From cb8abca0f6681ea5d096bec0e6165f7bc627310a Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 20 May 2015 18:09:41 -0400 Subject: [PATCH] removed embedded JOSE classes in favor of converters --- .../org/mitre/jose/JWEAlgorithmEmbed.java | 110 --------- .../mitre/jose/JWEEncryptionMethodEmbed.java | 108 --------- .../org/mitre/jose/JWSAlgorithmEmbed.java | 117 --------- .../oauth2/model/ClientDetailsEntity.java | 223 ++++-------------- .../model/JWEAlgorithmStringConverter.java | 48 ++++ .../JWEEncryptionMethodStringConverter.java | 48 ++++ .../model/JWSAlgorithmStringConverter.java | 48 ++++ .../mitre/oauth2/model/RegisteredClient.java | 132 +---------- .../java/org/mitre/jose/JOSEEmbedTest.java | 118 --------- .../db/tables/hsql_database_tables.sql | 2 +- .../service/impl/MITREidDataService_1_0.java | 34 ++- .../service/impl/MITREidDataService_1_1.java | 34 ++- .../service/impl/MITREidDataService_1_2.java | 55 +++-- .../view/AbstractClientEntityView.java | 24 +- .../mitre/openid/connect/web/ClientAPI.java | 26 +- 15 files changed, 304 insertions(+), 823 deletions(-) delete mode 100644 openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java delete mode 100644 openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java delete mode 100644 openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java create mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java create mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java create mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java delete mode 100644 openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java deleted file mode 100644 index 5943f650c..000000000 --- a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java +++ /dev/null @@ -1,110 +0,0 @@ -/******************************************************************************* - * Copyright 2015 The MITRE Corporation - * and the MIT Kerberos and Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.jose; - -import javax.persistence.Basic; -import javax.persistence.Embeddable; -import javax.persistence.Transient; - -import com.google.common.base.Strings; -import com.nimbusds.jose.JWEAlgorithm; - -/** - * - * Wrapper class for Nimbus JOSE objects to fit into JPA - * - * @author jricher - * - */ -@Embeddable -public class JWEAlgorithmEmbed { - - public static final JWEAlgorithmEmbed NONE = getForAlgorithmName("none"); - - private JWEAlgorithm algorithm; - - public JWEAlgorithmEmbed() { - - } - - public JWEAlgorithmEmbed(JWEAlgorithm algorithm) { - this.algorithm = algorithm; - } - - public static JWEAlgorithmEmbed getForAlgorithmName (String algorithmName) { - JWEAlgorithmEmbed ent = new JWEAlgorithmEmbed(); - ent.setAlgorithmName(algorithmName); - if (ent.getAlgorithm() == null) { - return null; - } else { - return ent; - } - } - - /** - * Get the name of this algorithm, return null if no algorithm set. - * @return - */ - @Basic - public String getAlgorithmName() { - if (algorithm != null) { - return algorithm.getName(); - } else { - return null; - } - } - - /** - * Set the name of this algorithm. - * Calls JWEAlgorithm.parse() - * @param algorithmName - */ - public void setAlgorithmName(String algorithmName) { - if (!Strings.isNullOrEmpty(algorithmName)) { - algorithm = JWEAlgorithm.parse(algorithmName); - } else { - algorithm = null; - } - } - - /* (non-Javadoc) - * @see java.lang.Object#toString() - */ - @Override - public String toString() { - return "JWEAlgorithmEmbed [algorithm=" + algorithm + "]"; - } - - /** - * @return the algorithm - */ - @Transient - public JWEAlgorithm getAlgorithm() { - return algorithm; - } - - /** - * @param algorithm the algorithm to set - */ - public void setAlgorithm(JWEAlgorithm algorithm) { - this.algorithm = algorithm; - } - -} diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java deleted file mode 100644 index d53cf0919..000000000 --- a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java +++ /dev/null @@ -1,108 +0,0 @@ -/******************************************************************************* - * Copyright 2015 The MITRE Corporation - * and the MIT Kerberos and Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.jose; - -import javax.persistence.Basic; -import javax.persistence.Embeddable; -import javax.persistence.Transient; - -import com.google.common.base.Strings; -import com.nimbusds.jose.EncryptionMethod; - -/** - * @author jricher - * - */ -@Embeddable -public class JWEEncryptionMethodEmbed { - - public static final JWEEncryptionMethodEmbed NONE = getForAlgorithmName("none"); - - private EncryptionMethod algorithm; - - public JWEEncryptionMethodEmbed() { - - } - - public JWEEncryptionMethodEmbed(EncryptionMethod algorithm) { - this.algorithm = algorithm; - } - - public static JWEEncryptionMethodEmbed getForAlgorithmName (String algorithmName) { - JWEEncryptionMethodEmbed ent = new JWEEncryptionMethodEmbed(); - ent.setAlgorithmName(algorithmName); - if (ent.getAlgorithm() == null) { - return null; - } else { - return ent; - } - } - - /** - * Get the name of this algorithm, return null if no algorithm set. - * @return - */ - @Basic - public String getAlgorithmName() { - if (algorithm != null) { - return algorithm.getName(); - } else { - return null; - } - } - - /** - * Set the name of this algorithm. - * Calls EncryptionMethod.parse() - * @param algorithmName - */ - public void setAlgorithmName(String algorithmName) { - if (!Strings.isNullOrEmpty(algorithmName)) { - algorithm = EncryptionMethod.parse(algorithmName); - } else { - algorithm = null; - } - } - - /* (non-Javadoc) - * @see java.lang.Object#toString() - */ - @Override - public String toString() { - return "JWEEncryptionMethodEmbed [algorithm=" + algorithm + "]"; - } - - /** - * @return