From 9ba1a78d09eec4fd6b142276118b39170c450cb4 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 27 May 2015 19:33:05 -0400 Subject: [PATCH] removed binary objects from data API importers, removed binary object JSON utility entirely --- .../main/java/org/mitre/util/JsonUtils.java | 29 +------ .../service/impl/MITREidDataService_1_0.java | 73 ++++++++++++++--- .../service/impl/MITREidDataService_1_1.java | 81 ++++++++++++++++--- .../service/impl/MITREidDataService_1_2.java | 14 ++-- 4 files changed, 145 insertions(+), 52 deletions(-) diff --git a/openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java b/openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java index 4c0079848..3cb008928 100644 --- a/openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java +++ b/openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java @@ -19,12 +19,7 @@ */ package org.mitre.util; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.io.Serializable; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -38,7 +33,6 @@ import org.slf4j.LoggerFactory; import com.google.common.collect.Lists; import com.google.common.collect.Sets; -import com.google.common.io.BaseEncoding; import com.google.gson.Gson; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -253,25 +247,6 @@ public class JsonUtils { } } - public static T base64UrlDecodeObject(String encoded, Class type) { - if (encoded == null) { - return null; - } else { - T deserialized = null; - try { - byte[] decoded = BaseEncoding.base64Url().decode(encoded); - ByteArrayInputStream bais = new ByteArrayInputStream(decoded); - ObjectInputStream ois = new ObjectInputStream(bais); - deserialized = type.cast(ois.readObject()); - ois.close(); - bais.close(); - } catch (Exception ex) { - logger.error("Unable to decode object", ex); - } - return deserialized; - } - } - public static Map readMap(JsonReader reader) throws IOException { Map map = new HashMap(); reader.beginObject(); @@ -288,6 +263,10 @@ public class JsonUtils { case NUMBER: value = reader.nextLong(); break; + default: + logger.debug("Found unexpected entry"); + reader.skipValue(); + continue; } map.put(name, value); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java index b8704c12d..2134a7ec6 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java @@ -33,6 +33,7 @@ import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; +import org.mitre.oauth2.model.SavedUserAuthentication; import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.oauth2.repository.OAuth2ClientRepository; @@ -63,7 +64,6 @@ import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWSAlgorithm; -import static org.mitre.util.JsonUtils.base64UrlDecodeObject; import static org.mitre.util.JsonUtils.readMap; import static org.mitre.util.JsonUtils.readSet; /** @@ -147,7 +147,10 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements // the object ended, we're done here reader.endObject(); continue; - } + default: + logger.debug("Found unexpected entry"); + reader.skipValue(); + continue; } } fixObjectReferences(); } @@ -335,15 +338,17 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements continue; case NAME: String subName = reader.nextName(); - if (subName.equals("clientAuthorization")) { + if (reader.peek() == JsonToken.NULL) { + reader.skipValue(); + } else if (subName.equals("clientAuthorization")) { clientAuthorization = readAuthorizationRequest(reader); } else if (subName.equals("userAuthentication")) { - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else { - String authString = reader.nextString(); - userAuthentication = base64UrlDecodeObject(authString, Authentication.class); - } + // skip binary encoded version + reader.skipValue(); + + } else if (subName.equals("savedUserAuthentication")) { + userAuthentication = readSavedUserAuthentication(reader); + } else { logger.debug("Found unexpected entry"); reader.skipValue(); @@ -437,6 +442,56 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements reader.endObject(); return new OAuth2Request(authorizationParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, null); } + + /** + * @param reader + * @return + * @throws IOException + */ + private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException { + SavedUserAuthentication savedUserAuth = new SavedUserAuthentication(); + reader.beginObject(); + + while (reader.hasNext()) { + switch(reader.peek()) { + case END_OBJECT: + continue; + case NAME: + String name = reader.nextName(); + if (reader.peek() == JsonToken.NULL) { + reader.skipValue(); + } else if (name.equals("name")) { + savedUserAuth.setName(reader.nextString()); + } else if (name.equals("sourceClass")) { + savedUserAuth.setSourceClass(reader.nextString()); + } else if (name.equals("authenticated")) { + savedUserAuth.setAuthenticated(reader.nextBoolean()); + } else if (name.equals("authorities")) { + Set authorityStrs = readSet(reader); + Set authorities = new HashSet(); + for (String s : authorityStrs) { + GrantedAuthority ga = new SimpleGrantedAuthority(s); + authorities.add(ga); + } + savedUserAuth.setAuthorities(authorities); + } else { + logger.debug("Found unexpected entry"); + reader.skipValue(); + } + break; + default: + logger.debug("Found unexpected entry"); + reader.skipValue(); + continue; + } + } + + reader.endObject(); + return savedUserAuth; + } + + + Map grantOldToNewIdMap = new HashMap(); Map grantToWhitelistedSiteRefs = new