github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

automated code formatting and cleanup

pull/544/merge
Justin Richer 2013-12-03 14:19:34 -05:00
parent e1e7f7a579
commit ebbc7209aa
184 changed files with 1633 additions and 1641 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,6 +16,8 @@
******************************************************************************/
package org.mitre.oauth2.introspectingfilter;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
import java.io.IOException;
import java.net.URI;
import java.util.Date;
@ -29,7 +31,6 @@ import org.mitre.oauth2.introspectingfilter.service.IntrospectionAuthorityGrante
import org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationService;
import org.mitre.oauth2.introspectingfilter.service.impl.SimpleIntrospectionAuthorityGranter;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.client.service.ClientConfigurationService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
@ -53,8 +54,6 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.nimbusds.jose.util.Base64;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
/**
* This ResourceServerTokenServices implementation introspects incoming tokens at a
* server's introspection endpoint URL and passes an Authentication object along
@ -63,13 +62,13 @@ import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC
*
*/
public class IntrospectingTokenService implements ResourceServerTokenServices {
private IntrospectionConfigurationService introspectionConfigurationService;
private IntrospectionAuthorityGranter introspectionAuthorityGranter = new SimpleIntrospectionAuthorityGranter();
private DefaultHttpClient httpClient = new DefaultHttpClient();
private HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
// Inner class to store in the hash map
private class TokenCacheObject {
OAuth2AccessToken token;
@ -142,14 +141,14 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
// find out which URL to ask
String introspectionUrl;
RegisteredClient client;
try {
introspectionUrl = introspectionConfigurationService.getIntrospectionUrl(accessToken);
client = introspectionConfigurationService.getClientConfiguration(accessToken);
} catch (IllegalArgumentException e) {
logger.error("Unable to load introspection URL or client configuration", e);
return false;
}
RegisteredClient client;
try {
introspectionUrl = introspectionConfigurationService.getIntrospectionUrl(accessToken);
client = introspectionConfigurationService.getClientConfiguration(accessToken);
} catch (IllegalArgumentException e) {
logger.error("Unable to load introspection URL or client configuration", e);
return false;
}
// Use the SpringFramework RestTemplate to send the request to the
// endpoint
String validatedToken = null;
@ -159,7 +158,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
final String clientId = client.getClientId();
final String clientSecret = client.getClientSecret();
if (SECRET_BASIC.equals(client.getTokenEndpointAuthMethod())){
// use BASIC auth if configured to do so
restTemplate = new RestTemplate(factory) {
@ -178,7 +177,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
form.add("client_id", clientId);
form.add("client_secret", clientSecret);
}
form.add("token", accessToken);
try {

5
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -32,7 +32,6 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import com.google.common.base.Splitter;
import com.google.common.collect.Sets;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
@ -54,7 +53,7 @@ public class OAuth2AccessTokenImpl implements OAuth2AccessToken {
DateFormat dateFormater = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
if (token.get("exp") != null) {
try {
expireDate = dateFormater.parse(token.get("exp").getAsString());
expireDate = dateFormater.parse(token.get("exp").getAsString());
} catch (ParseException ex) {
Logger.getLogger(IntrospectingTokenService.class.getName()).log(Level.SEVERE, null, ex);
}

2
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

6
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -34,7 +34,7 @@ public interface IntrospectionConfigurationService {
*/
public String getIntrospectionUrl(String accessToken);
/**
* Get the client configuration to use to connect to the
* introspection endpoint. In particular, this cares about
@ -42,5 +42,5 @@ public interface IntrospectionConfigurationService {
* fields.
*/
public RegisteredClient getClientConfiguration(String accessToken);
}

60
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -62,17 +62,17 @@ public class JWTParsingIntrospectionConfigurationService implements Introspectio
private String getIssuer(String accessToken) {
try {
JWT jwt = JWTParser.parse(accessToken);
JWT jwt = JWTParser.parse(accessToken);
String issuer = jwt.getJWTClaimsSet().getIssuer();
String issuer = jwt.getJWTClaimsSet().getIssuer();
return issuer;
return issuer;
} catch (ParseException e) {
throw new IllegalArgumentException("Unable to parse JWT", e);
}
} catch (ParseException e) {
throw new IllegalArgumentException("Unable to parse JWT", e);
}
}
/* (non-Javadoc)
* @see org.mitre.oauth2.introspectingfilter.IntrospectionConfigurationService#getIntrospectionUrl(java.lang.String)
*/
@ -98,28 +98,28 @@ public class JWTParsingIntrospectionConfigurationService implements Introspectio
/* (non-Javadoc)
* @see org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationService#getClientConfiguration(java.lang.String)
*/
@Override
public RegisteredClient getClientConfiguration(String accessToken) {
String issuer = getIssuer(accessToken);
if (!Strings.isNullOrEmpty(issuer)) {
ServerConfiguration server = serverConfigurationService.getServerConfiguration(issuer);
if (server != null) {
RegisteredClient client = clientConfigurationService.getClientConfiguration(server);
if (client != null) {
return client;
} else {
throw new IllegalArgumentException("Could not find client configuration for issuer " + issuer);
}
} else {
throw new IllegalArgumentException("Could not find server configuration for issuer " + issuer);
}
} else {
throw new IllegalArgumentException("No issuer claim found in JWT");
}
}
@Override
public RegisteredClient getClientConfiguration(String accessToken) {
String issuer = getIssuer(accessToken);
if (!Strings.isNullOrEmpty(issuer)) {
ServerConfiguration server = serverConfigurationService.getServerConfiguration(issuer);
if (server != null) {
RegisteredClient client = clientConfigurationService.getClientConfiguration(server);
if (client != null) {
return client;
} else {
throw new IllegalArgumentException("Could not find client configuration for issuer " + issuer);
}
} else {
throw new IllegalArgumentException("Could not find server configuration for issuer " + issuer);
}
} else {
throw new IllegalArgumentException("No issuer claim found in JWT");
}
}
}