the algorithm - */ - @Transient - public EncryptionMethod getAlgorithm() { - return algorithm; - } - - /** - * @param algorithm the algorithm to set - */ - public void setAlgorithm(EncryptionMethod algorithm) { - this.algorithm = algorithm; - } - - -} diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java deleted file mode 100644 index c82bf120f..000000000 --- a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java +++ /dev/null @@ -1,117 +0,0 @@ -/******************************************************************************* - * Copyright 2015 The MITRE Corporation - * and the MIT Kerberos and Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.jose; - -import javax.persistence.Basic; -import javax.persistence.Embeddable; -import javax.persistence.Transient; - -import com.google.common.base.Strings; -import com.nimbusds.jose.JWSAlgorithm; - -/** - * - * Wrapper class for Nimbus JOSE objects to fit into JPA - * - * @author jricher - * - */ -@Embeddable -public class JWSAlgorithmEmbed { - - public static final JWSAlgorithmEmbed NONE = getForAlgorithmName("none"); - - private JWSAlgorithm algorithm; - - public JWSAlgorithmEmbed() { - - } - - public JWSAlgorithmEmbed(JWSAlgorithm algorithm) { - this.algorithm = algorithm; - } - - /** - * - * @param algorithmName - * @return null if algorithmName is empty or null - */ - public static JWSAlgorithmEmbed getForAlgorithmName (String algorithmName) { - JWSAlgorithmEmbed ent = new JWSAlgorithmEmbed(); - ent.setAlgorithmName(algorithmName); - if (ent.getAlgorithm() == null) { - return null; - } else { - return ent; - } - } - - /** - * Get the name of this algorithm, return null if no algorithm set. - * @return - */ - @Basic - public String getAlgorithmName() { - if (algorithm != null) { - return algorithm.getName(); - } else { - return null; - } - } - - /** - * Set the name of this algorithm. - * Calls JWSAlgorithm.parse() - * @param algorithmName - */ - public void setAlgorithmName(String algorithmName) { - if (!Strings.isNullOrEmpty(algorithmName)) { - algorithm = JWSAlgorithm.parse(algorithmName); - } else { - algorithm = null; - } - } - - /** - * @return the algorithm - */ - @Transient - public JWSAlgorithm getAlgorithm() { - return algorithm; - } - - /** - * @param algorithm the algorithm to set - */ - public void setAlgorithm(JWSAlgorithm algorithm) { - this.algorithm = algorithm; - } - - /* (non-Javadoc) - * @see java.lang.Object#toString() - */ - @Override - public String toString() { - return "JWSAlgorithmEmbed [algorithm=" + algorithm + "]"; - } - - - -} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index 931ba2a2a..f0a0e95ef 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -25,13 +25,11 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; -import javax.persistence.AttributeOverride; -import javax.persistence.AttributeOverrides; import javax.persistence.Basic; import javax.persistence.CollectionTable; import javax.persistence.Column; +import javax.persistence.Convert; import javax.persistence.ElementCollection; -import javax.persistence.Embedded; import javax.persistence.Entity; import javax.persistence.EnumType; import javax.persistence.Enumerated; @@ -49,9 +47,6 @@ import javax.persistence.Temporal; import javax.persistence.TemporalType; import javax.persistence.Transient; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; -import org.mitre.jose.JWSAlgorithmEmbed; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.provider.ClientDetails; @@ -103,17 +98,17 @@ public class ClientDetailsEntity implements ClientDetails { private String sectorIdentifierUri; // sector_identifier_uri private SubjectType subjectType; // subject_type - private JWSAlgorithmEmbed requestObjectSigningAlg = null; // request_object_signing_alg + private JWSAlgorithm requestObjectSigningAlg = null; // request_object_signing_alg - private JWSAlgorithmEmbed userInfoSignedResponseAlg = null; // user_info_signed_response_alg - private JWEAlgorithmEmbed userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg - private JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc + private JWSAlgorithm userInfoSignedResponseAlg = null; // user_info_signed_response_alg + private JWEAlgorithm userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg + private EncryptionMethod userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc - private JWSAlgorithmEmbed idTokenSignedResponseAlg = null; // id_token_signed_response_alg - private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg - private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc + private JWSAlgorithm idTokenSignedResponseAlg = null; // id_token_signed_response_alg + private JWEAlgorithm idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg + private EncryptionMethod idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc - private JWSAlgorithmEmbed tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg + private JWSAlgorithm tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg private Integer defaultMaxAge; // default_max_age private Boolean requireAuthTime; // require_auth_time @@ -700,212 +695,94 @@ public class ClientDetailsEntity implements ClientDetails { this.sectorIdentifierUri = sectorIdentifierUri; } - @Embedded - @AttributeOverrides({ - @AttributeOverride(name = "algorithmName", column=@Column(name="request_object_signing_alg")) - }) - public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() { + @Basic + @Column(name = "request_object_signing_alg") + @Convert(converter = JWSAlgorithmStringConverter.class) + public JWSAlgorithm getRequestObjectSigningAlg() { return requestObjectSigningAlg; } - public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) { + public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) { this.requestObjectSigningAlg = requestObjectSigningAlg; } - @Embedded - @AttributeOverrides({ - @AttributeOverride(name = "algorithmName", column=@Column(name="user_info_signed_response_alg")) - }) - public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() { + @Basic + @Column(name = "user_info_signed_response_alg") + @Convert(converter = JWSAlgorithmStringConverter.class) + public JWSAlgorithm getUserInfoSignedResponseAlg() { return userInfoSignedResponseAlg; } - public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) { + public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) { this.userInfoSignedResponseAlg = userInfoSignedResponseAlg; } - @Embedded - @AttributeOverrides({ - @AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_alg")) - }) - public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() { + @Basic + @Column(name = "user_info_encrypted_response_alg") + @Convert(converter = JWEAlgorithmStringConverter.class) + public JWEAlgorithm getUserInfoEncryptedResponseAlg() { return userInfoEncryptedResponseAlg; } - public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) { + public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) { this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg; } - @Embedded - @AttributeOverrides({ - @AttributeOverride(name = "algorithmName", column=@Column(name="user_info_encrypted_response_enc")) - }) - public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() { + @Basic + @Column(name = "user_info_encrypted_response_enc") + @Convert(converter = JWEEncryptionMethodStringConverter.class) + public EncryptionMethod getUserInfoEncryptedResponseEnc() { return userInfoEncryptedResponseEnc; } - public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) { + public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) { this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc; } - @Embedded - @AttributeOverrides({ - @AttributeOverride(name = "algorithmName", column=@Column(name="id_token_signed_response_alg")) - }) - public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() { + @Basic + @Column(name="id_token_signed_response_alg") + @Convert(converter = JWSAlgorithmStringConverter.class) + public JWSAlgorithm getIdTokenSignedResponseAlg() { return idTokenSignedResponseAlg; } - public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) { + public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) { this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; } - @Embedded - @AttributeOverrides({ - @AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_alg")) - }) - public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() { + @Basic + @Column(name = "id_token_encrypted_response_alg") + @Convert(converter = JWEAlgorithmStringConverter.class) + public JWEAlgorithm getIdTokenEncryptedResponseAlg() { return idTokenEncryptedResponseAlg; } - public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) { + public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) { this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; } - @Embedded - @AttributeOverrides({ - @AttributeOverride(name = "algorithmName", column=@Column(name="id_token_encrypted_response_enc")) - }) - public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() { + @Basic + @Column(name = "id_token_encrypted_response_enc") + @Convert(converter = JWEEncryptionMethodStringConverter.class) + public EncryptionMethod getIdTokenEncryptedResponseEnc() { return idTokenEncryptedResponseEnc; } - public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) { + public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) { this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; } - @Embedded - @AttributeOverrides({ - @AttributeOverride(name = "algorithmName", column=@Column(name="token_endpoint_auth_signing_alg")) - }) - public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() { + @Basic + @Column(name="token_endpoint_auth_signing_alg") + @Convert(converter = JWSAlgorithmStringConverter.class) + public JWSAlgorithm getTokenEndpointAuthSigningAlg() { return tokenEndpointAuthSigningAlg; } - public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) { - this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlgEmbed; - } - - // - // Transient passthrough methods for JOSE elements - // - - @Transient - public JWSAlgorithm getRequestObjectSigningAlg() { - if (requestObjectSigningAlg != null) { - return requestObjectSigningAlg.getAlgorithm(); - } else { - return null; - } - } - - public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) { - this.requestObjectSigningAlg = new JWSAlgorithmEmbed(requestObjectSigningAlg); - } - - @Transient - public JWSAlgorithm getUserInfoSignedResponseAlg() { - if (userInfoSignedResponseAlg != null) { - return userInfoSignedResponseAlg.getAlgorithm(); - } else { - return null; - } - } - - public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) { - this.userInfoSignedResponseAlg = new JWSAlgorithmEmbed(userInfoSignedResponseAlg); - } - - @Transient - public JWEAlgorithm getUserInfoEncryptedResponseAlg() { - if (userInfoEncryptedResponseAlg != null) { - return userInfoEncryptedResponseAlg.getAlgorithm(); - } else { - return null; - } - } - - public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) { - this.userInfoEncryptedResponseAlg = new JWEAlgorithmEmbed(userInfoEncryptedResponseAlg); - } - - @Transient - public EncryptionMethod getUserInfoEncryptedResponseEnc() { - if (userInfoEncryptedResponseEnc != null) { - return userInfoEncryptedResponseEnc.getAlgorithm(); - } else { - return null; - } - } - - public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) { - this.userInfoEncryptedResponseEnc = new