diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java index 7c3e87a88..ba63bd955 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java @@ -28,6 +28,7 @@ import org.apache.http.impl.client.DefaultHttpClient; import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.jwt.signer.service.impl.JWKSetSigningAndValidationServiceCacheService; import org.mitre.oauth2.model.ClientDetailsEntity; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.model.IssuerServiceResponse; import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder; import org.mitre.openid.connect.client.service.ClientConfigurationService; @@ -178,7 +179,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi } - ClientDetails clientConfig = clients.getClientConfiguration(serverConfig); + RegisteredClient clientConfig = clients.getClientConfiguration(serverConfig); if (clientConfig == null) { logger.error("No client configuration found for issuer: " + issuer); throw new AuthenticationServiceException("No client configuration found for issuer: " + issuer); @@ -235,7 +236,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi // pull the configurations based on that issuer ServerConfiguration serverConfig = servers.getServerConfiguration(issuer); - final ClientDetailsEntity clientConfig = clients.getClientConfiguration(serverConfig); + final RegisteredClient clientConfig = clients.getClientConfiguration(serverConfig); MultiValueMap form = new LinkedMultiValueMap(); form.add("grant_type", "authorization_code"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java index 4fa42e376..0e681d8e9 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java @@ -19,6 +19,7 @@ */ package org.mitre.openid.connect.client.service; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.config.ServerConfiguration; import org.springframework.security.oauth2.provider.ClientDetails; @@ -36,6 +37,6 @@ public interface AuthRequestUrlBuilder { * @param state * @return */ - public String buildAuthRequestUrl(ServerConfiguration serverConfig, ClientDetails clientConfig, String redirectUri, String nonce, String state); + public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state); } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java index 36990c8fa..63ccec169 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java @@ -20,6 +20,7 @@ package org.mitre.openid.connect.client.service; import org.mitre.oauth2.model.ClientDetailsEntity; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.config.ServerConfiguration; import org.springframework.security.oauth2.provider.ClientDetails; @@ -29,6 +30,6 @@ import org.springframework.security.oauth2.provider.ClientDetails; */ public interface ClientConfigurationService { - public ClientDetailsEntity getClientConfiguration(ServerConfiguration issuer); + public RegisteredClient getClientConfiguration(ServerConfiguration issuer); } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java index e112908d9..4a30e0917 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java @@ -24,6 +24,7 @@ import java.util.concurrent.ExecutionException; import org.apache.http.client.HttpClient; import org.apache.http.impl.client.DefaultHttpClient; import org.mitre.oauth2.model.ClientDetailsEntity; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; import org.mitre.openid.connect.client.service.ClientConfigurationService; import org.mitre.openid.connect.config.ServerConfiguration; @@ -51,16 +52,16 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf private static Logger logger = LoggerFactory.getLogger(DynamicServerConfigurationService.class); - private LoadingCache clients; - - private ClientDetailsEntity template; + private LoadingCache clients; + private RegisteredClient template; + public DynamicRegistrationClientConfigurationService() { clients = CacheBuilder.newBuilder().build(new DynamicClientRegistrationLoader()); } @Override - public ClientDetailsEntity getClientConfiguration(ServerConfiguration issuer) { + public RegisteredClient getClientConfiguration(ServerConfiguration issuer) { try { return clients.get(issuer); } catch (ExecutionException e) { @@ -72,28 +73,28 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf /** * @return the template */ - public ClientDetailsEntity getTemplate() { + public RegisteredClient getTemplate() { return template; } /** * @param template the template to set */ - public void setTemplate(ClientDetailsEntity template) { + public void setTemplate(RegisteredClient template) { this.template = template; } - public class DynamicClientRegistrationLoader extends CacheLoader { + public class DynamicClientRegistrationLoader extends