github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updated -common code to get a validation service from a server configuration

pull/105/merge
Mike Derryberry 2012-06-21 14:37:30 -04:00
parent b94fbd7439
commit b1fc07bcb8
17 changed files with 122 additions and 906 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java
View File

@ -20,15 +20,18 @@ import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
@ -43,16 +46,20 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.mitre.openid.connect.model.IdToken;
import org.mitre.jwk.model.Jwk;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.signer.AbstractJwtSigner;
import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.impl.HmacSigner;
import org.mitre.jwt.signer.impl.PlaintextSigner;
import org.mitre.jwt.signer.impl.RsaSigner;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.DynamicJwtSigningAndValidationService;
import org.mitre.key.fetch.KeyFetcher;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
@ -145,6 +152,9 @@ public class AbstractOIDCAuthenticationFilter extends
protected final static String FILTER_PROCESSES_URL = "/openid_connect_login";
private Map<OIDCServerConfiguration, JwtSigningAndValidationService> validationServices = new HashMap<OIDCServerConfiguration, JwtSigningAndValidationService>();
/**
* Builds the redirect_uri that will be sent to the Authorization Endpoint.
* By default returns the URL of the current request minus zero or more
@ -658,4 +668,77 @@ public class AbstractOIDCAuthenticationFilter extends
public void setScope(String scope) {
this.scope = scope;
}
protected JwtSigningAndValidationService getValidatorForServer(OIDCServerConfiguration serverConfig) throws CertificateException, NoSuchAlgorithmException, InvalidKeySpecException {
if(getValidationServices().containsKey(serverConfig)){
return validationServices.get(serverConfig);
} else {
HttpClient httpClient = new DefaultHttpClient();
HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(httpFactory);
KeyFetcher keyFetch = new KeyFetcher();
PublicKey signingKey = null;
String jsonString;
if(serverConfig.getX509SigningUrl() != null) {
try {
jsonString = restTemplate.getForObject(
serverConfig.getX509SigningUrl(), String.class);
} catch (HttpClientErrorException httpClientErrorException) {
throw new AuthenticationServiceException(
"Unable to obtain Access Token.");
}
signingKey = (PublicKey) keyFetch.retrieveX509Key(serverConfig);
} else {
try {
jsonString = restTemplate.getForObject(serverConfig.getX509SigningUrl(), String.class);
} catch (HttpClientErrorException httpClientErrorException) {
throw new AuthenticationServiceException("Unable to obtain Access Token.");
}
signingKey = (PublicKey) keyFetch.retrieveJwkKey(serverConfig);
}
DynamicJwtSigningAndValidationService signingAndValidationService = new DynamicJwtSigningAndValidationService(serverConfig.getX509SigningUrl(), serverConfig.getJwkSigningUrl(), serverConfig.getClientSecret());
JwtHeader header = Jwt.parse(jsonString).getHeader();
String alg = header.getAlgorithm();
JwtSigner signer = null;
if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
signer = new HmacSigner(alg, signingKey.toString());
} else if (alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")){
signer = new RsaSigner(alg, signingKey, null);
} else if (alg.equals("none")){
signer = new PlaintextSigner();
} else {
throw new IllegalArgumentException("Not an existing algorithm type");
}
validationServices.put(serverConfig, signingAndValidationService);
return signingAndValidationService;
}
}
public Map<OIDCServerConfiguration, JwtSigningAndValidationService> getValidationServices() {
return validationServices;
}
public void setValidationServices(
Map<OIDCServerConfiguration, JwtSigningAndValidationService> validationServices) {
this.validationServices = validationServices;
}
}

69
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCServerConfiguration.java
View File

