github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updated data import/export services for 1.3

pull/954/merge
Justin Richer 2016-12-08 17:01:55 -05:00
parent 7725fcfa2b
commit d875d52be7
6 changed files with 3188 additions and 1247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openid-connect-common/src/main/java/org/mitre/openid/connect/service/MITREidDataService.java
View File

@ -33,6 +33,7 @@ public interface MITREidDataService {
public static final String MITREID_CONNECT_1_0 = "mitreid-connect-1.0";
public static final String MITREID_CONNECT_1_1 = "mitreid-connect-1.1";
public static final String MITREID_CONNECT_1_2 = "mitreid-connect-1.2";
public static final String MITREID_CONNECT_1_3 = "mitreid-connect-1.3";
// member names
public static final String REFRESHTOKENS = "refreshTokens";

362
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
View File

@ -170,367 +170,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
@Override
public void exportData(JsonWriter writer) throws IOException {
// version tag at the root
writer.name(MITREID_CONNECT_1_2);
writer.beginObject();
// clients list
writer.name(CLIENTS);
writer.beginArray();
writeClients(writer);
writer.endArray();
writer.name(GRANTS);
writer.beginArray();
writeGrants(writer);
writer.endArray();
writer.name(WHITELISTEDSITES);
writer.beginArray();
writeWhitelistedSites(writer);
writer.endArray();
writer.name(BLACKLISTEDSITES);
writer.beginArray();
writeBlacklistedSites(writer);
writer.endArray();
writer.name(AUTHENTICATIONHOLDERS);
writer.beginArray();
writeAuthenticationHolders(writer);
writer.endArray();
writer.name(ACCESSTOKENS);
writer.beginArray();
writeAccessTokens(writer);
writer.endArray();
writer.name(REFRESHTOKENS);
writer.beginArray();
writeRefreshTokens(writer);
writer.endArray();
writer.name(SYSTEMSCOPES);
writer.beginArray();
writeSystemScopes(writer);
writer.endArray();
writer.endObject(); // end mitreid-connect-1.2
}
/**
* @param writer
*/
private void writeRefreshTokens(JsonWriter writer) throws IOException {
for (OAuth2RefreshTokenEntity token : tokenRepository.getAllRefreshTokens()) {
writer.beginObject();
writer.name(ID).value(token.getId());
writer.name(EXPIRATION).value(toUTCString(token.getExpiration()));
writer.name(CLIENT_ID)
.value((token.getClient() != null) ? token.getClient().getClientId() : null);
writer.name(AUTHENTICATION_HOLDER_ID)
.value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null);
writer.name(VALUE).value(token.getValue());
writer.endObject();
logger.debug("Wrote refresh token {}", token.getId());
}
logger.info("Done writing refresh tokens");
}
/**
* @param writer
*/
private void writeAccessTokens(JsonWriter writer) throws IOException {
for (OAuth2AccessTokenEntity token : tokenRepository.getAllAccessTokens()) {
writer.beginObject();
writer.name(ID).value(token.getId());
writer.name(EXPIRATION).value(toUTCString(token.getExpiration()));
writer.name(CLIENT_ID)
.value((token.getClient() != null) ? token.getClient().getClientId() : null);
writer.name(AUTHENTICATION_HOLDER_ID)
.value((token.getAuthenticationHolder() != null) ? token.getAuthenticationHolder().getId() : null);
writer.name(REFRESH_TOKEN_ID)
.value((token.getRefreshToken() != null) ? token.getRefreshToken().getId() : null);
writer.name(ID_TOKEN_ID)
.value((token.getIdToken() != null) ? token.getIdToken().getId() : null);
writer.name(SCOPE);
writer.beginArray();
for (String s : token.getScope()) {
writer.value(s);
}
writer.endArray();
writer.name(TYPE).value(token.getTokenType());
writer.name(VALUE).value(token.getValue());
writer.endObject();
logger.debug("Wrote access token {}", token.getId());
}
logger.info("Done writing access tokens");
}
/**
* @param writer
*/
private void writeAuthenticationHolders(JsonWriter writer) throws IOException {
for (AuthenticationHolderEntity holder : authHolderRepository.getAll()) {
writer.beginObject();
writer.name(ID).value(holder.getId());
writer.name(REQUEST_PARAMETERS);
writer.beginObject();
for (Entry<String, String> entry : holder.getRequestParameters().entrySet()) {
writer.name(entry.getKey()).value(entry.getValue());
}
writer.endObject();
writer.name(CLIENT_ID).value(holder.getClientId());
Set<String> scope = holder.getScope();
writer.name(SCOPE);
writer.beginArray();
for (String s : scope) {
writer.value(s);
}
writer.endArray();
writer.name(RESOURCE_IDS);
writer.beginArray();
if (holder.getResourceIds() != null) {
for (String s : holder.getResourceIds()) {
writer.value(s);
}
}
writer.endArray();
writer.name(AUTHORITIES);
writer.beginArray();
for (GrantedAuthority authority : holder.getAuthorities()) {
writer.value(authority.getAuthority());
}
writer.endArray();
writer.name(APPROVED).value(holder.isApproved());
writer.name(REDIRECT_URI).value(holder.getRedirectUri());
writer.name(RESPONSE_TYPES);
writer.beginArray();
for (String s : holder.getResponseTypes()) {
writer.value(s);
}
writer.endArray();
writer.name(EXTENSIONS);
writer.beginObject();
for (Entry<String, Serializable> entry : holder.getExtensions().entrySet()) {
// while the extension map itself is Serializable, we enforce storage of Strings
if (entry.getValue() instanceof String) {
writer.name(entry.getKey()).value((String) entry.getValue());
} else {
logger.warn("Skipping non-string extension: " + entry);
}
}
writer.endObject();
writer.name(SAVED_USER_AUTHENTICATION);
if (holder.getUserAuth() != null) {
writer.beginObject();
writer.name(NAME).value(holder.getUserAuth().getName());
writer.name(SOURCE_CLASS).value(holder.getUserAuth().getSourceClass());
writer.name(AUTHENTICATED).value(holder.getUserAuth().isAuthenticated());
writer.name(AUTHORITIES);
writer.beginArray();
for (GrantedAuthority authority : holder.getUserAuth().getAuthorities()) {
writer.value(authority.getAuthority());
}
writer.endArray();
writer.endObject();
} else {
writer.nullValue();
}
writer.endObject();
logger.debug("Wrote authentication holder {}", holder.getId());
}
logger.info("Done writing authentication holders");
}
/**
* @param writer
*/
private void writeGrants(JsonWriter writer) throws IOException {
for (ApprovedSite site : approvedSiteRepository.getAll()) {
writer.beginObject();
writer.name(ID).value(site.getId());
writer.name(ACCESS_DATE).value(toUTCString(site.getAccessDate()));
writer.name(CLIENT_ID).value(site.getClientId());
writer.name(CREATION_DATE).value(toUTCString(site.getCreationDate()));
writer.name(TIMEOUT_DATE).value(toUTCString(site.getTimeoutDate()));
writer.name(USER_ID).value(site.getUserId());
writer.name(ALLOWED_SCOPES);
writeNullSafeArray(writer, site.getAllowedScopes());
Set<OAuth2AccessTokenEntity> tokens = site.getApprovedAccessTokens();