CacheLoader { private HttpClient httpClient = new DefaultHttpClient(); private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient); private JsonParser parser = new JsonParser(); @Override - public ClientDetailsEntity load(ServerConfiguration serverConfig) throws Exception { + public RegisteredClient load(ServerConfiguration serverConfig) throws Exception { RestTemplate restTemplate = new RestTemplate(httpFactory); // dynamically register this client - JsonObject jsonRequest = ClientDetailsEntityJsonProcessor.serialize(template, null, null); + JsonObject jsonRequest = ClientDetailsEntityJsonProcessor.serialize(template); HttpHeaders headers = new HttpHeaders(); headers.setContentType(MediaType.APPLICATION_JSON); @@ -105,7 +106,7 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf // TODO: handle HTTP errors // TODO: save registration token and other important bits - ClientDetailsEntity client = ClientDetailsEntityJsonProcessor.parse(registered); + RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered); return client; } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java index 7ce62843f..dfa30b493 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java @@ -22,10 +22,10 @@ package org.mitre.openid.connect.client.service.impl; import java.net.URISyntaxException; import org.apache.http.client.utils.URIBuilder; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder; import org.mitre.openid.connect.config.ServerConfiguration; import org.springframework.security.authentication.AuthenticationServiceException; -import org.springframework.security.oauth2.provider.ClientDetails; import com.google.common.base.Joiner; @@ -42,7 +42,7 @@ public class PlainAuthRequestUrlBuilder implements AuthRequestUrlBuilder { * @see org.mitre.openid.connect.client.service.AuthRequestUrlBuilder#buildAuthRequest(javax.servlet.http.HttpServletRequest, org.mitre.openid.connect.config.ServerConfiguration, org.springframework.security.oauth2.provider.ClientDetails) */ @Override - public String buildAuthRequestUrl(ServerConfiguration serverConfig, ClientDetails clientConfig, String redirectUri, String nonce, String state) { + public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state) { try { URIBuilder uriBuilder = new URIBuilder(serverConfig.getAuthorizationEndpointUri()); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java index 1bfd9c8bb..21909dcbc 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java @@ -23,10 +23,10 @@ import java.net.URISyntaxException; import org.apache.http.client.utils.URIBuilder; import org.mitre.jwt.signer.service.JwtSigningAndValidationService; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder; import org.mitre.openid.connect.config.ServerConfiguration; import org.springframework.security.authentication.AuthenticationServiceException; -import org.springframework.security.oauth2.provider.ClientDetails; import com.google.common.base.Joiner; import com.nimbusds.jose.JWSHeader; @@ -45,7 +45,7 @@ public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder { * @see org.mitre.openid.connect.client.service.AuthRequestUrlBuilder#buildAuthRequestUrl(org.mitre.openid.connect.config.ServerConfiguration, org.springframework.security.oauth2.provider.ClientDetails, java.lang.String, java.lang.String, java.lang.String) */ @Override - public String buildAuthRequestUrl(ServerConfiguration serverConfig, ClientDetails clientConfig, String redirectUri, String nonce, String state) { + public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state) { // create our signed JWT for the request object JWTClaimsSet claims = new JWTClaimsSet(); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java index 83e062611..85462b6d2 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java @@ -22,6 +22,7 @@ package org.mitre.openid.connect.client.service.impl; import java.util.Map; import org.mitre.oauth2.model.ClientDetailsEntity; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.service.ClientConfigurationService; import org.mitre.openid.connect.config.ServerConfiguration; import org.springframework.beans.factory.InitializingBean; @@ -38,19 +39,19 @@ import org.springframework.security.oauth2.provider.ClientDetails; public class StaticClientConfigurationService implements ClientConfigurationService, InitializingBean { // Map of issuer URL -> client configuration information - private Map clients; + private Map clients; /** * @return the clients */ - public Map getClients() { + public Map getClients() { return clients; } /** * @param clients the clients to set */ - public void setClients(Map clients) { + public void setClients(Map