JWEEncryptionMethodEmbed(userInfoEncryptedResponseEnc); - } - - @Transient - public JWSAlgorithm getIdTokenSignedResponseAlg() { - if (idTokenSignedResponseAlg != null) { - return idTokenSignedResponseAlg.getAlgorithm(); - } else { - return null; - } - } - - public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) { - this.idTokenSignedResponseAlg = new JWSAlgorithmEmbed(idTokenSignedResponseAlg); - } - - @Transient - public JWEAlgorithm getIdTokenEncryptedResponseAlg() { - if (idTokenEncryptedResponseAlg != null) { - return idTokenEncryptedResponseAlg.getAlgorithm(); - } else { - return null; - } - } - - public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) { - this.idTokenEncryptedResponseAlg = new JWEAlgorithmEmbed(idTokenEncryptedResponseAlg); - } - - @Transient - public EncryptionMethod getIdTokenEncryptedResponseEnc() { - if (idTokenEncryptedResponseEnc != null) { - return idTokenEncryptedResponseEnc.getAlgorithm(); - } else { - return null; - } - } - - public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) { - this.idTokenEncryptedResponseEnc = new JWEEncryptionMethodEmbed(idTokenEncryptedResponseEnc); - } - - @Transient - public JWSAlgorithm getTokenEndpointAuthSigningAlg() { - if (tokenEndpointAuthSigningAlg != null) { - return tokenEndpointAuthSigningAlg.getAlgorithm(); - } else { - return null; - } - } - public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) { - this.tokenEndpointAuthSigningAlg = new JWSAlgorithmEmbed(tokenEndpointAuthSigningAlg); + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; } - // END Transient JOSE methods - @Basic @Column(name="default_max_age") public Integer getDefaultMaxAge() { @@ -1045,5 +922,5 @@ public class ClientDetailsEntity implements ClientDetails { public boolean isAutoApprove(String scope) { return false; } - + } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java new file mode 100644 index 000000000..a56fe21c4 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEAlgorithmStringConverter.java @@ -0,0 +1,48 @@ +/******************************************************************************* + * Copyright 2015 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *******************************************************************************/ + +package org.mitre.oauth2.model; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +import com.nimbusds.jose.JWEAlgorithm; + +@Converter +public class JWEAlgorithmStringConverter implements AttributeConverter { + + @Override + public String convertToDatabaseColumn(JWEAlgorithm attribute) { + if (attribute != null) { + return attribute.getName(); + } else { + return null; + } + } + + /* (non-Javadoc) + * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) + */ + @Override + public JWEAlgorithm convertToEntityAttribute(String dbData) { + if (dbData != null) { + return JWEAlgorithm.parse(dbData); + } else { + return null; + } + } +} \ No newline at end of file diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java new file mode 100644 index 000000000..2cdd09d24 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWEEncryptionMethodStringConverter.java @@ -0,0 +1,48 @@ +/******************************************************************************* + * Copyright 2015 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *******************************************************************************/ + +package org.mitre.oauth2.model; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +import com.nimbusds.jose.EncryptionMethod; + +@Converter +public class JWEEncryptionMethodStringConverter implements AttributeConverter { + + @Override + public String convertToDatabaseColumn(EncryptionMethod attribute) { + if (attribute != null) { + return attribute.getName(); + } else { + return null; + } + } + + /* (non-Javadoc) + * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) + */ + @Override + public EncryptionMethod convertToEntityAttribute(String dbData) { + if (dbData != null) { + return EncryptionMethod.parse(dbData); + } else { + return null; + } + } +} \ No newline at end of file diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java new file mode 100644 index 000000000..51cc48e24 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/JWSAlgorithmStringConverter.java @@ -0,0 +1,48 @@ +/******************************************************************************* + * Copyright 2015 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *******************************************************************************/ + +package org.mitre.oauth2.model; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +import com.nimbusds.jose.JWSAlgorithm; + +@Converter +public class JWSAlgorithmStringConverter implements AttributeConverter { + + @Override + public String convertToDatabaseColumn(JWSAlgorithm attribute) { + if (attribute != null) { + return attribute.getName(); + } else { + return null; + } + } + + /* (non-Javadoc) + * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) + */ + @Override + public JWSAlgorithm convertToEntityAttribute(String dbData) { + if (dbData != null) { + return JWSAlgorithm.parse(dbData); + } else { + return null; + } + } +} \ No newline at end of file diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java index 6e605c67c..4de3f5027 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java @@ -23,9 +23,6 @@ import java.util.Date; import java.util.Map; import java.util.Set; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; -import org.mitre.jose.JWSAlgorithmEmbed; import org.mitre.oauth2.model.ClientDetailsEntity.AppType; import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; @@ -575,118 +572,7 @@ public class RegisteredClient { public void setRequestUris(Set