From ca333d256bdd51548815451f01b4a5833d5914af Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Fri, 23 May 2014 15:00:40 -0400
Subject: [PATCH] Appropriately catch runtime exceptions in all guava caches,
 closes #603

---
 ...amicRegistrationClientConfigurationService.java |  4 ++++
 .../impl/DynamicServerConfigurationService.java    |  4 ++++
 .../service/impl/WebfingerIssuerService.java       |  4 ++++
 .../signer/service/impl/JWKSetCacheService.java    |  7 +++++++
 .../DefaultOAuth2ClientDetailsEntityService.java   | 14 +++++++++++++-
 5 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
index 1b151d905..e950c88bc 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
@@ -45,6 +45,7 @@ import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;
 import com.google.common.collect.Lists;
+import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 
@@ -81,6 +82,9 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
 			}
 
 			return clients.get(issuer);
+		} catch (UncheckedExecutionException ue) {
+			logger.warn("Unable to get client configuration", ue);
+			return null;
 		} catch (ExecutionException e) {
 			logger.warn("Unable to get client configuration", e);
 			return null;
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java
index 584488e6c..fa6f9b13e 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java
@@ -43,6 +43,7 @@ import org.springframework.web.client.RestTemplate;
 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;
+import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
@@ -117,6 +118,9 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer
 			}
 
 			return servers.get(issuer);
+		} catch (UncheckedExecutionException ue) {
+			logger.warn("Couldn't load configuration for " + issuer, ue);
+			return null;
 		} catch (ExecutionException e) {
 			logger.warn("Couldn't load configuration for " + issuer, e);
 			return null;
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
index f0ee0d6fe..ecb71a2c6 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
@@ -42,6 +42,7 @@ import com.google.common.base.Strings;
 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;
+import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
@@ -95,6 +96,9 @@ public class WebfingerIssuerService implements IssuerService {
 				}
 
 				return new IssuerServiceResponse(issuer, null, null);
+			} catch (UncheckedExecutionException ue) {
+				logger.warn("Issue fetching issuer for user input: " + identifier, ue);
+				return null;
 			} catch (ExecutionException e) {
 				logger.warn("Issue fetching issuer for user input: " + identifier, e);
 				return null;
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java
index dc26461a4..1eafbb271 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java
@@ -38,6 +38,7 @@ import org.springframework.web.client.RestTemplate;
 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;
+import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.nimbusds.jose.jwk.JWKSet;
 
 /**
@@ -79,6 +80,9 @@ public class JWKSetCacheService {
 	public JwtSigningAndValidationService getValidator(String jwksUri) {
 		try {
 			return validators.get(jwksUri);
+		} catch (UncheckedExecutionException ue) {
+			logger.warn("Couldn't load JWK Set from " + jwksUri, ue);
+			return null;
 		} catch (ExecutionException e) {
 			logger.warn("Couldn't load JWK Set from " + jwksUri, e);
 			return null;
@@ -88,6 +92,9 @@ public class JWKSetCacheService {
 	public JwtEncryptionAndDecryptionService getEncrypter(String jwksUri) {
 		try {
 			return encrypters.get(jwksUri);
+		} catch (UncheckedExecutionException ue) {
+			logger.warn("Couldn't load JWK Set from " + jwksUri, ue);
+			return null;
 		} catch (ExecutionException e) {
 			logger.warn("Couldn't load JWK Set from " + jwksUri, e);
 			return null;
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
index 9a7219f73..2e9b854bd 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
@@ -52,6 +52,7 @@ import com.google.common.base.Strings;
 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;
+import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonParser;
 
@@ -207,6 +208,16 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 	/**
 	 * Update the oldClient with information from the newClient. The
 	 * id from oldClient is retained.
+	 * 
+	 * Checks to make sure the refresh grant type and 
+	 * the scopes are set appropriately.
+	 * 
+	 * Checks to make sure the redirect URIs aren't blacklisted.
+	 * 
+	 * Attempts to load the redirect URI (possibly cached) to check the
+	 * sector identifier against the contents there.
+	 * 
+	 * 
 	 */
 	@Override
 	public ClientDetailsEntity updateClient(ClientDetailsEntity oldClient, ClientDetailsEntity newClient) throws IllegalArgumentException {
@@ -237,7 +248,8 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 							}
 						}
 					}
-
+				} catch (UncheckedExecutionException ue) {
+					throw new IllegalArgumentException("Unable to load sector identifier URI: " + newClient.getSectorIdentifierUri());
 				} catch (ExecutionException e) {
 					throw new IllegalArgumentException("Unable to load sector identifier URI: " + newClient.getSectorIdentifierUri());
 				}