diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
deleted file mode 100644
index 5943f650c..000000000
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
+++ /dev/null
@@ -1,110 +0,0 @@
-/*******************************************************************************
- * Copyright 2015 The MITRE Corporation
- * and the MIT Kerberos and Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-/**
- *
- */
-package org.mitre.jose;
-
-import javax.persistence.Basic;
-import javax.persistence.Embeddable;
-import javax.persistence.Transient;
-
-import com.google.common.base.Strings;
-import com.nimbusds.jose.JWEAlgorithm;
-
-/**
- *
- * Wrapper class for Nimbus JOSE objects to fit into JPA
- *
- * @author jricher
- *
- */
-@Embeddable
-public class JWEAlgorithmEmbed {
-
- public static final JWEAlgorithmEmbed NONE = getForAlgorithmName("none");
-
- private JWEAlgorithm algorithm;
-
- public JWEAlgorithmEmbed() {
-
- }
-
- public JWEAlgorithmEmbed(JWEAlgorithm algorithm) {
- this.algorithm = algorithm;
- }
-
- public static JWEAlgorithmEmbed getForAlgorithmName (String algorithmName) {
- JWEAlgorithmEmbed ent = new JWEAlgorithmEmbed();
- ent.setAlgorithmName(algorithmName);
- if (ent.getAlgorithm() == null) {
- return null;
- } else {
- return ent;
- }
- }
-
- /**
- * Get the name of this algorithm, return null if no algorithm set.
- * @return
- */
- @Basic
- public String getAlgorithmName() {
- if (algorithm != null) {
- return algorithm.getName();
- } else {
- return null;
- }
- }
-
- /**
- * Set the name of this algorithm.
- * Calls JWEAlgorithm.parse()
- * @param algorithmName
- */
- public void setAlgorithmName(String algorithmName) {
- if (!Strings.isNullOrEmpty(algorithmName)) {
- algorithm = JWEAlgorithm.parse(algorithmName);
- } else {
- algorithm = null;
- }
- }
-
- /* (non-Javadoc)
- * @see java.lang.Object#toString()
- */
- @Override
- public String toString() {
- return "JWEAlgorithmEmbed [algorithm=" + algorithm + "]";
- }
-
- /**
- * @return the algorithm
- */
- @Transient
- public JWEAlgorithm getAlgorithm() {
- return algorithm;
- }
-
- /**
- * @param algorithm the algorithm to set
- */
- public void setAlgorithm(JWEAlgorithm algorithm) {
- this.algorithm = algorithm;
- }
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
deleted file mode 100644
index d53cf0919..000000000
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*******************************************************************************
- * Copyright 2015 The MITRE Corporation
- * and the MIT Kerberos and Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-/**
- *
- */
-package org.mitre.jose;
-
-import javax.persistence.Basic;
-import javax.persistence.Embeddable;
-import javax.persistence.Transient;
-
-import com.google.common.base.Strings;
-import com.nimbusds.jose.EncryptionMethod;
-
-/**
- * @author jricher
- *
- */
-@Embeddable
-public class JWEEncryptionMethodEmbed {
-
- public static final JWEEncryptionMethodEmbed NONE = getForAlgorithmName("none");
-
- private EncryptionMethod algorithm;
-
- public JWEEncryptionMethodEmbed() {
-
- }
-
- public JWEEncryptionMethodEmbed(EncryptionMethod algorithm) {
- this.algorithm = algorithm;
- }
-
- public static JWEEncryptionMethodEmbed getForAlgorithmName (String algorithmName) {
- JWEEncryptionMethodEmbed ent = new JWEEncryptionMethodEmbed();
- ent.setAlgorithmName(algorithmName);
- if (ent.getAlgorithm() == null) {
- return null;
- } else {
- return ent;
- }
- }
-
- /**
- * Get the name of this algorithm, return null if no algorithm set.
- * @return
- */
- @Basic
- public String getAlgorithmName() {
- if (algorithm != null) {
- return algorithm.getName();
- } else {
- return null;
- }
- }
-
- /**
- * Set the name of this algorithm.