clients) { this.clients = clients; } @@ -60,7 +61,7 @@ public class StaticClientConfigurationService implements ClientConfigurationServ * @see org.mitre.openid.connect.client.service.ClientConfigurationService#getClientConfiguration(java.lang.String) */ @Override - public ClientDetailsEntity getClientConfiguration(ServerConfiguration issuer) { + public RegisteredClient getClientConfiguration(ServerConfiguration issuer) { return clients.get(issuer.getIssuer()); } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java new file mode 100644 index 000000000..757d920e5 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java @@ -0,0 +1,721 @@ +/** + * + */ +package org.mitre.oauth2.model; + +import java.util.Date; +import java.util.Map; +import java.util.Set; + +import org.mitre.jose.JWEAlgorithmEmbed; +import org.mitre.jose.JWEEncryptionMethodEmbed; +import org.mitre.jose.JWSAlgorithmEmbed; +import org.mitre.oauth2.model.ClientDetailsEntity.AppType; +import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; +import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; +import org.springframework.security.core.GrantedAuthority; + +/** + * @author jricher + * + */ +public class RegisteredClient { + + // these fields are needed in addition to the ones in ClientDetailsEntity + private String registrationAccessToken; + private String registrationClientUri; + private Date expiresAt; + private Date issuedAt; + private ClientDetailsEntity client; + + /** + * + */ + public RegisteredClient() { + this.client = new ClientDetailsEntity(); + } + + /** + * @param client + */ + public RegisteredClient(ClientDetailsEntity client) { + this.client = client; + } + + /** + * @param client + * @param registrationAccessToken + * @param registrationClientUri + */ + public RegisteredClient(ClientDetailsEntity client, String registrationAccessToken, String registrationClientUri) { + this.client = client; + this.registrationAccessToken = registrationAccessToken; + this.registrationClientUri = registrationClientUri; + } + + /** + * @return the client + */ + public ClientDetailsEntity getClient() { + return client; + } + /** + * @param client the client to set + */ + public void setClient(ClientDetailsEntity client) { + this.client = client; + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientDescription() + */ + public String getClientDescription() { + return client.getClientDescription(); + } + /** + * @param clientDescription + * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientDescription(java.lang.String) + */ + public void setClientDescription(String clientDescription) { + client.setClientDescription(clientDescription); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowRefresh() + */ + public boolean isAllowRefresh() { + return client.isAllowRefresh(); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#isReuseRefreshToken() + */ + public boolean isReuseRefreshToken() { + return client.isReuseRefreshToken(); + } + /** + * @param reuseRefreshToken + * @see org.mitre.oauth2.model.ClientDetailsEntity#setReuseRefreshToken(boolean) + */ + public void setReuseRefreshToken(boolean reuseRefreshToken) { + client.setReuseRefreshToken(reuseRefreshToken); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenValiditySeconds() + */ + public Integer getIdTokenValiditySeconds() { + return client.getIdTokenValiditySeconds(); + } + /** + * @param idTokenValiditySeconds + * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenValiditySeconds(java.lang.Integer) + */ + public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) { + client.setIdTokenValiditySeconds(idTokenValiditySeconds); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#isDynamicallyRegistered() + */ + public boolean isDynamicallyRegistered() { + return client.isDynamicallyRegistered(); + } + /** + * @param dynamicallyRegistered + * @see org.mitre.oauth2.model.ClientDetailsEntity#setDynamicallyRegistered(boolean) + */ + public void setDynamicallyRegistered(boolean dynamicallyRegistered) { + client.setDynamicallyRegistered(dynamicallyRegistered); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#isAllowIntrospection() + */ + public boolean isAllowIntrospection() { + return client.isAllowIntrospection(); + } + /** + * @param allowIntrospection + * @see org.mitre.oauth2.model.ClientDetailsEntity#setAllowIntrospection(boolean) + */ + public void setAllowIntrospection(boolean allowIntrospection) { + client.setAllowIntrospection(allowIntrospection); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#isSecretRequired() + */ + public boolean isSecretRequired() { + return