@ -15,12 +15,6 @@
******************************************************************************/
package org.mitre.openid.connect.client;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import org.mitre.key.fetch.KeyFetcher;
/**
* @author nemonik
*
@ -44,12 +38,6 @@ public class OIDCServerConfiguration {
private String jwkEncryptUrl;
private String jwkSigningUrl;
// TODO: these keys should be settable through other means beyond discovery
private Key encryptKey;
private Key signingKey;
public String getAuthorizationEndpointURI() {
return authorizationEndpointURI;
@ -122,63 +110,6 @@ public class OIDCServerConfiguration {
public void setJwkSigningUrl(String jwkSigningUrl) {
this.jwkSigningUrl = jwkSigningUrl;
}
public Key getSigningKey(){
if(signingKey == null){
if(x509SigningUrl != null){
try {
signingKey = KeyFetcher.retrieveX509Key();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
else if (jwkSigningUrl != null){
try {
signingKey = KeyFetcher.retrieveJwkKey();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
return signingKey;
}
public Key getEncryptionKey(){
if(encryptKey == null){
if(x509EncryptUrl != null){
try {
encryptKey = KeyFetcher.retrieveX509Key();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
else if (jwkEncryptUrl != null){
try {
encryptKey = KeyFetcher.retrieveJwkKey();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
return encryptKey;
}
public void checkKeys(){
encryptKey = null;
signingKey = null;
getEncryptionKey();
getSigningKey();
}
@Override
public String toString() {

43
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCUserDetailService.java
View File

@ -1,43 +0,0 @@
package org.mitre.openid.connect.client;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import org.mitre.openid.connect.model.IdToken;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
// TODO: what is this class for?
public class OIDCUserDetailService implements UserDetailsService,
AuthenticationUserDetailsService<OpenIdConnectAuthenticationToken> {
public IdToken retrieveToken(URL url) throws IOException{
String str = new BufferedReader(new InputStreamReader(url.openStream())).toString();
IdToken idToken = IdToken.parse(str);
return idToken;
}
@Override
public UserDetails loadUserDetails(OpenIdConnectAuthenticationToken token)
throws UsernameNotFoundException {
// TODO Auto-generated method stub
return null;
}
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
// TODO Auto-generated method stub
return null;
}
}

39
openid-connect-client/src/main/java/org/mitre/openid/connect/client/UrlValidator.java
View File

@ -1,39 +0,0 @@
package org.mitre.openid.connect.client;
import org.springframework.validation.Errors;
import org.springframework.validation.ValidationUtils;
import org.springframework.validation.Validator;
// TODO: is this used anywhere?
public class UrlValidator implements Validator{
@Override
public boolean supports(Class clzz) {
return OIDCServerConfiguration.class.equals(clzz);
}
@Override
public void validate(Object obj, Errors e) {
ValidationUtils.rejectIfEmpty(e, "x509EncryptUrl", "x509EncryptUrl.empty");
}
// TODO this isn't called anywhere
public void validate1(Object obj, Errors e) {
ValidationUtils.rejectIfEmpty(e, "x509SigningUrl", "x509SigningUrl.empty");
}
// TODO this isn't called anywhere
public void validate2(Object obj, Errors e) {
ValidationUtils.rejectIfEmpty(e, "jwkEncryptUrl", "jwkEncryptUrl.empty");
}
// TODO this isn't called anywhere
public void validate3(Object obj, Errors e) {
ValidationUtils.rejectIfEmpty(e, "jwkSigningUrl", "jwkSigningUrl.empty");
}
}

148
openid-connect-client/src/test/java/org/mitre/openid/connect/client/OIDCServerConfigurationTest.java
View File