- * Calls EncryptionMethod.parse()
- * @param algorithmName
- */
- public void setAlgorithmName(String algorithmName) {
- if (!Strings.isNullOrEmpty(algorithmName)) {
- algorithm = EncryptionMethod.parse(algorithmName);
- } else {
- algorithm = null;
- }
- }
-
- /* (non-Javadoc)
- * @see java.lang.Object#toString()
- */
- @Override
- public String toString() {
- return "JWEEncryptionMethodEmbed [algorithm=" + algorithm + "]";
- }
-
- /**
- * @return the algorithm
- */
- @Transient
- public EncryptionMethod getAlgorithm() {
- return algorithm;
- }
-
- /**
- * @param algorithm the algorithm to set
- */
- public void setAlgorithm(EncryptionMethod algorithm) {
- this.algorithm = algorithm;
- }
-
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
deleted file mode 100644
index c82bf120f..000000000
--- a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*******************************************************************************
- * Copyright 2015 The MITRE Corporation
- * and the MIT Kerberos and Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-/**
- *
- */
-package org.mitre.jose;
-
-import javax.persistence.Basic;
-import javax.persistence.Embeddable;
-import javax.persistence.Transient;
-
-import com.google.common.base.Strings;
-import com.nimbusds.jose.JWSAlgorithm;
-
-/**
- *
- * Wrapper class for Nimbus JOSE objects to fit into JPA
- *
- * @author jricher
- *
- */
-@Embeddable
-public class JWSAlgorithmEmbed {
-
- public static final JWSAlgorithmEmbed NONE = getForAlgorithmName("none");
-
- private JWSAlgorithm algorithm;
-
- public JWSAlgorithmEmbed() {
-
- }
-
- public JWSAlgorithmEmbed(JWSAlgorithm algorithm) {
- this.algorithm = algorithm;
- }
-
- /**
- *
- * @param algorithmName
- * @return null if algorithmName is empty or null
- */
- public static JWSAlgorithmEmbed getForAlgorithmName (String algorithmName) {
- JWSAlgorithmEmbed ent = new JWSAlgorithmEmbed();
- ent.setAlgorithmName(algorithmName);
- if (ent.getAlgorithm() == null) {
- return null;
- } else {
- return ent;
- }
- }
-
- /**
- * Get the name of this algorithm, return null if no algorithm set.
- * @return
- */
- @Basic
- public String getAlgorithmName() {
- if (algorithm != null) {
- return algorithm.getName();
- } else {
- return null;
- }
- }
-
- /**
- * Set the name of this algorithm.
- * Calls JWSAlgorithm.parse()
- * @param algorithmName
- */
- public void setAlgorithmName(String algorithmName) {
- if (!Strings.isNullOrEmpty(algorithmName)) {
- algorithm = JWSAlgorithm.parse(algorithmName);
- } else {
- algorithm = null;
- }
- }
-
- /**
- * @return the algorithm
- */
- @Transient
- public JWSAlgorithm getAlgorithm() {
- return algorithm;
- }
-
- /**
- * @param algorithm the algorithm to set
- */
- public void setAlgorithm(JWSAlgorithm algorithm) {
- this.algorithm = algorithm;
- }
-
- /* (non-Javadoc)
- * @see java.lang.Object#toString()
- */
- @Override
- public String toString() {
- return "JWSAlgorithmEmbed [algorithm=" + algorithm + "]";
- }
-
-
-
-}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index 931ba2a2a..f0a0e95ef 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -25,13 +25,11 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-import javax.persistence.AttributeOverride;
-import javax.persistence.AttributeOverrides;
import javax.persistence.Basic;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
+import javax.persistence.Convert;
import javax.persistence.ElementCollection;
-import javax.persistence.Embedded;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
@@ -49,9 +47,6 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
-import org.mitre.jose.JWEAlgorithmEmbed;
-import org.mitre.jose.JWEEncryptionMethodEmbed;
-import org.mitre.jose.JWSAlgorithmEmbed;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
@@ -103,17 +98,17 @@ public class ClientDetailsEntity implements ClientDetails {
private String sectorIdentifierUri; // sector_identifier_uri
private SubjectType subjectType; // subject_type
- private JWSAlgorithmEmbed requestObjectSigningAlg = null; // request_object_signing_alg
+ private JWSAlgorithm requestObjectSigningAlg = null; // request_object_signing_alg
- private JWSAlgorithmEmbed userInfoSignedResponseAlg = null; // user_info_signed_response_alg
- private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg
- private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc
+ private JWSAlgorithm userInfoSignedResponseAlg = null; // user_info_signed_response_alg
+ private JWEAlgorithm userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg
+ private EncryptionMethod userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc
- private JWSAlgorithmEmbed idTokenSignedResponseAlg = null; // id_token_signed_response_alg
- private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
- private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
+ private JWSAlgorithm idTokenSignedResponseAlg = null; // id_token_signed_response_alg
+ private JWEAlgorithm idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
+ private EncryptionMethod idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
- private JWSAlgorithmEmbed tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg
+ private JWSAlgorithm tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg
private Integer defaultMaxAge; // default_max_age
private Boolean requireAuthTime; // require_auth_time
@@ -700,212 +695,94 @@ public class ClientDetailsEntity implements ClientDetails {
this.sectorIdentifierUri = sectorIdentifierUri;
}
- @Embedded
- @AttributeOverrides({
- @AttributeOverride(name = "algorithmName", column=@Column(name="request_object_signing_alg"))