client.isSecretRequired(); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#isScoped() + */ + public boolean isScoped() { + return client.isScoped(); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientId() + */ + public String getClientId() { + return client.getClientId(); + } + /** + * @param clientId + * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientId(java.lang.String) + */ + public void setClientId(String clientId) { + client.setClientId(clientId); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientSecret() + */ + public String getClientSecret() { + return client.getClientSecret(); + } + /** + * @param clientSecret + * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientSecret(java.lang.String) + */ + public void setClientSecret(String clientSecret) { + client.setClientSecret(clientSecret); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getScope() + */ + public Set getScope() { + return client.getScope(); + } + /** + * @param scope + * @see org.mitre.oauth2.model.ClientDetailsEntity#setScope(java.util.Set) + */ + public void setScope(Set scope) { + client.setScope(scope); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getGrantTypes() + */ + public Set getGrantTypes() { + return client.getGrantTypes(); + } + /** + * @param grantTypes + * @see org.mitre.oauth2.model.ClientDetailsEntity#setGrantTypes(java.util.Set) + */ + public void setGrantTypes(Set grantTypes) { + client.setGrantTypes(grantTypes); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorizedGrantTypes() + */ + public Set getAuthorizedGrantTypes() { + return client.getAuthorizedGrantTypes(); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getAuthorities() + */ + public Set getAuthorities() { + return client.getAuthorities(); + } + /** + * @param authorities + * @see org.mitre.oauth2.model.ClientDetailsEntity#setAuthorities(java.util.Set) + */ + public void setAuthorities(Set authorities) { + client.setAuthorities(authorities); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getAccessTokenValiditySeconds() + */ + public Integer getAccessTokenValiditySeconds() { + return client.getAccessTokenValiditySeconds(); + } + /** + * @param accessTokenValiditySeconds + * @see org.mitre.oauth2.model.ClientDetailsEntity#setAccessTokenValiditySeconds(java.lang.Integer) + */ + public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) { + client.setAccessTokenValiditySeconds(accessTokenValiditySeconds); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getRefreshTokenValiditySeconds() + */ + public Integer getRefreshTokenValiditySeconds() { + return client.getRefreshTokenValiditySeconds(); + } + /** + * @param refreshTokenValiditySeconds + * @see org.mitre.oauth2.model.ClientDetailsEntity#setRefreshTokenValiditySeconds(java.lang.Integer) + */ + public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) { + client.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getRedirectUris() + */ + public Set getRedirectUris() { + return client.getRedirectUris(); + } + /** + * @param redirectUris + * @see org.mitre.oauth2.model.ClientDetailsEntity#setRedirectUris(java.util.Set) + */ + public void setRedirectUris(Set redirectUris) { + client.setRedirectUris(redirectUris); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getRegisteredRedirectUri() + */ + public Set getRegisteredRedirectUri() { + return client.getRegisteredRedirectUri(); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getResourceIds() + */ + public Set getResourceIds() { + return client.getResourceIds(); + } + /** + * @param resourceIds + * @see org.mitre.oauth2.model.ClientDetailsEntity#setResourceIds(java.util.Set) + */ + public void setResourceIds(Set resourceIds) { + client.setResourceIds(resourceIds); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getAdditionalInformation() + */ + public Map getAdditionalInformation() { + return client.getAdditionalInformation(); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getApplicationType() + */ + public AppType getApplicationType() { + return client.getApplicationType(); + } + /** + * @param applicationType + * @see org.mitre.oauth2.model.ClientDetailsEntity#setApplicationType(org.mitre.oauth2.model.ClientDetailsEntity.AppType) + */ + public void setApplicationType(AppType applicationType) { + client.setApplicationType(applicationType); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientName() + */ + public String getClientName() { + return client.getClientName(); + } + /** + * @param clientName + * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientName(java.lang.String) + */ + public void setClientName(String