@ -1,148 +0,0 @@
package org.mitre.openid.connect.client;
import static org.junit.Assert.assertEquals;
import java.net.URL;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.key.fetch.KeyFetcher;
import org.mitre.util.Utility;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class OIDCServerConfigurationTest{
private URL jwkUrl = this.getClass().getResource("/jwk/jwk");
private URL x509Url = this.getClass().getResource("/x509/x509");
private URL jwkEncryptedUrl = this.getClass().getResource("/jwk/jwkEncrypted");
private URL x509EncryptedUrl = this.getClass().getResource("/x509/x509Encrypted");
private OIDCServerConfiguration oidc;
/**
* @throws java.lang.Exception
*/
@Before
public void setUp(){
oidc = new OIDCServerConfiguration();
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown(){
}
/**
* Test method for {@link org.mitre.util.Utility#retrieveJwk(java.lang.String)}.
* @throws Exception
*/
@Test
public void testGetSigningKeyBoth(){
oidc.setX509SigningUrl(x509Url.getPath());
oidc.setJwkSigningUrl(jwkUrl.getPath());
Key key = oidc.getSigningKey();
try {
assertEquals(key, KeyFetcher.retrieveX509Key());
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testGetSigningKeyJwk(){
oidc.setX509SigningUrl(null);
oidc.setJwkSigningUrl(jwkUrl.getPath());
Key key1 = oidc.getSigningKey();
try {
assertEquals(key1, KeyFetcher.retrieveJwkKey());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testGetSigningKeyX509(){
oidc.setX509SigningUrl(x509Url.getPath());
oidc.setJwkSigningUrl(null);
Key key2 = oidc.getSigningKey();
try {
assertEquals(key2, KeyFetcher.retrieveX509Key());
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testGetSigningKeyNone(){
oidc.setX509SigningUrl(null);
oidc.setJwkSigningUrl(null);
Key key3 = oidc.getSigningKey();
assertEquals(key3, null);
}
@Test
public void testGetEncryptionKeyBoth(){
oidc.setX509EncryptUrl(x509EncryptedUrl.getPath());
oidc.setJwkEncryptUrl(jwkEncryptedUrl.getPath());
Key key = oidc.getEncryptionKey();
try {
assertEquals(key, KeyFetcher.retrieveX509Key());
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testGetEncryptionKeyJwk(){
oidc.setX509EncryptUrl(null);
oidc.setJwkEncryptUrl(jwkEncryptedUrl.getPath());
Key key1 = oidc.getEncryptionKey();
try {
assertEquals(key1, KeyFetcher.retrieveJwkKey());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testGetEncryptionKeyX509(){
oidc.setX509EncryptUrl(x509EncryptedUrl.getPath());
oidc.setJwkEncryptUrl(null);
Key key2 = oidc.getEncryptionKey();
try {
assertEquals(key2, KeyFetcher.retrieveX509Key());
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@Test
public void testGetEncryptionKeyNone(){
oidc.setX509EncryptUrl(null);
oidc.setJwkEncryptUrl(null);
Key key3 = oidc.getEncryptionKey();
assertEquals(key3, null);
}
}

6
openid-connect-client/src/test/resources/test-context.xml
View File

@ -36,11 +36,5 @@
</map>
</property>
</bean>
<bean id="testKeystore" class="org.mitre.jwt.signer.service.impl.KeyStore">
<constructor-arg name="location" value="file:src/test/resources/keystore.jks" />
<constructor-arg name="password" value="changeit" />
</bean>
</beans>

3
openid-connect-common/src/main/java/org/mitre/jwk/model/Rsa.java
View File

@ -1,12 +1,9 @@
package org.mitre.jwk.model;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;

3
openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java
View File

@ -15,13 +15,10 @@
******************************************************************************/
package org.mitre.jwt.model;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
public class JwtHeader extends ClaimSet {

67
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DynamicJwtSigningAndValidationService.java
View File