- })
- public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() {
+ @Basic
+ @Column(name = "request_object_signing_alg")
+ @Convert(converter = JWSAlgorithmStringConverter.class)
+ public JWSAlgorithm getRequestObjectSigningAlg() {
return requestObjectSigningAlg;
}
- public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) {
+ public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
this.requestObjectSigningAlg = requestObjectSigningAlg;
}
- @Embedded
- @AttributeOverrides({
- @AttributeOverride(name = "algorithmName", column=@Column(name="user_info_signed_response_alg"))
- })
- public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() {
+ @Basic
+ @Column(name = "user_info_signed_response_alg")
+ @Convert(converter = JWSAlgorithmStringConverter.class)
+ public JWSAlgorithm getUserInfoSignedResponseAlg() {
return userInfoSignedResponseAlg;
}
- public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) {
+ public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
this.userInfoSignedResponseAlg = userInfoSignedResponseAlg;
}
- @Embedded
- @AttributeOverrides({
- @AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_alg"))
- })
- public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() {
+ @Basic
+ @Column(name = "user_info_encrypted_response_alg")
+ @Convert(converter = JWEAlgorithmStringConverter.class)
+ public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
return userInfoEncryptedResponseAlg;
}
- public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) {
+ public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
}
- @Embedded
- @AttributeOverrides({
- @AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_enc"))
- })
- public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() {
+ @Basic
+ @Column(name = "user_info_encrypted_response_enc")
+ @Convert(converter = JWEEncryptionMethodStringConverter.class)
+ public EncryptionMethod getUserInfoEncryptedResponseEnc() {
return userInfoEncryptedResponseEnc;
}
- public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) {
+ public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc;
}
- @Embedded
- @AttributeOverrides({
- @AttributeOverride(name = "algorithmName", column=@Column(name="id_token_signed_response_alg"))
- })
- public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() {
+ @Basic
+ @Column(name="id_token_signed_response_alg")
+ @Convert(converter = JWSAlgorithmStringConverter.class)
+ public JWSAlgorithm getIdTokenSignedResponseAlg() {
return idTokenSignedResponseAlg;
}
- public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) {
+ public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
this.idTokenSignedResponseAlg = idTokenSignedResponseAlg;
}
- @Embedded
- @AttributeOverrides({
- @AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_alg"))
- })
- public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() {
+ @Basic
+ @Column(name = "id_token_encrypted_response_alg")
+ @Convert(converter = JWEAlgorithmStringConverter.class)
+ public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
return idTokenEncryptedResponseAlg;
}
- public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) {
+ public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg;
}
- @Embedded
- @AttributeOverrides({
- @AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_enc"))
- })
- public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() {
+ @Basic
+ @Column(name = "id_token_encrypted_response_enc")
+ @Convert(converter = JWEEncryptionMethodStringConverter.class)
+ public EncryptionMethod getIdTokenEncryptedResponseEnc() {
return idTokenEncryptedResponseEnc;
}
- public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) {
+ public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc;
}
- @Embedded
- @AttributeOverrides({
- @AttributeOverride(name = "algorithmName", column=@Column(name="token_endpoint_auth_signing_alg"))
- })
- public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
+ @Basic
+ @Column(name="token_endpoint_auth_signing_alg")
+ @Convert(converter = JWSAlgorithmStringConverter.class)
+ public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
return tokenEndpointAuthSigningAlg;
}
- public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
- this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlgEmbed;
- }
-
- //
- // Transient passthrough methods for JOSE elements
- //
-
- @Transient
- public JWSAlgorithm getRequestObjectSigningAlg() {
- if (requestObjectSigningAlg != null) {
- return requestObjectSigningAlg.getAlgorithm();
- } else {
- return null;
- }
- }
-
- public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
- this.requestObjectSigningAlg = new JWSAlgorithmEmbed(requestObjectSigningAlg);
- }
-
- @Transient
- public JWSAlgorithm getUserInfoSignedResponseAlg() {
- if (userInfoSignedResponseAlg != null) {
- return userInfoSignedResponseAlg.getAlgorithm();
- } else {
- return null;
- }
- }
-
- public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
- this.userInfoSignedResponseAlg = new JWSAlgorithmEmbed(userInfoSignedResponseAlg);
- }
-
- @Transient
- public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
- if (userInfoEncryptedResponseAlg != null) {
- return userInfoEncryptedResponseAlg.getAlgorithm();
- } else {
- return null;
- }
- }
-
- public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
- this.userInfoEncryptedResponseAlg = new JWEAlgorithmEmbed(userInfoEncryptedResponseAlg);
- }
-
- @Transient
- public EncryptionMethod getUserInfoEncryptedResponseEnc() {
- if (userInfoEncryptedResponseEnc != null) {
- return userInfoEncryptedResponseEnc.getAlgorithm();