clientName) { + client.setClientName(clientName); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthMethod() + */ + public AuthMethod getTokenEndpointAuthMethod() { + return client.getTokenEndpointAuthMethod(); + } + /** + * @param tokenEndpointAuthMethod + * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthMethod(org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod) + */ + public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) { + client.setTokenEndpointAuthMethod(tokenEndpointAuthMethod); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getSubjectType() + */ + public SubjectType getSubjectType() { + return client.getSubjectType(); + } + /** + * @param subjectType + * @see org.mitre.oauth2.model.ClientDetailsEntity#setSubjectType(org.mitre.oauth2.model.ClientDetailsEntity.SubjectType) + */ + public void setSubjectType(SubjectType subjectType) { + client.setSubjectType(subjectType); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getContacts() + */ + public Set getContacts() { + return client.getContacts(); + } + /** + * @param contacts + * @see org.mitre.oauth2.model.ClientDetailsEntity#setContacts(java.util.Set) + */ + public void setContacts(Set contacts) { + client.setContacts(contacts); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getLogoUri() + */ + public String getLogoUri() { + return client.getLogoUri(); + } + /** + * @param logoUri + * @see org.mitre.oauth2.model.ClientDetailsEntity#setLogoUri(java.lang.String) + */ + public void setLogoUri(String logoUri) { + client.setLogoUri(logoUri); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getPolicyUri() + */ + public String getPolicyUri() { + return client.getPolicyUri(); + } + /** + * @param policyUri + * @see org.mitre.oauth2.model.ClientDetailsEntity#setPolicyUri(java.lang.String) + */ + public void setPolicyUri(String policyUri) { + client.setPolicyUri(policyUri); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getClientUri() + */ + public String getClientUri() { + return client.getClientUri(); + } + /** + * @param clientUri + * @see org.mitre.oauth2.model.ClientDetailsEntity#setClientUri(java.lang.String) + */ + public void setClientUri(String clientUri) { + client.setClientUri(clientUri); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getTosUri() + */ + public String getTosUri() { + return client.getTosUri(); + } + /** + * @param tosUri + * @see org.mitre.oauth2.model.ClientDetailsEntity#setTosUri(java.lang.String) + */ + public void setTosUri(String tosUri) { + client.setTosUri(tosUri); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getJwksUri() + */ + public String getJwksUri() { + return client.getJwksUri(); + } + /** + * @param jwksUri + * @see org.mitre.oauth2.model.ClientDetailsEntity#setJwksUri(java.lang.String) + */ + public void setJwksUri(String jwksUri) { + client.setJwksUri(jwksUri); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getSectorIdentifierUri() + */ + public String getSectorIdentifierUri() { + return client.getSectorIdentifierUri(); + } + /** + * @param sectorIdentifierUri + * @see org.mitre.oauth2.model.ClientDetailsEntity#setSectorIdentifierUri(java.lang.String) + */ + public void setSectorIdentifierUri(String sectorIdentifierUri) { + client.setSectorIdentifierUri(sectorIdentifierUri); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg() + */ + public JWSAlgorithmEmbed getRequestObjectSigningAlg() { + return client.getRequestObjectSigningAlg(); + } + /** + * @param requestObjectSigningAlg + * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlg(org.mitre.jose.JWSAlgorithmEmbed) + */ + public void setRequestObjectSigningAlg(JWSAlgorithmEmbed requestObjectSigningAlg) { + client.setRequestObjectSigningAlg(requestObjectSigningAlg); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlg() + */ + public JWSAlgorithmEmbed getUserInfoSignedResponseAlg() { + return client.getUserInfoSignedResponseAlg(); + } + /** + * @param userInfoSignedResponseAlg + * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlg(org.mitre.jose.JWSAlgorithmEmbed) + */ + public void setUserInfoSignedResponseAlg(JWSAlgorithmEmbed userInfoSignedResponseAlg) { + client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlg() + */ + public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlg() { + return client.getUserInfoEncryptedResponseAlg(); + } + /** + * @param userInfoEncryptedResponseAlg + * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlg(org.mitre.jose.JWEAlgorithmEmbed) + */ + public void setUserInfoEncryptedResponseAlg(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) { + client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEnc() + */ + public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEnc() { + return client.getUserInfoEncryptedResponseEnc(); + } + /** + * @param userInfoEncryptedResponseEnc + * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEnc(org.mitre.jose.JWEEncryptionMethodEmbed) + */ + public void setUserInfoEncryptedResponseEnc(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) { + client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlg() + */ + public JWSAlgorithmEmbed getIdTokenSignedResponseAlg() { + return client.getIdTokenSignedResponseAlg(); + } + /** + * @param idTokenSignedResponseAlg + * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlg(org.mitre.jose.JWSAlgorithmEmbed) + */ + public void setIdTokenSignedResponseAlg(JWSAlgorithmEmbed idTokenSignedResponseAlg) { + client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlg() + */ + public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlg() { + return client.getIdTokenEncryptedResponseAlg(); + } + /** + * @param idTokenEncryptedResponseAlg + * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlg(org.mitre.jose.JWEAlgorithmEmbed) + */ + public void setIdTokenEncryptedResponseAlg(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) { + client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEnc() + */ + public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEnc() { + return client.getIdTokenEncryptedResponseEnc(); + } + /** + * @param idTokenEncryptedResponseEnc + * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEnc(org.mitre.jose.JWEEncryptionMethodEmbed) + */ + public void setIdTokenEncryptedResponseEnc(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) { + client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultMaxAge() + */ + public Integer getDefaultMaxAge() { + return client.getDefaultMaxAge(); + } + /** + * @param defaultMaxAge + * @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultMaxAge(java.lang.Integer) + */ + public void setDefaultMaxAge(Integer defaultMaxAge) { + client.setDefaultMaxAge(defaultMaxAge); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequireAuthTime() + */ + public Boolean getRequireAuthTime() { + return client.getRequireAuthTime(); + } + /** + * @param requireAuthTime + * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequireAuthTime(java.lang.Boolean) + */ + public void setRequireAuthTime(Boolean requireAuthTime) { + client.setRequireAuthTime(requireAuthTime); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getResponseTypes() + */ + public Set getResponseTypes() { + return client.getResponseTypes(); + } + /** + * @param responseTypes + * @see org.mitre.oauth2.model.ClientDetailsEntity#setResponseTypes(java.util.Set) + */ + public void setResponseTypes(Set responseTypes) { + client.setResponseTypes(responseTypes); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getDefaultACRvalues() + */ + public Set getDefaultACRvalues() { + return client.getDefaultACRvalues(); + } + /** + * @param defaultACRvalues + * @see org.mitre.oauth2.model.ClientDetailsEntity#setDefaultACRvalues(java.util.Set) + */ + public void setDefaultACRvalues(Set defaultACRvalues) { + client.setDefaultACRvalues(defaultACRvalues); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getInitiateLoginUri() + */ + public String getInitiateLoginUri() { + return client.getInitiateLoginUri(); + } + /** + * @param initiateLoginUri + * @see org.mitre.oauth2.model.ClientDetailsEntity#setInitiateLoginUri(java.lang.String) + */ + public void setInitiateLoginUri(String initiateLoginUri) { + client.setInitiateLoginUri(initiateLoginUri); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUri() + */ + public String getPostLogoutRedirectUri() { + return client.getPostLogoutRedirectUri(); + } + /** + * @param postLogoutRedirectUri + * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUri(java.lang.String) + */ + public void setPostLogoutRedirectUri(String postLogoutRedirectUri) { + client.setPostLogoutRedirectUri(postLogoutRedirectUri); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestUris() + */ + public Set getRequestUris() { + return client.getRequestUris(); + } + /** + * @param requestUris + * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestUris(java.util.Set) + */ + public void setRequestUris(Set requestUris) { + client.setRequestUris(requestUris); + } + /** + * @return + * @see org.mitre.oauth2.model.ClientDetailsEntity#getCreatedAt() + */ + public Date getCreatedAt() { + return client.getCreatedAt(); + } + /** + * @param createdAt + * @see org.mitre.oauth2.model.ClientDetailsEntity#setCreatedAt(java.util.Date) + */ + public void setCreatedAt(Date