github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactor: 💡 Updated some DB entities, added missing cascades 

Updated AuthenticationHolder, AuthorizationCode, DeviceCode,
AccessToken, RefreshToken, UserAuthN representations of DB entries.
Added missing cascades for some elements, to prevent leaving orphaned
records in the DB (i.e. for UserAuthN entries).
pull/1580/head
Dominik Frantisek Bucik 2021-11-23 10:39:43 +01:00
parent 04c36cce61
commit b2599cef5a
No known key found for this signature in database
GPG Key ID: 25014C8DB2E7E62D
15 changed files with 366 additions and 499 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/AuthenticationHolderEntity.java
View File

@ -17,6 +17,9 @@
*******************************************************************************/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.AuthenticationHolderEntity.QUERY_ALL;
import static cz.muni.ics.oauth2.model.AuthenticationHolderEntity.QUERY_GET_UNUSED;
import cz.muni.ics.oauth2.model.convert.SerializableStringConverter;
import cz.muni.ics.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
import java.io.Serializable;
@ -25,7 +28,6 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
@ -43,48 +45,98 @@ import javax.persistence.NamedQuery;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "authentication_holder")
@NamedQueries ({
@NamedQuery(name = AuthenticationHolderEntity.QUERY_ALL, query = "select a from AuthenticationHolderEntity a"),
@NamedQuery(name = AuthenticationHolderEntity.QUERY_GET_UNUSED, query = "select a from AuthenticationHolderEntity a where " +
"a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and " +
"a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r) and " +
"a.id not in (select c.authenticationHolder.id from AuthorizationCodeEntity c)")
@NamedQuery(name = QUERY_ALL,
query = "SELECT a FROM AuthenticationHolderEntity a"),
@NamedQuery(name = QUERY_GET_UNUSED,
query = "SELECT a FROM AuthenticationHolderEntity a " +
"WHERE a.id NOT IN (SELECT t.authenticationHolder.id FROM OAuth2AccessTokenEntity t) " +
"AND a.id NOT IN (SELECT r.authenticationHolder.id FROM OAuth2RefreshTokenEntity r) " +
"AND a.id NOT IN (SELECT c.authenticationHolder.id FROM AuthorizationCodeEntity c)")
})
public class AuthenticationHolderEntity {
public static final String QUERY_GET_UNUSED = "AuthenticationHolderEntity.getUnusedAuthenticationHolders";
public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll";
private Long id;
private SavedUserAuthentication userAuth;
private Collection<GrantedAuthority> authorities;
private Set<String> resourceIds;
private boolean approved;
private String redirectUri;
private Set<String> responseTypes;
private Map<String, Serializable> extensions;
private String clientId;
private Set<String> scope;
private Map<String, String> requestParameters;
public AuthenticationHolderEntity() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@OneToOne(cascade=CascadeType.ALL)
@JoinColumn(name = "user_auth_id")
@CascadeOnDelete
private SavedUserAuthentication userAuth;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_authority", joinColumns = @JoinColumn(name = "owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name = "authority")
@CascadeOnDelete
private Collection<GrantedAuthority> authorities;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_resource_id", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "resource_id")
@CascadeOnDelete
private Set<String> resourceIds;
@Column(name = "approved")
private boolean approved;
@Column(name = "redirect_uri")
private String redirectUri;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_response_type", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "response_type")
@CascadeOnDelete
private Set<String> responseTypes;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_extension", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "val")
@MapKeyColumn(name = "extension")
@Convert(converter = SerializableStringConverter.class)
@CascadeOnDelete
private Map<String, Serializable> extensions;
@Column(name = "client_id")
private String clientId;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_scope", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "scope")
@CascadeOnDelete
private Set<String> scope;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "authentication_holder_request_parameter", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "val")