@ -1,14 +1,8 @@
package org.mitre.jwt.signer.service.impl;
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@ -19,8 +13,6 @@ import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.impl.HmacSigner;
import org.mitre.jwt.signer.impl.PlaintextSigner;
import org.mitre.jwt.signer.impl.RsaSigner;
import org.mitre.key.fetch.KeyFetcher;
import org.mitre.util.Utility;
public class DynamicJwtSigningAndValidationService extends AbstractJwtSigningAndValidationService{
@ -31,8 +23,6 @@ public class DynamicJwtSigningAndValidationService extends AbstractJwtSigningAnd
private String clientSecret;
private Key signingKey;
private Map<String, PublicKey> map;
private PublicKey publicKey;
@ -44,43 +34,6 @@ public class DynamicJwtSigningAndValidationService extends AbstractJwtSigningAnd
setJwkSigningUrl(jwkSigningUrl);
setClientSecret(clientSecret);
}
public Key getSigningKey() {
if(signingKey == null){
if(x509SigningUrl != null){
File file = new File(x509SigningUrl);
URL url;
try {
url = file.toURI().toURL();
signingKey = KeyFetcher.retrieveX509Key();
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
else if (jwkSigningUrl != null){
File file = new File(jwkSigningUrl);
URL url;
try {
url = file.toURI().toURL();
signingKey = KeyFetcher.retrieveJwkKey();
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
return signingKey;
}
public String getSigningX509Url() {
return x509SigningUrl;
@ -105,6 +58,14 @@ public class DynamicJwtSigningAndValidationService extends AbstractJwtSigningAnd
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
public PublicKey getPublicKey() {
return publicKey;
}
public void setPublicKey(PublicKey publicKey) {
this.publicKey = publicKey;
}
@Override
public Map<String, PublicKey> getAllPublicKeys() {
@ -138,7 +99,7 @@ public class DynamicJwtSigningAndValidationService extends AbstractJwtSigningAnd
JwtSigner signer = getSigner(jwtString);
return signer.verify(jwtString);
}
catch(Exception e) {
catch(NoSuchAlgorithmException e) {
return false;
}
@ -150,17 +111,11 @@ public class DynamicJwtSigningAndValidationService extends AbstractJwtSigningAnd
JwtSigner signer = null;
if(alg.equals("HS256") || alg.equals("HS384") || alg.equals("HS512")){
signer = new HmacSigner(alg, clientSecret); // TODO: huh? no, we're not signing with the client secret
signer = new HmacSigner(alg, "");
} else if (alg.equals("RS256") || alg.equals("RS384") || alg.equals("RS512")){
PublicKey rsaSigningKey = null;
try {
rsaSigningKey = (PublicKey) getSigningKey();
} catch (Exception e) {
// FIXME this function call should not throw Exception
e.printStackTrace();
return null;
}
rsaSigningKey = (PublicKey) getSigners();
signer = new RsaSigner(alg, rsaSigningKey, null);
} else if (alg.equals("none")){
signer = new PlaintextSigner();

65
openid-connect-common/src/main/java/org/mitre/key/fetch/KeyFetcher.java
View File

@ -9,6 +9,7 @@ import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
@ -24,10 +25,7 @@ import org.mitre.openid.connect.client.OIDCServerConfiguration;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.ResponseExtractor;
import org.springframework.web.client.RestTemplate;
import com.google.gson.JsonArray;
@ -36,22 +34,19 @@ import com.google.gson.JsonParser;
public class KeyFetcher {
public static List<Jwk> retrieveJwk(){
OIDCServerConfiguration serverConfig = new OIDCServerConfiguration();
HttpClient httpClient = new DefaultHttpClient();
HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(httpFactory);
public List<Jwk> retrieveJwk(OIDCServerConfiguration serverConfig){
List<Jwk> keys = new ArrayList<Jwk>();
HttpClient httpClient = new DefaultHttpClient();
HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(httpFactory);
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
String jsonString = null;
try {
jsonString = restTemplate.postForObject(
serverConfig.getTokenEndpointURI(), form, String.class);
jsonString = restTemplate.getForObject(
serverConfig.getTokenEndpointURI(), String.class);
} catch (HttpClientErrorException httpClientErrorException) {
throw new AuthenticationServiceException(
@ -61,17 +56,15 @@ public class KeyFetcher {
JsonObject json = (JsonObject) new JsonParser().parse(jsonString);
JsonArray getArray = json.getAsJsonArray("jwk");
for(int i = 0; i < getArray.size(); i++){
for (int i = 0; i < getArray.size(); i++){
JsonObject object = getArray.get(i).getAsJsonObject();
String algorithm = object.get("alg").getAsString();
if(algorithm.equals("RSA")){
if (algorithm.equals("RSA")){
Rsa rsa = new Rsa(object);
keys.add(rsa);
}
else{
} else {
EC ec = new EC(object);
keys.add(ec);
}
@ -79,20 +72,13 @@ public class KeyFetcher {
return keys;
}
public static Key retrieveX509Key() throws CertificateException {
public Key retrieveX509Key(OIDCServerConfiguration serverConfig) throws CertificateException {
OIDCServerConfiguration serverConfig = new OIDCServerConfiguration();
HttpClient httpClient = new DefaultHttpClient();
HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(httpFactory);
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
InputStream jsonStream = null;
InputStream x509Stream = null;
try {
jsonStream = restTemplate.postForObject(
serverConfig.getTokenEndpointURI(), form, InputStream.class);
x509Stream = restTemplate.getForObject(
serverConfig.getTokenEndpointURI(), InputStream.class);
} catch (HttpClientErrorException httpClientErrorException) {
throw new AuthenticationServiceException(
@ -100,33 +86,26 @@ public class KeyFetcher {
}
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) factory.generateCertificate(jsonStream);
X509Certificate cert = (X509Certificate) factory.generateCertificate(x509Stream);
Key key = cert.getPublicKey();
return key;
}
public static Key retrieveJwkKey() throws NoSuchAlgorithmException, InvalidKeySpecException{
public Key retrieveJwkKey(OIDCServerConfiguration serverConfig) throws NoSuchAlgorithmException, InvalidKeySpecException{
OIDCServerConfiguration serverConfig = new OIDCServerConfiguration();
HttpClient httpClient = new DefaultHttpClient();
HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate = new RestTemplate(httpFactory);
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
String jsonString = null;
String jwkString = null;
try {
jsonString = restTemplate.postForObject(
serverConfig.getTokenEndpointURI(), form, String.class);
jwkString = restTemplate.getForObject(
serverConfig.getTokenEndpointURI(), String.class);
} catch (HttpClientErrorException httpClientErrorException) {
throw new AuthenticationServiceException(
"Unable to obtain Access Token.");
}
JsonObject json = (JsonObject) new JsonParser().parse(jsonString);
JsonObject json = (JsonObject) new JsonParser().parse(jwkString);
JsonArray getArray = json.getAsJsonArray("jwk");
JsonObject object = getArray.get(0).getAsJsonObject();
@ -137,7 +116,7 @@ public class KeyFetcher {
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
KeyFactory factory = KeyFactory.getInstance("RSA");
PublicKey pub = factory.generatePublic(spec);
RSAPublicKey pub = (RSAPublicKey) factory.generatePublic(spec);
return pub;
}

