

@ -22,7 +22,6 @@ import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.openid.connect.model.ApprovedSite;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.List;
import java.util.Set;
@ -68,8 +67,6 @@ public interface OAuth2TokenRepository {
Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
/**
* removes duplicate access tokens.
*

8
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/impl/JpaOAuth2TokenRepository.java
View File

@ -26,7 +26,6 @@ import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.repository.OAuth2TokenRepository;
import cz.muni.ics.openid.connect.model.ApprovedSite;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.util.jpa.JpaUtil;
import java.text.ParseException;
import java.util.ArrayList;
@ -222,13 +221,6 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
}
@Override
public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs) {
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, OAuth2AccessTokenEntity.class);
query.setParameter(OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID, rs.getId());
return new LinkedHashSet<>(query.getResultList());
}
@Override
@Transactional(value="defaultTransactionManager")
public void clearDuplicateAccessTokens() {

9
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/BlacklistAwareRedirectResolver.java
View File

@ -19,6 +19,7 @@
package cz.muni.ics.oauth2.service.impl;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.openid.connect.config.ConfigurationPropertiesBean;
import cz.muni.ics.openid.connect.service.BlacklistedSiteService;
import java.util.Arrays;
@ -158,7 +159,7 @@ public class BlacklistAwareRedirectResolver implements RedirectResolver {
* @return Whether the requested redirect URI "matches" the specified redirect URI.
*/
protected boolean redirectMatches(String requestedRedirect, String redirectUri,
ClientDetailsEntity.AppType applicationType)
AppType applicationType)
{
UriComponents requestedRedirectUri = UriComponentsBuilder.fromUriString(requestedRedirect).build();
UriComponents registeredRedirectUri = UriComponentsBuilder.fromUriString(redirectUri).build();
@ -167,7 +168,7 @@ public class BlacklistAwareRedirectResolver implements RedirectResolver {
boolean userInfoMatch = isEqual(registeredRedirectUri.getUserInfo(), requestedRedirectUri.getUserInfo());
boolean hostMatch = hostMatches(registeredRedirectUri.getHost(), requestedRedirectUri.getHost());
boolean portMatch = true;
if (!ClientDetailsEntity.AppType.NATIVE.equals(applicationType)) {
if (!AppType.NATIVE.equals(applicationType)) {
portMatch = !matchPorts || registeredRedirectUri.getPort() == requestedRedirectUri.getPort();
}
boolean pathMatch = true;
@ -205,7 +206,7 @@ public class BlacklistAwareRedirectResolver implements RedirectResolver {
* @throws RedirectMismatchException if no match was found
*/
private String obtainMatchingRedirect(Set<String> redirectUris, String requestedRedirect,
ClientDetailsEntity.AppType applicationType)
AppType applicationType)
{
Assert.notEmpty(redirectUris, "Redirect URIs cannot be empty");
@ -222,7 +223,7 @@ public class BlacklistAwareRedirectResolver implements RedirectResolver {
if (this.matchSubdomains) {
redirectUriBuilder.host(requestedRedirectUri.getHost());
}
if (!this.matchPorts || ClientDetailsEntity.AppType.NATIVE.equals(applicationType)) {
if (!this.matchPorts || AppType.NATIVE.equals(applicationType)) {
redirectUriBuilder.port(requestedRedirectUri.getPort());
}
if (!this.strictMatch) {

23
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
View File

@ -19,11 +19,11 @@ import static com.google.common.collect.Maps.newLinkedHashMap;
import com.google.common.base.Joiner;
import com.google.common.collect.Sets;
import com.google.common.collect.Sets;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.service.IntrospectionResultAssembler;
import cz.muni.ics.openid.connect.model.UserInfo;
import cz.muni.ics.uma.model.Permission;
import java.text.ParseException;
import java.util.Map;
import java.util.Set;
@ -46,26 +46,9 @@ public class DefaultIntrospectionResultAssembler implements IntrospectionResultA
result.put(ACTIVE, true);
if (accessToken.getPermissions() != null && !accessToken.getPermissions().isEmpty()) {
Set<Object> permissions = Sets.newHashSet();
for (Permission perm : accessToken.getPermissions()) {
Map<String, Object> o = newLinkedHashMap();
o.put("resource_set_id", perm.getResourceSet().getId().toString());
Set<String> scopes = Sets.newHashSet(perm.getScopes());
o.put("scopes", scopes);
permissions.add(o);
}
result.put("permissions", permissions);
} else {
Set<String> scopes = Sets.intersection(authScopes, accessToken.getScope());
result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes));
}
Set<String> scopes = Sets.intersection(authScopes, accessToken.getScope());
result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes));
if (accessToken.getExpiration() != null) {
try {

13
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
View File

@ -25,8 +25,8 @@ import com.google.common.util.concurrent.UncheckedExecutionException;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AuthMethod;
import cz.muni.ics.oauth2.model.SystemScope;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.repository.OAuth2ClientRepository;
import cz.muni.ics.oauth2.repository.OAuth2TokenRepository;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
@ -36,8 +36,6 @@ import cz.muni.ics.openid.connect.model.WhitelistedSite;
import cz.muni.ics.openid.connect.service.ApprovedSiteService;
import cz.muni.ics.openid.connect.service.BlacklistedSiteService;
import cz.muni.ics.openid.connect.service.WhitelistedSiteService;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.uma.service.ResourceSetService;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.ArrayList;
@ -83,9 +81,6 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
@Autowired
private SystemScopeService scopeService;
@Autowired
private ResourceSetService resourceSetService;
@Autowired
private ConfigurationPropertiesBean config;
@ -354,12 +349,6 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
whitelistedSiteService.remove(whitelistedSite);
}
// clear out resource sets registered for this client
Collection<ResourceSet> resourceSets = resourceSetService.getAllForClient(client);
for (ResourceSet rs : resourceSets) {
resourceSetService.remove(rs);
}
// take care of the client itself
clientRepository.deleteClient(client);
}

5
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/ServiceUtils.java
View File

@ -1,6 +1,7 @@
package cz.muni.ics.oauth2.service.impl;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.openid.connect.config.ConfigurationPropertiesBean;
import java.math.BigInteger;
import java.security.SecureRandom;
@ -15,8 +16,8 @@ public class ServiceUtils {
public static UserDetails getUserDetails(String decodedClientId, ClientDetailsEntity client, String encodedPassword, ConfigurationPropertiesBean config, GrantedAuthority roleClient) {
if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
(client.getTokenEndpointAuthMethod() != null &&
(client.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.PRIVATE_KEY) ||
client.getTokenEndpointAuthMethod().equals(ClientDetailsEntity.AuthMethod.SECRET_JWT)))) {
(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
encodedPassword = new BigInteger(512, new SecureRandom()).toString(16);
}

15
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/web/IntrospectionEndpoint.java
View File

@ -30,9 +30,6 @@ import cz.muni.ics.openid.connect.model.UserInfo;
import cz.muni.ics.openid.connect.service.UserInfoService;
import cz.muni.ics.openid.connect.view.HttpCodeView;
import cz.muni.ics.openid.connect.view.JsonEntityView;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.uma.service.ResourceSetService;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@ -68,9 +65,6 @@ public class IntrospectionEndpoint {
@Autowired
private UserInfoService userInfoService;
@Autowired
private ResourceSetService resourceSetService;
public IntrospectionEndpoint() {
}
@ -101,15 +95,6 @@ public class IntrospectionEndpoint {
String ownerId = o2a.getUserAuthentication().getName();
authScopes.addAll(authClient.getScope());
// UMA style clients also get a subset of scopes of all the resource sets they've registered
Collection<ResourceSet> resourceSets = resourceSetService.getAllForOwnerAndClient(ownerId, authClientId);
// collect all the scopes
for (ResourceSet rs : resourceSets) {
authScopes.addAll(rs.getScopes());
}
} else {
// the client authenticated directly, make sure it's got the right access

36
perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/CustomClearTasks.java
View File

@ -4,8 +4,6 @@ import cz.muni.ics.oauth2.model.AuthorizationCodeEntity;
import cz.muni.ics.oauth2.model.DeviceCode;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.openid.connect.models.Acr;
import cz.muni.ics.openid.connect.models.DeviceCodeAcr;
import java.time.Instant;
import java.util.Date;
import javax.persistence.EntityManager;
@ -135,38 +133,4 @@ public class CustomClearTasks {
return count;
}
public int clearExpiredAcrs(long timeout) {
manager.flush();
manager.clear();
int count = 0;
Query query = manager.createNamedQuery(Acr.DELETE_EXPIRED);
query.setParameter(Acr.PARAM_EXPIRES_AT, Instant.now().toEpochMilli());
if (timeout > 0) {
query.setHint("javax.persistence.query.timeout", timeout);
}
try {
count += query.executeUpdate();
} catch (QueryTimeoutException e) {
// this is OK
}
return count;
}
public int clearExpiredDeviceCodeAcrs(long timeout) {
manager.flush();
manager.clear();
int count = 0;
Query query = manager.createNamedQuery(DeviceCodeAcr.DELETE_EXPIRED);
query.setParameter(DeviceCodeAcr.PARAM_EXPIRES_AT, Instant.now().toEpochMilli());
if (timeout > 0) {
query.setHint("javax.persistence.query.timeout", timeout);
}
try {
count += query.executeUpdate();
} catch (QueryTimeoutException e) {
// this is OK
}
return count;
}
}

30
perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/CustomTaskScheduler.java
View File

@ -105,34 +105,4 @@ public class CustomTaskScheduler {
log.info("clearExpiredDeviceCodes took {}ms, deleted {} records", execution, count);
}
@Transactional(value = "defaultTransactionManager")
@Scheduled(fixedDelay = 60 * ONE_MINUTE, initialDelay = 48 * ONE_MINUTE)
@SchedulerLock(name = "clearExpiredAcrs", lockAtMostFor = "3590s", lockAtLeastFor = "3590s")
public void clearExpiredAcrs() {
try {
LockAssert.assertLocked();
} catch (IllegalArgumentException e) {
return;
}
long start = System.currentTimeMillis();
int count = this.customClearTasks.clearExpiredAcrs(TimeUnit.MINUTES.toMillis(15));
long execution = System.currentTimeMillis() - start;
log.info("clearExpiredAcrs took {}ms, deleted {} records", execution, count);
}
@Transactional(value = "defaultTransactionManager")
@Scheduled(fixedDelay = 60 * ONE_MINUTE, initialDelay = 48 * ONE_MINUTE)
@SchedulerLock(name = "clearExpiredDeviceAcrs", lockAtMostFor = "3590s", lockAtLeastFor = "3590s")
public void clearExpiredDeviceAcrs() {
try {
LockAssert.assertLocked();
} catch (IllegalArgumentException e) {
return;
}
long start = System.currentTimeMillis();
int count = this.customClearTasks.clearExpiredAcrs(TimeUnit.MINUTES.toMillis(15));
long execution = System.currentTimeMillis() - start;
log.info("clearExpiredDeviceAcrs took {}ms, deleted {} records", execution, count);
}
}

81
perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/PerunAcrRepository.java
View File

@ -1,81 +0,0 @@
package cz.muni.ics.oidc.server;
import cz.muni.ics.openid.connect.models.Acr;
import java.time.Instant;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import javax.persistence.TypedQuery;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
/**
* Repository class for ACR model.
*
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Repository
@Transactional(value = "defaultTransactionManager")
public class PerunAcrRepository {
@PersistenceContext(unitName = "defaultPersistenceUnit")
private EntityManager manager;
public Acr getActive(String sub, String clientId, String state) {
TypedQuery<Acr> query = manager.createNamedQuery(Acr.GET_ACTIVE, Acr.class);
query.setParameter(Acr.PARAM_SUB, sub);
query.setParameter(Acr.PARAM_CLIENT_ID, clientId);
query.setParameter(Acr.PARAM_STATE, state);
query.setParameter(Acr.PARAM_EXPIRES_AT, now());
try {
return query.getSingleResult();
} catch (NoResultException e) {
return null;
}
}
public Acr getById(Long id) {
TypedQuery<Acr> query = manager.createNamedQuery(Acr.GET_BY_ID, Acr.class);
query.setParameter(Acr.PARAM_ID, id);
query.setParameter(Acr.PARAM_EXPIRES_AT, now());
try {
return query.getSingleResult();
} catch (NoResultException e) {
return null;
}
}
@Transactional
public Acr store(Acr acr) {
Acr existing = getActive(acr.getSub(), acr.getClientId(), acr.getState());
if (existing != null) {
return existing;
} else {
Acr tmp = manager.merge(acr);
manager.flush();
return tmp;
}
}
@Transactional
public void remove(Long id) {
Acr acr = getById(id);
if (acr != null) {
manager.remove(acr);
}
}
@Transactional
public void deleteExpired() {
Query query = manager.createNamedQuery(Acr.DELETE_EXPIRED);
query.setParameter(Acr.PARAM_EXPIRES_AT, now());
query.executeUpdate();
}
private long now() {
return Instant.now().toEpochMilli();
}
}