requestUris) { client.setRequestUris(requestUris); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlgEmbed() - */ - public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() { - return client.getRequestObjectSigningAlgEmbed(); - } - - /** - * @param requestObjectSigningAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed) - */ - public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) { - client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg); - } - - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlgEmbed() - */ - public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() { - return client.getUserInfoSignedResponseAlgEmbed(); - } - - /** - * @param userInfoSignedResponseAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed) - */ - public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) { - client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg); - } - - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlgEmbed() - */ - public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() { - return client.getUserInfoEncryptedResponseAlgEmbed(); - } - - /** - * @param userInfoEncryptedResponseAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed) - */ - public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) { - client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg); - } - - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEncEmbed() - */ - public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() { - return client.getUserInfoEncryptedResponseEncEmbed(); - } - - /** - * @param userInfoEncryptedResponseEnc - * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed) - */ - public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) { - client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc); - } - - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlgEmbed() - */ - public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() { - return client.getIdTokenSignedResponseAlgEmbed(); - } - - /** - * @param idTokenSignedResponseAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed) - */ - public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) { - client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg); - } - - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlgEmbed() - */ - public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() { - return client.getIdTokenEncryptedResponseAlgEmbed(); - } - - /** - * @param idTokenEncryptedResponseAlg - * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed) - */ - public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) { - client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg); - } - - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEncEmbed() - */ - public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() { - return client.getIdTokenEncryptedResponseEncEmbed(); - } - - /** - * @param idTokenEncryptedResponseEnc - * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed) - */ - public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) { - client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc); - } - + /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg() @@ -799,22 +685,6 @@ public class RegisteredClient { client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc); } - /** - * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlgEmbed() - */ - public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() { - return client.getTokenEndpointAuthSigningAlgEmbed(); - } - - /** - * @param tokenEndpointAuthSigningAlgEmbed - * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed) - */ - public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) { - client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed); - } - /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg() diff --git a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java b/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java deleted file mode 100644 index a06ac5af1..000000000 --- a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java +++ /dev/null @@ -1,118 +0,0 @@ -/******************************************************************************* - * Copyright 2015 The MITRE Corporation - * and the MIT Kerberos and Internet Trust Consortium - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *******************************************************************************/ -/** - * - */ -package org.mitre.jose; - -import org.junit.Test; - -import com.nimbusds.jose.EncryptionMethod; -import com.nimbusds.jose.JWEAlgorithm; -import com.nimbusds.jose.JWSAlgorithm; - -import static org.junit.Assert.assertEquals; - -/** - * - * These tests make sure that the algorithm name processing - * is functional on the three embedded JOSE classes. - * - * @author jricher, tsitkov - * - */ -public class JOSEEmbedTest { - - @Test - public void testJWSAlgorithmEmbed() { - JWSAlgorithmEmbed a = new JWSAlgorithmEmbed(JWSAlgorithm.HS256); - - assertEquals(JWSAlgorithm.HS256, a.getAlgorithm()); - assertEquals("HS256", a.getAlgorithmName()); - - a.setAlgorithm(JWSAlgorithm.HS384); - assertEquals(JWSAlgorithm.HS384, a.getAlgorithm()); - - JWSAlgorithmEmbed null_a = new JWSAlgorithmEmbed(null); - assertEquals(null, null_a.getAlgorithm()); - assertEquals(null, null_a.getAlgorithmName()); - } - - @Test - public void testJWSAlgorithmEmbedGetForAlgoirthmName() { - JWSAlgorithmEmbed a = JWSAlgorithmEmbed.getForAlgorithmName("RS256"); - - assertEquals(JWSAlgorithm.RS256, a.getAlgorithm()); - assertEquals("RS256", a.getAlgorithmName()); - - JWSAlgorithmEmbed null_a = JWSAlgorithmEmbed.getForAlgorithmName(""); - assertEquals(null, null_a); - } - - @Test - public void testJWEAlgorithmEmbed() { - JWEAlgorithmEmbed a = new