1
openid-connect-common/src/main/java/org/mitre/openid/connect/service/ClientUserDetailsService.java
View File

@ -18,7 +18,6 @@ package org.mitre.openid.connect.service;
import java.util.ArrayList;
import java.util.List;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;

26
openid-connect-common/src/main/java/org/mitre/util/Utility.java
View File

@ -15,34 +15,8 @@
******************************************************************************/
package org.mitre.util;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.mitre.jwk.model.AbstractJwk;
import org.mitre.jwk.model.EC;
import org.mitre.jwk.model.Jwk;
import org.mitre.jwk.model.Rsa;
import com.google.gson.JsonArray;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
/**
* A collection of utility methods.
*

73
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/HmacSignerTest.java
View File

@ -1,73 +0,0 @@
package org.mitre.jwt.signer.impl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import junit.framework.TestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
public class HmacSignerTest extends TestCase {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL hs256Url = this.getClass().getResource("/jwt/hs256");
URL hs384Url = this.getClass().getResource("/jwt/hs384");
URL hs512Url = this.getClass().getResource("/jwt/hs512");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
/**
* @throws java.lang.Exception
*/
@Before
public void setUp(URL url) throws Exception {
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() throws Exception {
}
@Test
public void testHmacSigner256() throws Exception {
setUp(hs256Url);
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
@Test
public void testHmacSigner384() throws Exception {
setUp(hs384Url);
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
@Test
public void testHmacSigner512() throws Exception {
setUp(hs512Url);
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
}

99
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/RsaSignerTest.java
View File

@ -1,99 +0,0 @@
package org.mitre.jwt.signer.impl;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import junit.framework.TestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.signer.JwsAlgorithm;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
public class RsaSignerTest extends TestCase {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL rs256Url = this.getClass().getResource("/jwt/rs256");
URL rs384Url = this.getClass().getResource("/jwt/rs384");
URL rs512Url = this.getClass().getResource("/jwt/rs512");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
KeyPairGenerator keyGen;
KeyPair keyPair;
PublicKey publicKey;
PrivateKey privateKey;
/**
* @throws java.lang.Exception
*/
@Before
public void setUp(URL url) throws Exception {
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() throws Exception {
}
@Test
public void testRsaSigner256() throws Exception {
setUp(rs256Url);
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS256.toString(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
@Test
public void testRsaSigner384() throws Exception{
setUp(rs384Url);
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS384.toString(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
@Test
public void testRsaSigner512() throws Exception{
setUp(rs512Url);
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS512.toString(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
}