91
perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/PerunDeviceCodeAcrRepository.java
View File

@ -1,91 +0,0 @@
package cz.muni.ics.oidc.server;
import cz.muni.ics.openid.connect.models.Acr;
import cz.muni.ics.openid.connect.models.DeviceCodeAcr;
import java.time.Instant;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import javax.persistence.TypedQuery;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
/**
* Repository class for ACR model.
*
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Repository
@Transactional(value = "defaultTransactionManager")
public class PerunDeviceCodeAcrRepository {
@PersistenceContext(unitName = "defaultPersistenceUnit")
private EntityManager manager;
public DeviceCodeAcr getActiveByDeviceCode(String deviceCode) {
TypedQuery<DeviceCodeAcr> query = manager.createNamedQuery(DeviceCodeAcr.GET_ACTIVE_BY_DEVICE_CODE,
DeviceCodeAcr.class);
query.setParameter(DeviceCodeAcr.PARAM_DEVICE_CODE, deviceCode);
query.setParameter(Acr.PARAM_EXPIRES_AT, now());
try {
return query.getSingleResult();
} catch (NoResultException e) {
return null;
}
}
public DeviceCodeAcr getByUserCode(String userCode) {
TypedQuery<DeviceCodeAcr> query = manager.createNamedQuery(DeviceCodeAcr.GET_BY_USER_CODE, DeviceCodeAcr.class);
query.setParameter(DeviceCodeAcr.PARAM_USER_CODE, userCode);
try {
return query.getSingleResult();
} catch (NoResultException e) {
return null;
}
}
public DeviceCodeAcr getById(Long id) {
TypedQuery<DeviceCodeAcr> query = manager.createNamedQuery(DeviceCodeAcr.GET_BY_ID, DeviceCodeAcr.class);
query.setParameter(DeviceCodeAcr.PARAM_ID, id);
query.setParameter(DeviceCodeAcr.PARAM_EXPIRES_AT, now());
try {
return query.getSingleResult();
} catch (NoResultException e) {
return null;
}
}
@Transactional
public DeviceCodeAcr store(DeviceCodeAcr acr) {
try {
return getActiveByDeviceCode(acr.getDeviceCode());
} catch (NoResultException e) {
DeviceCodeAcr tmp = manager.merge(acr);
manager.flush();
return tmp;
}
}
@Transactional
public void remove(Long id) {
DeviceCodeAcr acr = getById(id);
if (acr != null) {
manager.remove(acr);
}
}
@Transactional
public void deleteExpired() {
Query query = manager.createNamedQuery(DeviceCodeAcr.DELETE_EXPIRED);
query.setParameter(DeviceCodeAcr.PARAM_EXPIRES_AT, now());
query.executeUpdate();
}
private long now() {
return Instant.now().toEpochMilli();
}
}

28
perun-oidc-server/src/main/java/cz/muni/ics/oidc/web/controllers/ApproveDeviceController.java
View File

@ -4,17 +4,14 @@ import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.DeviceCode;
import cz.muni.ics.oauth2.service.SystemScopeService;
import cz.muni.ics.oauth2.web.DeviceEndpoint;
import cz.muni.ics.oidc.server.PerunDeviceCodeAcrRepository;
import cz.muni.ics.oidc.server.PerunScopeClaimTranslationService;
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
import cz.muni.ics.oidc.server.filters.PerunFilterConstants;
import cz.muni.ics.oidc.server.userInfo.PerunUserInfo;
import cz.muni.ics.oidc.web.WebHtmlClasses;
import cz.muni.ics.oidc.web.langs.Localization;
import cz.muni.ics.openid.connect.models.DeviceCodeAcr;
import cz.muni.ics.openid.connect.service.UserInfoService;
import java.security.Principal;
import java.time.Instant;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@ -41,7 +38,6 @@ public class ApproveDeviceController {
public static final String DEVICE_APPROVED = "deviceApproved";
public static final String REQUEST_USER_CODE = "requestUserCode";
public static final String USER_CODE = "user_code";
public static final String DEVICE_CODE = "device_code";
public static final String USER_OAUTH_APPROVAL = "user_oauth_approval";
public static final String URL = "devicecode";
public static final String VERIFICATION_URI = "verification_uri";
@ -59,7 +55,6 @@ public class ApproveDeviceController {
private final WebHtmlClasses htmlClasses;
private final PerunScopeClaimTranslationService scopeClaimTranslationService;
private final UserInfoService userInfoService;
private final PerunDeviceCodeAcrRepository deviceCodeAcrRepository;
@Autowired
public ApproveDeviceController(SystemScopeService scopeService,
@ -68,8 +63,7 @@ public class ApproveDeviceController {
Localization localization,
WebHtmlClasses htmlClasses,
PerunScopeClaimTranslationService scopeClaimTranslationService,
UserInfoService userInfoService,
PerunDeviceCodeAcrRepository perunDeviceCodeAcrRepository)
UserInfoService userInfoService)
{
this.scopeService = scopeService;
this.deviceEndpoint = deviceEndpoint;
@ -78,7 +72,6 @@ public class ApproveDeviceController {
this.htmlClasses = htmlClasses;
this.scopeClaimTranslationService = scopeClaimTranslationService;
this.userInfoService = userInfoService;
this.deviceCodeAcrRepository = perunDeviceCodeAcrRepository;
}
@RequestMapping(
@ -96,7 +89,6 @@ public class ApproveDeviceController {
Map<String, Object> response = (Map<String, Object>) model.get(ENTITY);
response.replace(VERIFICATION_URI, response.get(VERIFICATION_URI) + "?" + ACR_VALUES + "=" + acrValues);
response.replace(VERIFICATION_URI_COMPLETE, response.get(VERIFICATION_URI_COMPLETE) + "&" + ACR_VALUES + "=" + acrValues);
storeAcrBase((String) response.get(DEVICE_CODE), (String)response.get(USER_CODE));
return result;
}
@ -145,10 +137,6 @@ public class ApproveDeviceController {
{
String result = deviceEndpoint.readUserCode(userCode, model, session);
if (result.equals(APPROVE_DEVICE) && !perunOidcConfig.getTheme().equalsIgnoreCase("default")) {
if (StringUtils.hasText(req.getParameter(ACR))) {
storeAcr(req.getParameter(ACR), userCode);
}
return themedApproveDevice(model, p, req);
} else if (result.equals(REQUEST_USER_CODE) && !perunOidcConfig.getTheme().equalsIgnoreCase("default")) {
ControllerUtils.setPageOptions(model, req, localization, htmlClasses, perunOidcConfig);
@ -189,14 +177,6 @@ public class ApproveDeviceController {
return result;
}
private void storeAcr(String acrValue, String userCode) {
DeviceCodeAcr acr = deviceCodeAcrRepository.getByUserCode(userCode);
acr.setShibAuthnContextClass(acrValue);
long expiresAtEpoch = Instant.now().plusSeconds(600L).toEpochMilli();
acr.setExpiresAt(expiresAtEpoch);
deviceCodeAcrRepository.store(acr);
}
private String themedApproveDevice(ModelMap model, Principal p, HttpServletRequest req) {
model.remove("scopes");
DeviceCode dc = (DeviceCode) model.get("dc");
@ -210,10 +190,4 @@ public class ApproveDeviceController {
return "themedApproveDevice";
}
private void storeAcrBase(String deviceCode, String userCode) {
DeviceCodeAcr acrBase = new DeviceCodeAcr(deviceCode, userCode);
acrBase.setExpiresAt(Instant.now().plusSeconds(1800).toEpochMilli());
deviceCodeAcrRepository.store(acrBase);
}
}

6
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/ClientDetailsEntityJsonProcessor.java
View File

@ -74,10 +74,10 @@ import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AppType;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AuthMethod;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.SubjectType;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import cz.muni.ics.util.JsonUtils;
import java.text.ParseException;
import lombok.extern.slf4j.Slf4j;

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/assertion/JWTBearerAuthenticationProvider.java
View File

@ -27,7 +27,7 @@ import com.nimbusds.jwt.SignedJWT;
import cz.muni.ics.jwt.signer.service.JWTSigningAndValidationService;
import cz.muni.ics.jwt.signer.service.impl.ClientKeyCacheService;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AuthMethod;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.openid.connect.config.ConfigurationPropertiesBean;
import java.text.ParseException;

129
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/model/ApprovedSite.java
View File

@ -17,9 +17,15 @@
*******************************************************************************/
package cz.muni.ics.openid.connect.model;
import static cz.muni.ics.openid.connect.model.ApprovedSite.PARAM_CLIENT_ID;
import static cz.muni.ics.openid.connect.model.ApprovedSite.PARAM_USER_ID;
import static cz.muni.ics.openid.connect.model.ApprovedSite.QUERY_ALL;
import static cz.muni.ics.openid.connect.model.ApprovedSite.QUERY_BY_CLIENT_ID;
import static cz.muni.ics.openid.connect.model.ApprovedSite.QUERY_BY_CLIENT_ID_AND_USER_ID;
import static cz.muni.ics.openid.connect.model.ApprovedSite.QUERY_BY_USER_ID;
import java.util.Date;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
@ -33,15 +39,37 @@ import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name="approved_site")
@NamedQueries({
@NamedQuery(name = ApprovedSite.QUERY_ALL, query = "select a from ApprovedSite a"),
@NamedQuery(name = ApprovedSite.QUERY_BY_USER_ID, query = "select a from ApprovedSite a where a.userId = :" + ApprovedSite.PARAM_USER_ID),
@NamedQuery(name = ApprovedSite.QUERY_BY_CLIENT_ID, query = "select a from ApprovedSite a where a.clientId = :" + ApprovedSite.PARAM_CLIENT_ID),
@NamedQuery(name = ApprovedSite.QUERY_BY_CLIENT_ID_AND_USER_ID, query = "select a from ApprovedSite a where a.clientId = :" + ApprovedSite.PARAM_CLIENT_ID + " and a.userId = :" + ApprovedSite.PARAM_USER_ID)
@NamedQuery(name = QUERY_ALL,
query = "SELECT a FROM ApprovedSite a"),
@NamedQuery(name = QUERY_BY_USER_ID,
query = "SELECT a FROM ApprovedSite a " +
"WHERE a.userId = :" + PARAM_USER_ID),
@NamedQuery(name = QUERY_BY_CLIENT_ID,
query = "SELECT a FROM ApprovedSite a " +
"WHERE a.clientId = :" + PARAM_CLIENT_ID),
@NamedQuery(name = QUERY_BY_CLIENT_ID_AND_USER_ID,
query = "SELECT a FROM ApprovedSite a " +
"WHERE a.clientId = :" + PARAM_CLIENT_ID + ' ' +
"AND a.userId = :" + PARAM_USER_ID)
})
public class ApprovedSite {
@ -53,90 +81,33 @@ public class ApprovedSite {
public static final String PARAM_CLIENT_ID = "clientId";
public static final String PARAM_USER_ID = "userId";
private Long id;
private String userId;
private String clientId;
private Date creationDate;
private Date accessDate;
private Date timeoutDate;
private Set<String> allowedScopes;
public ApprovedSite() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Column(name = "user_id")
private String userId;
@Basic
@Column(name="user_id")
public String getUserId() {
return userId;
}
@Column(name = "client_id")
private String clientId;
public void setUserId(String userId) {
this.userId = userId;
}
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "creation_date")
private Date creationDate;
@Basic
@Column(name="client_id")
public String getClientId() {
return clientId;
}
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "access_date")
private Date accessDate;
public void setClientId(String clientId) {
this.clientId = clientId;
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Column(name="creation_date")
public Date getCreationDate() {
return creationDate;
}
public void setCreationDate(Date creationDate) {
this.creationDate = creationDate;
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Column(name="access_date")
public Date getAccessDate() {
return accessDate;
}
public void setAccessDate(Date accessDate) {
this.accessDate = accessDate;
}
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "timeout_date")
private Date timeoutDate;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="approved_site_scope", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="scope")
public Set<String> getAllowedScopes() {
return allowedScopes;
}
public void setAllowedScopes(Set<String> allowedScopes) {
this.allowedScopes = allowedScopes;
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Column(name="timeout_date")
public Date getTimeoutDate() {
return timeoutDate;
}
public void setTimeoutDate(Date timeoutDate) {
this.timeoutDate = timeoutDate;
}
@CollectionTable(name = "approved_site_scope", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "scope")
private Set<String> allowedScopes;
@Transient
public boolean isExpired() {

41
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/model/BlacklistedSite.java
View File

