From 914f2e4d938e3318341cb8e6d83b912cf486159c Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Tue, 10 Sep 2013 16:01:17 -0400
Subject: [PATCH] added new call to get the UserInfo in context with the
 requesting client to allow for pairwise identifiers.

temporary implementation of pairwise identifiers in place
---
 .../connect/service/UserInfoService.java      | 14 ++++++++++-
 .../service/impl/DefaultUserInfoService.java  | 25 ++++++++++++++++++-
 .../connect/token/ConnectTokenEnhancer.java   |  2 +-
 .../openid/connect/web/UserInfoEndpoint.java  |  4 +--
 4 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java
index 5644be198..ab2678bd5 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java
@@ -53,9 +53,21 @@ public interface UserInfoService {
 
 
 	/**
-	 * Get the UserInfo for the given preferredUsername field
+	 * Get the UserInfo for the given username (usually maps to the
+	 * preferredUsername field).
 	 * @param username
 	 * @return
 	 */
 	public UserInfo getByUsername(String username);
+	
+	/**
+	 * Get the UserInfo for the given username (usually maps to the
+	 * preferredUsername field) and clientId. This allows pairwise
+	 * client identifiers where appropriate. 
+	 * @param username
+	 * @param clientId
+	 * @return
+	 */
+	public UserInfo getByUsernameAndClientId(String username, String clientId);
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java
index 6abb078ab..419e001f8 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java
@@ -16,6 +16,8 @@
  ******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.repository.UserInfoRepository;
 import org.mitre.openid.connect.service.UserInfoService;
@@ -35,7 +37,9 @@ public class DefaultUserInfoService implements UserInfoService {
 	@Autowired
 	private UserInfoRepository userInfoRepository;
 	
-
+	@Autowired
+	private ClientDetailsEntityService clientService;
+	
 	@Override
 	public void save(UserInfo userInfo) {
 		userInfoRepository.save(userInfo);
@@ -56,4 +60,23 @@ public class DefaultUserInfoService implements UserInfoService {
 		return userInfoRepository.getByUsername(username);
 	}
 
+    @Override
+    public UserInfo getByUsernameAndClientId(String username, String clientId) {
+    	
+    	ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
+    	
+    	UserInfo userInfo = getByUsername(username);
+    	
+    	if (client == null || userInfo == null) {
+    		return null;
+    	}
+    	
+    	if (client.getSubjectType().equals(ClientDetailsEntity.SubjectType.PAIRWISE)) {
+    		userInfo.setSub(userInfo.getSub() + "@" + clientId);
+    	}
+    	
+    	return userInfo;
+    	
+    }
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
index 201ead619..e4cd0fec4 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
@@ -112,7 +112,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 			// TODO: maybe id tokens need a service layer
 
 			String username = authentication.getName();
-			UserInfo userInfo = userInfoService.getByUsername(username);
+			UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId);
 
 			OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity();
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
index 1ad0884d5..343140c5f 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@@ -16,8 +16,6 @@
  ******************************************************************************/
 package org.mitre.openid.connect.web;
 
-import java.security.Principal;
-
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.service.UserInfoService;
 import org.slf4j.Logger;
@@ -62,7 +60,7 @@ public class UserInfoEndpoint {
 		}
 
 		String username = auth.getName();
-		UserInfo userInfo = userInfoService.getByUsername(username);
+		UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, auth.getOAuth2Request().getClientId());
 
 		if (userInfo == null) {
 			logger.error("getInfo failed; user not found: " + username);