@MapKeyColumn(name = "param")
@CascadeOnDelete
private Map<String, String> requestParameters;
@Transient
public OAuth2Authentication getAuthentication() {
@ -92,21 +144,17 @@ public class AuthenticationHolderEntity {
return new OAuth2Authentication(createOAuth2Request(), getUserAuth());
}
private OAuth2Request createOAuth2Request() {
return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
}
public void setAuthentication(OAuth2Authentication authentication) {
// pull apart the request and save its bits
OAuth2Request o2Request = authentication.getOAuth2Request();
setAuthorities(o2Request.getAuthorities() == null ? null : new HashSet<>(o2Request.getAuthorities()));
setAuthorities(convertToSetOrNull((Set<GrantedAuthority>) o2Request.getAuthorities()));
setClientId(o2Request.getClientId());
setExtensions(o2Request.getExtensions() == null ? null : new HashMap<>(o2Request.getExtensions()));
setExtensions(convertToMapOrNull(o2Request.getExtensions()));
setRedirectUri(o2Request.getRedirectUri());
setRequestParameters(o2Request.getRequestParameters() == null ? null : new HashMap<>(o2Request.getRequestParameters()));
setResourceIds(o2Request.getResourceIds() == null ? null : new HashSet<>(o2Request.getResourceIds()));
setResponseTypes(o2Request.getResponseTypes() == null ? null : new HashSet<>(o2Request.getResponseTypes()));
setScope(o2Request.getScope() == null ? null : new HashSet<>(o2Request.getScope()));
setRequestParameters(convertToMapOrNull(o2Request.getRequestParameters()));
setResourceIds(convertToSetOrNull(o2Request.getResourceIds()));
setResponseTypes(convertToSetOrNull(o2Request.getResponseTypes()));
setScope(convertToSetOrNull(o2Request.getScope()));
setApproved(o2Request.isApproved());
if (authentication.getUserAuthentication() != null) {
@ -116,114 +164,16 @@ public class AuthenticationHolderEntity {
}
}
@OneToOne(cascade=CascadeType.ALL)
@JoinColumn(name = "user_auth_id")
public SavedUserAuthentication getUserAuth() {
return userAuth;
private <T> Set<T> convertToSetOrNull(Collection<T> obj) {
return obj == null ? null: new HashSet<>(obj);
}
public void setUserAuth(SavedUserAuthentication userAuth) {
this.userAuth = userAuth;
private <T, S> Map<T, S> convertToMapOrNull(Map<T, S> obj) {
return obj == null ? null : new HashMap<>(obj);
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_authority", joinColumns=@JoinColumn(name="owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name="authority")
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_resource_id", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="resource_id")
public Set<String> getResourceIds() {
return resourceIds;
}
public void setResourceIds(Set<String> resourceIds) {
this.resourceIds = resourceIds;
}
@Basic
@Column(name="approved")
public boolean isApproved() {
return approved;
}
public void setApproved(boolean approved) {
this.approved = approved;
}
@Basic
@Column(name="redirect_uri")
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_response_type", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="response_type")
public Set<String> getResponseTypes() {
return responseTypes;
}
public void setResponseTypes(Set<String> responseTypes) {
this.responseTypes = responseTypes;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_extension", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="extension")
@Convert(converter= SerializableStringConverter.class)
public Map<String, Serializable> getExtensions() {
return extensions;
}
public void setExtensions(Map<String, Serializable> extensions) {
this.extensions = extensions;
}
@Basic
@Column(name="client_id")
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_scope", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="scope")
public Set<String> getScope() {
return scope;
}
public void setScope(Set<String> scope) {
this.scope = scope;
}
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="authentication_holder_request_parameter", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="param")
public Map<String, String> getRequestParameters() {
return requestParameters;
}
public void setRequestParameters(Map<String, String> requestParameters) {
this.requestParameters = requestParameters;
private OAuth2Request createOAuth2Request() {
return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
}
}

77
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/AuthorizationCodeEntity.java
View File