@ -20,7 +20,8 @@
*/
package cz.muni.ics.openid.connect.model;
import javax.persistence.Basic;
import static cz.muni.ics.openid.connect.model.BlacklistedSite.QUERY_ALL;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@ -29,43 +30,39 @@ import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
/**
* @author jricher
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name="blacklisted_site")
@NamedQueries({
@NamedQuery(name = BlacklistedSite.QUERY_ALL, query = "select b from BlacklistedSite b")
@NamedQuery(name = QUERY_ALL,
query = "SELECT b FROM BlacklistedSite b")
})
public class BlacklistedSite {
public static final String QUERY_ALL = "BlacklistedSite.getAll";
private Long id;
private String uri;
public BlacklistedSite() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name="uri")
public String getUri() {
return uri;
}
public void setUri(String uri) {
this.uri = uri;
}
private String uri;
}

149
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/model/DefaultAddress.java
View File

@ -15,29 +15,54 @@
*******************************************************************************/
package cz.muni.ics.openid.connect.model;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name="address")
@Table(name = "address")
public class DefaultAddress implements Address {
private static final long serialVersionUID = -1304880008685206811L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private Long id;
private String formatted;
private String streetAddress;
private String locality;
private String region;
private String postalCode;
private String country;
public DefaultAddress() { }
@Column(name = "formatted")
private String formatted;
@Column(name = "street_address")
private String streetAddress;
@Column(name = "locality")
private String locality;
@Column(name = "region")
private String region;
@Column(name = "postal_code")
private String postalCode;
@Column(name = "country")
private String country;
public DefaultAddress(Address address) {
setFormatted(address.getFormatted());
@ -49,8 +74,11 @@ public class DefaultAddress implements Address {
}
@Override
@Basic
@Column(name = "formatted")
public Long getId() {
return id;
}
@Override
public String getFormatted() {
return formatted;
}
@ -61,8 +89,6 @@ public class DefaultAddress implements Address {
}
@Override
@Basic
@Column(name="street_address")
public String getStreetAddress() {
return streetAddress;
}
@ -73,8 +99,6 @@ public class DefaultAddress implements Address {
}
@Override
@Basic
@Column(name = "locality")
public String getLocality() {
return locality;
}
@ -85,8 +109,6 @@ public class DefaultAddress implements Address {
}
@Override
@Basic
@Column(name = "region")
public String getRegion() {
return region;
}
@ -97,8 +119,6 @@ public class DefaultAddress implements Address {
}
@Override
@Basic
@Column(name="postal_code")
public String getPostalCode() {
return postalCode;
}
@ -109,8 +129,6 @@ public class DefaultAddress implements Address {
}
@Override
@Basic
@Column(name = "country")
public String getCountry() {
return country;
}
@ -120,93 +138,4 @@ public class DefaultAddress implements Address {
this.country = country;
}
@Override
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((country == null) ? 0 : country.hashCode());
result = prime * result + ((formatted == null) ? 0 : formatted.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((locality == null) ? 0 : locality.hashCode());
result = prime * result + ((postalCode == null) ? 0 : postalCode.hashCode());
result = prime * result + ((region == null) ? 0 : region.hashCode());
result = prime * result + ((streetAddress == null) ? 0 : streetAddress.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof DefaultAddress)) {
return false;
}
DefaultAddress other = (DefaultAddress) obj;
if (country == null) {
if (other.country != null) {
return false;
}
} else if (!country.equals(other.country)) {
return false;
}
if (formatted == null) {
if (other.formatted != null) {
return false;
}
} else if (!formatted.equals(other.formatted)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (locality == null) {
if (other.locality != null) {
return false;
}
} else if (!locality.equals(other.locality)) {
return false;
}
if (postalCode == null) {
if (other.postalCode != null) {
return false;
}
} else if (!postalCode.equals(other.postalCode)) {
return false;
}
if (region == null) {
if (other.region != null) {
return false;
}
} else if (!region.equals(other.region)) {
return false;
}
if (streetAddress == null) {
return other.streetAddress == null;
} else return streetAddress.equals(other.streetAddress);
}
}

375
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/model/DefaultUserInfo.java
View File

@ -17,13 +17,17 @@
*******************************************************************************/
package cz.muni.ics.openid.connect.model;
import static cz.muni.ics.openid.connect.model.DefaultUserInfo.PARAM_EMAIL;
import static cz.muni.ics.openid.connect.model.DefaultUserInfo.PARAM_USERNAME;
import static cz.muni.ics.openid.connect.model.DefaultUserInfo.QUERY_BY_EMAIL;
import static cz.muni.ics.openid.connect.model.DefaultUserInfo.QUERY_BY_USERNAME;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import cz.muni.ics.openid.connect.model.convert.JsonObjectStringConverter;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Convert;
@ -36,12 +40,29 @@ import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name="user_info")
@NamedQueries({
@NamedQuery(name=DefaultUserInfo.QUERY_BY_USERNAME, query = "select u from DefaultUserInfo u WHERE u.preferredUsername = :" + DefaultUserInfo.PARAM_USERNAME),
@NamedQuery(name=DefaultUserInfo.QUERY_BY_EMAIL, query = "select u from DefaultUserInfo u WHERE u.email = :" + DefaultUserInfo.PARAM_EMAIL)
@NamedQuery(name = QUERY_BY_USERNAME,
query = "SELECT u FROM DefaultUserInfo u " +
"WHERE u.preferredUsername = :" + PARAM_USERNAME),
@NamedQuery(name = QUERY_BY_EMAIL,
query = "SELECT u FROM DefaultUserInfo u " +
"WHERE u.email = :" + PARAM_EMAIL)
})
public class DefaultUserInfo implements UserInfo {
@ -53,44 +74,77 @@ public class DefaultUserInfo implements UserInfo {
private static final long serialVersionUID = 6078310513185681918L;
private Long id;
private String sub;
private String preferredUsername;
private String name;
private String givenName;
private String familyName;
private String middleName;
private String nickname;
private String profile;
private String picture;
private String website;
private String email;
private Boolean emailVerified;
private String gender;
private String zoneinfo;
private String locale;
private String phoneNumber;
private Boolean phoneNumberVerified;
private DefaultAddress address;
private String updatedTime;
private String birthdate;
private transient JsonObject src; // source JSON if this is loaded remotely
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Column(name = "sub")
private String sub;
@Column(name = "preferred_username")
private String preferredUsername;
@Column(name = "name")
private String name;
@Column(name = "given_name")
private String givenName;
@Column(name = "family_name")
private String familyName;
@Column(name = "middle_name")
private String middleName;
@Column(name = "nickname")
private String nickname;
@Column(name = "profile")
private String profile;
@Column(name = "picture")
private String picture;
@Column(name = "website")
private String website;
@Column(name = "email")
private String email;
@Column(name = "email_verified")
private Boolean emailVerified;
@Column(name = "gender")
private String gender;
@Column(name = "zone_info")
private String zoneinfo;
@Column(name = "locale")
private String locale;
@Column(name = "phone_number")
private String phoneNumber;
@Column(name = "phone_number_verified")
private Boolean phoneNumberVerified;
@OneToOne(targetEntity = DefaultAddress.class, cascade = CascadeType.ALL)
@JoinColumn(name = "address_id")
private DefaultAddress address;
@Column(name = "updated_time")
private String updatedTime;
@Column(name = "birthdate")
private String birthdate;
@Column(name = "src")
@Convert(converter = JsonObjectStringConverter.class)
private transient JsonObject source; // source JSON if this is loaded remotely
@Override
@Basic
@Column(name="sub")
public String getSub() {
return sub;
}
@ -101,8 +155,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="preferred_username")
public String getPreferredUsername() {
return this.preferredUsername;
}
@ -113,8 +165,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name = "name")
public String getName() {
return name;
}
@ -125,8 +175,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="given_name")
public String getGivenName() {
return givenName;
}
@ -137,8 +185,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="family_name")
public String getFamilyName() {
return familyName;
}
@ -149,8 +195,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="middle_name")
public String getMiddleName() {
return middleName;
}
@ -161,8 +205,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name = "nickname")
public String getNickname() {
return nickname;
}
@ -173,8 +215,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name = "profile")
public String getProfile() {
return profile;
}
@ -185,8 +225,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name = "picture")
public String getPicture() {
return picture;
}
@ -197,8 +235,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name = "website")
public String getWebsite() {
return website;
}
@ -209,8 +245,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name = "email")
public String getEmail() {
return email;
}
@ -221,8 +255,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="email_verified")
public Boolean getEmailVerified() {
return emailVerified;
}
@ -233,8 +265,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name = "gender")
public String getGender() {
return gender;
}
@ -245,8 +275,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="zone_info")
public String getZoneinfo() {
return zoneinfo;
}
@ -257,8 +285,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name = "locale")
public String getLocale() {
return locale;
}
@ -269,8 +295,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="phone_number")
public String getPhoneNumber() {
return phoneNumber;
}
@ -281,8 +305,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="phone_number_verified")
public Boolean getPhoneNumberVerified() {
return phoneNumberVerified;
}
@ -293,8 +315,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@OneToOne(targetEntity = DefaultAddress.class, cascade = CascadeType.ALL)
@JoinColumn(name="address_id")
public Address getAddress() {
return address;
}
@ -309,8 +329,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="updated_time")
public String getUpdatedTime() {
return updatedTime;
}
@ -321,8 +339,6 @@ public class DefaultUserInfo implements UserInfo {
}
@Override
@Basic
@Column(name="birthdate")
public String getBirthdate() {
return birthdate;
}
@ -334,7 +350,7 @@ public class DefaultUserInfo implements UserInfo {
@Override
public JsonObject toJson() {
if (src == null) {
if (source == null) {
JsonObject obj = new JsonObject();
obj.addProperty("sub", this.getSub());
@ -372,10 +388,14 @@ public class DefaultUserInfo implements UserInfo {
}
return obj;
} else {
return src;
return source;
}
}
@Override
public JsonObject getSource() {
return source;
}
public static UserInfo fromJson(JsonObject obj) {
DefaultUserInfo ui = new DefaultUserInfo();
@ -420,213 +440,16 @@ public class DefaultUserInfo implements UserInfo {
return ui;
}
@Override
@Basic
@Column(name = "src")
@Convert(converter = JsonObjectStringConverter.class)
public JsonObject getSource() {
return src;
}
public void setSource(JsonObject src) {
this.src = src;
}
private static String nullSafeGetString(JsonObject obj, String field) {
return obj.has(field) && obj.get(field).isJsonPrimitive() ? obj.get(field).getAsString() : null;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((address == null) ? 0 : address.hashCode());
result = prime * result + ((birthdate == null) ? 0 : birthdate.hashCode());
result = prime * result + ((email == null) ? 0 : email.hashCode());
result = prime * result + ((emailVerified == null) ? 0 : emailVerified.hashCode());
result = prime * result + ((familyName == null) ? 0 : familyName.hashCode());
result = prime * result + ((gender == null) ? 0 : gender.hashCode());
result = prime * result + ((givenName == null) ? 0 : givenName.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((locale == null) ? 0 : locale.hashCode());
result = prime * result + ((middleName == null) ? 0 : middleName.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((nickname == null) ? 0 : nickname.hashCode());
result = prime * result + ((phoneNumber == null) ? 0 : phoneNumber.hashCode());
result = prime * result + ((phoneNumberVerified == null) ? 0 : phoneNumberVerified.hashCode());
result = prime * result + ((picture == null) ? 0 : picture.hashCode());
result = prime * result + ((preferredUsername == null) ? 0 : preferredUsername.hashCode());
result = prime * result + ((profile == null) ? 0 : profile.hashCode());
result = prime * result + ((sub == null) ? 0 : sub.hashCode());
result = prime * result + ((updatedTime == null) ? 0 : updatedTime.hashCode());
result = prime * result + ((website == null) ? 0 : website.hashCode());
result = prime * result + ((zoneinfo == null) ? 0 : zoneinfo.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof DefaultUserInfo)) {
return false;
}
DefaultUserInfo other = (DefaultUserInfo) obj;
if (address == null) {
if (other.address != null) {
return false;
}
} else if (!address.equals(other.address)) {
return false;
}
if (birthdate == null) {
if (other.birthdate != null) {
return false;
}
} else if (!birthdate.equals(other.birthdate)) {
return false;
}
if (email == null) {
if (other.email != null) {
return false;
}
} else if (!email.equals(other.email)) {
return false;
}
if (emailVerified == null) {
if (other.emailVerified != null) {
return false;
}
} else if (!emailVerified.equals(other.emailVerified)) {
return false;
}
if (familyName == null) {
if (other.familyName != null) {
return false;
}
} else if (!familyName.equals(other.familyName)) {
return false;
}
if (gender == null) {
if (other.gender != null) {
return false;
}
} else if (!gender.equals(other.gender)) {
return false;
}
if (givenName == null) {
if (other.givenName != null) {
return false;
}
} else if (!givenName.equals(other.givenName)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (locale == null) {
if (other.locale != null) {
return false;
}
} else if (!locale.equals(other.locale)) {
return false;
}
if (middleName == null) {
if (other.middleName != null) {
return false;
}
} else if (!middleName.equals(other.middleName)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (nickname == null) {
if (other.nickname != null) {
return false;
}
} else if (!nickname.equals(other.nickname)) {
return false;
}
if (phoneNumber == null) {
if (other.phoneNumber != null) {
return false;
}
} else if (!phoneNumber.equals(other.phoneNumber)) {
return false;
}
if (phoneNumberVerified == null) {
if (other.phoneNumberVerified != null) {
return false;
}
} else if (!phoneNumberVerified.equals(other.phoneNumberVerified)) {
return false;
}
if (picture == null) {
if (other.picture != null) {
return false;
}
} else if (!picture.equals(other.picture)) {
return false;
}
if (preferredUsername == null) {
if (other.preferredUsername != null) {
return false;
}
} else if (!preferredUsername.equals(other.preferredUsername)) {
return false;
}
if (profile == null) {
if (other.profile != null) {
return false;
}
} else if (!profile.equals(other.profile)) {
return false;
}
if (sub == null) {
if (other.sub != null) {
return false;
}
} else if (!sub.equals(other.sub)) {
return false;
}
if (updatedTime == null) {
if (other.updatedTime != null) {
return false;
}
} else if (!updatedTime.equals(other.updatedTime)) {
return false;
}
if (website == null) {
if (other.website != null) {
return false;
}
} else if (!website.equals(other.website)) {
return false;
}
if (zoneinfo == null) {
return other.zoneinfo == null;
} else return zoneinfo.equals(other.zoneinfo);
}
private void writeObject(ObjectOutputStream out) throws IOException {
out.defaultWriteObject();
if (src == null) {
if (source == null) {
out.writeObject(null);
} else {
out.writeObject(src.toString());
out.writeObject(source.toString());
}
}
@ -635,7 +458,7 @@ public class DefaultUserInfo implements UserInfo {
Object o = in.readObject();
if (o != null) {
JsonParser parser = new JsonParser();
src = parser.parse((String)o).getAsJsonObject();
source = parser.parse((String)o).getAsJsonObject();
}
}