2
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

12
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -24,7 +24,7 @@ import org.mitre.oauth2.model.RegisteredClient;
/**
*
* Always provides the (configured) IntrospectionURL and RegisteredClient regardless
* Always provides the (configured) IntrospectionURL and RegisteredClient regardless
* of token. Useful for talking to a single, trusted authorization server.
*
* @author jricher
@ -74,9 +74,9 @@ public class StaticIntrospectionConfigurationService implements IntrospectionCon
/* (non-Javadoc)
* @see org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationService#getClientConfiguration(java.lang.String)
*/
@Override
public RegisteredClient getClientConfiguration(String accessToken) {
return getClientConfiguration();
}
@Override
public RegisteredClient getClientConfiguration(String accessToken) {
return getClientConfiguration();
}
}

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

10
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,6 +16,8 @@
******************************************************************************/
package org.mitre.openid.connect.client;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
@ -63,8 +65,6 @@ import com.nimbusds.jose.util.Base64;
import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.*;
/**
* OpenID Connect Authentication Filter class
*
@ -93,7 +93,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
private IssuerService issuerService;
private AuthRequestOptionsService authOptions = new StaticAuthRequestOptionsService(); // initialize with an empty set of options
private AuthRequestUrlBuilder authRequestBuilder;
protected int httpSocketTimeout = HTTP_SOCKET_TIMEOUT;
/**
@ -206,7 +206,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
String state = createState(session);
Map<String, String> options = authOptions.getOptions(serverConfig, clientConfig, request);
String authRequest = authRequestBuilder.buildAuthRequestUrl(serverConfig, clientConfig, redirectUri, nonce, state, options);
logger.debug("Auth Request: " + authRequest);

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

18
openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -34,30 +34,30 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
/**
* Utility class to fetch userinfo from the userinfo endpoint, if available.
* Utility class to fetch userinfo from the userinfo endpoint, if available.
* @author jricher
*
*/
public class UserInfoFetcher {
private Logger logger = LoggerFactory.getLogger(UserInfoFetcher.class);
public UserInfo loadUserInfo(OIDCAuthenticationToken token) {
ServerConfiguration serverConfiguration = token.getServerConfiguration();
if (serverConfiguration == null) {
logger.warn("No server configuration found.");
return null;
}
if (Strings.isNullOrEmpty(serverConfiguration.getUserInfoUri())) {
logger.warn("No userinfo endpoint, not fetching.");
return null;
}
// if we got this far, try to actually get the userinfo
HttpClient httpClient = new DefaultHttpClient();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
@ -69,11 +69,11 @@ public class UserInfoFetcher {
try {
String userInfoString = restTemplate.postForObject(serverConfiguration.getUserInfoUri(), form, String.class);
JsonObject userInfoJson = new JsonParser().parse(userInfoString).getAsJsonObject();
UserInfo userInfo = DefaultUserInfo.fromJson(userInfoJson);
return userInfo;
} catch (Exception e) {
logger.warn("Error fetching userinfo", e);

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java
View File

@ -12,7 +12,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
/**
*
* This service provides any extra options that need to be passed to the authentication request.
* This service provides any extra options that need to be passed to the authentication request.
* These options may depend on the server configuration, client configuration, or HTTP request.
*
* @author jricher
@ -21,5 +21,5 @@ import org.mitre.openid.connect.config.ServerConfiguration;
public interface AuthRequestOptionsService {
public Map<String, String> getOptions(ServerConfiguration server, RegisteredClient client, HttpServletRequest request);
}

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

4
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -165,7 +165,7 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
private HttpClient httpClient = new DefaultHttpClient();
private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
private Gson gson = new Gson(); // note that this doesn't serialize nulls by default
@Override
public RegisteredClient load(ServerConfiguration serverConfig) throws Exception {
RestTemplate restTemplate = new RestTemplate(httpFactory);