@ -18,7 +18,6 @@
package cz.muni.ics.oauth2.model;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@ -30,17 +29,36 @@ import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
/**
* Entity class for authorization codes
*
* @author aanganes
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "authorization_code")
@NamedQueries({
@NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE, query = "select a from AuthorizationCodeEntity a where a.code = :code"),
@NamedQuery(name = AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, query = "select a from AuthorizationCodeEntity a where a.expiration <= :" + AuthorizationCodeEntity.PARAM_DATE)
@NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE,
query = "SELECT a FROM AuthorizationCodeEntity a " +
"WHERE a.code = :code"),
@NamedQuery(name = AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE,
query = "SELECT a FROM AuthorizationCodeEntity a " +
"WHERE a.expiration <= :" + AuthorizationCodeEntity.PARAM_DATE)
})
public class AuthorizationCodeEntity {
@ -49,58 +67,29 @@ public class AuthorizationCodeEntity {
public static final String PARAM_DATE = "date";
private Long id;
private String code;
private AuthenticationHolderEntity authenticationHolder;
private Date expiration;
public AuthorizationCodeEntity() { }
public AuthorizationCodeEntity(String code, AuthenticationHolderEntity authenticationHolder, Date expiration) {
this.code = code;
this.authenticationHolder = authenticationHolder;
this.expiration = expiration;
}
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "code")
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
private String code;
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
@CascadeOnDelete
private AuthenticationHolderEntity authenticationHolder;
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
private Date expiration;
public void setExpiration(Date expiration) {
public AuthorizationCodeEntity(String code,
AuthenticationHolderEntity authenticationHolder,
Date expiration)
{
this.code = code;
this.authenticationHolder = authenticationHolder;
this.expiration = expiration;
}

155
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/DeviceCode.java
View File