- } else {
- return null;
- }
- }
-
- public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
- this.userInfoEncryptedResponseEnc = new JWEEncryptionMethodEmbed(userInfoEncryptedResponseEnc);
- }
-
- @Transient
- public JWSAlgorithm getIdTokenSignedResponseAlg() {
- if (idTokenSignedResponseAlg != null) {
- return idTokenSignedResponseAlg.getAlgorithm();
- } else {
- return null;
- }
- }
-
- public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
- this.idTokenSignedResponseAlg = new JWSAlgorithmEmbed(idTokenSignedResponseAlg);
- }
-
- @Transient
- public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
- if (idTokenEncryptedResponseAlg != null) {
- return idTokenEncryptedResponseAlg.getAlgorithm();
- } else {
- return null;
- }
- }
-
- public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
- this.idTokenEncryptedResponseAlg = new JWEAlgorithmEmbed(idTokenEncryptedResponseAlg);
- }
-
- @Transient
- public EncryptionMethod getIdTokenEncryptedResponseEnc() {
- if (idTokenEncryptedResponseEnc != null) {
- return idTokenEncryptedResponseEnc.getAlgorithm();
- } else {
- return null;
- }
- }
-
- public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
- this.idTokenEncryptedResponseEnc = new JWEEncryptionMethodEmbed(idTokenEncryptedResponseEnc);
- }
-
- @Transient
- public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
- if (tokenEndpointAuthSigningAlg != null) {
- return tokenEndpointAuthSigningAlg.getAlgorithm();
- } else {
- return null;
- }
- }
-
public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
- this.tokenEndpointAuthSigningAlg = new JWSAlgorithmEmbed(tokenEndpointAuthSigningAlg);
+ this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg;
}
- // END Transient JOSE methods
-
@Basic
@Column(name="default_max_age")
public Integer getDefaultMaxAge() {
@@ -1045,5 +922,5 @@ public class ClientDetailsEntity implements ClientDetails {
public boolean isAutoApprove(String scope) {
return false;
}
-
+
}
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java
new file mode 100644
index 000000000..a56fe21c4
--- /dev/null
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java
@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * Copyright 2015 The MITRE Corporation
+ * and the MIT Kerberos and Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+
+package org.mitre.oauth2.model;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+
+import com.nimbusds.jose.JWEAlgorithm;
+
+@Converter
+public class JWEAlgorithmStringConverter implements AttributeConverter<JWEAlgorithm, String> {
+
+ @Override
+ public String convertToDatabaseColumn(JWEAlgorithm attribute) {
+ if (attribute != null) {
+ return attribute.getName();
+ } else {
+ return null;
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
+ */
+ @Override
+ public JWEAlgorithm convertToEntityAttribute(String dbData) {
+ if (dbData != null) {
+ return JWEAlgorithm.parse(dbData);
+ } else {
+ return null;
+ }
+ }
+}
\ No newline at end of file
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java
new file mode 100644
index 000000000..2cdd09d24
--- /dev/null
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java
@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * Copyright 2015 The MITRE Corporation
+ * and the MIT Kerberos and Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+
+package org.mitre.oauth2.model;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+
+import com.nimbusds.jose.EncryptionMethod;
+
+@Converter
+public class JWEEncryptionMethodStringConverter implements AttributeConverter<EncryptionMethod, String> {
+
+ @Override
+ public String convertToDatabaseColumn(EncryptionMethod attribute) {
+ if (attribute != null) {
+ return attribute.getName();
+ } else {
+ return null;
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
+ */
+ @Override
+ public EncryptionMethod convertToEntityAttribute(String dbData) {
+ if (dbData != null) {
+ return EncryptionMethod.parse(dbData);
+ } else {
+ return null;
+ }
+ }
+}
\ No newline at end of file
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java
new file mode 100644
index 000000000..51cc48e24
--- /dev/null
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java
@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * Copyright 2015 The MITRE Corporation
+ * and the MIT Kerberos and Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+
+package org.mitre.oauth2.model;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+
+import com.nimbusds.jose.JWSAlgorithm;
+
+@Converter
+public class JWSAlgorithmStringConverter implements AttributeConverter<JWSAlgorithm, String> {
+
+ @Override
+ public String convertToDatabaseColumn(JWSAlgorithm attribute) {
+ if (attribute != null) {
+ return attribute.getName();
+ } else {
+ return null;
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
+ */
+ @Override
+ public JWSAlgorithm convertToEntityAttribute(String dbData) {
+ if (dbData != null) {
+ return JWSAlgorithm.parse(dbData);
+ } else {
+ return null;
+ }
+ }
+}
\ No newline at end of file
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
index 6e605c67c..4de3f5027 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
@@ -23,9 +23,6 @@ import java.util.Date;
import java.util.Map;
import java.util.Set;
-import org.mitre.jose.JWEAlgorithmEmbed;
-import org.mitre.jose.JWEEncryptionMethodEmbed;
-import org.mitre.jose.JWSAlgorithmEmbed;
import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
@@ -575,118 +572,7 @@ public class RegisteredClient {
public void setRequestUris(Set<String> requestUris) {
client.setRequestUris(requestUris);
}
- /**
- * @return
- * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlgEmbed()
- */
- public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() {
- return client.getRequestObjectSigningAlgEmbed();
- }
-
- /**
- * @param requestObjectSigningAlg
- * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
- */
- public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) {
- client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg);
- }
-
- /**
- * @return
- * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlgEmbed()
- */
- public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() {
- return client.getUserInfoSignedResponseAlgEmbed();
- }
-
- /**
- * @param userInfoSignedResponseAlg
- * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
- */
- public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) {
- client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg);
- }
-
- /**
- * @return
- * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlgEmbed()
- */
- public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() {
- return client.getUserInfoEncryptedResponseAlgEmbed();
- }
-
- /**
- * @param userInfoEncryptedResponseAlg
- * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
- */
- public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) {
- client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg);
- }
-
- /**
- * @return
- * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEncEmbed()
- */
- public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() {
- return client.getUserInfoEncryptedResponseEncEmbed();
- }
-
- /**
- * @param userInfoEncryptedResponseEnc
- * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
- */
- public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) {
- client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc);
- }
-
- /**
- * @return
- * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlgEmbed()
- */
- public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() {
- return client.getIdTokenSignedResponseAlgEmbed();
- }
-
- /**
- * @param idTokenSignedResponseAlg
- * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
- */
- public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) {
- client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg);
- }
-
- /**
- * @return
- * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlgEmbed()
- */
- public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() {
- return client.getIdTokenEncryptedResponseAlgEmbed();
- }
-
- /**
- * @param idTokenEncryptedResponseAlg
- * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
- */
- public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) {
- client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg);
- }
-
- /**
- * @return
- * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEncEmbed()
- */
- public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() {
- return client.getIdTokenEncryptedResponseEncEmbed();
- }
-
- /**
- * @param idTokenEncryptedResponseEnc
- * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
- */
- public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) {
- client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc);
- }
-
+
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg()
@@ -799,22 +685,6 @@ public class RegisteredClient {
client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc);
}
- /**
- * @return
- * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlgEmbed()
- */
- public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
- return client.getTokenEndpointAuthSigningAlgEmbed();
- }
-
- /**
- * @param tokenEndpointAuthSigningAlgEmbed
- * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
- */
- public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
- client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed);
- }
-
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg()
diff --git a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java b/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java
deleted file mode 100644
index a06ac5af1..000000000
--- a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*******************************************************************************
- * Copyright 2015 The MITRE Corporation
- * and the MIT Kerberos and Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-/**
- *
- */
-package org.mitre.jose;
-
-import org.junit.Test;
-
-import com.nimbusds.jose.EncryptionMethod;
-import com.nimbusds.jose.JWEAlgorithm;
-import com.nimbusds.jose.JWSAlgorithm;
-
-import static org.junit.Assert.assertEquals;
-
-/**
- *
- * These tests make sure that the algorithm name processing
- * is functional on the three embedded JOSE classes.
- *
- * @author jricher, tsitkov
- *
- */
-public class JOSEEmbedTest {
-
- @Test
- public void testJWSAlgorithmEmbed() {
- JWSAlgorithmEmbed a = new JWSAlgorithmEmbed(JWSAlgorithm.HS256);
-
- assertEquals(JWSAlgorithm.HS256, a.getAlgorithm());
- assertEquals("HS256", a.getAlgorithmName());
-
- a.setAlgorithm(JWSAlgorithm.HS384);
- assertEquals(JWSAlgorithm.HS384, a.getAlgorithm());
-
- JWSAlgorithmEmbed null_a = new JWSAlgorithmEmbed(null);
- assertEquals(null, null_a.getAlgorithm());
- assertEquals(null, null_a.getAlgorithmName());
- }
-
- @Test
- public void testJWSAlgorithmEmbedGetForAlgoirthmName() {
- JWSAlgorithmEmbed a = JWSAlgorithmEmbed.getForAlgorithmName("RS256");
-
- assertEquals(JWSAlgorithm.RS256, a.getAlgorithm());
- assertEquals("RS256", a.getAlgorithmName());
-
- JWSAlgorithmEmbed null_a = JWSAlgorithmEmbed.getForAlgorithmName("");
- assertEquals(null, null_a);
- }
-
- @Test
- public void testJWEAlgorithmEmbed() {