69
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/model/PairwiseIdentifier.java
View File

@ -20,7 +20,11 @@
*/
package cz.muni.ics.openid.connect.model;
import javax.persistence.Basic;
import static cz.muni.ics.openid.connect.model.PairwiseIdentifier.PARAM_SECTOR_IDENTIFIER;
import static cz.muni.ics.openid.connect.model.PairwiseIdentifier.PARAM_SUB;
import static cz.muni.ics.openid.connect.model.PairwiseIdentifier.QUERY_ALL;
import static cz.muni.ics.openid.connect.model.PairwiseIdentifier.QUERY_BY_SECTOR_IDENTIFIER;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@ -29,6 +33,12 @@ import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
/**
*
@ -37,11 +47,22 @@ import javax.persistence.Table;
* @author jricher
*
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "pairwise_identifier")
@NamedQueries({
@NamedQuery(name=PairwiseIdentifier.QUERY_ALL, query = "select p from PairwiseIdentifier p"),
@NamedQuery(name=PairwiseIdentifier.QUERY_BY_SECTOR_IDENTIFIER, query = "select p from PairwiseIdentifier p WHERE p.userSub = :" + PairwiseIdentifier.PARAM_SUB + " AND p.sectorIdentifier = :" + PairwiseIdentifier.PARAM_SECTOR_IDENTIFIER)
@NamedQuery(name = QUERY_ALL,
query = "SELECT p FROM PairwiseIdentifier p"),
@NamedQuery(name = QUERY_BY_SECTOR_IDENTIFIER,
query = "SELECT p FROM PairwiseIdentifier p " +
"WHERE p.userSub = :" + PARAM_SUB + ' ' +
"AND p.sectorIdentifier = :" + PARAM_SECTOR_IDENTIFIER)
})
public class PairwiseIdentifier {
@ -51,50 +72,18 @@ public class PairwiseIdentifier {
public static final String PARAM_SECTOR_IDENTIFIER = "sectorIdentifier";
public static final String PARAM_SUB = "sub";
private Long id;
private String identifier;
private String userSub;
private String sectorIdentifier;
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "identifier")
public String getIdentifier() {
return identifier;
}
private String identifier;
public void setIdentifier(String identifier) {
this.identifier = identifier;
}
@Column(name = PARAM_SUB)
private String userSub;
@Basic
@Column(name = PairwiseIdentifier.PARAM_SUB)
public String getUserSub() {
return userSub;
}
public void setUserSub(String userSub) {
this.userSub = userSub;
}
@Basic
@Column(name = "sector_identifier")
public String getSectorIdentifier() {
return sectorIdentifier;
}
public void setSectorIdentifier(String sectorIdentifier) {
this.sectorIdentifier = sectorIdentifier;
}
private String sectorIdentifier;
}

82
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/model/WhitelistedSite.java
View File

@ -17,8 +17,13 @@
*******************************************************************************/
package cz.muni.ics.openid.connect.model;
import static cz.muni.ics.openid.connect.model.WhitelistedSite.PARAM_CLIENT_ID;
import static cz.muni.ics.openid.connect.model.WhitelistedSite.PARAM_USER_ID;
import static cz.muni.ics.openid.connect.model.WhitelistedSite.QUERY_ALL;
import static cz.muni.ics.openid.connect.model.WhitelistedSite.QUERY_BY_CLIENT_ID;
import static cz.muni.ics.openid.connect.model.WhitelistedSite.QUERY_BY_CREATOR;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
@ -31,6 +36,13 @@ import javax.persistence.JoinColumn;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
/**
* Indicator that login to a site should be automatically granted
@ -38,12 +50,24 @@ import javax.persistence.Table;
* @author jricher, aanganes
*
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name="whitelisted_site")
@NamedQueries({
@NamedQuery(name = WhitelistedSite.QUERY_ALL, query = "select w from WhitelistedSite w"),
@NamedQuery(name = WhitelistedSite.QUERY_BY_CLIENT_ID, query = "select w from WhitelistedSite w where w.clientId = :" + WhitelistedSite.PARAM_CLIENT_ID),
@NamedQuery(name = WhitelistedSite.QUERY_BY_CREATOR, query = "select w from WhitelistedSite w where w.creatorUserId = :" + WhitelistedSite.PARAM_USER_ID)
@NamedQuery(name = QUERY_ALL,
query = "SELECT w FROM WhitelistedSite w"),
@NamedQuery(name = QUERY_BY_CLIENT_ID,
query = "SELECT w FROM WhitelistedSite w " +
"WHERE w.clientId = :" + PARAM_CLIENT_ID),
@NamedQuery(name = QUERY_BY_CREATOR,
query = "SELECT w FROM WhitelistedSite w " +
"WHERE w.creatorUserId = :" + PARAM_USER_ID)
})
public class WhitelistedSite {
@ -54,53 +78,21 @@ public class WhitelistedSite {
public static final String PARAM_USER_ID = "userId";
public static final String PARAM_CLIENT_ID = "clientId";
private Long id;
private String creatorUserId;
private String clientId;
private Set<String> allowedScopes;
public WhitelistedSite() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Column(name = "creator_user_id")
private String creatorUserId;
@Basic
@Column(name="client_id")
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
@Column(name = "client_id")
private String clientId;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="whitelisted_site_scope", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="scope")
public Set<String> getAllowedScopes() {
return allowedScopes;
}
public void setAllowedScopes(Set<String> allowedScopes) {
this.allowedScopes = allowedScopes;
}
@Basic
@Column(name="creator_user_id")
public String getCreatorUserId() {
return creatorUserId;
}
public void setCreatorUserId(String creatorUserId) {
this.creatorUserId = creatorUserId;
}
@CollectionTable(name = "whitelisted_site_scope", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "scope")
@CascadeOnDelete
private Set<String> allowedScopes;
}

137
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/models/Acr.java
View File

@ -1,137 +0,0 @@
package cz.muni.ics.openid.connect.models;
import static cz.muni.ics.openid.connect.models.Acr.PARAM_EXPIRES_AT;
import static cz.muni.ics.openid.connect.models.Acr.PARAM_SUB;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
/**
* Model of ACR.
*
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Entity
@Table(name = "acrs")
@NamedQueries({
@NamedQuery(name = Acr.GET_ACTIVE, query = "SELECT acr FROM Acr acr WHERE " +
"acr.sub = :" + PARAM_SUB +
" AND acr.clientId = :" + Acr.PARAM_CLIENT_ID +
" AND acr.state = :" + Acr.PARAM_STATE +
" AND acr.expiresAt > :" + PARAM_EXPIRES_AT),
@NamedQuery(name = Acr.GET_BY_ID,
query = "SELECT acr FROM Acr acr " +
"WHERE acr.id = :" + Acr.PARAM_ID +
" AND acr.expiresAt > :" + PARAM_EXPIRES_AT),
@NamedQuery(name = Acr.DELETE_EXPIRED,
query = "DELETE FROM Acr acr WHERE acr.expiresAt <= :" + Acr.PARAM_EXPIRES_AT)
})
public class Acr {
public static final String GET_ACTIVE = "Acr.getActive";
public static final String GET_BY_ID = "Acr.getById";
public static final String DELETE_EXPIRED = "Acr.deleteExpired";
public static final String PARAM_ID = "id";
public static final String PARAM_SUB = "sub";
public static final String PARAM_CLIENT_ID = "client_id";
public static final String PARAM_STATE = "state";
public static final String PARAM_EXPIRES_AT = "expiration";
private Long id;
private String sub;
private String clientId;
private String state;
private String shibAuthnContextClass;
private long expiresAt;
public Acr() { }
public Acr(String sub, String clientId, String state, String shibAuthnContextClass, long expiresAt) {
this.sub = sub;
this.clientId = clientId;
this.state = state;
this.shibAuthnContextClass = shibAuthnContextClass;
this.expiresAt = expiresAt;
}
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "sub")
public String getSub() {
return sub;
}
public void setSub(String sub) {
this.sub = sub;
}
@Basic
@Column(name = "client_id")
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
@Basic
@Column(name = "state")
public String getState() {
return state;
}
public void setState(String state) {
this.state = state;
}
@Basic
@Column(name = "shib_authn_context_class")
public String getShibAuthnContextClass() {
return shibAuthnContextClass;
}
public void setShibAuthnContextClass(String shibAuthnContextClass) {
this.shibAuthnContextClass = shibAuthnContextClass;
}
@Basic
@Column(name = "expiration")
public long getExpiresAt() {
return expiresAt;
}
public void setExpiresAt(long expiresAt) {
this.expiresAt = expiresAt;
}
@Override
public String toString() {
return "Acr{" +
"id=" + id +
", sub='" + sub + '\'' +
", clientId='" + clientId + '\'' +
", state='" + state + '\'' +
", shibAuthnContextClass='" + shibAuthnContextClass + '\'' +
", expiration=" + expiresAt +
'}';
}
}

122
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/models/DeviceCodeAcr.java
View File

@ -1,122 +0,0 @@
package cz.muni.ics.openid.connect.models;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
/**
* Model of ACR for device_code flow.
*
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
*/
@Entity
@Table(name = "device_code_acrs")
@NamedQueries({
@NamedQuery(name = DeviceCodeAcr.GET_ACTIVE_BY_DEVICE_CODE,
query = "SELECT acr FROM DeviceCodeAcr acr WHERE " +
"acr.deviceCode = :" + DeviceCodeAcr.PARAM_DEVICE_CODE +
" AND acr.expiresAt > :" + DeviceCodeAcr.PARAM_EXPIRES_AT),
@NamedQuery(name = DeviceCodeAcr.GET_BY_ID,
query = "SELECT acr FROM DeviceCodeAcr acr " +
"WHERE acr.id = :" + DeviceCodeAcr.PARAM_ID +
" AND acr.expiresAt > :" + DeviceCodeAcr.PARAM_EXPIRES_AT),
@NamedQuery(name = DeviceCodeAcr.GET_BY_USER_CODE,
query = "SELECT acr FROM DeviceCodeAcr acr " +
"WHERE acr.userCode = :" + DeviceCodeAcr.PARAM_USER_CODE),
@NamedQuery(name = DeviceCodeAcr.DELETE_EXPIRED,
query = "DELETE FROM DeviceCodeAcr acr WHERE acr.expiresAt <= :" + DeviceCodeAcr.PARAM_EXPIRES_AT)
})
public class DeviceCodeAcr {
public static final String GET_ACTIVE_BY_DEVICE_CODE = "DeviceCodeAcr.getActive";
public static final String GET_BY_ID = "DeviceCodeAcr.getById";
public static final String DELETE_EXPIRED = "DeviceCodeAcr.deleteExpired";
public static final String GET_BY_USER_CODE = "DeviceCodeAcr.getByUserCode";
public static final String PARAM_ID = "id";
public static final String PARAM_USER_CODE = "user_code";
public static final String PARAM_DEVICE_CODE = "device_code";
public static final String PARAM_EXPIRES_AT = "expiration";
private Long id;
private String userCode;
private String deviceCode;
private String shibAuthnContextClass;
private long expiresAt;
public DeviceCodeAcr() { }
public DeviceCodeAcr(String deviceCode, String userCode) {
this.deviceCode = deviceCode;
this.userCode = userCode;
}
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "device_code")
public String getDeviceCode() {
return deviceCode;
}
public void setDeviceCode(String deviceCode) {
this.deviceCode = deviceCode;
}
@Basic
@Column(name = "user_code")
public String getUserCode() {
return userCode;
}
public void setUserCode(String userCode) {
this.userCode = userCode;
}
@Basic
@Column(name = "shib_authn_context_class")
public String getShibAuthnContextClass() {
return shibAuthnContextClass;
}
public void setShibAuthnContextClass(String shibAuthnContextClass) {
this.shibAuthnContextClass = shibAuthnContextClass;
}
@Basic
@Column(name = "expiration")
public long getExpiresAt() {
return expiresAt;
}
public void setExpiresAt(long expiresAt) {
this.expiresAt = expiresAt;
}
@Override
public String toString() {
return "Acr{" +
"id=" + id +
", deviceCode='" + deviceCode + '\'' +
", userCode='" + userCode + '\'' +
", shibAuthnContextClass='" + shibAuthnContextClass + '\'' +
", expiration=" + expiresAt +
'}';
}
}