@ -16,10 +16,16 @@
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.DeviceCode.PARAM_DATE;
import static cz.muni.ics.oauth2.model.DeviceCode.PARAM_DEVICE_CODE;
import static cz.muni.ics.oauth2.model.DeviceCode.PARAM_USER_CODE;
import static cz.muni.ics.oauth2.model.DeviceCode.QUERY_BY_DEVICE_CODE;
import static cz.muni.ics.oauth2.model.DeviceCode.QUERY_BY_USER_CODE;
import static cz.muni.ics.oauth2.model.DeviceCode.QUERY_EXPIRED_BY_DATE;
import java.util.Date;
import java.util.Map;
import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
@ -35,16 +41,37 @@ import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
/**
* @author jricher
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "device_code")
@NamedQueries({
@NamedQuery(name = DeviceCode.QUERY_BY_USER_CODE, query = "select d from DeviceCode d where d.userCode = :" + DeviceCode.PARAM_USER_CODE),
@NamedQuery(name = DeviceCode.QUERY_BY_DEVICE_CODE, query = "select d from DeviceCode d where d.deviceCode = :" + DeviceCode.PARAM_DEVICE_CODE),
@NamedQuery(name = DeviceCode.QUERY_EXPIRED_BY_DATE, query = "select d from DeviceCode d where d.expiration <= :" + DeviceCode.PARAM_DATE)
@NamedQuery(name = QUERY_BY_USER_CODE,
query = "SELECT d FROM DeviceCode d " +
"WHERE d.userCode = :" + PARAM_USER_CODE),
@NamedQuery(name = QUERY_BY_DEVICE_CODE,
query = "SELECT d FROM DeviceCode d " +
"WHERE d.deviceCode = :" + PARAM_DEVICE_CODE),
@NamedQuery(name = QUERY_EXPIRED_BY_DATE,
query = "SELECT d FROM DeviceCode d " +
"WHERE d.expiration <= :" + PARAM_DATE)
})
public class DeviceCode {
@ -56,119 +83,55 @@ public class DeviceCode {
public static final String PARAM_DEVICE_CODE = "deviceCode";
public static final String PARAM_DATE = "date";
private Long id;
private String deviceCode;
private String userCode;
private Set<String> scope;
private Date expiration;
private String clientId;
private Map<String, String> requestParameters;
private boolean approved;
private AuthenticationHolderEntity authenticationHolder;
public DeviceCode() { }
public DeviceCode(String deviceCode, String userCode, Set<String> scope, String clientId, Map<String, String> params) {
this.deviceCode = deviceCode;
this.userCode = userCode;
this.scope = scope;
this.clientId = clientId;
this.requestParameters = params;
}
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@Basic
@Column(name = "device_code")
public String getDeviceCode() {
return deviceCode;
}
private String deviceCode;
public void setDeviceCode(String deviceCode) {
this.deviceCode = deviceCode;
}
@Basic
@Column(name = "user_code")
public String getUserCode() {
return userCode;
}
public void setUserCode(String userCode) {
this.userCode = userCode;
}
private String userCode;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="device_code_scope", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="scope")
public Set<String> getScope() {
return scope;
}
@CollectionTable(name = "device_code_scope", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "scope")
@CascadeOnDelete
private Set<String> scope;
public void setScope(Set<String> scope) {
this.scope = scope;
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
private Date expiration;
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
@Basic
@Column(name = "client_id")
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
private String clientId;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="device_code_request_parameter", joinColumns=@JoinColumn(name="owner_id"))
@Column(name="val")
@MapKeyColumn(name="param")
public Map<String, String> getRequestParameters() {
return requestParameters;
}
@CollectionTable(name = "device_code_request_parameter", joinColumns = @JoinColumn(name = "owner_id"))
@Column(name = "val")
@MapKeyColumn(name = "param")
@CascadeOnDelete
private Map<String, String> requestParameters;
public void setRequestParameters(Map<String, String> params) {
this.requestParameters = params;
}
@Basic
@Column(name = "approved")
public boolean isApproved() {
return approved;
}
public void setApproved(boolean approved) {
this.approved = approved;
}
private boolean approved;
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
private AuthenticationHolderEntity authenticationHolder;
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
public DeviceCode(String deviceCode,
String userCode,
Set<String> scope,
String clientId,
Map<String, String> params)
{
this.deviceCode = deviceCode;
this.userCode = userCode;
this.scope = scope;
this.clientId = clientId;
this.requestParameters = params;
}
}