14
openid-connect-common/src/test/java/org/mitre/jwt/signer/service/impl/DynamicJwtSigningAndValidationServiceTest.java
View File

@ -2,24 +2,16 @@ package org.mitre.jwt.signer.service.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.Key;
import junit.framework.TestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.signer.JwtSigner;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class DynamicJwtSigningAndValidationServiceTest {
@ -35,14 +27,14 @@ public class DynamicJwtSigningAndValidationServiceTest {
* @throws java.lang.Exception
*/
@Before
public void setUp() throws Exception {
public void setUp(){
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() throws Exception {
public void tearDown(){
}
/**
@ -50,7 +42,7 @@ public class DynamicJwtSigningAndValidationServiceTest {
* @throws Exception
*/
@Test
public void testGetSigner() throws Exception {
public void testGetSigner(){
//create key, sign it, for both x509 and jwk.
/* jsvs.setX509SigningUrl(x509Url.getPath());
x509Key = jsvs.getSigningKey();

70
openid-connect-common/src/test/java/org/mitre/key/fetch/KeyFetcherTest.java
View File

@ -1,70 +0,0 @@
package org.mitre.key.fetch;
import static org.junit.Assert.assertEquals;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.List;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.easymock.EasyMock;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwk.model.EC;
import org.mitre.jwk.model.Jwk;
import org.mitre.jwk.model.Rsa;
import org.mitre.openid.connect.client.OIDCServerConfiguration;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import static org.easymock.EasyMock.createNiceMock;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.expectLastCall;
import static org.easymock.EasyMock.replay;
import static org.easymock.EasyMock.verify;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class KeyFetcherTest {
private KeyFetcher keyFetch;
@Before
public void setUp(){
keyFetch = EasyMock.createMock(KeyFetcher.class);
}
@After
public void tearDown(){
}
@Test
public void retrieveJwkTest(){
//EasyMock.expect(keyFetch.retrieveJwk()).andReturn(Rsa(new JsonObject(object))).once();
}
@Test
public void retrieveX509Key(){
}
@Test
public void retriveJwkKey(){
}
}

213
openid-connect-common/src/test/java/org/mitre/util/UtilityTest.java
View File