- JWEAlgorithmEmbed a = new JWEAlgorithmEmbed(JWEAlgorithm.A128KW);
-
- assertEquals(JWEAlgorithm.A128KW, a.getAlgorithm());
- assertEquals("A128KW", a.getAlgorithmName());
-
- a.setAlgorithm(JWEAlgorithm.A256KW);
- assertEquals(JWEAlgorithm.A256KW, a.getAlgorithm());
-
- JWEAlgorithmEmbed null_a = new JWEAlgorithmEmbed(null);
- assertEquals(null, null_a.getAlgorithm());
- assertEquals(null, null_a.getAlgorithmName());
- }
-
- @Test
- public void testJWEAlgorithmEmbedGetForAlgoirthmName() {
- JWEAlgorithmEmbed a = JWEAlgorithmEmbed.getForAlgorithmName("RSA1_5");
-
- assertEquals(JWEAlgorithm.RSA1_5, a.getAlgorithm());
- assertEquals("RSA1_5", a.getAlgorithmName());
-
- JWEAlgorithmEmbed null_a = JWEAlgorithmEmbed.getForAlgorithmName("");
- assertEquals(null, null_a);
- }
-
- @Test
- public void testJWEEncryptionMethodEmbed() {
- JWEEncryptionMethodEmbed a = new JWEEncryptionMethodEmbed(EncryptionMethod.A128CBC_HS256);
-
- assertEquals(EncryptionMethod.A128CBC_HS256, a.getAlgorithm());
- assertEquals("A128CBC-HS256", a.getAlgorithmName());
-
- a.setAlgorithm(EncryptionMethod.A256GCM);
- assertEquals(EncryptionMethod.A256GCM, a.getAlgorithm());
-
- JWEEncryptionMethodEmbed null_a = new JWEEncryptionMethodEmbed(null);
- assertEquals(null, null_a.getAlgorithm());
- assertEquals(null, null_a.getAlgorithmName());
- }
-
- @Test
- public void testJWEEncryptionMethodEmbedGetForAlgoirthmName() {
- JWEEncryptionMethodEmbed a = JWEEncryptionMethodEmbed.getForAlgorithmName("A256GCM");
-
- assertEquals(EncryptionMethod.A256GCM, a.getAlgorithm());
- assertEquals("A256GCM", a.getAlgorithmName());
-
- JWEEncryptionMethodEmbed null_a = JWEEncryptionMethodEmbed.getForAlgorithmName("");
- assertEquals(null, null_a);
- }
-
-}
diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
index 6432f37c7..eb40b2573 100644
--- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql
@@ -51,7 +51,7 @@ CREATE TABLE IF NOT EXISTS authentication_holder (
CREATE TABLE IF NOT EXISTS client_authority (
owner_id BIGINT,
- authority LONGVARBINARY
+ authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authorization_code (
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
index 7284acb80..b8704c12d 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
@@ -26,9 +26,6 @@ import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
-import org.mitre.jose.JWEAlgorithmEmbed;
-import org.mitre.jose.JWEEncryptionMethodEmbed;
-import org.mitre.jose.JWSAlgorithmEmbed;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
@@ -62,6 +59,9 @@ import com.google.common.collect.Sets;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonToken;
import com.google.gson.stream.JsonWriter;
+import com.nimbusds.jose.EncryptionMethod;
+import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWSAlgorithm;
import static org.mitre.util.JsonUtils.base64UrlDecodeObject;
import static org.mitre.util.JsonUtils.readMap;
@@ -664,17 +664,29 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals("requestObjectSigningAlg")) {
- JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setRequestObjectSigningAlgEmbed(alg);
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setRequestObjectSigningAlg(alg);
} else if (name.equals("userInfoEncryptedResponseAlg")) {
- JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoEncryptedResponseAlgEmbed(alg);
+ JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+ client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals("userInfoEncryptedResponseEnc")) {
- JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoEncryptedResponseEncEmbed(alg);
+ EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+ client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals("userInfoSignedResponseAlg")) {
- JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoSignedResponseAlgEmbed(alg);
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setUserInfoSignedResponseAlg(alg);
+ } else if (name.equals("idTokenSignedResonseAlg")) {
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setIdTokenSignedResponseAlg(alg);
+ } else if (name.equals("idTokenEncryptedResponseAlg")) {
+ JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+ client.setIdTokenEncryptedResponseAlg(alg);
+ } else if (name.equals("idTokenEncryptedResponseEnc")) {
+ EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+ client.setIdTokenEncryptedResponseEnc(alg);
+ } else if (name.equals("tokenEndpointAuthSigningAlg")) {
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals("defaultMaxAge")) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals("requireAuthTime")) {
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
index 8882f0a3f..414b70a42 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
@@ -28,9 +28,6 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
-import org.mitre.jose.JWEAlgorithmEmbed;
-import org.mitre.jose.JWEEncryptionMethodEmbed;
-import org.mitre.jose.JWSAlgorithmEmbed;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
@@ -64,6 +61,9 @@ import com.google.common.collect.Sets;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonToken;
import com.google.gson.stream.JsonWriter;
+import com.nimbusds.jose.EncryptionMethod;
+import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWSAlgorithm;
import static org.mitre.util.JsonUtils.base64UrlDecodeObject;
import static org.mitre.util.JsonUtils.readMap;
@@ -672,17 +672,29 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals("requestObjectSigningAlg")) {
- JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setRequestObjectSigningAlgEmbed(alg);
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setRequestObjectSigningAlg(alg);