writer.name(APPROVED_ACCESS_TOKENS);
writer.beginArray();
for (OAuth2AccessTokenEntity token : tokens) {
writer.value(token.getId());
}
writer.endArray();
writer.endObject();
logger.debug("Wrote grant {}", site.getId());
}
logger.info("Done writing grants");
}
/**
* @param writer
*/
private void writeWhitelistedSites(JsonWriter writer) throws IOException {
for (WhitelistedSite wlSite : wlSiteRepository.getAll()) {
writer.beginObject();
writer.name(ID).value(wlSite.getId());
writer.name(CLIENT_ID).value(wlSite.getClientId());
writer.name(CREATOR_USER_ID).value(wlSite.getCreatorUserId());
writer.name(ALLOWED_SCOPES);
writeNullSafeArray(writer, wlSite.getAllowedScopes());
writer.endObject();
logger.debug("Wrote whitelisted site {}", wlSite.getId());
}
logger.info("Done writing whitelisted sites");
}
/**
* @param writer
*/
private void writeBlacklistedSites(JsonWriter writer) throws IOException {
for (BlacklistedSite blSite : blSiteRepository.getAll()) {
writer.beginObject();
writer.name(ID).value(blSite.getId());
writer.name(URI).value(blSite.getUri());
writer.endObject();
logger.debug("Wrote blacklisted site {}", blSite.getId());
}
logger.info("Done writing blacklisted sites");
}
/**
* @param writer
*/
private void writeClients(JsonWriter writer) {
for (ClientDetailsEntity client : clientRepository.getAllClients()) {
try {
writer.beginObject();
writer.name(CLIENT_ID).value(client.getClientId());
writer.name(RESOURCE_IDS);
writeNullSafeArray(writer, client.getResourceIds());
writer.name(SECRET).value(client.getClientSecret());
writer.name(SCOPE);
writeNullSafeArray(writer, client.getScope());
writer.name(AUTHORITIES);
writer.beginArray();
for (GrantedAuthority authority : client.getAuthorities()) {
writer.value(authority.getAuthority());
}
writer.endArray();
writer.name(ACCESS_TOKEN_VALIDITY_SECONDS).value(client.getAccessTokenValiditySeconds());
writer.name(REFRESH_TOKEN_VALIDITY_SECONDS).value(client.getRefreshTokenValiditySeconds());
writer.name(REDIRECT_URIS);
writeNullSafeArray(writer, client.getRedirectUris());
writer.name(CLAIMS_REDIRECT_URIS);
writeNullSafeArray(writer, client.getClaimsRedirectUris());
writer.name(NAME).value(client.getClientName());
writer.name(URI).value(client.getClientUri());
writer.name(LOGO_URI).value(client.getLogoUri());
writer.name(CONTACTS);
writeNullSafeArray(writer, client.getContacts());
writer.name(TOS_URI).value(client.getTosUri());
writer.name(TOKEN_ENDPOINT_AUTH_METHOD)
.value((client.getTokenEndpointAuthMethod() != null) ? client.getTokenEndpointAuthMethod().getValue() : null);
writer.name(GRANT_TYPES);
writer.beginArray();
for (String s : client.getGrantTypes()) {
writer.value(s);
}
writer.endArray();
writer.name(RESPONSE_TYPES);
writer.beginArray();
for (String s : client.getResponseTypes()) {
writer.value(s);
}
writer.endArray();
writer.name(POLICY_URI).value(client.getPolicyUri());
writer.name(JWKS_URI).value(client.getJwksUri());
writer.name(JWKS).value((client.getJwks() != null) ? client.getJwks().toString() : null);
writer.name(APPLICATION_TYPE)
.value((client.getApplicationType() != null) ? client.getApplicationType().getValue() : null);
writer.name(SECTOR_IDENTIFIER_URI).value(client.getSectorIdentifierUri());
writer.name(SUBJECT_TYPE)
.value((client.getSubjectType() != null) ? client.getSubjectType().getValue() : null);
writer.name(REQUEST_OBJECT_SIGNING_ALG)
.value((client.getRequestObjectSigningAlg() != null) ? client.getRequestObjectSigningAlg().getName() : null);
writer.name(ID_TOKEN_SIGNED_RESPONSE_ALG)
.value((client.getIdTokenSignedResponseAlg() != null) ? client.getIdTokenSignedResponseAlg().getName() : null);
writer.name(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)
.value((client.getIdTokenEncryptedResponseAlg() != null) ? client.getIdTokenEncryptedResponseAlg().getName() : null);
writer.name(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)
.value((client.getIdTokenEncryptedResponseEnc() != null) ? client.getIdTokenEncryptedResponseEnc().getName() : null);
writer.name(USER_INFO_SIGNED_RESPONSE_ALG)
.value((client.getUserInfoSignedResponseAlg() != null) ? client.getUserInfoSignedResponseAlg().getName() : null);
writer.name(USER_INFO_ENCRYPTED_RESPONSE_ALG)
.value((client.getUserInfoEncryptedResponseAlg() != null) ? client.getUserInfoEncryptedResponseAlg().getName() : null);
writer.name(USER_INFO_ENCRYPTED_RESPONSE_ENC)
.value((client.getUserInfoEncryptedResponseEnc() != null) ? client.getUserInfoEncryptedResponseEnc().getName() : null);
writer.name(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)
.value((client.getTokenEndpointAuthSigningAlg() != null) ? client.getTokenEndpointAuthSigningAlg().getName() : null);
writer.name(DEFAULT_MAX_AGE).value(client.getDefaultMaxAge());
Boolean requireAuthTime = null;
try {
requireAuthTime = client.getRequireAuthTime();
} catch (NullPointerException e) {
}
if (requireAuthTime != null) {
writer.name(REQUIRE_AUTH_TIME).value(requireAuthTime);
}
writer.name(DEFAULT_ACR_VALUES);
writeNullSafeArray(writer, client.getDefaultACRvalues());
writer.name(INTITATE_LOGIN_URI).value(client.getInitiateLoginUri());
writer.name(POST_LOGOUT_REDIRECT_URI);
writeNullSafeArray(writer, client.getPostLogoutRedirectUris());
writer.name(REQUEST_URIS);
writeNullSafeArray(writer, client.getRequestUris());
writer.name(DESCRIPTION).value(client.getClientDescription());
writer.name(ALLOW_INTROSPECTION).value(client.isAllowIntrospection());
writer.name(REUSE_REFRESH_TOKEN).value(client.isReuseRefreshToken());
writer.name(CLEAR_ACCESS_TOKENS_ON_REFRESH).value(client.isClearAccessTokensOnRefresh());
writer.name(DYNAMICALLY_REGISTERED).value(client.isDynamicallyRegistered());
writer.endObject();
logger.debug("Wrote client {}", client.getId());
} catch (IOException ex) {
logger.error("Unable to write client {}", client.getId(), ex);
}
}
logger.info("Done writing clients");
}
/**
* @param writer
*/
private void writeSystemScopes(JsonWriter writer) {
for (SystemScope sysScope : sysScopeRepository.getAll()) {
try {
writer.beginObject();
writer.name(ID).value(sysScope.getId());
writer.name(DESCRIPTION).value(sysScope.getDescription());
writer.name(ICON).value(sysScope.getIcon());
writer.name(VALUE).value(sysScope.getValue());
writer.name(RESTRICTED).value(sysScope.isRestricted());
writer.name(STRUCTURED).value(sysScope.isStructured());
writer.name(STRUCTURED_PARAMETER).value(sysScope.getStructuredParamDescription());
writer.name(DEFAULT_SCOPE).value(sysScope.isDefaultScope());
writer.endObject();
logger.debug("Wrote system scope {}", sysScope.getId());
} catch (IOException ex) {