HashMap(); Map> grantToAccessTokensRefs = new HashMap>(); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java index 414b70a42..709c827e5 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java @@ -35,6 +35,7 @@ import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; +import org.mitre.oauth2.model.SavedUserAuthentication; import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.oauth2.repository.OAuth2ClientRepository; @@ -65,7 +66,6 @@ import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWSAlgorithm; -import static org.mitre.util.JsonUtils.base64UrlDecodeObject; import static org.mitre.util.JsonUtils.readMap; import static org.mitre.util.JsonUtils.readSet; @@ -149,6 +149,10 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements // the object ended, we're done here reader.endObject(); continue; + default: + logger.debug("Found unexpected entry"); + reader.skipValue(); + continue; } } fixObjectReferences(); @@ -337,15 +341,17 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements continue; case NAME: String subName = reader.nextName(); - if (subName.equals("clientAuthorization")) { + if (reader.peek() == JsonToken.NULL) { + reader.skipValue(); // skip null values + } else if (subName.equals("clientAuthorization")) { clientAuthorization = readAuthorizationRequest(reader); } else if (subName.equals("userAuthentication")) { - if (reader.peek() == JsonToken.NULL) { - reader.skipValue(); - } else { - String authString = reader.nextString(); - userAuthentication = base64UrlDecodeObject(authString, Authentication.class); - } + // skip binary encoded version + reader.skipValue(); + + } else if (subName.equals("savedUserAuthentication")) { + userAuthentication = readSavedUserAuthentication(reader); + } else { logger.debug("Found unexpected entry"); reader.skipValue(); @@ -426,12 +432,12 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements } else if (name.equals("responseTypes")) { responseTypes = readSet(reader); } else if (name.equals("extensions")) { + // skip the binary encoded version + reader.skipValue(); + } else if (name.equals("extensionStrings")) { Map extEnc = readMap(reader); for (Entry entry : extEnc.entrySet()) { - Serializable decoded = base64UrlDecodeObject(entry.getValue(), Serializable.class); - if (decoded != null) { - extensions.put(entry.getKey(), decoded); - } + extensions.put(entry.getKey(), entry.getValue()); } } else { reader.skipValue(); @@ -446,6 +452,57 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements reader.endObject(); return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions); } + + /** + * @param reader + * @return + * @throws IOException + */ + private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException { + SavedUserAuthentication savedUserAuth = new SavedUserAuthentication(); + reader.beginObject(); + + while (reader.hasNext()) { + switch(reader.peek()) { + case END_OBJECT: + continue; + case NAME: + String name = reader.nextName(); + if (reader.peek() == JsonToken.NULL) { + reader.skipValue(); + } else if (name.equals("name")) { + savedUserAuth.setName(reader.nextString()); + } else if (name.equals("sourceClass")) { + savedUserAuth.setSourceClass(reader.nextString()); + } else if (name.equals("authenticated")) { + savedUserAuth.setAuthenticated(reader.nextBoolean()); + } else if (name.equals("authorities")) { + Set authorityStrs = readSet(reader); + Set authorities = new HashSet(); + for (String s : authorityStrs) { + GrantedAuthority ga = new SimpleGrantedAuthority(s); + authorities.add(ga); + } + savedUserAuth.setAuthorities(authorities); + } else { + logger.debug("Found unexpected entry"); + reader.skipValue(); + } + break; + default: + logger.debug("Found unexpected entry"); + reader.skipValue(); + continue; + } + } + + reader.endObject(); + return savedUserAuth; + } + + + + Map grantOldToNewIdMap = new HashMap(); Map grantToWhitelistedSiteRefs = new HashMap(); Map> grantToAccessTokensRefs = new HashMap>(); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java index e8b25e949..f97efc247 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java @@ -19,11 +19,9 @@ package org.mitre.openid.connect.service.impl; import java.io.IOException; import java.io.Serializable; import java.text.ParseException; -import java.util.Collection; import java.util.Date; import java.util.HashMap; import java.util.HashSet; -import java.util.LinkedHashSet; import java.util.Map; import java.util.Map.Entry; import java.util.Set; @@ -51,11 +49,8 @@ import org.mitre.openid.connect.service.MITREidDataService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.stereotype.Service; import com.google.gson.stream.JsonReader; @@ -65,7 +60,6 @@ import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWSAlgorithm; -import static org.mitre.util.JsonUtils.base64UrlDecodeObject; import static org.mitre.util.JsonUtils.readMap; import static org.mitre.util.JsonUtils.readSet; import static org.mitre.util.JsonUtils.writeNullSafeArray; @@ -508,6 +502,10 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements // the object ended, we're done here reader.endObject(); continue; + default: + logger.debug("Found unexpected entry"); + reader.skipValue(); + continue; } } fixObjectReferences(); @@ -765,6 +763,10 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements reader.skipValue(); } break; + default: + logger.debug("Found unexpected entry"); + reader.skipValue(); + continue; } }