191
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -20,6 +20,10 @@
*/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.OAuth2AccessTokenEntity.*;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.nimbusds.jwt.JWT;
import cz.muni.ics.oauth2.model.convert.JWTStringConverter;
import cz.muni.ics.openid.connect.model.ApprovedSite;
@ -47,7 +51,15 @@ import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Deserializer;
import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Serializer;
@ -57,20 +69,42 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken;
* @author jricher
*
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "access_token")
@NamedQueries({
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_ALL, query = "select a from OAuth2AccessTokenEntity a"),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :" + OAuth2AccessTokenEntity.PARAM_DATE),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME)
@NamedQuery(name = QUERY_ALL,
query = "SELECT a FROM OAuth2AccessTokenEntity a"),
@NamedQuery(name = QUERY_EXPIRED_BY_DATE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.expiration <= :" + PARAM_DATE),
@NamedQuery(name = QUERY_BY_REFRESH_TOKEN,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.refreshToken = :" + PARAM_REFRESH_TOKEN),
@NamedQuery(name = QUERY_BY_CLIENT,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.client = :" + PARAM_CLIENT),
@NamedQuery(name = QUERY_BY_TOKEN_VALUE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.jwtValue = :" + PARAM_TOKEN_VALUE),
@NamedQuery(name = QUERY_BY_APPROVED_SITE,
query = "SELECT a FROM OAuth2AccessTokenEntity a " +
"WHERE a.approvedSite = :" + PARAM_APPROVED_SITE),
@NamedQuery(name = QUERY_BY_RESOURCE_SET,
query = "SELECT a FROM OAuth2AccessTokenEntity a JOIN a.permissions p " +
"WHERE p.resourceSet.id = :" + PARAM_RESOURCE_SET_ID),
@NamedQuery(name = QUERY_BY_NAME,
query = "SELECT r FROM OAuth2AccessTokenEntity r " +
"WHERE r.authenticationHolder.userAuth.name = :" + PARAM_NAME)
})
@com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class)
@com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class)
@JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class)
@JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class)
public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String QUERY_BY_APPROVED_SITE = "OAuth2AccessTokenEntity.getByApprovedSite";
@ -84,7 +118,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String PARAM_TOKEN_VALUE = "tokenValue";
public static final String PARAM_CLIENT = "client";
public static final String PARAM_REFERSH_TOKEN = "refreshToken";
public static final String PARAM_REFRESH_TOKEN = "refreshToken";
public static final String PARAM_DATE = "date";
public static final String PARAM_RESOURCE_SET_ID = "rsid";
public static final String PARAM_APPROVED_SITE = "approvedSite";
@ -92,30 +126,52 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String ID_TOKEN_FIELD_NAME = "id_token";
private Long id;
private ClientDetailsEntity client;
private AuthenticationHolderEntity authenticationHolder;
private JWT jwtValue;
private Date expiration;
private String tokenType = OAuth2AccessToken.BEARER_TYPE;
private OAuth2RefreshTokenEntity refreshToken;
private Set<String> scope;
private Set<Permission> permissions;
private ApprovedSite approvedSite;
private Map<String, Object> additionalInformation = new HashMap<>();
public OAuth2AccessTokenEntity() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
private Long id;
public void setId(Long id) {
this.id = id;
}
@ManyToOne
@JoinColumn(name = "client_id")
private ClientDetailsEntity client;
@ManyToOne
@JoinColumn(name = "auth_holder_id")
@CascadeOnDelete
private AuthenticationHolderEntity authenticationHolder;
@Column(name = "token_value")
@Convert(converter = JWTStringConverter.class)
private JWT jwtValue;
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
private Date expiration;
@Column(name = "token_type")
private String tokenType = OAuth2AccessToken.BEARER_TYPE;
@ManyToOne
@JoinColumn(name = "refresh_token_id")
private OAuth2RefreshTokenEntity refreshToken;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "token_scope", joinColumns = @JoinColumn(name = "owner_id"))
@CascadeOnDelete
private Set<String> scope;
@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id"))
@CascadeOnDelete
private Set<Permission> permissions;
@ManyToOne
@JoinColumn(name = "approved_site_id")
private ApprovedSite approvedSite;
@Transient
private Map<String, Object> additionalInformation = new HashMap<>();
@Override
@Transient
@ -123,26 +179,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
return additionalInformation;
}
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
@ManyToOne
@JoinColumn(name = "client_id")
public ClientDetailsEntity getClient() {
return client;
}
public void setClient(ClientDetailsEntity client) {
this.client = client;
}
@Override
@Transient
public String getValue() {
@ -150,31 +186,16 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
}
@Override
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
@Override
@Basic
@Column(name="token_type")
public String getTokenType() {
return tokenType;
}
public void setTokenType(String tokenType) {
this.tokenType = tokenType;
}
@Override
@ManyToOne
@JoinColumn(name="refresh_token_id")
public OAuth2RefreshTokenEntity getRefreshToken() {
return refreshToken;
}
@ -191,33 +212,16 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
}
@Override
@ElementCollection(fetch=FetchType.EAGER)
@CollectionTable(joinColumns=@JoinColumn(name="owner_id"), name="token_scope")
public Set<String> getScope() {
return scope;
}
public void setScope(Set<String> scope) {
this.scope = scope;
}
@Override
@Transient
public boolean isExpired() {
return getExpiration() != null && System.currentTimeMillis() > getExpiration().getTime();
}
@Basic
@Column(name="token_value")
@Convert(converter = JWTStringConverter.class)
public JWT getJwt() {
return jwtValue;
}
public void setJwt(JWT jwt) {
this.jwtValue = jwt;
}
@Override
@Transient
public int getExpiresIn() {
@ -232,27 +236,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
}
}
@OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "access_token_permissions", joinColumns = @JoinColumn(name = "access_token_id"),
inverseJoinColumns = @JoinColumn(name = "permission_id"))
public Set<Permission> getPermissions() {
return permissions;
}
public void setPermissions(Set<Permission> permissions) {
this.permissions = permissions;
}
@ManyToOne
@JoinColumn(name="approved_site_id")
public ApprovedSite getApprovedSite() {
return approvedSite;
}
public void setApprovedSite(ApprovedSite approvedSite) {
this.approvedSite = approvedSite;
}
@Transient
public void setIdToken(JWT idToken) {
if (idToken != null) {