logger.error("Unable to write system scope {}", sysScope.getId(), ex);
}
}
logger.info("Done writing system scopes");
throw new UnsupportedOperationException("Can not export 1.2 format from this version.");
}
/* (non-Javadoc)

1292
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_3.java Normal file
View File

File diff suppressed because it is too large Load Diff

8
openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java
View File

@ -29,6 +29,7 @@ import org.mitre.openid.connect.service.MITREidDataService;
import org.mitre.openid.connect.service.impl.MITREidDataService_1_0;
import org.mitre.openid.connect.service.impl.MITREidDataService_1_1;
import org.mitre.openid.connect.service.impl.MITREidDataService_1_2;
import org.mitre.openid.connect.service.impl.MITREidDataService_1_3;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -75,6 +76,9 @@ public class DataAPI {
@Autowired
private MITREidDataService_1_2 dataService_1_2;
@Autowired
private MITREidDataService_1_3 dataService_1_3;
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE)
public String importData(Reader in, Model m) throws IOException {
@ -94,6 +98,8 @@ public class DataAPI {
dataService_1_1.importData(reader);
} else if (name.equals(MITREidDataService.MITREID_CONNECT_1_2)) {
dataService_1_2.importData(reader);
} else if (name.equals(MITREidDataService.MITREID_CONNECT_1_3)) {
dataService_1_3.importData(reader);
} else {
// consume the next bit silently for now
logger.debug("Skipping value for " + name); // TODO: write these out?
@ -134,7 +140,7 @@ public class DataAPI {
writer.value(prin.getName());
// delegate to the service to do the actual export
dataService_1_2.exportData(writer);
dataService_1_3.exportData(writer);
writer.endObject(); // end root
writer.close();

885
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
View File

@ -149,121 +149,6 @@ public class TestMITREidDataService_1_2 {
Mockito.reset(clientRepository, approvedSiteRepository, authHolderRepository, tokenRepository, sysScopeRepository, wlSiteRepository, blSiteRepository);
}
@Test
public void testExportRefreshTokens() throws IOException, ParseException {
String expiration1 = "2014-09-10T22:49:44.090+0000";
Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH);
ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class);
when(mockedClient1.getClientId()).thenReturn("mocked_client_1");
AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class);
when(mockedAuthHolder1.getId()).thenReturn(1L);
OAuth2RefreshTokenEntity token1 = new OAuth2RefreshTokenEntity();
token1.setId(1L);
token1.setClient(mockedClient1);
token1.setExpiration(expirationDate1);
token1.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJmOTg4OWQyOS0xMTk1LTQ4ODEtODgwZC1lZjVlYzAwY2Y4NDIifQ."));
token1.setAuthenticationHolder(mockedAuthHolder1);
String expiration2 = "2015-01-07T18:31:50.079+0000";
Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH);
ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class);
when(mockedClient2.getClientId()).thenReturn("mocked_client_2");
AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class);
when(mockedAuthHolder2.getId()).thenReturn(2L);
OAuth2RefreshTokenEntity token2 = new OAuth2RefreshTokenEntity();
token2.setId(2L);
token2.setClient(mockedClient2);
token2.setExpiration(expirationDate2);
token2.setJwt(JWTParser.parse("eyJhbGciOiJub25lIn0.eyJqdGkiOiJlYmEyYjc3My0xNjAzLTRmNDAtOWQ3MS1hMGIxZDg1OWE2MDAifQ."));
token2.setAuthenticationHolder(mockedAuthHolder2);
Set<OAuth2RefreshTokenEntity> allRefreshTokens = ImmutableSet.of(token1, token2);
Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet<ClientDetailsEntity>());
Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet<ApprovedSite>());
Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet<WhitelistedSite>());
Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet<BlacklistedSite>());
Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList<AuthenticationHolderEntity>());
Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet<OAuth2AccessTokenEntity>());
Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(allRefreshTokens);
Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet<SystemScope>());
// do the data export
StringWriter stringWriter = new StringWriter();
JsonWriter writer = new JsonWriter(stringWriter);
writer.beginObject();
dataService.exportData(writer);
writer.endObject();
writer.close();
// parse the output as a JSON object for testing
JsonElement elem = new JsonParser().parse(stringWriter.toString());
JsonObject root = elem.getAsJsonObject();
// make sure the root is there
assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_2), is(true));
JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_2).getAsJsonObject();
// make sure all the root elements are there
assertThat(config.has(MITREidDataService.CLIENTS), is(true));
assertThat(config.has(MITREidDataService.GRANTS), is(true));
assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true));
assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true));
assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true));
assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true));
// make sure the root elements are all arrays
assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true));
// check our refresh token list (this test)
JsonArray refreshTokens = config.get(MITREidDataService.REFRESHTOKENS).getAsJsonArray();
assertThat(refreshTokens.size(), is(2));
// check for both of our refresh tokens in turn
Set<OAuth2RefreshTokenEntity> checked = new HashSet<>();
for (JsonElement e : refreshTokens) {
assertThat(e.isJsonObject(), is(true));
JsonObject token = e.getAsJsonObject();
OAuth2RefreshTokenEntity compare = null;
if (token.get("id").getAsLong() == token1.getId()) {
compare = token1;
} else if (token.get("id").getAsLong() == token2.getId()) {
compare = token2;
}
if (compare == null) {
fail("Could not find matching id: " + token.get("id").getAsString());
} else {
assertThat(token.get("id").getAsLong(), equalTo(compare.getId()));
assertThat(token.get("clientId").getAsString(), equalTo(compare.getClient().getClientId()));
assertThat(token.get("expiration").getAsString(), equalTo(formatter.print(compare.getExpiration(), Locale.ENGLISH)));
assertThat(token.get("value").getAsString(), equalTo(compare.getValue()));
assertThat(token.get("authenticationHolderId").getAsLong(), equalTo(compare.getAuthenticationHolder().getId()));
checked.add(compare);
}
}
// make sure all of our refresh tokens were found
assertThat(checked.containsAll(allRefreshTokens), is(true));
}
private class refreshTokenIdComparator implements Comparator<OAuth2RefreshTokenEntity> {