} else if (name.equals("userInfoEncryptedResponseAlg")) {
- JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoEncryptedResponseAlgEmbed(alg);
+ JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+ client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals("userInfoEncryptedResponseEnc")) {
- JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoEncryptedResponseEncEmbed(alg);
+ EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+ client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals("userInfoSignedResponseAlg")) {
- JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoSignedResponseAlgEmbed(alg);
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setUserInfoSignedResponseAlg(alg);
+ } else if (name.equals("idTokenSignedResonseAlg")) {
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setIdTokenSignedResponseAlg(alg);
+ } else if (name.equals("idTokenEncryptedResponseAlg")) {
+ JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+ client.setIdTokenEncryptedResponseAlg(alg);
+ } else if (name.equals("idTokenEncryptedResponseEnc")) {
+ EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+ client.setIdTokenEncryptedResponseEnc(alg);
+ } else if (name.equals("tokenEndpointAuthSigningAlg")) {
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals("defaultMaxAge")) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals("requireAuthTime")) {
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
index b756f913d..a4679ce37 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
@@ -28,9 +28,6 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
-import org.mitre.jose.JWEAlgorithmEmbed;
-import org.mitre.jose.JWEEncryptionMethodEmbed;
-import org.mitre.jose.JWSAlgorithmEmbed;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
@@ -60,10 +57,12 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.stereotype.Service;
-import com.google.common.collect.Sets;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonToken;
import com.google.gson.stream.JsonWriter;
+import com.nimbusds.jose.EncryptionMethod;
+import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWSAlgorithm;
import static org.mitre.util.JsonUtils.base64UrlDecodeObject;
import static org.mitre.util.JsonUtils.base64UrlEncodeObject;
@@ -387,13 +386,21 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
writer.name("subjectType")
.value((client.getSubjectType() != null) ? client.getSubjectType().getValue() : null);
writer.name("requestObjectSigningAlg")
- .value((client.getRequestObjectSigningAlgEmbed() != null) ? client.getRequestObjectSigningAlgEmbed().getAlgorithmName() : null);
- writer.name("userInfoEncryptedResponseAlg")
- .value((client.getUserInfoEncryptedResponseAlgEmbed() != null) ? client.getUserInfoEncryptedResponseAlgEmbed().getAlgorithmName() : null);
- writer.name("userInfoEncryptedResponseEnc")
- .value((client.getUserInfoEncryptedResponseEncEmbed() != null) ? client.getUserInfoEncryptedResponseEncEmbed().getAlgorithmName() : null);
+ .value((client.getRequestObjectSigningAlg() != null) ? client.getRequestObjectSigningAlg().getName() : null);
+ writer.name("idTokenSignedResponseAlg")
+ .value((client.getIdTokenSignedResponseAlg() != null) ? client.getIdTokenSignedResponseAlg().getName() : null);
+ writer.name("idTokenEncryptedResponseAlg")
+ .value((client.getIdTokenEncryptedResponseAlg() != null) ? client.getIdTokenEncryptedResponseAlg().getName() : null);
+ writer.name("idTokenEncryptedResponseEnc")
+ .value((client.getIdTokenEncryptedResponseEnc() != null) ? client.getIdTokenEncryptedResponseEnc().getName() : null);
writer.name("userInfoSignedResponseAlg")
- .value((client.getUserInfoSignedResponseAlgEmbed() != null) ? client.getUserInfoSignedResponseAlgEmbed().getAlgorithmName() : null);
+ .value((client.getUserInfoSignedResponseAlg() != null) ? client.getUserInfoSignedResponseAlg().getName() : null);
+ writer.name("userInfoEncryptedResponseAlg")
+ .value((client.getUserInfoEncryptedResponseAlg() != null) ? client.getUserInfoEncryptedResponseAlg().getName() : null);
+ writer.name("userInfoEncryptedResponseEnc")
+ .value((client.getUserInfoEncryptedResponseEnc() != null) ? client.getUserInfoEncryptedResponseEnc().getName() : null);
+ writer.name("tokenEndpointAuthSigningAlg")
+ .value((client.getTokenEndpointAuthSigningAlg() != null) ? client.getTokenEndpointAuthSigningAlg().getName() : null);
writer.name("defaultMaxAge").value(client.getDefaultMaxAge());
Boolean requireAuthTime = null;
try {
@@ -1012,17 +1019,29 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
SubjectType st = SubjectType.getByValue(reader.nextString());
client.setSubjectType(st);
} else if (name.equals("requestObjectSigningAlg")) {
- JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setRequestObjectSigningAlgEmbed(alg);
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setRequestObjectSigningAlg(alg);
} else if (name.equals("userInfoEncryptedResponseAlg")) {
- JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoEncryptedResponseAlgEmbed(alg);
+ JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+ client.setUserInfoEncryptedResponseAlg(alg);
} else if (name.equals("userInfoEncryptedResponseEnc")) {
- JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoEncryptedResponseEncEmbed(alg);
+ EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+ client.setUserInfoEncryptedResponseEnc(alg);
} else if (name.equals("userInfoSignedResponseAlg")) {
- JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString());
- client.setUserInfoSignedResponseAlgEmbed(alg);
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setUserInfoSignedResponseAlg(alg);