112
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/OAuth2RefreshTokenEntity.java
View File

@ -20,10 +20,19 @@
*/
package cz.muni.ics.oauth2.model;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.PARAM_CLIENT;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.PARAM_DATE;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.PARAM_NAME;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_ALL;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_BY_CLIENT;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_BY_NAME;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE;
import static cz.muni.ics.oauth2.model.OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE;
import com.nimbusds.jwt.JWT;
import cz.muni.ics.oauth2.model.convert.JWTStringConverter;
import java.util.Date;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Convert;
import javax.persistence.Entity;
@ -37,20 +46,44 @@ import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import org.eclipse.persistence.annotations.CascadeOnDelete;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
/**
* @author jricher
*/
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "refresh_token")
@NamedQueries({
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2RefreshTokenEntity.PARAM_NAME)
@NamedQuery(name = QUERY_ALL,
query = "SELECT r FROM OAuth2RefreshTokenEntity r"),
@NamedQuery(name = QUERY_EXPIRED_BY_DATE,
query = "SELECT r FROM OAuth2RefreshTokenEntity r " +
"WHERE r.expiration <= :" + PARAM_DATE),
@NamedQuery(name = QUERY_BY_CLIENT,
query = "SELECT r FROM OAuth2RefreshTokenEntity r " +
"WHERE r.client = :" + PARAM_CLIENT),
@NamedQuery(name = QUERY_BY_TOKEN_VALUE,
query = "SELECT r FROM OAuth2RefreshTokenEntity r " +
"WHERE r.jwt = :" + PARAM_TOKEN_VALUE),
@NamedQuery(name = QUERY_BY_NAME,
query = "SELECT r FROM OAuth2RefreshTokenEntity r " +
"WHERE r.authenticationHolder.userAuth.name = :" + PARAM_NAME)
})
public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
@ -65,34 +98,27 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
public static final String PARAM_DATE = "date";
public static final String PARAM_NAME = "name";
private Long id;
private AuthenticationHolderEntity authenticationHolder;
private ClientDetailsEntity client;
private JWT jwt;
private Date expiration;
public OAuth2RefreshTokenEntity() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
private Long id;
@ManyToOne
@JoinColumn(name = "auth_holder_id")
public AuthenticationHolderEntity getAuthenticationHolder() {
return authenticationHolder;
}
@CascadeOnDelete
private AuthenticationHolderEntity authenticationHolder;
public void setAuthenticationHolder(AuthenticationHolderEntity authenticationHolder) {
this.authenticationHolder = authenticationHolder;
}
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "client_id")
private ClientDetailsEntity client;
@Column(name = "token_value")
@Convert(converter = JWTStringConverter.class)
private JWT jwt;
@Temporal(TemporalType.TIMESTAMP)
@Column(name = "expiration")
private Date expiration;
@Override
@Transient
@ -100,41 +126,9 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
return jwt.serialize();
}
@Basic
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@Column(name = "expiration")
public Date getExpiration() {
return expiration;
}
public void setExpiration(Date expiration) {
this.expiration = expiration;
}
@Transient
public boolean isExpired() {
return getExpiration() != null && System.currentTimeMillis() > getExpiration().getTime();
}
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "client_id")
public ClientDetailsEntity getClient() {
return client;
}
public void setClient(ClientDetailsEntity client) {
this.client = client;
}
@Basic
@Column(name="token_value")
@Convert(converter = JWTStringConverter.class)
public JWT getJwt() {
return jwt;
}
public void setJwt(JWT jwt) {
this.jwt = jwt;
}
}