@Override
public int compare(OAuth2RefreshTokenEntity entity1, OAuth2RefreshTokenEntity entity2) {
@ -384,143 +269,6 @@ public class TestMITREidDataService_1_2 {
assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue()));
}
@Test
public void testExportAccessTokens() throws IOException, ParseException {
String expiration1 = "2014-09-10T22:49:44.090+0000";
Date expirationDate1 = formatter.parse(expiration1, Locale.ENGLISH);
ClientDetailsEntity mockedClient1 = mock(ClientDetailsEntity.class);
when(mockedClient1.getClientId()).thenReturn("mocked_client_1");
AuthenticationHolderEntity mockedAuthHolder1 = mock(AuthenticationHolderEntity.class);
when(mockedAuthHolder1.getId()).thenReturn(1L);
OAuth2AccessTokenEntity token1 = new OAuth2AccessTokenEntity();
token1.setId(1L);
token1.setClient(mockedClient1);
token1.setExpiration(expirationDate1);
token1.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3ODk5NjgsInN1YiI6IjkwMzQyLkFTREZKV0ZBIiwiYXRfaGFzaCI6InptTmt1QmNRSmNYQktNaVpFODZqY0EiLCJhdWQiOlsiY2xpZW50Il0sImlzcyI6Imh0dHA6XC9cL2xvY2FsaG9zdDo4MDgwXC9vcGVuaWQtY29ubmVjdC1zZXJ2ZXItd2ViYXBwXC8iLCJpYXQiOjE0MTI3ODkzNjh9.xkEJ9IMXpH7qybWXomfq9WOOlpGYnrvGPgey9UQ4GLzbQx7JC0XgJK83PmrmBZosvFPCmota7FzI_BtwoZLgAZfFiH6w3WIlxuogoH-TxmYbxEpTHoTsszZppkq9mNgOlArV4jrR9y3TPo4MovsH71dDhS_ck-CvAlJunHlqhs0"));
token1.setAuthenticationHolder(mockedAuthHolder1);
token1.setScope(ImmutableSet.of("id-token"));
token1.setTokenType("Bearer");
String expiration2 = "2015-01-07T18:31:50.079+0000";
Date expirationDate2 = formatter.parse(expiration2, Locale.ENGLISH);
ClientDetailsEntity mockedClient2 = mock(ClientDetailsEntity.class);
when(mockedClient2.getClientId()).thenReturn("mocked_client_2");
AuthenticationHolderEntity mockedAuthHolder2 = mock(AuthenticationHolderEntity.class);
when(mockedAuthHolder2.getId()).thenReturn(2L);
OAuth2RefreshTokenEntity mockRefreshToken2 = mock(OAuth2RefreshTokenEntity.class);
when(mockRefreshToken2.getId()).thenReturn(1L);
OAuth2AccessTokenEntity token2 = new OAuth2AccessTokenEntity();
token2.setId(2L);
token2.setClient(mockedClient2);
token2.setExpiration(expirationDate2);
token2.setJwt(JWTParser.parse("eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MTI3OTI5NjgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL29wZW5pZC1jb25uZWN0LXNlcnZlci13ZWJhcHBcLyIsImp0aSI6IjBmZGE5ZmRiLTYyYzItNGIzZS05OTdiLWU0M2VhMDUwMzNiOSIsImlhdCI6MTQxMjc4OTM2OH0.xgaVpRLYE5MzbgXfE0tZt823tjAm6Oh3_kdR1P2I9jRLR6gnTlBQFlYi3Y_0pWNnZSerbAE8Tn6SJHZ9k-curVG0-ByKichV7CNvgsE5X_2wpEaUzejvKf8eZ-BammRY-ie6yxSkAarcUGMvGGOLbkFcz5CtrBpZhfd75J49BIQ"));
token2.setAuthenticationHolder(mockedAuthHolder2);
token2.setIdToken(token1);
token2.setRefreshToken(mockRefreshToken2);
token2.setScope(ImmutableSet.of("openid", "offline_access", "email", "profile"));
token2.setTokenType("Bearer");
Set<OAuth2AccessTokenEntity> allAccessTokens = ImmutableSet.of(token1, token2);
Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet<ClientDetailsEntity>());
Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet<ApprovedSite>());
Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet<WhitelistedSite>());
Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet<BlacklistedSite>());
Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList<AuthenticationHolderEntity>());
Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet<OAuth2RefreshTokenEntity>());
Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(allAccessTokens);
Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet<SystemScope>());
// do the data export
StringWriter stringWriter = new StringWriter();
JsonWriter writer = new JsonWriter(stringWriter);
writer.beginObject();
dataService.exportData(writer);
writer.endObject();
writer.close();
// parse the output as a JSON object for testing
JsonElement elem = new JsonParser().parse(stringWriter.toString());
JsonObject root = elem.getAsJsonObject();
// make sure the root is there
assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_2), is(true));
JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_2).getAsJsonObject();
// make sure all the root elements are there
assertThat(config.has(MITREidDataService.CLIENTS), is(true));
assertThat(config.has(MITREidDataService.GRANTS), is(true));
assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true));
assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true));
assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true));
assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true));
// make sure the root elements are all arrays
assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true));
// check our access token list (this test)
JsonArray accessTokens = config.get(MITREidDataService.ACCESSTOKENS).getAsJsonArray();
assertThat(accessTokens.size(), is(2));
// check for both of our access tokens in turn
Set<OAuth2AccessTokenEntity> checked = new HashSet<>();
for (JsonElement e : accessTokens) {
assertTrue(e.isJsonObject());
JsonObject token = e.getAsJsonObject();
OAuth2AccessTokenEntity compare = null;
if (token.get("id").getAsLong() == token1.getId().longValue()) {
compare = token1;
} else if (token.get("id").getAsLong() == token2.getId().longValue()) {
compare = token2;
}
if (compare == null) {
fail("Could not find matching id: " + token.get("id").getAsString());
} else {
assertThat(token.get("id").getAsLong(), equalTo(compare.getId()));
assertThat(token.get("clientId").getAsString(), equalTo(compare.getClient().getClientId()));
assertThat(token.get("expiration").getAsString(), equalTo(formatter.print(compare.getExpiration(), Locale.ENGLISH)));
assertThat(token.get("value").getAsString(), equalTo(compare.getValue()));
assertThat(token.get("type").getAsString(), equalTo(compare.getTokenType()));
assertThat(token.get("authenticationHolderId").getAsLong(), equalTo(compare.getAuthenticationHolder().getId()));
assertTrue(token.get("scope").isJsonArray());
assertThat(jsonArrayToStringSet(token.getAsJsonArray("scope")), equalTo(compare.getScope()));
if(token.get("idTokenId").isJsonNull()) {
assertNull(compare.getIdToken());
} else {
assertThat(token.get("idTokenId").getAsLong(), equalTo(compare.getIdToken().getId()));
}
if(token.get("refreshTokenId").isJsonNull()) {
assertNull(compare.getIdToken());
} else {
assertThat(token.get("refreshTokenId").getAsLong(), equalTo(compare.getRefreshToken().getId()));
}
checked.add(compare);
}
}
// make sure all of our access tokens were found
assertThat(checked.containsAll(allAccessTokens), is(true));
}
private class accessTokenIdComparator implements Comparator<OAuth2AccessTokenEntity> {
@Override