JWEAlgorithmEmbed(JWEAlgorithm.A128KW); - - assertEquals(JWEAlgorithm.A128KW, a.getAlgorithm()); - assertEquals("A128KW", a.getAlgorithmName()); - - a.setAlgorithm(JWEAlgorithm.A256KW); - assertEquals(JWEAlgorithm.A256KW, a.getAlgorithm()); - - JWEAlgorithmEmbed null_a = new JWEAlgorithmEmbed(null); - assertEquals(null, null_a.getAlgorithm()); - assertEquals(null, null_a.getAlgorithmName()); - } - - @Test - public void testJWEAlgorithmEmbedGetForAlgoirthmName() { - JWEAlgorithmEmbed a = JWEAlgorithmEmbed.getForAlgorithmName("RSA1_5"); - - assertEquals(JWEAlgorithm.RSA1_5, a.getAlgorithm()); - assertEquals("RSA1_5", a.getAlgorithmName()); - - JWEAlgorithmEmbed null_a = JWEAlgorithmEmbed.getForAlgorithmName(""); - assertEquals(null, null_a); - } - - @Test - public void testJWEEncryptionMethodEmbed() { - JWEEncryptionMethodEmbed a = new JWEEncryptionMethodEmbed(EncryptionMethod.A128CBC_HS256); - - assertEquals(EncryptionMethod.A128CBC_HS256, a.getAlgorithm()); - assertEquals("A128CBC-HS256", a.getAlgorithmName()); - - a.setAlgorithm(EncryptionMethod.A256GCM); - assertEquals(EncryptionMethod.A256GCM, a.getAlgorithm()); - - JWEEncryptionMethodEmbed null_a = new JWEEncryptionMethodEmbed(null); - assertEquals(null, null_a.getAlgorithm()); - assertEquals(null, null_a.getAlgorithmName()); - } - - @Test - public void testJWEEncryptionMethodEmbedGetForAlgoirthmName() { - JWEEncryptionMethodEmbed a = JWEEncryptionMethodEmbed.getForAlgorithmName("A256GCM"); - - assertEquals(EncryptionMethod.A256GCM, a.getAlgorithm()); - assertEquals("A256GCM", a.getAlgorithmName()); - - JWEEncryptionMethodEmbed null_a = JWEEncryptionMethodEmbed.getForAlgorithmName(""); - assertEquals(null, null_a); - } - -} diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql index 6432f37c7..eb40b2573 100644 --- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql @@ -51,7 +51,7 @@ CREATE TABLE IF NOT EXISTS authentication_holder ( CREATE TABLE IF NOT EXISTS client_authority ( owner_id BIGINT, - authority LONGVARBINARY + authority VARCHAR(256) ); CREATE TABLE IF NOT EXISTS authorization_code ( diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java index 7284acb80..b8704c12d 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java @@ -26,9 +26,6 @@ import java.util.LinkedHashSet; import java.util.Map; import java.util.Set; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; -import org.mitre.jose.JWSAlgorithmEmbed; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AppType; @@ -62,6 +59,9 @@ import com.google.common.collect.Sets; import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonToken; import com.google.gson.stream.JsonWriter; +import com.nimbusds.jose.EncryptionMethod; +import com.nimbusds.jose.JWEAlgorithm; +import com.nimbusds.jose.JWSAlgorithm; import static org.mitre.util.JsonUtils.base64UrlDecodeObject; import static org.mitre.util.JsonUtils.readMap; @@ -664,17 +664,29 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements SubjectType st = SubjectType.getByValue(reader.nextString()); client.setSubjectType(st); } else if (name.equals("requestObjectSigningAlg")) { - JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setRequestObjectSigningAlgEmbed(alg); + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setRequestObjectSigningAlg(alg); } else if (name.equals("userInfoEncryptedResponseAlg")) { - JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoEncryptedResponseAlgEmbed(alg); + JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); + client.setUserInfoEncryptedResponseAlg(alg); } else if (name.equals("userInfoEncryptedResponseEnc")) { - JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoEncryptedResponseEncEmbed(alg); + EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); + client.setUserInfoEncryptedResponseEnc(alg); } else if (name.equals("userInfoSignedResponseAlg")) { - JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoSignedResponseAlgEmbed(alg); + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setUserInfoSignedResponseAlg(alg); + } else if (name.equals("idTokenSignedResonseAlg")) { + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setIdTokenSignedResponseAlg(alg); + } else if (name.equals("idTokenEncryptedResponseAlg")) { + JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); + client.setIdTokenEncryptedResponseAlg(alg); + } else if (name.equals("idTokenEncryptedResponseEnc")) { + EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); + client.setIdTokenEncryptedResponseEnc(alg); + } else if (name.equals("tokenEndpointAuthSigningAlg")) { + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setTokenEndpointAuthSigningAlg(alg); } else if (name.equals("defaultMaxAge")) { client.setDefaultMaxAge(reader.nextInt()); } else if (name.equals("requireAuthTime")) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java index 8882f0a3f..414b70a42 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java @@ -28,9 +28,6 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Set; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; -import org.mitre.jose.JWSAlgorithmEmbed; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AppType; @@ -64,6 +61,9 @@ import com.google.common.collect.Sets; import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonToken; import com.google.gson.stream.JsonWriter; +import com.nimbusds.jose.EncryptionMethod; +import com.nimbusds.jose.JWEAlgorithm; +import com.nimbusds.jose.JWSAlgorithm; import static org.mitre.util.JsonUtils.base64UrlDecodeObject; import static org.mitre.util.JsonUtils.readMap; @@ -672,17 +672,29 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements SubjectType st = SubjectType.getByValue(reader.nextString()); client.setSubjectType(st); } else if (name.equals("requestObjectSigningAlg")) { - JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setRequestObjectSigningAlgEmbed(alg); + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setRequestObjectSigningAlg(alg); } else if (name.equals("userInfoEncryptedResponseAlg")) { - JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoEncryptedResponseAlgEmbed(alg); + JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); + client.setUserInfoEncryptedResponseAlg(alg); } else if (name.equals("userInfoEncryptedResponseEnc")) { - JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoEncryptedResponseEncEmbed(alg); + EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); + client.setUserInfoEncryptedResponseEnc(alg); } else if (name.equals("userInfoSignedResponseAlg")) { - JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoSignedResponseAlgEmbed(alg); + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setUserInfoSignedResponseAlg(alg); + } else if (name.equals("idTokenSignedResonseAlg")) { + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setIdTokenSignedResponseAlg(alg); + } else if (name.equals("idTokenEncryptedResponseAlg")) { + JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); + client.setIdTokenEncryptedResponseAlg(alg); + } else if (name.equals("idTokenEncryptedResponseEnc")) { + EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); + client.setIdTokenEncryptedResponseEnc(alg); + } else if (name.equals("tokenEndpointAuthSigningAlg")) { + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setTokenEndpointAuthSigningAlg(alg); } else if (name.equals("defaultMaxAge")) { client.setDefaultMaxAge(reader.nextInt()); } else if (name.equals("requireAuthTime")) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java index b756f913d..a4679ce37 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java @@ -28,9 +28,6 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Set; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; -import org.mitre.jose.JWSAlgorithmEmbed; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AppType; @@ -60,10 +57,12 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.stereotype.Service; -import com.google.common.collect.Sets; import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonToken; import com.google.gson.stream.JsonWriter; +import com.nimbusds.jose.EncryptionMethod; +import com.nimbusds.jose.JWEAlgorithm; +import com.nimbusds.jose.JWSAlgorithm; import static org.mitre.util.JsonUtils.base64UrlDecodeObject; import static org.mitre.util.JsonUtils.base64UrlEncodeObject; @@ -387,13 +386,21 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements writer.name("subjectType") .value((client.getSubjectType() != null) ? client.getSubjectType().getValue() : null); writer.name("requestObjectSigningAlg") - .value((client.getRequestObjectSigningAlgEmbed() != null) ? client.getRequestObjectSigningAlgEmbed().getAlgorithmName() : null); - writer.name("userInfoEncryptedResponseAlg") - .value((client.getUserInfoEncryptedResponseAlgEmbed() != null) ? client.getUserInfoEncryptedResponseAlgEmbed().getAlgorithmName() : null); - writer.name("userInfoEncryptedResponseEnc") - .value((client.getUserInfoEncryptedResponseEncEmbed() != null) ? client.getUserInfoEncryptedResponseEncEmbed().getAlgorithmName() : null); + .value((client.getRequestObjectSigningAlg() != null) ? client.getRequestObjectSigningAlg().getName() : null); + writer.name("idTokenSignedResponseAlg") + .value((client.getIdTokenSignedResponseAlg() != null) ? client.getIdTokenSignedResponseAlg().getName() : null); + writer.name("idTokenEncryptedResponseAlg") + .value((client.getIdTokenEncryptedResponseAlg() != null) ? client.getIdTokenEncryptedResponseAlg().getName() : null); + writer.name("idTokenEncryptedResponseEnc") + .value((client.getIdTokenEncryptedResponseEnc() != null) ? client.getIdTokenEncryptedResponseEnc().getName() : null); writer.name("userInfoSignedResponseAlg") - .value((client.getUserInfoSignedResponseAlgEmbed() != null) ? client.getUserInfoSignedResponseAlgEmbed().getAlgorithmName() : null); + .value((client.getUserInfoSignedResponseAlg() != null) ? client.getUserInfoSignedResponseAlg().getName() : null); + writer.name("userInfoEncryptedResponseAlg") + .value((client.getUserInfoEncryptedResponseAlg() != null) ? client.getUserInfoEncryptedResponseAlg().getName() : null); + writer.name("userInfoEncryptedResponseEnc") + .value((client.getUserInfoEncryptedResponseEnc() != null) ? client.getUserInfoEncryptedResponseEnc().getName() : null); + writer.name("tokenEndpointAuthSigningAlg") + .value((client.getTokenEndpointAuthSigningAlg() != null) ? client.getTokenEndpointAuthSigningAlg().getName() : null); writer.name("defaultMaxAge").value(client.getDefaultMaxAge()); Boolean requireAuthTime = null; try { @@ -1012,17 +1019,29 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements SubjectType st = SubjectType.getByValue(reader.nextString()); client.setSubjectType(st); } else if (name.equals("requestObjectSigningAlg")) { - JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setRequestObjectSigningAlgEmbed(alg); + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setRequestObjectSigningAlg(alg); } else if (name.equals("userInfoEncryptedResponseAlg")) { - JWEAlgorithmEmbed alg = JWEAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoEncryptedResponseAlgEmbed(alg); + JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); + client.setUserInfoEncryptedResponseAlg(alg); } else if (name.equals("userInfoEncryptedResponseEnc")) { - JWEEncryptionMethodEmbed alg = JWEEncryptionMethodEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoEncryptedResponseEncEmbed(alg); + EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); + client.setUserInfoEncryptedResponseEnc(alg); } else