72
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/SavedUserAuthentication.java
View File

@ -34,8 +34,14 @@ import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.Table;
import javax.persistence.Transient;
import lombok.AllArgsConstructor;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.persistence.annotations.CascadeOnDelete;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
@ -48,18 +54,39 @@ import org.springframework.security.providers.ExpiringUsernameAuthenticationToke
*
* @author jricher
*/
@Entity
@Table(name="saved_user_auth")
@Slf4j
@Getter
@Setter
@ToString
@EqualsAndHashCode
@NoArgsConstructor
@AllArgsConstructor
// DB ANNOTATIONS
@Entity
@Table(name = "saved_user_auth")
public class SavedUserAuthentication implements Authentication {
private static final long serialVersionUID = -1804249963940323488L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private Long id;
@Basic
@Column(name="name")
private String name;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "saved_user_auth_authority", joinColumns = @JoinColumn(name = "owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name = "authority")
@CascadeOnDelete
private Collection<GrantedAuthority> authorities;
@Column(name="authenticated")
private boolean authenticated;
@Column(name = "acr")
private String acr;
public SavedUserAuthentication(Authentication src) {
@ -80,56 +107,17 @@ public class SavedUserAuthentication implements Authentication {
}
}
public SavedUserAuthentication() { }
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
@Override
@Basic
@Column(name="name")
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Override
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name="saved_user_auth_authority", joinColumns=@JoinColumn(name="owner_id"))
@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
@Column(name="authority")
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
@Basic
@Column(name = "acr")
public String getAcr() {
return acr;
}
public void setAcr(String acr) {
this.acr = acr;
}
@Override
@Basic
@Column(name="authenticated")
public boolean isAuthenticated() {
return authenticated;
}

2
perun-oidc-server/src/main/java/cz/muni/ics/oauth2/repository/impl/JpaOAuth2TokenRepository.java
View File

@ -106,7 +106,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
@Transactional(value="defaultTransactionManager")
public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, OAuth2AccessTokenEntity.class);
query.setParameter(OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN, refreshToken);
query.setParameter(OAuth2AccessTokenEntity.PARAM_REFRESH_TOKEN, refreshToken);
List<OAuth2AccessTokenEntity> accessTokens = query.getResultList();
for (OAuth2AccessTokenEntity accessToken : accessTokens) {
removeAccessToken(accessToken);

2
perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/PerunAccessTokenEnhancer.java
View File

@ -108,7 +108,7 @@ public class PerunAccessTokenEnhancer implements TokenEnhancer {
SignedJWT signed = new SignedJWT(header, claims);
jwtService.signJwt(signed);
token.setJwt(signed);
token.setJwtValue(signed);
if (userInfo != null) {
//needs access token

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/service/impl/DefaultOIDCTokenService.java
View File

@ -281,7 +281,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
jwtService.signJwt(signed);
token.setJwt(signed);
token.setJwtValue(signed);
return token;
}

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/token/ConnectTokenEnhancer.java
View File

@ -96,7 +96,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
jwtService.signJwt(signed);
token.setJwt(signed);
token.setJwtValue(signed);
/**
* Authorization request scope MUST include "openid" in OIDC, but access token request

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/util/IdTokenHashUtils.java
View File