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/service/impl/DefaultUserInfoService.java
View File

@ -18,7 +18,7 @@
package cz.muni.ics.openid.connect.service.impl;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.SubjectType;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.openid.connect.model.UserInfo;
import cz.muni.ics.openid.connect.repository.UserInfoRepository;

71
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/service/impl/DummyResourceSetService.java
View File

@ -1,71 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.openid.connect.service.impl;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.uma.service.ResourceSetService;
import java.util.Collection;
import java.util.Collections;
import org.springframework.stereotype.Service;
/**
* Dummy resource set service that doesn't do anything; acts as a stub for the
* introspection service when the UMA functionality is disabled.
*
* @author jricher
*
*/
@Service
public class DummyResourceSetService implements ResourceSetService {
@Override
public ResourceSet saveNew(ResourceSet rs) {
throw new UnsupportedOperationException();
}
@Override
public ResourceSet getById(Long id) {
throw new UnsupportedOperationException();
}
@Override
public ResourceSet update(ResourceSet oldRs, ResourceSet newRs) {
throw new UnsupportedOperationException();
}
@Override
public void remove(ResourceSet rs) {
throw new UnsupportedOperationException();
}
@Override
public Collection<ResourceSet> getAllForOwner(String owner) {
throw new UnsupportedOperationException();
}
@Override
public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String authClientId) {
return Collections.emptySet();
}
@Override
public Collection<ResourceSet> getAllForClient(ClientDetailsEntity client) {
return Collections.emptySet();
}
}

6
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/ClientAPI.java
View File

@ -76,10 +76,10 @@ import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import cz.muni.ics.jwt.assertion.AssertionValidator;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AppType;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AuthMethod;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.SubjectType;
import cz.muni.ics.oauth2.model.PKCEAlgorithm;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.oauth2.web.AuthenticationUtilities;
import cz.muni.ics.openid.connect.exception.ValidationException;

6
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/DynamicClientRegistrationEndpoint.java
View File

@ -66,12 +66,12 @@ import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.JWTClaimsSet;
import cz.muni.ics.jwt.assertion.AssertionValidator;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AppType;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AuthMethod;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.SubjectType;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.oauth2.model.SystemScope;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.oauth2.service.OAuth2TokenEntityService;
import cz.muni.ics.oauth2.service.SystemScopeService;

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -18,10 +18,10 @@ package cz.muni.ics.openid.connect.web;
import com.google.common.base.Strings;
import com.google.gson.JsonSyntaxException;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AuthMethod;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.oauth2.model.SystemScope;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.oauth2.service.OAuth2TokenEntityService;
import cz.muni.ics.oauth2.service.SystemScopeService;

203
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Claim.java
View File

@ -1,203 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import com.google.gson.JsonElement;
import cz.muni.ics.oauth2.model.convert.JsonElementStringConverter;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.Convert;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.Table;
/**
* @author jricher
*/
@Entity
@Table(name = "claim")
public class Claim {
private Long id;
private String name;
private String friendlyName;
private String claimType;
private JsonElement value;
private Set<String> claimTokenFormat;
private Set<String> issuer;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Basic
@Column(name = "friendly_name")
public String getFriendlyName() {
return friendlyName;
}
public void setFriendlyName(String friendlyName) {
this.friendlyName = friendlyName;
}
@Basic
@Column(name = "claim_type")
public String getClaimType() {
return claimType;
}
public void setClaimType(String claimType) {
this.claimType = claimType;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "claim_token_format")
@CollectionTable(name = "claim_token_format", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getClaimTokenFormat() {
return claimTokenFormat;
}
public void setClaimTokenFormat(Set<String> claimTokenFormat) {
this.claimTokenFormat = claimTokenFormat;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "issuer")
@CollectionTable(name = "claim_issuer", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getIssuer() {
return issuer;
}
public void setIssuer(Set<String> issuer) {
this.issuer = issuer;
}
@Basic
@Column(name = "claim_value")
@Convert(converter = JsonElementStringConverter.class)
public JsonElement getValue() {
return value;
}
public void setValue(JsonElement value) {
this.value = value;
}
@Override
public String toString() {
return "Claim [id=" + id + ", name=" + name + ", friendlyName=" + friendlyName + ", claimType=" + claimType + ", value=" + value + ", claimTokenFormat=" + claimTokenFormat + ", issuer=" + issuer + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((claimTokenFormat == null) ? 0 : claimTokenFormat.hashCode());
result = prime * result + ((claimType == null) ? 0 : claimType.hashCode());
result = prime * result + ((friendlyName == null) ? 0 : friendlyName.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((issuer == null) ? 0 : issuer.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((value == null) ? 0 : value.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
Claim other = (Claim) obj;
if (claimTokenFormat == null) {
if (other.claimTokenFormat != null) {
return false;
}
} else if (!claimTokenFormat.equals(other.claimTokenFormat)) {
return false;
}
if (claimType == null) {
if (other.claimType != null) {
return false;
}
} else if (!claimType.equals(other.claimType)) {
return false;
}
if (friendlyName == null) {
if (other.friendlyName != null) {
return false;
}
} else if (!friendlyName.equals(other.friendlyName)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (issuer == null) {
if (other.issuer != null) {
return false;
}
} else if (!issuer.equals(other.issuer)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (value == null) {
return other.value == null;
} else return value.equals(other.value);
}
}

68
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ClaimProcessingResult.java
View File

@ -1,68 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Collection;
/**
* Data shuttle to return results of the claims processing service.
*
* @author jricher
*/
public class ClaimProcessingResult {
private boolean satisfied;
private Collection<Claim> unmatched;
private Policy matched;
public ClaimProcessingResult(Collection<Claim> unmatched) {
this.satisfied = false;
this.unmatched = unmatched;
this.matched = null;
}
public ClaimProcessingResult(Policy matched) {
this.satisfied = true;
this.matched = matched;
this.unmatched = null;
}
public boolean isSatisfied() {
return satisfied;
}
public void setSatisfied(boolean satisfied) {
this.satisfied = satisfied;
}
public Collection<Claim> getUnmatched() {
return unmatched;
}
public void setUnmatched(Collection<Claim> unmatched) {
this.unmatched = unmatched;
}
public Policy getMatched() {
return matched;
}
public void setMatched(Policy matched) {
this.matched = matched;
}
}

75
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Permission.java
View File

@ -1,75 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Set;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
/**
* @author jricher
*/
@Entity
@Table(name = "permission")
public class Permission {
private Long id;
private ResourceSet resourceSet;
private Set<String> scopes;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "resource_set_id")
public ResourceSet getResourceSet() {
return resourceSet;
}
public void setResourceSet(ResourceSet resourceSet) {
this.resourceSet = resourceSet;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(name = "permission_scope", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getScopes() {
return scopes;
}
public void setScopes(Set<String> scopes) {
this.scopes = scopes;
}
}

121
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/PermissionTicket.java
View File

@ -1,121 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Collection;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
/**
*
* An UMA permission, used in the protection API.
*
* @author jricher
*
*/
@Entity
@Table(name = "permission_ticket")
@NamedQueries({
@NamedQuery(name = PermissionTicket.QUERY_TICKET, query = "select p from PermissionTicket p where p.ticket = :" + PermissionTicket.PARAM_TICKET),
@NamedQuery(name = PermissionTicket.QUERY_ALL, query = "select p from PermissionTicket p"),
@NamedQuery(name = PermissionTicket.QUERY_BY_RESOURCE_SET, query = "select p from PermissionTicket p where p.permission.resourceSet.id = :" + PermissionTicket.PARAM_RESOURCE_SET_ID)
})
public class PermissionTicket {
public static final String QUERY_TICKET = "PermissionTicket.queryByTicket";
public static final String QUERY_ALL = "PermissionTicket.queryAll";
public static final String QUERY_BY_RESOURCE_SET = "PermissionTicket.queryByResourceSet";
public static final String PARAM_TICKET = "ticket";
public static final String PARAM_RESOURCE_SET_ID = "rsid";
private Long id;
private Permission permission;
private String ticket;
private Date expiration;
private Collection<Claim> claimsSupplied;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@OneToOne(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinColumn(name = "permission_id")
public Permission getPermission() {
return permission;
}
public void setPermission(Permission permission) {
this.permission = permission;
}
@Basic
@Column(name = "ticket")
public String getTicket() {
return ticket;
}
public void setTicket(String ticket) {
this.ticket = ticket;
}
@Basic
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
@JoinTable(name = "claim_to_permission_ticket", joinColumns = @JoinColumn(name = "permission_ticket_id"),
inverseJoinColumns = @JoinColumn(name = "claim_id"))
public Collection<Claim> getClaimsSupplied() {
return claimsSupplied;
}
public void setClaimsSupplied(Collection<Claim> claimsSupplied) {
this.claimsSupplied = claimsSupplied;
}
}

147
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/Policy.java
View File

@ -1,147 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Collection;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.OneToMany;
import javax.persistence.Table;
/**
* A set of claims required to fulfill a given permission.
*
* @author jricher
*/
@Entity
@Table(name = "policy")
public class Policy {
private Long id;
private String name;
private Collection<Claim> claimsRequired;
private Set<String> scopes;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
@JoinTable(name = "claim_to_policy", joinColumns = @JoinColumn(name = "policy_id"),
inverseJoinColumns = @JoinColumn(name = "claim_id"))
public Collection<Claim> getClaimsRequired() {
return claimsRequired;
}
public void setClaimsRequired(Collection<Claim> claimsRequired) {
this.claimsRequired = claimsRequired;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(name = "policy_scope", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getScopes() {
return scopes;
}
public void setScopes(Set<String> scopes) {
this.scopes = scopes;
}
@Override
public String toString() {
return "Policy [id=" + id + ", name=" + name + ", claimsRequired=" + claimsRequired + ", scopes=" + scopes + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((claimsRequired == null) ? 0 : claimsRequired.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((scopes == null) ? 0 : scopes.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
Policy other = (Policy) obj;
if (claimsRequired == null) {
if (other.claimsRequired != null) {
return false;
}
} else if (!claimsRequired.equals(other.claimsRequired)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (scopes == null) {
return other.scopes == null;
} else return scopes.equals(other.scopes);
}
}

255
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/ResourceSet.java
View File