public int compare(OAuth2AccessTokenEntity entity1, OAuth2AccessTokenEntity entity2) {
@ -653,111 +401,6 @@ public class TestMITREidDataService_1_2 {
assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue()));
}
@Test
public void testExportClients() throws IOException {
ClientDetailsEntity client1 = new ClientDetailsEntity();
client1.setId(1L);
client1.setAccessTokenValiditySeconds(3600);
client1.setClientId("client1");
client1.setClientSecret("clientsecret1");
client1.setRedirectUris(ImmutableSet.of("http://foo.com/"));
client1.setScope(ImmutableSet.of("foo", "bar", "baz", "dolphin"));
client1.setGrantTypes(ImmutableSet.of("implicit", "authorization_code", "urn:ietf:params:oauth:grant_type:redelegate", "refresh_token"));
client1.setAllowIntrospection(true);
ClientDetailsEntity client2 = new ClientDetailsEntity();
client2.setId(2L);
client2.setAccessTokenValiditySeconds(3600);
client2.setClientId("client2");
client2.setClientSecret("clientsecret2");
client2.setRedirectUris(ImmutableSet.of("http://bar.baz.com/"));
client2.setScope(ImmutableSet.of("foo", "dolphin", "electric-wombat"));
client2.setGrantTypes(ImmutableSet.of("client_credentials", "urn:ietf:params:oauth:grant_type:redelegate"));
client2.setAllowIntrospection(false);
Set<ClientDetailsEntity> allClients = ImmutableSet.of(client1, client2);
Mockito.when(clientRepository.getAllClients()).thenReturn(allClients);
Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet<ApprovedSite>());
Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet<WhitelistedSite>());
Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet<BlacklistedSite>());
Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList<AuthenticationHolderEntity>());
Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet<OAuth2AccessTokenEntity>());
Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet<OAuth2RefreshTokenEntity>());
Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet<SystemScope>());
// do the data export
StringWriter stringWriter = new StringWriter();
JsonWriter writer = new JsonWriter(stringWriter);
writer.beginObject();
dataService.exportData(writer);
writer.endObject();
writer.close();
// parse the output as a JSON object for testing
JsonElement elem = new JsonParser().parse(stringWriter.toString());
JsonObject root = elem.getAsJsonObject();
// make sure the root is there
assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_2), is(true));
JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_2).getAsJsonObject();
// make sure all the root elements are there
assertThat(config.has(MITREidDataService.CLIENTS), is(true));
assertThat(config.has(MITREidDataService.GRANTS), is(true));
assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true));
assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true));
assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true));
assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true));
// make sure the root elements are all arrays
assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true));
// check our client list (this test)
JsonArray clients = config.get(MITREidDataService.CLIENTS).getAsJsonArray();
assertThat(clients.size(), is(2));
// check for both of our clients in turn
Set<ClientDetailsEntity> checked = new HashSet<>();
for (JsonElement e : clients) {
assertThat(e.isJsonObject(), is(true));
JsonObject client = e.getAsJsonObject();
ClientDetailsEntity compare = null;
if (client.get("clientId").getAsString().equals(client1.getClientId())) {
compare = client1;
} else if (client.get("clientId").getAsString().equals(client2.getClientId())) {
compare = client2;
}
if (compare == null) {
fail("Could not find matching clientId: " + client.get("clientId").getAsString());
} else {
assertThat(client.get("clientId").getAsString(), equalTo(compare.getClientId()));
assertThat(client.get("secret").getAsString(), equalTo(compare.getClientSecret()));
assertThat(client.get("accessTokenValiditySeconds").getAsInt(), equalTo(compare.getAccessTokenValiditySeconds()));
assertThat(client.get("allowIntrospection").getAsBoolean(), equalTo(compare.isAllowIntrospection()));
assertThat(jsonArrayToStringSet(client.get("redirectUris").getAsJsonArray()), equalTo(compare.getRedirectUris()));
assertThat(jsonArrayToStringSet(client.get("scope").getAsJsonArray()), equalTo(compare.getScope()));
assertThat(jsonArrayToStringSet(client.get("grantTypes").getAsJsonArray()), equalTo(compare.getGrantTypes()));
checked.add(compare);
}
}
// make sure all of our clients were found
assertThat(checked.containsAll(allClients), is(true));
}
@Test
public void testImportClients() throws IOException {
ClientDetailsEntity client1 = new ClientDetailsEntity();
@ -832,99 +475,6 @@ public class TestMITREidDataService_1_2 {
assertThat(savedClients.get(1).isAllowIntrospection(), equalTo(client2.isAllowIntrospection()));
}
@Test
public void testExportBlacklistedSites() throws IOException {
BlacklistedSite site1 = new BlacklistedSite();
site1.setId(1L);
site1.setUri("http://foo.com");
BlacklistedSite site2 = new BlacklistedSite();
site2.setId(2L);
site2.setUri("http://bar.com");
BlacklistedSite site3 = new BlacklistedSite();
site3.setId(3L);
site3.setUri("http://baz.com");
Set<BlacklistedSite> allBlacklistedSites = ImmutableSet.of(site1, site2, site3);
Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet<ClientDetailsEntity>());
Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet<ApprovedSite>());
Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet<WhitelistedSite>());
Mockito.when(blSiteRepository.getAll()).thenReturn(allBlacklistedSites);
Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList<AuthenticationHolderEntity>());
Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet<OAuth2AccessTokenEntity>());
Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet<OAuth2RefreshTokenEntity>());
Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet<SystemScope>());
// do the data export
StringWriter stringWriter = new StringWriter();
JsonWriter writer = new JsonWriter(stringWriter);
writer.beginObject();
dataService.exportData(writer);
writer.endObject();
writer.close();
// parse the output as a JSON object for testing
JsonElement elem = new JsonParser().parse(stringWriter.toString());
JsonObject root = elem.getAsJsonObject();
// make sure the root is there
assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_2), is(true));
JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_2).getAsJsonObject();
// make sure all the root elements are there
assertThat(config.has(MITREidDataService.CLIENTS), is(true));
assertThat(config.has(MITREidDataService.GRANTS), is(true));
assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true));
assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true));
assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true));
assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true));
// make sure the root elements are all arrays
assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true));
// check our scope list (this test)
JsonArray sites = config.get(MITREidDataService.BLACKLISTEDSITES).getAsJsonArray();
assertThat(sites.size(), is(3));
// check for both of our sites in turn
Set<BlacklistedSite> checked = new HashSet<>();
for (JsonElement e : sites) {
assertThat(e.isJsonObject(), is(true));
JsonObject site = e.getAsJsonObject();
BlacklistedSite compare = null;
if (site.get("id").getAsLong() == site1.getId().longValue()) {
compare = site1;
} else if (site.get("id").getAsLong() == site2.getId().longValue()) {
compare = site2;
} else if (site.get("id").getAsLong() == site3.getId().longValue()) {
compare = site3;
}
if (compare == null) {
fail("Could not find matching blacklisted site id: " + site.get("id").getAsString());
} else {
assertThat(site.get("uri").getAsString(), equalTo(compare.getUri()));
checked.add(compare);
}
}
// make sure all of our clients were found
assertThat(checked.containsAll(allBlacklistedSites), is(true));
}
@Test
public void testImportBlacklistedSites() throws IOException {
BlacklistedSite site1 = new BlacklistedSite();
@ -973,99 +523,6 @@ public class TestMITREidDataService_1_2 {
assertThat(savedSites.get(2).getUri(), equalTo(site3.getUri()));
}
@Test
public void testExportWhitelistedSites() throws IOException {
WhitelistedSite site1 = new WhitelistedSite();
site1.setId(1L);
site1.setClientId("foo");
WhitelistedSite site2 = new WhitelistedSite();
site2.setId(2L);
site2.setClientId("bar");
WhitelistedSite site3 = new WhitelistedSite();
site3.setId(3L);
site3.setClientId("baz");
Set<WhitelistedSite> allWhitelistedSites = ImmutableSet.of(site1, site2, site3);
Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet<ClientDetailsEntity>());
Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet<ApprovedSite>());
Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet<BlacklistedSite>());
Mockito.when(wlSiteRepository.getAll()).thenReturn(allWhitelistedSites);
Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList<AuthenticationHolderEntity>());
Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet<OAuth2AccessTokenEntity>());
Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet<OAuth2RefreshTokenEntity>());
Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet<SystemScope>());
// do the data export
StringWriter stringWriter = new StringWriter();
JsonWriter writer = new JsonWriter(stringWriter);
writer.beginObject();
dataService.exportData(writer);
writer.endObject();
writer.close();
// parse the output as a JSON object for testing
JsonElement elem = new JsonParser().parse(stringWriter.toString());
JsonObject root = elem.getAsJsonObject();
// make sure the root is there
assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_2), is(true));
JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_2).getAsJsonObject();
// make sure all the root elements are there
assertThat(config.has(MITREidDataService.CLIENTS), is(true));
assertThat(config.has(MITREidDataService.GRANTS), is(true));
assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true));
assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true));
assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true));
assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true));
// make sure the root elements are all arrays
assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true));
// check our scope list (this test)
JsonArray sites = config.get(MITREidDataService.WHITELISTEDSITES).getAsJsonArray();
assertThat(sites.size(), is(3));
// check for both of our sites in turn
Set<WhitelistedSite> checked = new HashSet<>();
for (JsonElement e : sites) {
assertThat(e.isJsonObject(), is(true));
JsonObject site = e.getAsJsonObject();
WhitelistedSite compare = null;
if (site.get("id").getAsLong() == site1.getId().longValue()) {
compare = site1;
} else if (site.get("id").getAsLong() == site2.getId().longValue()) {
compare = site2;
} else if (site.get("id").getAsLong() == site3.getId().longValue()) {
compare = site3;
}
if (compare == null) {
fail("Could not find matching whitelisted site id: " + site.get("id").getAsString());
} else {
assertThat(site.get("clientId").getAsString(), equalTo(compare.getClientId()));
checked.add(compare);
}
}
// make sure all of our clients were found
assertThat(checked.containsAll(allWhitelistedSites), is(true));
}
@Test
public void testImportWhitelistedSites() throws IOException {
WhitelistedSite site1 = new WhitelistedSite();
@ -1135,131 +592,6 @@ public class TestMITREidDataService_1_2 {
assertThat(savedSites.get(2).getClientId(), equalTo(site3.getClientId()));
}
@Test
public void testExportGrants() throws IOException, ParseException {
Date creationDate1 = formatter.parse("2014-09-10T22:49:44.090+0000", Locale.ENGLISH);
Date accessDate1 = formatter.parse("2014-09-10T23:49:44.090+0000", Locale.ENGLISH);
OAuth2AccessTokenEntity mockToken1 = mock(OAuth2AccessTokenEntity.class);
when(mockToken1.getId()).thenReturn(1L);
ApprovedSite site1 = new ApprovedSite();
site1.setId(1L);
site1.setClientId("foo");
site1.setCreationDate(creationDate1);
site1.setAccessDate(accessDate1);
site1.setUserId("user1");
site1.setAllowedScopes(ImmutableSet.of("openid", "phone"));
site1.setApprovedAccessTokens(ImmutableSet.of(mockToken1));
Date creationDate2 = formatter.parse("2014-09-11T18:49:44.090+0000", Locale.ENGLISH);
Date accessDate2 = formatter.parse("2014-09-11T20:49:44.090+0000", Locale.ENGLISH);
Date timeoutDate2 = formatter.parse("2014-10-01T20:49:44.090+0000", Locale.ENGLISH);
ApprovedSite site2 = new ApprovedSite();
site2.setId(2L);
site2.setClientId("bar");
site2.setCreationDate(creationDate2);
site2.setAccessDate(accessDate2);
site2.setUserId("user2");
site2.setAllowedScopes(ImmutableSet.of("openid", "offline_access", "email", "profile"));
site2.setTimeoutDate(timeoutDate2);
Set<ApprovedSite> allApprovedSites = ImmutableSet.of(site1, site2);
Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet<ClientDetailsEntity>());
Mockito.when(approvedSiteRepository.getAll()).thenReturn(allApprovedSites);
Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet<BlacklistedSite>());
Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet<WhitelistedSite>());
Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList<AuthenticationHolderEntity>());
Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet<OAuth2AccessTokenEntity>());
Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet<OAuth2RefreshTokenEntity>());
Mockito.when(sysScopeRepository.getAll()).thenReturn(new HashSet<SystemScope>());
// do the data export
StringWriter stringWriter = new StringWriter();
JsonWriter writer = new JsonWriter(stringWriter);
writer.beginObject();
dataService.exportData(writer);
writer.endObject();
writer.close();
// parse the output as a JSON object for testing
JsonElement elem = new JsonParser().parse(stringWriter.toString());
JsonObject root = elem.getAsJsonObject();
// make sure the root is there
assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_2), is(true));
JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_2).getAsJsonObject();
// make sure all the root elements are there
assertThat(config.has(MITREidDataService.CLIENTS), is(true));
assertThat(config.has(MITREidDataService.GRANTS), is(true));
assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true));
assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true));
assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true));
assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true));
// make sure the root elements are all arrays
assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true));
// check our scope list (this test)
JsonArray sites = config.get(MITREidDataService.GRANTS).getAsJsonArray();
assertThat(sites.size(), is(2));
// check for both of our sites in turn
Set<ApprovedSite> checked = new HashSet<>();
for (JsonElement e : sites) {
assertThat(e.isJsonObject(), is(true));
JsonObject site = e.getAsJsonObject();
ApprovedSite compare = null;
if (site.get("id").getAsLong() == site1.getId().longValue()) {
compare = site1;
} else if (site.get("id").getAsLong() == site2.getId().longValue()) {
compare = site2;
}
if (compare == null) {
fail("Could not find matching whitelisted site id: " + site.get("id").getAsString());
} else {
assertThat(site.get("clientId").getAsString(), equalTo(compare.getClientId()));
assertThat(site.get("creationDate").getAsString(), equalTo(formatter.print(compare.getCreationDate(), Locale.ENGLISH)));
assertThat(site.get("accessDate").getAsString(), equalTo(formatter.print(compare.getAccessDate(), Locale.ENGLISH)));
if(site.get("timeoutDate").isJsonNull()) {
assertNull(compare.getTimeoutDate());
} else {
assertThat(site.get("timeoutDate").getAsString(), equalTo(formatter.print(compare.getTimeoutDate(), Locale.ENGLISH)));
}
assertThat(site.get("userId").getAsString(), equalTo(compare.getUserId()));
assertThat(jsonArrayToStringSet(site.getAsJsonArray("allowedScopes")), equalTo(compare.getAllowedScopes()));
if (site.get("approvedAccessTokens").isJsonNull() || site.getAsJsonArray("approvedAccessTokens") == null) {
assertTrue(compare.getApprovedAccessTokens() == null || compare.getApprovedAccessTokens().isEmpty());
} else {
assertNotNull(compare.getApprovedAccessTokens());
Set<String> tokenIds = new HashSet<>();
for(OAuth2AccessTokenEntity entity : compare.getApprovedAccessTokens()) {
tokenIds.add(entity.getId().toString());
}
assertThat(jsonArrayToStringSet(site.getAsJsonArray("approvedAccessTokens")), equalTo(tokenIds));
}
checked.add(compare);
}
}
// make sure all of our clients were found
assertThat(checked.containsAll(allApprovedSites), is(true));
}
@Test
public void testImportGrants() throws IOException, ParseException {
Date creationDate1 = formatter.parse("2014-09-10T22:49:44.090+0000", Locale.ENGLISH);
@ -1376,113 +708,6 @@ public class TestMITREidDataService_1_2 {
assertThat(savedSites.get(1).getApprovedAccessTokens().size(), equalTo(site2.getApprovedAccessTokens().size()));
}
@Test
public void testExportAuthenticationHolders() throws IOException {
OAuth2Request req1 = new OAuth2Request(new HashMap<String, String>(), "client1", new ArrayList<GrantedAuthority>(),
true, new HashSet<String>(), new HashSet<String>(), "http://foo.com",
new HashSet<String>(), null);
Authentication mockAuth1 = new UsernamePasswordAuthenticationToken("user1", "pass1", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
OAuth2Authentication auth1 = new OAuth2Authentication(req1, mockAuth1);
AuthenticationHolderEntity holder1 = new AuthenticationHolderEntity();
holder1.setId(1L);
holder1.setAuthentication(auth1);
OAuth2Request req2 = new OAuth2Request(new HashMap<String, String>(), "client2", new ArrayList<GrantedAuthority>(),
true, new HashSet<String>(), new HashSet<String>(), "http://bar.com",
new HashSet<String>(), null);
OAuth2Authentication auth2 = new OAuth2Authentication(req2, null);
AuthenticationHolderEntity holder2 = new AuthenticationHolderEntity();
holder2.setId(2L);
holder2.setAuthentication(auth2);
List<AuthenticationHolderEntity> allAuthHolders = ImmutableList.of(holder1, holder2);
when(clientRepository.getAllClients()).thenReturn(new HashSet<ClientDetailsEntity>());
when(approvedSiteRepository.getAll()).thenReturn(new HashSet<ApprovedSite>());
when(wlSiteRepository.getAll()).thenReturn(new HashSet<WhitelistedSite>());
when(blSiteRepository.getAll()).thenReturn(new HashSet<BlacklistedSite>());
when(authHolderRepository.getAll()).thenReturn(allAuthHolders);
when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet<OAuth2AccessTokenEntity>());
when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet<OAuth2RefreshTokenEntity>());
when(sysScopeRepository.getAll()).thenReturn(new HashSet<SystemScope>());
// do the data export
StringWriter stringWriter = new StringWriter();
JsonWriter writer = new JsonWriter(stringWriter);
writer.beginObject();
dataService.exportData(writer);
writer.endObject();
writer.close();
// parse the output as a JSON object for testing
JsonElement elem = new JsonParser().parse(stringWriter.toString());
JsonObject root = elem.getAsJsonObject();
// make sure the root is there
assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_2), is(true));
JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_2).getAsJsonObject();
// make sure all the root elements are there
assertThat(config.has(MITREidDataService.CLIENTS), is(true));
assertThat(config.has(MITREidDataService.GRANTS), is(true));
assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true));
assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true));
assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true));
assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true));
// make sure the root elements are all arrays
assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true));
// check our holder list (this test)