@ -56,7 +56,7 @@ public class IdTokenHashUtils {
*/
public static Base64URL getAccessTokenHash(JWSAlgorithm signingAlg, OAuth2AccessTokenEntity token) {
byte[] tokenBytes = token.getJwt().serialize().getBytes();
byte[] tokenBytes = token.getJwtValue().serialize().getBytes();
return getHash(signingAlg, tokenBytes);

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/DynamicClientRegistrationEndpoint.java
View File

@ -752,7 +752,7 @@ public class DynamicClientRegistrationEndpoint {
try {
// Re-issue the token if it has been issued before [currentTime - validity]
Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) {
if(token.getJwtValue().getJWTClaimsSet().getIssueTime().before(validToDate)) {
log.info("Rotating the registration access token for " + client.getClientId());
tokenService.revokeAccessToken(token);
OAuth2AccessTokenEntity newToken = connectTokenService.createRegistrationAccessToken(client);

2
perun-oidc-server/src/main/java/cz/muni/ics/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -440,7 +440,7 @@ public class ProtectedResourceRegistrationEndpoint {
try {
// Re-issue the token if it has been issued before [currentTime - validity]
Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) {
if(token.getJwtValue().getJWTClaimsSet().getIssueTime().before(validToDate)) {
log.info("Rotating the registration access token for " + client.getClientId());
tokenService.revokeAccessToken(token);
OAuth2AccessTokenEntity newToken = connectTokenService.createResourceAccessToken(client);

2
perun-oidc-server/src/test/java/cz/muni/ics/openid/connect/token/TestConnectTokenEnhancer.java
View File

@ -92,7 +92,7 @@ public class TestConnectTokenEnhancer {
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
OAuth2AccessTokenEntity enhanced = (OAuth2AccessTokenEntity) enhancer.enhance(token, authentication);
Assert.assertEquals("foo", enhanced.getJwt().getJWTClaimsSet().getClaim("test"));
Assert.assertEquals("foo", enhanced.getJwtValue().getJWTClaimsSet().getClaim("test"));
}
private void configure(ConnectTokenEnhancer e) {

12
perun-oidc-server/src/test/java/cz/muni/ics/openid/connect/util/TestIdTokenHashUtils.java
View File

@ -58,7 +58,7 @@ public class TestIdTokenHashUtils {
claims.setSubject("example_user");
claims.setClaim("alg", "HS256");
*/
Mockito.when(mockToken256.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9."));
Mockito.when(mockToken256.getJwtValue()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9."));
/*
* Claims for second token
@ -68,7 +68,7 @@ public class TestIdTokenHashUtils {
claims.setSubject("another_user");
claims.setClaim("alg", "ES384");
*/
Mockito.when(mockToken384.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0."));
Mockito.when(mockToken384.getJwtValue()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0."));
/*
* Claims for third token:
@ -78,13 +78,13 @@ public class TestIdTokenHashUtils {
claims.setSubject("different_user");
claims.setClaim("alg", "RS512");
*/
Mockito.when(mockToken512.getJwt()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ."));
Mockito.when(mockToken512.getJwtValue()).thenReturn(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ."));
}
@Test
public void getAccessTokenHash256() {
mockToken256.getJwt().serialize();
mockToken256.getJwtValue().serialize();
Base64URL expectedHash = new Base64URL("EP1gXNeESRH-n57baopfTQ");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256);
@ -101,7 +101,7 @@ public class TestIdTokenHashUtils {
base64url of hash = BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK
*/
mockToken384.getJwt().serialize();
mockToken384.getJwtValue().serialize();
Base64URL expectedHash = new Base64URL("BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384);
@ -118,7 +118,7 @@ public class TestIdTokenHashUtils {
base64url of hash = vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k
*/
mockToken512.getJwt().serialize();
mockToken512.getJwtValue().serialize();
Base64URL expectedHash = new Base64URL("vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k");
Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512);