@ -1,255 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
@Entity
@Table(name = "resource_set")
@NamedQueries ({
@NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER),
@NamedQuery(name = ResourceSet.QUERY_BY_OWNER_AND_CLIENT, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER + " and r.clientId = :" + ResourceSet.PARAM_CLIENTID),
@NamedQuery(name = ResourceSet.QUERY_BY_CLIENT, query = "select r from ResourceSet r where r.clientId = :" + ResourceSet.PARAM_CLIENTID),
@NamedQuery(name = ResourceSet.QUERY_ALL, query = "select r from ResourceSet r")
})
public class ResourceSet {
public static final String QUERY_BY_OWNER = "ResourceSet.queryByOwner";
public static final String QUERY_BY_OWNER_AND_CLIENT = "ResourceSet.queryByOwnerAndClient";
public static final String QUERY_BY_CLIENT = "ResourceSet.queryByClient";
public static final String QUERY_ALL = "ResourceSet.queryAll";
public static final String PARAM_OWNER = "owner";
public static final String PARAM_CLIENTID = "clientId";
private Long id;
private String name;
private String uri;
private String type;
private Set<String> scopes = new HashSet<>();
private String iconUri;
private String owner; // username of the person responsible for the registration (either directly or via OAuth token)
private String clientId; // client id of the protected resource that registered this resource set via OAuth token
private Collection<Policy> policies = new HashSet<>();
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Basic
@Column(name = "uri")
public String getUri() {
return uri;
}
public void setUri(String uri) {
this.uri = uri;
}
@Basic
@Column(name = "rs_type")
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
@ElementCollection(fetch = FetchType.EAGER)
@Column(name = "scope")
@CollectionTable(name = "resource_set_scope", joinColumns = @JoinColumn(name = "owner_id"))
public Set<String> getScopes() {
return scopes;
}
public void setScopes(Set<String> scopes) {
this.scopes = scopes;
}
@Basic
@Column(name = "icon_uri")
public String getIconUri() {
return iconUri;
}
public void setIconUri(String iconUri) {
this.iconUri = iconUri;
}
@Basic
@Column(name = "owner")
public String getOwner() {
return owner;
}
public void setOwner(String owner) {
this.owner = owner;
}
@Basic
@Column(name = "client_id")
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
@JoinColumn(name = "resource_set_id")
public Collection<Policy> getPolicies() {
return policies;
}
public void setPolicies(Collection<Policy> policies) {
this.policies = policies;
}
@Override
public String toString() {
return "ResourceSet [id=" + id + ", name=" + name + ", uri=" + uri + ", type=" + type + ", scopes=" + scopes + ", iconUri=" + iconUri + ", owner=" + owner + ", clientId=" + clientId + ", policies=" + policies + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((clientId == null) ? 0 : clientId.hashCode());
result = prime * result + ((iconUri == null) ? 0 : iconUri.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((owner == null) ? 0 : owner.hashCode());
result = prime * result + ((policies == null) ? 0 : policies.hashCode());
result = prime * result + ((scopes == null) ? 0 : scopes.hashCode());
result = prime * result + ((type == null) ? 0 : type.hashCode());
result = prime * result + ((uri == null) ? 0 : uri.hashCode());
return result;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
ResourceSet other = (ResourceSet) obj;
if (clientId == null) {
if (other.clientId != null) {
return false;
}
} else if (!clientId.equals(other.clientId)) {
return false;
}
if (iconUri == null) {
if (other.iconUri != null) {
return false;
}
} else if (!iconUri.equals(other.iconUri)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (owner == null) {
if (other.owner != null) {
return false;
}
} else if (!owner.equals(other.owner)) {
return false;
}
if (policies == null) {
if (other.policies != null) {
return false;
}
} else if (!policies.equals(other.policies)) {
return false;
}
if (scopes == null) {
if (other.scopes != null) {
return false;
}
} else if (!scopes.equals(other.scopes)) {
return false;
}
if (type == null) {
if (other.type != null) {
return false;
}
} else if (!type.equals(other.type)) {
return false;
}
if (uri == null) {
return other.uri == null;
} else return uri.equals(other.uri);
}
}

73
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/SavedRegisteredClient.java
View File

@ -1,73 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.uma.model.convert.RegisteredClientStringConverter;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Convert;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
/**
* @author jricher
*/
@Entity
@Table(name = "saved_registered_client")
public class SavedRegisteredClient {
private Long id;
private String issuer;
private RegisteredClient registeredClient;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "issuer")
public String getIssuer() {
return issuer;
}
public void setIssuer(String issuer) {
this.issuer = issuer;
}
@Basic
@Column(name = "registered_client")
@Convert(converter = RegisteredClientStringConverter.class)
public RegisteredClient getRegisteredClient() {
return registeredClient;
}
public void setRegisteredClient(RegisteredClient registeredClient) {
this.registeredClient = registeredClient;
}
}

41
perun-oidc-server/src/main/java/cz/muni/ics/uma/model/convert/RegisteredClientStringConverter.java
View File

@ -1,41 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.model.convert;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.openid.connect.ClientDetailsEntityJsonProcessor;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
import org.springframework.util.StringUtils;
/**
* @author jricher
*/
@Converter
public class RegisteredClientStringConverter implements AttributeConverter<RegisteredClient, String>{
@Override
public String convertToDatabaseColumn(RegisteredClient attribute) {
return attribute == null || attribute.getSource() == null ? null : attribute.getSource().toString();
}
@Override
public RegisteredClient convertToEntityAttribute(String dbData) {
return StringUtils.isEmpty(dbData) ? null : ClientDetailsEntityJsonProcessor.parseRegistered(dbData);
}
}

43
perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/PermissionRepository.java
View File

@ -1,43 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.repository;
import cz.muni.ics.uma.model.Permission;
import cz.muni.ics.uma.model.PermissionTicket;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.Collection;
/**
* @author jricher
*/
public interface PermissionRepository {
PermissionTicket save(PermissionTicket p);
PermissionTicket getByTicket(String ticket);
Collection<PermissionTicket> getAll();
Permission saveRawPermission(Permission p);
Permission getById(Long permissionId);
Collection<PermissionTicket> getPermissionTicketsForResourceSet(ResourceSet rs);
void remove(PermissionTicket ticket);
}

41
perun-oidc-server/src/main/java/cz/muni/ics/uma/repository/ResourceSetRepository.java
View File

@ -1,41 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.repository;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.Collection;
/**
* @author jricher
*/
public interface ResourceSetRepository {
ResourceSet save(ResourceSet rs);
ResourceSet getById(Long id);
void remove(ResourceSet rs);
Collection<ResourceSet> getAllForOwner(String owner);
Collection<ResourceSet> getAllForOwnerAndClient(String owner, String clientId);
Collection<ResourceSet> getAll();
Collection<ResourceSet> getAllForClient(String clientId);
}

42
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ClaimsProcessingService.java
View File

@ -1,42 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.uma.model.ClaimProcessingResult;
import cz.muni.ics.uma.model.PermissionTicket;
import cz.muni.ics.uma.model.ResourceSet;
/**
* Processes claims presented during an UMA transaction.
*
* @author jricher
*/
public interface ClaimsProcessingService {
/**
*
* Determine whether or not the claims that have been supplied are
* sufficient to fulfill the requirements given by the claims that
* are required.
*
* @param rs the required claims to check against
* @param ticket the supplied claims to test
* @return the result of the claims processing action
*/
ClaimProcessingResult claimsAreSatisfied(ResourceSet rs, PermissionTicket ticket);
}

54
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/PermissionService.java
View File

@ -1,54 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.uma.model.PermissionTicket;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.Set;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
/**
* @author jricher
*/
public interface PermissionService {
/**
* @param resourceSet the resource set to create the permission on
* @param scopes the set of scopes that this permission is for
* @return the created (and stored) permission object, with ticket
* @throws InsufficientScopeException if the scopes in scopes don't match those in resourceSet.getScopes
*/
PermissionTicket createTicket(ResourceSet resourceSet, Set<String> scopes);
/**
* Read the permission associated with the given ticket.
*
* @param the ticket value to search on
* @return the permission object, or null if none is found
*/
PermissionTicket getByTicket(String ticket);
/**
* Save the updated permission ticket to the database. Does not create a new ticket.
*
* @param ticket
* @return
*/
PermissionTicket updateTicket(PermissionTicket ticket);
}

43
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/ResourceSetService.java
View File

@ -1,43 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.uma.model.ResourceSet;
import java.util.Collection;
/**
* Manage registered resource sets at this authorization server.
*
* @author jricher
*/
public interface ResourceSetService {
ResourceSet saveNew(ResourceSet rs);
ResourceSet getById(Long id);
ResourceSet update(ResourceSet oldRs, ResourceSet newRs);
void remove(ResourceSet rs);
Collection<ResourceSet> getAllForOwner(String owner);
Collection<ResourceSet> getAllForOwnerAndClient(String owner, String authClientId);
Collection<ResourceSet> getAllForClient(ClientDetailsEntity client);
}

42
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/SavedRegisteredClientService.java
View File

@ -1,42 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.uma.model.SavedRegisteredClient;
import java.util.Collection;
/**
* @author jricher
*/
public interface SavedRegisteredClientService {
/**
* Get a list of all the registered clients that we know about.
*
* @return
*/
Collection<SavedRegisteredClient> getAll();
/**
* @param issuer
* @param client
*/
void save(String issuer, RegisteredClient client);
}

37
perun-oidc-server/src/main/java/cz/muni/ics/uma/service/UmaTokenService.java
View File

@ -1,37 +0,0 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package cz.muni.ics.uma.service;
import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.uma.model.PermissionTicket;
import cz.muni.ics.uma.model.Policy;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
/**
* Service to create special tokens for UMA.
*
* @author jricher
*
*/
public interface UmaTokenService {
/**
* Create the RPT from the given authentication and ticket.
*/
OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy);
}

15
perun-oidc-server/src/test/java/cz/muni/ics/oauth2/model/ClientDetailsEntityTest.java
View File

@ -25,6 +25,9 @@ import static org.junit.Assert.assertEquals;
import com.google.common.collect.ImmutableSet;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import java.util.Date;
import org.junit.Test;
@ -45,12 +48,12 @@ public class ClientDetailsEntityTest {
c.setClientId("s6BhdRkqt3");
c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
c.setApplicationType(ClientDetailsEntity.AppType.WEB);
c.setApplicationType(AppType.WEB);
c.setRedirectUris(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"));
c.setClientName("My Example");
c.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
c.setSubjectType(SubjectType.PAIRWISE);
c.setSectorIdentifierUri("https://other.example.net/file_of_redirect_uris.json");
c.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
c.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
c.setJwksUri("https://client.example.org/my_public_keys.jwks");
c.setUserInfoEncryptedResponseAlg(JWEAlgorithm.RSA1_5);
c.setUserInfoEncryptedResponseEnc(EncryptionMethod.A128CBC_HS256);
@ -61,12 +64,12 @@ public class ClientDetailsEntityTest {
assertEquals("s6BhdRkqt3", c.getClientId());
assertEquals("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk", c.getClientSecret());
assertEquals(ClientDetailsEntity.AppType.WEB, c.getApplicationType());
assertEquals(AppType.WEB, c.getApplicationType());
assertEquals(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"), c.getRedirectUris());
assertEquals("My Example", c.getClientName());
assertEquals(ClientDetailsEntity.SubjectType.PAIRWISE, c.getSubjectType());
assertEquals(SubjectType.PAIRWISE, c.getSubjectType());
assertEquals("https://other.example.net/file_of_redirect_uris.json", c.getSectorIdentifierUri());
assertEquals(ClientDetailsEntity.AuthMethod.SECRET_BASIC, c.getTokenEndpointAuthMethod());
assertEquals(AuthMethod.SECRET_BASIC, c.getTokenEndpointAuthMethod());
assertEquals("https://client.example.org/my_public_keys.jwks", c.getJwksUri());
assertEquals(JWEAlgorithm.RSA1_5, c.getUserInfoEncryptedResponseAlg());
assertEquals(EncryptionMethod.A128CBC_HS256, c.getUserInfoEncryptedResponseEnc());

39
perun-oidc-server/src/test/java/cz/muni/ics/oauth2/model/RegisteredClientTest.java
View File