createdAt) { + client.setCreatedAt(createdAt); + } + /** + * @return the registrationAccessToken + */ + public String getRegistrationAccessToken() { + return registrationAccessToken; + } + /** + * @param registrationAccessToken the registrationAccessToken to set + */ + public void setRegistrationAccessToken(String registrationAccessToken) { + this.registrationAccessToken = registrationAccessToken; + } + /** + * @return the registrationClientUri + */ + public String getRegistrationClientUri() { + return registrationClientUri; + } + /** + * @param registrationClientUri the registrationClientUri to set + */ + public void setRegistrationClientUri(String registrationClientUri) { + this.registrationClientUri = registrationClientUri; + } + /** + * @return the expiresAt + */ + public Date getExpiresAt() { + return expiresAt; + } + /** + * @param expiresAt the expiresAt to set + */ + public void setExpiresAt(Date expiresAt) { + this.expiresAt = expiresAt; + } + /** + * @return the issuedAt + */ + public Date getIssuedAt() { + return issuedAt; + } + /** + * @param issuedAt the issuedAt to set + */ + public void setIssuedAt(Date issuedAt) { + this.issuedAt = issuedAt; + } + + + +} diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java index 7ae8e62cd..3e780fa67 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java @@ -19,6 +19,7 @@ */ package org.mitre.openid.connect; +import java.util.Date; import java.util.Set; import org.mitre.jose.JWEAlgorithmEmbed; @@ -29,6 +30,7 @@ import org.mitre.oauth2.model.ClientDetailsEntity.AppType; import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; +import org.mitre.oauth2.model.RegisteredClient; import com.google.common.base.Joiner; import com.google.common.base.Splitter; @@ -139,6 +141,36 @@ public class ClientDetailsEntityJsonProcessor { } } + /** + * Parse the JSON as a RegisteredClient (useful in the dynamic client filter) + */ + public static RegisteredClient parseRegistered(String jsonString) { + + + JsonElement jsonEl = parser.parse(jsonString); + if (jsonEl.isJsonObject()) { + + JsonObject o = jsonEl.getAsJsonObject(); + ClientDetailsEntity c = parse(jsonString); + + RegisteredClient rc = new RegisteredClient(c); + // get any fields from the registration + rc.setRegistrationAccessToken(getAsString(o, "registration_access_token")); + rc.setRegistrationClientUri(getAsString(o, "registration_client_uri")); + rc.setIssuedAt(getAsDate(o, "issued_at")); + rc.setExpiresAt(getAsDate(o, "expires_at")); + + return rc; + } else { + return null; + } + } + + /** + * Translate a set of strings to a JSON array + * @param value + * @return + */ public static JsonElement getAsArray(Set value) { return gson.toJsonTree(value, new TypeToken>(){}.getType()); } @@ -149,7 +181,7 @@ public class ClientDetailsEntityJsonProcessor { * @param registrationUri * @return */ - public static JsonObject serialize(ClientDetailsEntity c, OAuth2AccessTokenEntity token, String registrationUri) { + public static JsonObject serialize(RegisteredClient c) { JsonObject o = new JsonObject(); o.addProperty("client_id", c.getClientId()); @@ -158,15 +190,17 @@ public class ClientDetailsEntityJsonProcessor { o.addProperty("expires_at", 0); // TODO: do we want to let secrets expire? } - if (c.getCreatedAt() != null) { - o.addProperty("issued_at", c.getCreatedAt().getTime()); + if (c.getIssuedAt() != null) { + o.addProperty("issued_at", c.getIssuedAt().getTime() / 1000L); + } else if (c.getCreatedAt() != null) { + o.addProperty("issued_at", c.getCreatedAt().getTime() / 1000L); } - if (token != null) { - o.addProperty("registration_access_token", token.getValue()); + if (c.getRegistrationAccessToken() != null) { + o.addProperty("registration_access_token", c.getRegistrationAccessToken()); } - if (registrationUri != null) { - o.addProperty("registration_client_uri", registrationUri); + if (c.getRegistrationClientUri() != null) { + o.addProperty("registration_client_uri", c.getRegistrationClientUri()); } @@ -257,6 +291,22 @@ public class ClientDetailsEntityJsonProcessor { } } + /** + * Gets the value of the given member (expressed as integer seconds since epoch) as a Date + */ + public static Date getAsDate(JsonObject o, String member) { + if (o.has(member)) { + JsonElement e = o.get(member); + if (e != null && e.isJsonPrimitive()) { + return new Date(e.getAsInt() * 1000L); + } else { + return null; + } + } else { + return null; + } + } + /** * Gets the value of the given given member as a set of strings, null if it doesn't exist */ @@ -267,5 +317,7 @@ public class ClientDetailsEntityJsonProcessor { return null; } } + + } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java