github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix NPE when checking claim extension, Simplify always true expressions

pull/1046/merge
Leonard Brünings 2016-03-21 18:17:10 +01:00 committed by Justin Richer
parent 8f81278332
commit 8e71107f9b
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java
View File

@ -17,7 +17,8 @@
package org.mitre.openid.connect.request; package org.mitre.openid.connect.request;
import static org.mitre.openid.connect.request.ConnectRequestParameters.*; import static org.mitre.openid.connect.request.ConnectRequestParameters.AUD;
import static org.mitre.openid.connect.request.ConnectRequestParameters.CLAIMS;
import static org.mitre.openid.connect.request.ConnectRequestParameters.CLIENT_ID; import static org.mitre.openid.connect.request.ConnectRequestParameters.CLIENT_ID;
import static org.mitre.openid.connect.request.ConnectRequestParameters.DISPLAY; import static org.mitre.openid.connect.request.ConnectRequestParameters.DISPLAY;
import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT; import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT;
@ -30,6 +31,7 @@ import static org.mitre.openid.connect.request.ConnectRequestParameters.RESPONSE
import static org.mitre.openid.connect.request.ConnectRequestParameters.SCOPE; import static org.mitre.openid.connect.request.ConnectRequestParameters.SCOPE;
import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE; import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE;
import java.io.Serializable;
import java.text.ParseException; import java.text.ParseException;
import java.util.Collections; import java.util.Collections;
import java.util.Map; import java.util.Map;
@ -88,9 +90,8 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
/** /**
* Constructor with arguments * Constructor with arguments
* *
* @param clientDetailsService * @param clientDetailsService
* @param nonceService
*/ */
@Autowired @Autowired
public ConnectOAuth2RequestFactory(ClientDetailsEntityService clientDetailsService) { public ConnectOAuth2RequestFactory(ClientDetailsEntityService clientDetailsService) {
@ -137,7 +138,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
request.getExtensions().put(AUD, inputParams.get(AUD)); request.getExtensions().put(AUD, inputParams.get(AUD));
} }
if (inputParams.containsKey(REQUEST)) { if (inputParams.containsKey(REQUEST)) {
request.getExtensions().put(REQUEST, inputParams.get(REQUEST)); request.getExtensions().put(REQUEST, inputParams.get(REQUEST));
processRequestObject(inputParams.get(REQUEST), request); processRequestObject(inputParams.get(REQUEST), request);
@ -164,9 +165,10 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
} }
/** /**
* @param inputParams *
* @return * @param jwtString
*/ * @param request
*/
private void processRequestObject(String jwtString, AuthorizationRequest request) { private void processRequestObject(String jwtString, AuthorizationRequest request) {
// parse the request object // parse the request object
@ -267,7 +269,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
JWTClaimsSet claims = jwt.getJWTClaimsSet(); JWTClaimsSet claims = jwt.getJWTClaimsSet();
Set<String> responseTypes = OAuth2Utils.parseParameterList(claims.getStringClaim(RESPONSE_TYPE)); Set<String> responseTypes = OAuth2Utils.parseParameterList(claims.getStringClaim(RESPONSE_TYPE));
if (responseTypes != null && !responseTypes.isEmpty()) { if (!responseTypes.isEmpty()) {
if (!responseTypes.equals(request.getResponseTypes())) { if (!responseTypes.equals(request.getResponseTypes())) {
logger.info("Mismatch between request object and regular parameter for response_type, using request object"); logger.info("Mismatch between request object and regular parameter for response_type, using request object");
} }
@ -315,7 +317,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
} }
Set<String> scope = OAuth2Utils.parseParameterList(claims.getStringClaim(SCOPE)); Set<String> scope = OAuth2Utils.parseParameterList(claims.getStringClaim(SCOPE));
if (scope != null && !scope.isEmpty()) { if (!scope.isEmpty()) {
if (!scope.equals(request.getScope())) { if (!scope.equals(request.getScope())) {
logger.info("Mismatch between request object and regular parameter for scope, using request object"); logger.info("Mismatch between request object and regular parameter for scope, using request object");
} }
@ -324,7 +326,8 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
JsonObject claimRequest = parseClaimRequest(claims.getStringClaim(CLAIMS)); JsonObject claimRequest = parseClaimRequest(claims.getStringClaim(CLAIMS));
if (claimRequest != null) { if (claimRequest != null) {
if (!claimRequest.equals(parseClaimRequest(request.getExtensions().get(CLAIMS).toString()))) { Serializable claimExtension = request.getExtensions().get(CLAIMS);
if (claimExtension == null || !claimRequest.equals(parseClaimRequest(claimExtension.toString()))) {
logger.info("Mismatch between request object and regular parameter for claims, using request object"); logger.info("Mismatch between request object and regular parameter for claims, using request object");
} }
// we save the string because the object might not be a Java Serializable, and we can parse it easily enough anyway // we save the string because the object might not be a Java Serializable, and we can parse it easily enough anyway