@ -25,6 +25,9 @@ import static org.junit.Assert.assertEquals;
import com.google.common.collect.ImmutableSet;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import java.sql.Date;
import org.junit.Test;
@ -49,12 +52,12 @@ public class RegisteredClientTest {
c.setClientSecretExpiresAt(new Date(1577858400L * 1000L));
c.setRegistrationAccessToken("this.is.an.access.token.value.ffx83");
c.setRegistrationClientUri("https://server.example.com/connect/register?client_id=s6BhdRkqt3");
c.setApplicationType(ClientDetailsEntity.AppType.WEB);
c.setApplicationType(AppType.WEB);
c.setRedirectUris(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"));
c.setClientName("My Example");
c.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
c.setSubjectType(SubjectType.PAIRWISE);
c.setSectorIdentifierUri("https://other.example.net/file_of_redirect_uris.json");
c.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
c.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
c.setJwksUri("https://client.example.org/my_public_keys.jwks");
c.setUserInfoEncryptedResponseAlg(JWEAlgorithm.RSA1_5);
c.setUserInfoEncryptedResponseEnc(EncryptionMethod.A128CBC_HS256);
@ -66,12 +69,12 @@ public class RegisteredClientTest {
assertEquals(new Date(1577858400L * 1000L), c.getClientSecretExpiresAt());
assertEquals("this.is.an.access.token.value.ffx83", c.getRegistrationAccessToken());
assertEquals("https://server.example.com/connect/register?client_id=s6BhdRkqt3", c.getRegistrationClientUri());
assertEquals(ClientDetailsEntity.AppType.WEB, c.getApplicationType());
assertEquals(AppType.WEB, c.getApplicationType());
assertEquals(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"), c.getRedirectUris());
assertEquals("My Example", c.getClientName());
assertEquals(ClientDetailsEntity.SubjectType.PAIRWISE, c.getSubjectType());
assertEquals(SubjectType.PAIRWISE, c.getSubjectType());
assertEquals("https://other.example.net/file_of_redirect_uris.json", c.getSectorIdentifierUri());
assertEquals(ClientDetailsEntity.AuthMethod.SECRET_BASIC, c.getTokenEndpointAuthMethod());
assertEquals(AuthMethod.SECRET_BASIC, c.getTokenEndpointAuthMethod());
assertEquals("https://client.example.org/my_public_keys.jwks", c.getJwksUri());
assertEquals(JWEAlgorithm.RSA1_5, c.getUserInfoEncryptedResponseAlg());
assertEquals(EncryptionMethod.A128CBC_HS256, c.getUserInfoEncryptedResponseEnc());
@ -88,13 +91,13 @@ public class RegisteredClientTest {
c.setClientId("s6BhdRkqt3");
c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
c.setApplicationType(ClientDetailsEntity.AppType.WEB);
c.setApplicationType(AppType.WEB);
c.setRedirectUris(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"));
c.setClientName("My Example");
c.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
c.setSubjectType(SubjectType.PAIRWISE);
c.setSectorIdentifierUri("https://other.example.net/file_of_redirect_uris.json");
c.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
c.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
c.setJwksUri("https://client.example.org/my_public_keys.jwks");
c.setUserInfoEncryptedResponseAlg(JWEAlgorithm.RSA1_5);
c.setUserInfoEncryptedResponseEnc(EncryptionMethod.A128CBC_HS256);
@ -113,12 +116,12 @@ public class RegisteredClientTest {
assertEquals(new Date(1577858400L * 1000L), rc.getClientSecretExpiresAt());
assertEquals("this.is.an.access.token.value.ffx83", rc.getRegistrationAccessToken());
assertEquals("https://server.example.com/connect/register?client_id=s6BhdRkqt3", rc.getRegistrationClientUri());
assertEquals(ClientDetailsEntity.AppType.WEB, rc.getApplicationType());
assertEquals(AppType.WEB, rc.getApplicationType());
assertEquals(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"), rc.getRedirectUris());
assertEquals("My Example", rc.getClientName());
assertEquals(ClientDetailsEntity.SubjectType.PAIRWISE, rc.getSubjectType());
assertEquals(SubjectType.PAIRWISE, rc.getSubjectType());
assertEquals("https://other.example.net/file_of_redirect_uris.json", rc.getSectorIdentifierUri());
assertEquals(ClientDetailsEntity.AuthMethod.SECRET_BASIC, rc.getTokenEndpointAuthMethod());
assertEquals(AuthMethod.SECRET_BASIC, rc.getTokenEndpointAuthMethod());
assertEquals("https://client.example.org/my_public_keys.jwks", rc.getJwksUri());
assertEquals(JWEAlgorithm.RSA1_5, rc.getUserInfoEncryptedResponseAlg());
assertEquals(EncryptionMethod.A128CBC_HS256, rc.getUserInfoEncryptedResponseEnc());
@ -135,13 +138,13 @@ public class RegisteredClientTest {
c.setClientId("s6BhdRkqt3");
c.setClientSecret("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk");
c.setApplicationType(ClientDetailsEntity.AppType.WEB);
c.setApplicationType(AppType.WEB);
c.setRedirectUris(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"));
c.setClientName("My Example");
c.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
c.setSubjectType(SubjectType.PAIRWISE);
c.setSectorIdentifierUri("https://other.example.net/file_of_redirect_uris.json");
c.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
c.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
c.setJwksUri("https://client.example.org/my_public_keys.jwks");
c.setUserInfoEncryptedResponseAlg(JWEAlgorithm.RSA1_5);
c.setUserInfoEncryptedResponseEnc(EncryptionMethod.A128CBC_HS256);
@ -156,12 +159,12 @@ public class RegisteredClientTest {
assertEquals("ZJYCqe3GGRvdrudKyZS0XhGv_Z45DuKhCUk0gBR1vZk", rc.getClientSecret());
assertEquals("this.is.an.access.token.value.ffx83", rc.getRegistrationAccessToken());
assertEquals("https://server.example.com/connect/register?client_id=s6BhdRkqt3", rc.getRegistrationClientUri());
assertEquals(ClientDetailsEntity.AppType.WEB, rc.getApplicationType());
assertEquals(AppType.WEB, rc.getApplicationType());
assertEquals(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"), rc.getRedirectUris());
assertEquals("My Example", rc.getClientName());
assertEquals(ClientDetailsEntity.SubjectType.PAIRWISE, rc.getSubjectType());
assertEquals(SubjectType.PAIRWISE, rc.getSubjectType());
assertEquals("https://other.example.net/file_of_redirect_uris.json", rc.getSectorIdentifierUri());
assertEquals(ClientDetailsEntity.AuthMethod.SECRET_BASIC, rc.getTokenEndpointAuthMethod());
assertEquals(AuthMethod.SECRET_BASIC, rc.getTokenEndpointAuthMethod());
assertEquals("https://client.example.org/my_public_keys.jwks", rc.getJwksUri());
assertEquals(JWEAlgorithm.RSA1_5, rc.getUserInfoEncryptedResponseAlg());
assertEquals(EncryptionMethod.A128CBC_HS256, rc.getUserInfoEncryptedResponseEnc());

13
perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java
View File

@ -24,6 +24,7 @@ import static org.mockito.Mockito.when;
import com.google.common.collect.ImmutableSet;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.openid.connect.config.ConfigurationPropertiesBean;
import cz.muni.ics.openid.connect.service.BlacklistedSiteService;
import org.junit.Before;
@ -104,12 +105,12 @@ public class TestBlacklistAwareRedirectResolver {
public void testRedirectMatches_default() {
// this is not an exact match
boolean res1 = resolver.redirectMatches(pathUri, goodUri, ClientDetailsEntity.AppType.WEB);
boolean res1 = resolver.redirectMatches(pathUri, goodUri, AppType.WEB);
assertThat(res1, is(false));
// this is an exact match
boolean res2 = resolver.redirectMatches(goodUri, goodUri, ClientDetailsEntity.AppType.WEB);
boolean res2 = resolver.redirectMatches(goodUri, goodUri, AppType.WEB);
assertThat(res2, is(true));
@ -122,12 +123,12 @@ public class TestBlacklistAwareRedirectResolver {
resolver.setStrictMatch(false);
// this is not an exact match (but that's OK)
boolean res1 = resolver.redirectMatches(pathUri, goodUri, ClientDetailsEntity.AppType.WEB);
boolean res1 = resolver.redirectMatches(pathUri, goodUri, AppType.WEB);
assertThat(res1, is(true));
// this is an exact match
boolean res2 = resolver.redirectMatches(goodUri, goodUri, ClientDetailsEntity.AppType.WEB);
boolean res2 = resolver.redirectMatches(goodUri, goodUri, AppType.WEB);
assertThat(res2, is(true));
@ -136,12 +137,12 @@ public class TestBlacklistAwareRedirectResolver {
@Test
public void testHeartMode() {
// this is not an exact match
boolean res1 = resolver.redirectMatches(pathUri, goodUri, ClientDetailsEntity.AppType.WEB);
boolean res1 = resolver.redirectMatches(pathUri, goodUri, AppType.WEB);
assertThat(res1, is(false));
// this is an exact match
boolean res2 = resolver.redirectMatches(goodUri, goodUri, ClientDetailsEntity.AppType.WEB);
boolean res2 = resolver.redirectMatches(goodUri, goodUri, AppType.WEB);
assertThat(res2, is(true));
}

62
perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
View File

@ -29,7 +29,6 @@ import cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity;
import cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity;
import cz.muni.ics.oauth2.service.IntrospectionResultAssembler;
import cz.muni.ics.openid.connect.model.UserInfo;
import cz.muni.ics.uma.model.Permission;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
@ -52,7 +51,7 @@ public class TestDefaultIntrospectionResultAssembler {
public void shouldAssembleExpectedResultForAccessToken() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@ -77,50 +76,11 @@ public class TestDefaultIntrospectionResultAssembler {
assertThat(result, is(equalTo(expected)));
}
@Test
public void shouldAssembleExpectedResultForAccessToken_withPermissions() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"),
permissions(permission(1L, "foo", "bar")),
"Bearer", oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
Set<String> authScopes = scopes("foo", "bar", "baz");
// when
Map<String, Object> result = assembler.assembleFrom(accessToken, userInfo, authScopes);
// then
Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
.put("sub", "sub")
.put("exp", 123L)
.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
.put("permissions", new ImmutableSet.Builder<>()
.add(new ImmutableMap.Builder<String, Object>()
.put("resource_set_id", "1") // note that the resource ID comes out as a string
.put("scopes", new ImmutableSet.Builder<>()
.add("bar")
.add("foo")
.build())
.build())
.build())
// note that scopes are not included if permissions are included
.put("active", Boolean.TRUE)
.put("user_id", "name")
.put("client_id", "clientId")
.put("token_type", "Bearer")
.build();
assertThat(result, is(equalTo(expected)));
}
@Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserInfo() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
Set<String> authScopes = scopes("foo", "bar", "baz");
@ -147,7 +107,7 @@ public class TestDefaultIntrospectionResultAssembler {
public void shouldAssembleExpectedResultForAccessTokenWithoutExpiry() {
// given
OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), null, "Bearer",
OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), "Bearer",
oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
UserInfo userInfo = userInfo("sub");
@ -173,7 +133,7 @@ public class TestDefaultIntrospectionResultAssembler {
@Test
public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
// given
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), "Bearer",
oauth2Authentication(oauth2Request("clientId"), null));
Set<String> authScopes = scopes("foo", "bar", "baz");
@ -305,11 +265,10 @@ public class TestDefaultIntrospectionResultAssembler {
return userInfo;
}
private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, Set<Permission> permissions, String tokenType, OAuth2Authentication authentication) {
private OAuth2AccessTokenEntity accessToken(Date exp, Set<String> scopes, String tokenType, OAuth2Authentication authentication) {
OAuth2AccessTokenEntity accessToken = mock(OAuth2AccessTokenEntity.class, RETURNS_DEEP_STUBS);
given(accessToken.getExpiration()).willReturn(exp);
given(accessToken.getScope()).willReturn(scopes);
given(accessToken.getPermissions()).willReturn(permissions);
given(accessToken.getTokenType()).willReturn(tokenType);
given(accessToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
return accessToken;
@ -342,15 +301,4 @@ public class TestDefaultIntrospectionResultAssembler {
private Set<String> scopes(String... scopes) {
return newHashSet(scopes);
}
private Set<Permission> permissions(Permission... permissions) {
return newHashSet(permissions);
}
private Permission permission(Long resourceSetId, String... scopes) {
Permission permission = mock(Permission.class, RETURNS_DEEP_STUBS);
given(permission.getResourceSet().getId()).willReturn(resourceSetId);
given(permission.getScopes()).willReturn(scopes(scopes));
return permission;
}
}

36
perun-oidc-server/src/test/java/cz/muni/ics/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
View File