+ } else if (name.equals("idTokenSignedResonseAlg")) {
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setIdTokenSignedResponseAlg(alg);
+ } else if (name.equals("idTokenEncryptedResponseAlg")) {
+ JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+ client.setIdTokenEncryptedResponseAlg(alg);
+ } else if (name.equals("idTokenEncryptedResponseEnc")) {
+ EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+ client.setIdTokenEncryptedResponseEnc(alg);
+ } else if (name.equals("tokenEndpointAuthSigningAlg")) {
+ JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+ client.setTokenEndpointAuthSigningAlg(alg);
} else if (name.equals("defaultMaxAge")) {
client.setDefaultMaxAge(reader.nextInt());
} else if (name.equals("requireAuthTime")) {
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
index b60bf1302..923839ea5 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
@@ -27,9 +27,6 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.mitre.jose.JWEAlgorithmEmbed;
-import org.mitre.jose.JWEEncryptionMethodEmbed;
-import org.mitre.jose.JWSAlgorithmEmbed;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
@@ -43,6 +40,9 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonPrimitive;
import com.google.gson.JsonSerializationContext;
import com.google.gson.JsonSerializer;
+import com.nimbusds.jose.EncryptionMethod;
+import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWSAlgorithm;
/**
*
@@ -62,31 +62,31 @@ public abstract class AbstractClientEntityView extends AbstractView {
private Gson gson = new GsonBuilder()
.setExclusionStrategies(getExclusionStrategy())
- .registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonSerializer<JWSAlgorithmEmbed>() {
+ .registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer<JWSAlgorithm>() {
@Override
- public JsonElement serialize(JWSAlgorithmEmbed src, Type typeOfSrc, JsonSerializationContext context) {
+ public JsonElement serialize(JWSAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
- return new JsonPrimitive(src.getAlgorithmName());
+ return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
- .registerTypeAdapter(JWEAlgorithmEmbed.class, new JsonSerializer<JWEAlgorithmEmbed>() {
+ .registerTypeAdapter(JWEAlgorithm.class, new JsonSerializer<JWEAlgorithm>() {
@Override
- public JsonElement serialize(JWEAlgorithmEmbed src, Type typeOfSrc, JsonSerializationContext context) {
+ public JsonElement serialize(JWEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
- return new JsonPrimitive(src.getAlgorithmName());
+ return new JsonPrimitive(src.getName());
} else {
return null;
}
}
})
- .registerTypeAdapter(JWEEncryptionMethodEmbed.class, new JsonSerializer<JWEEncryptionMethodEmbed>() {
+ .registerTypeAdapter(EncryptionMethod.class, new JsonSerializer<EncryptionMethod>() {
@Override
- public JsonElement serialize(JWEEncryptionMethodEmbed src, Type typeOfSrc, JsonSerializationContext context) {
+ public JsonElement serialize(EncryptionMethod src, Type typeOfSrc, JsonSerializationContext context) {
if (src != null) {
- return new JsonPrimitive(src.getAlgorithmName());
+ return new JsonPrimitive(src.getName());
} else {
return null;
}
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
index 37ab9ea95..a70ea964b 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
@@ -19,9 +19,6 @@ package org.mitre.openid.connect.web;
import java.lang.reflect.Type;
import java.util.Collection;
-import org.mitre.jose.JWEAlgorithmEmbed;
-import org.mitre.jose.JWEEncryptionMethodEmbed;
-import org.mitre.jose.JWSAlgorithmEmbed;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.service.ClientDetailsEntityService;
@@ -40,7 +37,6 @@ import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.stereotype.Controller;
@@ -62,6 +58,10 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
+import com.nimbusds.jose.Algorithm;
+import com.nimbusds.jose.EncryptionMethod;
+import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWSAlgorithm;
/**
* @author Michael Jett <mjett@mitre.org>
@@ -87,31 +87,31 @@ public class ClientAPI {
private Gson gson = new GsonBuilder()
.serializeNulls()
- .registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonDeserializer<JWSAlgorithmEmbed>() {
+ .registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer<Algorithm>() {
@Override
- public JWSAlgorithmEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+ public JWSAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
- return JWSAlgorithmEmbed.getForAlgorithmName(json.getAsString());
+ return JWSAlgorithm.parse(json.getAsString());
} else {
return null;
}
}
})
- .registerTypeAdapter(JWEAlgorithmEmbed.class, new JsonDeserializer<JWEAlgorithmEmbed>() {
+ .registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer<Algorithm>() {
@Override
- public JWEAlgorithmEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+ public JWEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
- return JWEAlgorithmEmbed.getForAlgorithmName(json.getAsString());
+ return JWEAlgorithm.parse(json.getAsString());
} else {
return null;
}
}
})
- .registerTypeAdapter(JWEEncryptionMethodEmbed.class, new JsonDeserializer<JWEEncryptionMethodEmbed>() {
+ .registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer<Algorithm>() {
@Override
- public JWEEncryptionMethodEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+ public EncryptionMethod deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
if (json.isJsonPrimitive()) {
- return JWEEncryptionMethodEmbed.getForAlgorithmName(json.getAsString());
+ return EncryptionMethod.parse(json.getAsString());
} else {
return null;
}