index 62a8b89d9..61975af36 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java @@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; @@ -59,15 +60,16 @@ public class ClientInformationResponseView extends AbstractView { response.setContentType("application/json"); - ClientDetailsEntity c = (ClientDetailsEntity) model.get("client"); - OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) model.get("token"); + RegisteredClient c = (RegisteredClient) model.get("client"); + //OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) model.get("token"); + //String uri = (String)model.get("uri"); //request.getRequestURL() + "/" + c.getClientId(); + HttpStatus code = (HttpStatus) model.get("code"); if (code == null) { code = HttpStatus.OK; } - String uri = (String)model.get("uri"); //request.getRequestURL() + "/" + c.getClientId(); - JsonObject o = ClientDetailsEntityJsonProcessor.serialize(c, token, uri); + JsonObject o = ClientDetailsEntityJsonProcessor.serialize(c); try { Writer out = response.getWriter(); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index a50e506b7..e5a6d77ea 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -25,6 +25,7 @@ import org.apache.http.client.utils.URLEncodedUtils; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; +import org.mitre.oauth2.model.RegisteredClient; import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; @@ -151,11 +152,14 @@ public class ClientDynamicRegistrationEndpoint { OAuth2AccessTokenEntity token = createRegistrationAccessToken(savedClient); // send it all out to the view - m.addAttribute("client", savedClient); - m.addAttribute("code", HttpStatus.CREATED); // http 201 - m.addAttribute("token", token); + // TODO: urlencode the client id for safety? - m.addAttribute("uri", config.getIssuer() + "register/" + savedClient.getClientId()); + RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + savedClient.getClientId()); + + m.addAttribute("client", registered); + m.addAttribute("code", HttpStatus.CREATED); // http 201 + //m.addAttribute("token", token); + //m.addAttribute("uri", config.getIssuer() + "register/" + savedClient.getClientId()); return "clientInformationResponseView"; } else { @@ -188,12 +192,15 @@ public class ClientDynamicRegistrationEndpoint { OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); - // send it all out to the view - m.addAttribute("client", client); - m.addAttribute("code", HttpStatus.OK); // http 200 - m.addAttribute("token", token); // TODO: urlencode the client id for safety? - m.addAttribute("uri", config.getIssuer() + "register/" + client.getClientId()); + RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" + client.getClientId()); + + // send it all out to the view + m.addAttribute("client", registered); + m.addAttribute("code", HttpStatus.OK); // http 200 + //m.addAttribute("token", token); + // TODO: urlencode the client id for safety? + //m.addAttribute("uri", config.getIssuer() + "register/" + client.getClientId()); return "clientInformationResponseView"; } else { @@ -261,12 +268,15 @@ public class ClientDynamicRegistrationEndpoint { OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); - // send it all out to the view - m.addAttribute("client", savedClient); - m.addAttribute("code", HttpStatus.OK); // http 200 - m.addAttribute("token", token); // TODO: urlencode the client id for safety? - m.addAttribute("uri", config.getIssuer() + "register/" + savedClient.getClientId()); + RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + savedClient.getClientId()); + + // send it all out to the view + m.addAttribute("client", registered); + m.addAttribute("code", HttpStatus.OK); // http 200 + //m.addAttribute("token", token); + // TODO: urlencode the client id for safety? + //m.addAttribute("uri", config.getIssuer() + "register/" + savedClient.getClientId()); return "clientInformationResponseView"; } else { @@ -300,12 +310,15 @@ public class ClientDynamicRegistrationEndpoint { OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); + // TODO: urlencode the client id for safety? + RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" + client.getClientId()); + // send it all out to the view m.addAttribute("client", client); m.addAttribute("code", HttpStatus.OK); // http 200 - m.addAttribute("token", token); + //m.addAttribute("token", token); // TODO: urlencode the client id for safety? - m.addAttribute("uri", config.getIssuer() + "register/" + client.getClientId()); + //m.addAttribute("uri", config.getIssuer() + "register/" + client.getClientId()); return "clientInformationResponseView"; } else {