JsonArray holders = config.get(MITREidDataService.AUTHENTICATIONHOLDERS).getAsJsonArray();
assertThat(holders.size(), is(2));
// check for both of our clients in turn
Set<AuthenticationHolderEntity> checked = new HashSet<>();
for (JsonElement e : holders) {
assertThat(e.isJsonObject(), is(true));
JsonObject holder = e.getAsJsonObject();
AuthenticationHolderEntity compare = null;
if (holder.get("id").getAsLong() == holder1.getId()) {
compare = holder1;
} else if (holder.get("id").getAsLong() == holder2.getId()) {
compare = holder2;
}
if (compare == null) {
fail("Could not find matching authentication holder id: " + holder.get("id").getAsString());
} else {
assertTrue(holder.get("clientId").getAsString().equals(compare.getClientId()));
assertTrue(holder.get("approved").getAsBoolean() == compare.isApproved());
assertTrue(holder.get("redirectUri").getAsString().equals(compare.getRedirectUri()));
if (compare.getUserAuth() != null) {
assertTrue(holder.get("savedUserAuthentication").isJsonObject());
JsonObject savedAuth = holder.get("savedUserAuthentication").getAsJsonObject();
assertTrue(savedAuth.get("name").getAsString().equals(compare.getUserAuth().getName()));
assertTrue(savedAuth.get("authenticated").getAsBoolean() == compare.getUserAuth().isAuthenticated());
assertTrue(savedAuth.get("sourceClass").getAsString().equals(compare.getUserAuth().getSourceClass()));
}
checked.add(compare);
}
}
// make sure all of our clients were found
assertThat(checked.containsAll(allAuthHolders), is(true));
}
@Test
public void testImportAuthenticationHolders() throws IOException {
OAuth2Request req1 = new OAuth2Request(new HashMap<String, String>(), "client1", new ArrayList<GrantedAuthority>(),
@ -1550,116 +775,6 @@ public class TestMITREidDataService_1_2 {
assertThat(savedAuthHolders.get(1).getAuthentication().getOAuth2Request().getClientId(), equalTo(holder2.getAuthentication().getOAuth2Request().getClientId()));
}
@Test
public void testExportSystemScopes() throws IOException {
SystemScope scope1 = new SystemScope();
scope1.setId(1L);
scope1.setValue("scope1");
scope1.setDescription("Scope 1");
scope1.setRestricted(true);
scope1.setDefaultScope(false);
scope1.setIcon("glass");
SystemScope scope2 = new SystemScope();
scope2.setId(2L);
scope2.setValue("scope2");
scope2.setDescription("Scope 2");
scope2.setRestricted(false);
scope2.setDefaultScope(false);
scope2.setIcon("ball");
SystemScope scope3 = new SystemScope();
scope3.setId(3L);
scope3.setValue("scope3");
scope3.setDescription("Scope 3");
scope3.setRestricted(false);
scope3.setDefaultScope(true);
scope3.setIcon("road");
Set<SystemScope> allScopes = ImmutableSet.of(scope1, scope2, scope3);
Mockito.when(clientRepository.getAllClients()).thenReturn(new HashSet<ClientDetailsEntity>());
Mockito.when(approvedSiteRepository.getAll()).thenReturn(new HashSet<ApprovedSite>());
Mockito.when(wlSiteRepository.getAll()).thenReturn(new HashSet<WhitelistedSite>());
Mockito.when(blSiteRepository.getAll()).thenReturn(new HashSet<BlacklistedSite>());
Mockito.when(authHolderRepository.getAll()).thenReturn(new ArrayList<AuthenticationHolderEntity>());
Mockito.when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet<OAuth2AccessTokenEntity>());
Mockito.when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet<OAuth2RefreshTokenEntity>());
Mockito.when(sysScopeRepository.getAll()).thenReturn(allScopes);
// do the data export
StringWriter stringWriter = new StringWriter();
JsonWriter writer = new JsonWriter(stringWriter);
writer.beginObject();
dataService.exportData(writer);
writer.endObject();
writer.close();
// parse the output as a JSON object for testing
JsonElement elem = new JsonParser().parse(stringWriter.toString());
JsonObject root = elem.getAsJsonObject();
// make sure the root is there
assertThat(root.has(MITREidDataService.MITREID_CONNECT_1_2), is(true));
JsonObject config = root.get(MITREidDataService.MITREID_CONNECT_1_2).getAsJsonObject();
// make sure all the root elements are there
assertThat(config.has(MITREidDataService.CLIENTS), is(true));
assertThat(config.has(MITREidDataService.GRANTS), is(true));
assertThat(config.has(MITREidDataService.WHITELISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.BLACKLISTEDSITES), is(true));
assertThat(config.has(MITREidDataService.REFRESHTOKENS), is(true));
assertThat(config.has(MITREidDataService.ACCESSTOKENS), is(true));
assertThat(config.has(MITREidDataService.SYSTEMSCOPES), is(true));
assertThat(config.has(MITREidDataService.AUTHENTICATIONHOLDERS), is(true));
// make sure the root elements are all arrays
assertThat(config.get(MITREidDataService.CLIENTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.GRANTS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.WHITELISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.BLACKLISTEDSITES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.REFRESHTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.ACCESSTOKENS).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.SYSTEMSCOPES).isJsonArray(), is(true));
assertThat(config.get(MITREidDataService.AUTHENTICATIONHOLDERS).isJsonArray(), is(true));
// check our scope list (this test)
JsonArray scopes = config.get(MITREidDataService.SYSTEMSCOPES).getAsJsonArray();
assertThat(scopes.size(), is(3));
// check for both of our clients in turn
Set<SystemScope> checked = new HashSet<>();
for (JsonElement e : scopes) {
assertThat(e.isJsonObject(), is(true));
JsonObject scope = e.getAsJsonObject();
SystemScope compare = null;
if (scope.get("value").getAsString().equals(scope1.getValue())) {
compare = scope1;
} else if (scope.get("value").getAsString().equals(scope2.getValue())) {
compare = scope2;
} else if (scope.get("value").getAsString().equals(scope3.getValue())) {
compare = scope3;
}
if (compare == null) {
fail("Could not find matching scope value: " + scope.get("value").getAsString());
} else {
assertThat(scope.get("value").getAsString(), equalTo(compare.getValue()));
assertThat(scope.get("description").getAsString(), equalTo(compare.getDescription()));
assertThat(scope.get("icon").getAsString(), equalTo(compare.getIcon()));
assertThat(scope.get("restricted").getAsBoolean(), equalTo(compare.isRestricted()));
assertThat(scope.get("defaultScope").getAsBoolean(), equalTo(compare.isDefaultScope()));
checked.add(compare);
}
}
// make sure all of our clients were found
assertThat(checked.containsAll(allScopes), is(true));
}
@Test
public void testImportSystemScopes() throws IOException {
SystemScope scope1 = new SystemScope();

1887
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java Normal file
View File

File diff suppressed because it is too large Load Diff