if (name.equals("userInfoSignedResponseAlg")) { - JWSAlgorithmEmbed alg = JWSAlgorithmEmbed.getForAlgorithmName(reader.nextString()); - client.setUserInfoSignedResponseAlgEmbed(alg); + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setUserInfoSignedResponseAlg(alg); + } else if (name.equals("idTokenSignedResonseAlg")) { + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setIdTokenSignedResponseAlg(alg); + } else if (name.equals("idTokenEncryptedResponseAlg")) { + JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString()); + client.setIdTokenEncryptedResponseAlg(alg); + } else if (name.equals("idTokenEncryptedResponseEnc")) { + EncryptionMethod alg = EncryptionMethod.parse(reader.nextString()); + client.setIdTokenEncryptedResponseEnc(alg); + } else if (name.equals("tokenEndpointAuthSigningAlg")) { + JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); + client.setTokenEndpointAuthSigningAlg(alg); } else if (name.equals("defaultMaxAge")) { client.setDefaultMaxAge(reader.nextInt()); } else if (name.equals("requireAuthTime")) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java index b60bf1302..923839ea5 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java @@ -27,9 +27,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; -import org.mitre.jose.JWSAlgorithmEmbed; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; @@ -43,6 +40,9 @@ import com.google.gson.JsonElement; import com.google.gson.JsonPrimitive; import com.google.gson.JsonSerializationContext; import com.google.gson.JsonSerializer; +import com.nimbusds.jose.EncryptionMethod; +import com.nimbusds.jose.JWEAlgorithm; +import com.nimbusds.jose.JWSAlgorithm; /** * @@ -62,31 +62,31 @@ public abstract class AbstractClientEntityView extends AbstractView { private Gson gson = new GsonBuilder() .setExclusionStrategies(getExclusionStrategy()) - .registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonSerializer() { + .registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer() { @Override - public JsonElement serialize(JWSAlgorithmEmbed src, Type typeOfSrc, JsonSerializationContext context) { + public JsonElement serialize(JWSAlgorithm src, Type typeOfSrc, JsonSerializationContext context) { if (src != null) { - return new JsonPrimitive(src.getAlgorithmName()); + return new JsonPrimitive(src.getName()); } else { return null; } } }) - .registerTypeAdapter(JWEAlgorithmEmbed.class, new JsonSerializer() { + .registerTypeAdapter(JWEAlgorithm.class, new JsonSerializer() { @Override - public JsonElement serialize(JWEAlgorithmEmbed src, Type typeOfSrc, JsonSerializationContext context) { + public JsonElement serialize(JWEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) { if (src != null) { - return new JsonPrimitive(src.getAlgorithmName()); + return new JsonPrimitive(src.getName()); } else { return null; } } }) - .registerTypeAdapter(JWEEncryptionMethodEmbed.class, new JsonSerializer() { + .registerTypeAdapter(EncryptionMethod.class, new JsonSerializer() { @Override - public JsonElement serialize(JWEEncryptionMethodEmbed src, Type typeOfSrc, JsonSerializationContext context) { + public JsonElement serialize(EncryptionMethod src, Type typeOfSrc, JsonSerializationContext context) { if (src != null) { - return new JsonPrimitive(src.getAlgorithmName()); + return new JsonPrimitive(src.getName()); } else { return null; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index 37ab9ea95..a70ea964b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -19,9 +19,6 @@ package org.mitre.openid.connect.web; import java.lang.reflect.Type; import java.util.Collection; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; -import org.mitre.jose.JWSAlgorithmEmbed; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.service.ClientDetailsEntityService; @@ -40,7 +37,6 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; @@ -62,6 +58,10 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; +import com.nimbusds.jose.Algorithm; +import com.nimbusds.jose.EncryptionMethod; +import com.nimbusds.jose.JWEAlgorithm; +import com.nimbusds.jose.JWSAlgorithm; /** * @author Michael Jett @@ -87,31 +87,31 @@ public class ClientAPI { private Gson gson = new GsonBuilder() .serializeNulls() - .registerTypeAdapter(JWSAlgorithmEmbed.class, new JsonDeserializer() { + .registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer() { @Override - public JWSAlgorithmEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { + public JWSAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { if (json.isJsonPrimitive()) { - return JWSAlgorithmEmbed.getForAlgorithmName(json.getAsString()); + return JWSAlgorithm.parse(json.getAsString()); } else { return null; } } }) - .registerTypeAdapter(JWEAlgorithmEmbed.class, new JsonDeserializer() { + .registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer() { @Override - public JWEAlgorithmEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { + public JWEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { if (json.isJsonPrimitive()) { - return JWEAlgorithmEmbed.getForAlgorithmName(json.getAsString()); + return JWEAlgorithm.parse(json.getAsString()); } else { return null; } } }) - .registerTypeAdapter(JWEEncryptionMethodEmbed.class, new JsonDeserializer() { + .registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer() { @Override - public JWEEncryptionMethodEmbed deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { + public EncryptionMethod deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { if (json.isJsonPrimitive()) { - return JWEEncryptionMethodEmbed.getForAlgorithmName(json.getAsString()); + return EncryptionMethod.parse(json.getAsString()); } else { return null; }