@ -1,213 +0,0 @@
/**
*
*/
package org.mitre.util;
import static org.junit.Assert.assertEquals;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.net.URL;
import junit.framework.TestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwk.model.Jwk;
import org.mitre.jwk.model.Rsa;
import org.mitre.jwk.model.EC;
import org.mitre.key.fetch.KeyFetcher;
import org.mitre.util.Utility;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import org.apache.commons.codec.binary.*;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.jce.provider.JCEECPublicKey;
/**
* @author DERRYBERRY
*
*/
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class UtilityTest {
URL url = this.getClass().getResource("/jwk/jwkSuccess");
URL certUrl = this.getClass().getResource("/x509/x509Cert");
URL rsaUrl = this.getClass().getResource("/jwk/rsaOnly");
/**
* @throws java.lang.Exception
*/
@Before
public void setUp() throws Exception {
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() throws Exception {
}
/**
* Test method for {@link org.mitre.util.Utility#retrieveJwk(java.lang.String)}.
* @throws Exception
*/
@Test
public void testRetrieveJwk() throws Exception {
JsonParser parser = new JsonParser();
JsonObject json = parser.parse(new BufferedReader(new InputStreamReader(url.openStream()))).getAsJsonObject();
JsonArray getArray = json.getAsJsonArray("jwk");
List<Jwk> list = KeyFetcher.retrieveJwk();
for(int i = 0; i < list.size(); i++){
Jwk jwk = list.get(i);
JsonObject object = getArray.get(i).getAsJsonObject();
assertEquals(object.get("alg").getAsString(), jwk.getAlg());
if(object.get("kid") != null){
assertEquals(object.get("kid").getAsString(), jwk.getKid());
}
if(object.get("use") != null){
assertEquals(object.get("use").getAsString(), jwk.getUse());
}
if(jwk instanceof Rsa){
assertEquals(object.get("mod").getAsString(), ((Rsa) jwk).getMod());
assertEquals(object.get("exp").getAsString(), ((Rsa) jwk).getExp());
}
else {
assertEquals(object.get("crv").getAsString(), ((EC) jwk).getCrv());
assertEquals(object.get("x").getAsString(), ((EC) jwk).getX());
assertEquals(object.get("y").getAsString(), ((EC) jwk).getY());
}
}
}
@Test
public void testMakeRsa() throws Exception{
JsonParser parser = new JsonParser();
JsonObject json = parser.parse(new BufferedReader(new InputStreamReader(url.openStream()))).getAsJsonObject();
JsonArray getArray = json.getAsJsonArray("jwk");
List<Jwk> list = KeyFetcher.retrieveJwk();
for(int i = 0; i < list.size(); i++){
Jwk jwk = list.get(i);
JsonObject object = getArray.get(i).getAsJsonObject();
if(jwk instanceof Rsa){
RSAPublicKey key = ((RSAPublicKey) ((Rsa) jwk).getKey());
byte[] mod = Base64.decodeBase64(object.get("mod").getAsString());
BigInteger modInt = new BigInteger(mod);
assertEquals(modInt, key.getModulus());
byte[] exp = Base64.decodeBase64(object.get("exp").getAsString());
BigInteger expInt = new BigInteger(exp);
assertEquals(expInt, key.getPublicExponent());
}
}
}
@Test
public void testRetriveX509Key() throws Exception {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate x509 = (X509Certificate) factory.generateCertificate(certUrl.openStream());
Key key = KeyFetcher.retrieveX509Key();
assertEquals(x509.getPublicKey(), key);
assertEquals("RSA", key.getAlgorithm());
assertEquals("X.509", key.getFormat());
}
public void testRetriveJwkKey() throws Exception {
Key key = KeyFetcher.retrieveJwkKey();
JsonParser parser = new JsonParser();
JsonObject json = parser.parse(new BufferedReader(new InputStreamReader(rsaUrl.openStream()))).getAsJsonObject();
JsonArray getArray = json.getAsJsonArray("jwk");
JsonObject object = getArray.get(0).getAsJsonObject();
byte[] modulusByte = Base64.decodeBase64(object.get("mod").getAsString());
BigInteger modulus = new BigInteger(modulusByte);
byte[] exponentByte = Base64.decodeBase64(object.get("exp").getAsString());
BigInteger exponent = new BigInteger(exponentByte);
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
KeyFactory factory = KeyFactory.getInstance("RSA");
PublicKey pub = factory.generatePublic(spec);
assertEquals(pub, key);
}
//@Test
//public void testMakeEC() throws Exception{
/*JsonParser parser = new JsonParser();
JsonObject json = parser.parse(new BufferedReader(new InputStreamReader(url.openStream()))).getAsJsonObject();
JsonArray getArray = json.getAsJsonArray("jwk");
List<Jwk> list = Utility.retrieveJwk(url);
for(int i = 0; i < list.size(); i++){
Jwk jwk = list.get(i);
JsonObject object = getArray.get(i).getAsJsonObject();
if(jwk instanceof EC){
ECPublicKey key = ((ECPublicKey) ((EC) jwk).getKey());
byte[] xArray = Base64.decodeBase64(object.get("x").getAsString());
BigInteger xInt = new BigInteger(xArray);
byte[] yArray = Base64.decodeBase64(object.get("y").getAsString());
BigInteger yInt = new BigInteger(yArray);
String curveName = object.get("crv").getAsString();
ECNamedCurveParameterSpec curveSpec = ECNamedCurveTable.getParameterSpec(curveName);
ECCurve crv = curveSpec.getCurve();
BigInteger a = crv.getA().toBigInteger();
BigInteger b = crv.getB().toBigInteger();
int fieldSize = crv.getFieldSize();
BigInteger orderOfGen = curveSpec.getH();
int cofactor = Math.abs(curveSpec.getN().intValue());
assertEquals(a, key.getParams().getCurve().getA());
assertEquals(b, key.getParams().getCurve().getB());
assertEquals(fieldSize, key.getParams().getCurve().getField());
assertEquals(orderOfGen, key.getParams().getOrder());
assertEquals(cofactor, key.getParams().getCofactor());
assertEquals(xInt, key.getW().getAffineX());
assertEquals(yInt, key.getW().getAffineY());
}
}*/
//fail("method not implemented");
//}
}