@ -27,6 +27,7 @@ import static org.junit.Assert.fail;
import com.google.common.collect.Sets;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.SystemScope;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.repository.OAuth2ClientRepository;
import cz.muni.ics.oauth2.repository.OAuth2TokenRepository;
import cz.muni.ics.oauth2.service.SystemScopeService;
@ -35,8 +36,6 @@ import cz.muni.ics.openid.connect.model.WhitelistedSite;
import cz.muni.ics.openid.connect.service.ApprovedSiteService;
import cz.muni.ics.openid.connect.service.BlacklistedSiteService;
import cz.muni.ics.openid.connect.service.WhitelistedSiteService;
import cz.muni.ics.uma.model.ResourceSet;
import cz.muni.ics.uma.service.ResourceSetService;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
@ -78,9 +77,6 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
@Mock
private SystemScopeService scopeService;
@Mock
private ResourceSetService resourceSetService;
@Mock
private ConfigurationPropertiesBean config;
@ -266,8 +262,6 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
WhitelistedSite site = Mockito.mock(WhitelistedSite.class);
Mockito.when(whitelistedSiteService.getByClientId(clientId)).thenReturn(site);
Mockito.when(resourceSetService.getAllForClient(client)).thenReturn(new HashSet<ResourceSet>());
service.deleteClient(client);
Mockito.verify(tokenRepository).clearTokensForClient(client);
@ -362,7 +356,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("client_credentials");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setRedirectUris(Sets.newHashSet("https://foo.bar/"));
@ -383,7 +377,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("client_credentials");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.NONE);
client.setTokenEndpointAuthMethod(AuthMethod.NONE);
client.setRedirectUris(Sets.newHashSet("https://foo.bar/"));
@ -404,7 +398,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("implicit");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setJwksUri("https://foo.bar/jwks");
@ -421,7 +415,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("authorization_code");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_POST);
client.setTokenEndpointAuthMethod(AuthMethod.SECRET_POST);
client.setRedirectUris(Sets.newHashSet("https://foo.bar/"));
@ -440,7 +434,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("implicit");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setRedirectUris(Sets.newHashSet("https://foo.bar/"));
@ -459,7 +453,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("client_credentials");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
client.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
client.setRedirectUris(Sets.newHashSet("https://foo.bar/"));
@ -478,7 +472,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("authorization_code");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
service.saveNewClient(client);
@ -493,7 +487,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("implicit");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.NONE);
client.setTokenEndpointAuthMethod(AuthMethod.NONE);
service.saveNewClient(client);
@ -508,7 +502,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("client_credentials");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setRedirectUris(Sets.newHashSet("http://foo.bar/"));
@ -525,7 +519,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("authorization_code");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setRedirectUris(Sets.newHashSet("http://foo.bar/"));
@ -544,7 +538,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("authorization_code");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setRedirectUris(Sets.newHashSet("https://foo.bar/"));
@ -565,7 +559,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("refresh_token");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setRedirectUris(Sets.newHashSet("https://foo.bar/"));
@ -587,7 +581,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("refresh_token");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setRedirectUris(Sets.newHashSet("http://foo.bar/"));
@ -607,7 +601,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
grantTypes.add("refresh_token");
client.setGrantTypes(grantTypes);
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.PRIVATE_KEY);
client.setTokenEndpointAuthMethod(AuthMethod.PRIVATE_KEY);
client.setRedirectUris(Sets.newHashSet("http://localhost/", "https://foo.bar", "foo://bar"));

27
perun-oidc-server/src/test/java/cz/muni/ics/openid/connect/ClientDetailsEntityJsonProcessorTest.java
View File

@ -30,6 +30,9 @@ import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.RegisteredClient;
import cz.muni.ics.oauth2.model.enums.AppType;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import java.sql.Date;
import org.junit.Test;
@ -68,14 +71,14 @@ public class ClientDetailsEntityJsonProcessorTest {
" }";
ClientDetailsEntity c = ClientDetailsEntityJsonProcessor.parse(json);
assertEquals(ClientDetailsEntity.AppType.WEB, c.getApplicationType());
assertEquals(AppType.WEB, c.getApplicationType());
assertEquals(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"), c.getRedirectUris());
assertEquals("My Example", c.getClientName());
assertEquals(ImmutableSet.of("code", "token"), c.getResponseTypes());
assertEquals(ImmutableSet.of("authorization_code", "implicit"), c.getGrantTypes());
assertEquals(ClientDetailsEntity.SubjectType.PAIRWISE, c.getSubjectType());
assertEquals(SubjectType.PAIRWISE, c.getSubjectType());
assertEquals("https://other.example.net/file_of_redirect_uris.json", c.getSectorIdentifierUri());
assertEquals(ClientDetailsEntity.AuthMethod.SECRET_BASIC, c.getTokenEndpointAuthMethod());
assertEquals(AuthMethod.SECRET_BASIC, c.getTokenEndpointAuthMethod());
assertEquals("https://client.example.org/my_public_keys.jwks", c.getJwksUri());
assertEquals(JWEAlgorithm.RSA1_5, c.getUserInfoEncryptedResponseAlg());
assertEquals(EncryptionMethod.A128CBC_HS256, c.getUserInfoEncryptedResponseEnc());
@ -129,14 +132,14 @@ public class ClientDetailsEntityJsonProcessorTest {
assertEquals(new Date(1577858400L * 1000L), c.getClientSecretExpiresAt());
assertEquals("this.is.an.access.token.value.ffx83", c.getRegistrationAccessToken());
assertEquals("https://server.example.com/connect/register?client_id=s6BhdRkqt3", c.getRegistrationClientUri());
assertEquals(ClientDetailsEntity.AppType.WEB, c.getApplicationType());
assertEquals(AppType.WEB, c.getApplicationType());
assertEquals(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"), c.getRedirectUris());
assertEquals("My Example", c.getClientName());
assertEquals(ImmutableSet.of("code", "token"), c.getResponseTypes());
assertEquals(ImmutableSet.of("authorization_code", "implicit"), c.getGrantTypes());
assertEquals(ClientDetailsEntity.SubjectType.PAIRWISE, c.getSubjectType());
assertEquals(SubjectType.PAIRWISE, c.getSubjectType());
assertEquals("https://other.example.net/file_of_redirect_uris.json", c.getSectorIdentifierUri());
assertEquals(ClientDetailsEntity.AuthMethod.SECRET_BASIC, c.getTokenEndpointAuthMethod());
assertEquals(AuthMethod.SECRET_BASIC, c.getTokenEndpointAuthMethod());
assertEquals("https://client.example.org/my_public_keys.jwks", c.getJwksUri());
assertEquals(JWEAlgorithm.RSA1_5, c.getUserInfoEncryptedResponseAlg());
assertEquals(EncryptionMethod.A128CBC_HS256, c.getUserInfoEncryptedResponseEnc());
@ -157,14 +160,14 @@ public class ClientDetailsEntityJsonProcessorTest {
c.setClientSecretExpiresAt(new Date(1577858400L * 1000L));
c.setRegistrationAccessToken("this.is.an.access.token.value.ffx83");
c.setRegistrationClientUri("https://server.example.com/connect/register?client_id=s6BhdRkqt3");
c.setApplicationType(ClientDetailsEntity.AppType.WEB);
c.setApplicationType(AppType.WEB);
c.setRedirectUris(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2"));
c.setClientName("My Example");
c.setResponseTypes(ImmutableSet.of("code", "token"));
c.setGrantTypes(ImmutableSet.of("authorization_code", "implicit"));
c.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
c.setSubjectType(SubjectType.PAIRWISE);
c.setSectorIdentifierUri("https://other.example.net/file_of_redirect_uris.json");
c.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
c.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
c.setJwksUri("https://client.example.org/my_public_keys.jwks");
c.setUserInfoEncryptedResponseAlg(JWEAlgorithm.RSA1_5);
c.setUserInfoEncryptedResponseEnc(EncryptionMethod.A128CBC_HS256);
@ -178,7 +181,7 @@ public class ClientDetailsEntityJsonProcessorTest {
assertEquals(1577858400L, j.get("client_secret_expires_at").getAsNumber());
assertEquals("this.is.an.access.token.value.ffx83", j.get("registration_access_token").getAsString());
assertEquals("https://server.example.com/connect/register?client_id=s6BhdRkqt3", j.get("registration_client_uri").getAsString());
assertEquals(ClientDetailsEntity.AppType.WEB.getValue(), j.get("application_type").getAsString());
assertEquals(AppType.WEB.getValue(), j.get("application_type").getAsString());
for (JsonElement e : j.get("redirect_uris").getAsJsonArray()) {
assertTrue(ImmutableSet.of("https://client.example.org/callback", "https://client.example.org/callback2").contains(e.getAsString()));
}
@ -189,9 +192,9 @@ public class ClientDetailsEntityJsonProcessorTest {
for (JsonElement e : j.get("grant_types").getAsJsonArray()) {
assertTrue(ImmutableSet.of("authorization_code", "implicit").contains(e.getAsString()));
}
assertEquals(ClientDetailsEntity.SubjectType.PAIRWISE.getValue(), j.get("subject_type").getAsString());
assertEquals(SubjectType.PAIRWISE.getValue(), j.get("subject_type").getAsString());
assertEquals("https://other.example.net/file_of_redirect_uris.json", j.get("sector_identifier_uri").getAsString());
assertEquals(ClientDetailsEntity.AuthMethod.SECRET_BASIC.getValue(), j.get("token_endpoint_auth_method").getAsString());
assertEquals(AuthMethod.SECRET_BASIC.getValue(), j.get("token_endpoint_auth_method").getAsString());
assertEquals("https://client.example.org/my_public_keys.jwks", j.get("jwks_uri").getAsString());
assertEquals(JWEAlgorithm.RSA1_5.getName(), j.get("userinfo_encrypted_response_alg").getAsString());
assertEquals(EncryptionMethod.A128CBC_HS256.getName(), j.get("userinfo_encrypted_response_enc").getAsString());

2
perun-oidc-server/src/test/java/cz/muni/ics/openid/connect/assertion/TestJWTBearerAuthenticationProvider.java
View File

@ -23,7 +23,7 @@ import com.nimbusds.jwt.SignedJWT;
import cz.muni.ics.jwt.signer.service.JWTSigningAndValidationService;
import cz.muni.ics.jwt.signer.service.impl.ClientKeyCacheService;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.ClientDetailsEntity.AuthMethod;
import cz.muni.ics.oauth2.model.enums.AuthMethod;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.openid.connect.config.ConfigurationPropertiesBean;
import java.util.Arrays;

11
perun-oidc-server/src/test/java/cz/muni/ics/openid/connect/service/impl/TestDefaultUserInfoService.java
View File

@ -24,6 +24,7 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
import cz.muni.ics.openid.connect.model.DefaultUserInfo;
import cz.muni.ics.openid.connect.model.UserInfo;
@ -112,29 +113,29 @@ public class TestDefaultUserInfoService {
publicClient2 = new ClientDetailsEntity();
publicClient2.setClientId(publicClientId2);
publicClient2.setSubjectType(ClientDetailsEntity.SubjectType.PUBLIC);
publicClient2.setSubjectType(SubjectType.PUBLIC);
// pairwise set 1
pairwiseClient1 = new ClientDetailsEntity();
pairwiseClient1.setClientId(pairwiseClientId1);
pairwiseClient1.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient1.setSubjectType(SubjectType.PAIRWISE);
pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1);
pairwiseClient2 = new ClientDetailsEntity();
pairwiseClient2.setClientId(pairwiseClientId2);
pairwiseClient2.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient2.setSubjectType(SubjectType.PAIRWISE);
pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2);
// pairwise set 2
pairwiseClient3 = new ClientDetailsEntity();
pairwiseClient3.setClientId(pairwiseClientId3);
pairwiseClient3.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient3.setSubjectType(SubjectType.PAIRWISE);
pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3);
// pairwise with null sector
pairwiseClient4 = new ClientDetailsEntity();
pairwiseClient4.setClientId(pairwiseClientId4);
pairwiseClient4.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient4.setSubjectType(SubjectType.PAIRWISE);

11
perun-oidc-server/src/test/java/cz/muni/ics/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java
View File

@ -25,6 +25,7 @@ import static org.junit.Assert.assertNotSame;
import com.google.common.collect.ImmutableSet;
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
import cz.muni.ics.oauth2.model.enums.SubjectType;
import cz.muni.ics.openid.connect.model.DefaultUserInfo;
import cz.muni.ics.openid.connect.model.PairwiseIdentifier;
import cz.muni.ics.openid.connect.model.UserInfo;
@ -95,31 +96,31 @@ public class TestUUIDPairwiseIdentiferService {
// pairwise set 1
pairwiseClient1 = new ClientDetailsEntity();
pairwiseClient1.setClientId(pairwiseClientId1);
pairwiseClient1.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient1.setSubjectType(SubjectType.PAIRWISE);
pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1);
pairwiseClient2 = new ClientDetailsEntity();
pairwiseClient2.setClientId(pairwiseClientId2);
pairwiseClient2.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient2.setSubjectType(SubjectType.PAIRWISE);
pairwiseClient2.setSectorIdentifierUri(sectorIdentifier2);
// pairwise set 2
pairwiseClient3 = new ClientDetailsEntity();
pairwiseClient3.setClientId(pairwiseClientId3);
pairwiseClient3.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient3.setSubjectType(SubjectType.PAIRWISE);
pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3);
pairwiseClient3.setRedirectUris(pairwiseClient3RedirectUris);
// pairwise with null sector
pairwiseClient4 = new ClientDetailsEntity();
pairwiseClient4.setClientId(pairwiseClientId4);
pairwiseClient4.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient4.setSubjectType(SubjectType.PAIRWISE);
pairwiseClient4.setRedirectUris(pairwiseClient4RedirectUris);
// pairwise with multiple redirects and no sector (error)
pairwiseClient5 = new ClientDetailsEntity();
pairwiseClient5.setClientId(pairwiseClientId5);
pairwiseClient5.setSubjectType(ClientDetailsEntity.SubjectType.PAIRWISE);
pairwiseClient5.setSubjectType(SubjectType.PAIRWISE);
pairwiseClient5.setRedirectUris(pairwiseClient5RedirectUris);
// saved pairwise identifier from repository