From ca333d256bdd51548815451f01b4a5833d5914af Mon Sep 17 00:00:00 2001 From: Justin Richer <jricher@mit.edu> Date: Fri, 23 May 2014 15:00:40 -0400 Subject: [PATCH] Appropriately catch runtime exceptions in all guava caches, closes #603 --- ...amicRegistrationClientConfigurationService.java | 4 ++++ .../impl/DynamicServerConfigurationService.java | 4 ++++ .../service/impl/WebfingerIssuerService.java | 4 ++++ .../signer/service/impl/JWKSetCacheService.java | 7 +++++++ .../DefaultOAuth2ClientDetailsEntityService.java | 14 +++++++++++++- 5 files changed, 32 insertions(+), 1 deletion(-) diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java index 1b151d905..e950c88bc 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java @@ -45,6 +45,7 @@ import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; import com.google.common.collect.Lists; +import com.google.common.util.concurrent.UncheckedExecutionException; import com.google.gson.Gson; import com.google.gson.JsonObject; @@ -81,6 +82,9 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf } return clients.get(issuer); + } catch (UncheckedExecutionException ue) { + logger.warn("Unable to get client configuration", ue); + return null; } catch (ExecutionException e) { logger.warn("Unable to get client configuration", e); return null; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java index 584488e6c..fa6f9b13e 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java @@ -43,6 +43,7 @@ import org.springframework.web.client.RestTemplate; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; +import com.google.common.util.concurrent.UncheckedExecutionException; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; @@ -117,6 +118,9 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer } return servers.get(issuer); + } catch (UncheckedExecutionException ue) { + logger.warn("Couldn't load configuration for " + issuer, ue); + return null; } catch (ExecutionException e) { logger.warn("Couldn't load configuration for " + issuer, e); return null; diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java index f0ee0d6fe..ecb71a2c6 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java @@ -42,6 +42,7 @@ import com.google.common.base.Strings; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; +import com.google.common.util.concurrent.UncheckedExecutionException; import com.google.gson.JsonArray; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -95,6 +96,9 @@ public class WebfingerIssuerService implements IssuerService { } return new IssuerServiceResponse(issuer, null, null); + } catch (UncheckedExecutionException ue) { + logger.warn("Issue fetching issuer for user input: " + identifier, ue); + return null; } catch (ExecutionException e) { logger.warn("Issue fetching issuer for user input: " + identifier, e); return null; diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java index dc26461a4..1eafbb271 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java @@ -38,6 +38,7 @@ import org.springframework.web.client.RestTemplate; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; +import com.google.common.util.concurrent.UncheckedExecutionException; import com.nimbusds.jose.jwk.JWKSet; /** @@ -79,6 +80,9 @@ public class JWKSetCacheService { public JwtSigningAndValidationService getValidator(String jwksUri) { try { return validators.get(jwksUri); + } catch (UncheckedExecutionException ue) { + logger.warn("Couldn't load JWK Set from " + jwksUri, ue); + return null; } catch (ExecutionException e) { logger.warn("Couldn't load JWK Set from " + jwksUri, e); return null; @@ -88,6 +92,9 @@ public class JWKSetCacheService { public JwtEncryptionAndDecryptionService getEncrypter(String jwksUri) { try { return encrypters.get(jwksUri); + } catch (UncheckedExecutionException ue) { + logger.warn("Couldn't load JWK Set from " + jwksUri, ue); + return null; } catch (ExecutionException e) { logger.warn("Couldn't load JWK Set from " + jwksUri, e); return null; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java index 9a7219f73..2e9b854bd 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java @@ -52,6 +52,7 @@ import com.google.common.base.Strings; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; +import com.google.common.util.concurrent.UncheckedExecutionException; import com.google.gson.JsonElement; import com.google.gson.JsonParser; @@ -207,6 +208,16 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt /** * Update the oldClient with information from the newClient. The * id from oldClient is retained. + * + * Checks to make sure the refresh grant type and + * the scopes are set appropriately. + * + * Checks to make sure the redirect URIs aren't blacklisted. + * + * Attempts to load the redirect URI (possibly cached) to check the + * sector identifier against the contents there. + * + * */ @Override public ClientDetailsEntity updateClient(ClientDetailsEntity oldClient, ClientDetailsEntity newClient) throws IllegalArgumentException { @@ -237,7 +248,8 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt } } } - + } catch (UncheckedExecutionException ue) { + throw new IllegalArgumentException("Unable to load sector identifier URI: " + newClient.getSectorIdentifierUri()); } catch (ExecutionException e) { throw new IllegalArgumentException("Unable to load sector identifier URI: " + newClient.getSectorIdentifierUri()); }