13
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -19,6 +19,13 @@
*/
package org.mitre.openid.connect.client.service.impl;
import static org.mitre.discovery.util.JsonUtils.getAsBoolean;
import static org.mitre.discovery.util.JsonUtils.getAsEncryptionMethodList;
import static org.mitre.discovery.util.JsonUtils.getAsJweAlgorithmList;
import static org.mitre.discovery.util.JsonUtils.getAsJwsAlgorithmList;
import static org.mitre.discovery.util.JsonUtils.getAsString;
import static org.mitre.discovery.util.JsonUtils.getAsStringList;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ExecutionException;
@ -40,8 +47,6 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import static org.mitre.discovery.util.JsonUtils.*;
/**
*
* Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
@ -150,7 +155,7 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer
conf.setIssuer(o.get("issuer").getAsString());
conf.setAuthorizationEndpointUri(getAsString(o, "authorization_endpoint"));
conf.setTokenEndpointUri(getAsString(o, "token_endpoint"));
conf.setJwksUri(getAsString(o, "jwks_uri"));

16
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java
View File

@ -27,13 +27,13 @@ import com.nimbusds.jwt.JWTClaimsSet;
*
*/
public class EncryptedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
private JWKSetCacheService encrypterService;
private JWEAlgorithm alg;
private EncryptionMethod enc;
/* (non-Javadoc)
* @see org.mitre.openid.connect.client.service.AuthRequestUrlBuilder#buildAuthRequestUrl(org.mitre.openid.connect.config.ServerConfiguration, org.mitre.oauth2.model.RegisteredClient, java.lang.String, java.lang.String, java.lang.String, java.util.Map)
*/
@ -56,18 +56,18 @@ public class EncryptedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
// this comes back in the auth request return
claims.setClaim("state", state);
// Optional parameters
for (Entry<String, String> option : options.entrySet()) {
claims.setClaim(option.getKey(), option.getValue());
}
EncryptedJWT jwt = new EncryptedJWT(new JWEHeader(alg, enc), claims);
JwtEncryptionAndDecryptionService encryptor = encrypterService.getEncrypter(serverConfig.getJwksUri());
encryptor.encryptJwt(jwt);
try {
URIBuilder uriBuilder = new URIBuilder(serverConfig.getAuthorizationEndpointUri());
uriBuilder.addParameter("request", jwt.serialize());

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

10
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java
View File

@ -13,7 +13,7 @@ import com.google.common.collect.Sets;
*
* Issuer service that tries to parse input from the inputs from a third-party
* account chooser service (if possible), but falls back to webfinger discovery
* if not.
* if not.
*
* @author jricher
*
@ -22,10 +22,10 @@ public class HybridIssuerService implements IssuerService {
private ThirdPartyIssuerService thirdPartyIssuerService = new ThirdPartyIssuerService();
private WebfingerIssuerService webfingerIssuerService = new WebfingerIssuerService();
@Override
public IssuerServiceResponse getIssuer(HttpServletRequest request) {
IssuerServiceResponse resp = thirdPartyIssuerService.getIssuer(request);
if (resp.shouldRedirect()) {
// if it wants us to redirect, try the webfinger approach first
@ -33,9 +33,9 @@ public class HybridIssuerService implements IssuerService {
} else {
return resp;
}
}
public Set<String> getWhitelist() {
return Sets.union(thirdPartyIssuerService.getWhitelist(), webfingerIssuerService.getWhitelist());
}

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

6
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -60,8 +60,8 @@ public class PlainAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
// Optional parameters:
for (Entry<String, String> option : options.entrySet()) {
uriBuilder.addParameter(option.getKey(), option.getValue());
}
uriBuilder.addParameter(option.getKey(), option.getValue());
}
return uriBuilder.build().toString();

10
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -65,13 +65,13 @@ public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
// this comes back in the auth request return
claims.setClaim("state", state);
// Optional parameters
for (Entry<String, String> option : options.entrySet()) {
claims.setClaim(option.getKey(), option.getValue());
}
claims.setClaim(option.getKey(), option.getValue());
}
SignedJWT jwt = new SignedJWT(new JWSHeader(signingAndValidationService.getDefaultSigningAlgorithm()), claims);

6
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java
View File

@ -22,7 +22,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
public class StaticAuthRequestOptionsService implements AuthRequestOptionsService {
private Map<String, String> options = new HashMap<String, String>();
/* (non-Javadoc)
* @see org.mitre.openid.connect.client.service.AuthRequestOptionsService#getOptions(org.mitre.openid.connect.config.ServerConfiguration, org.mitre.oauth2.model.RegisteredClient, javax.servlet.http.HttpServletRequest)
*/
@ -45,6 +45,6 @@ public class StaticAuthRequestOptionsService implements AuthRequestOptionsServic
this.options = options;
}
}

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

12
openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,6 +16,11 @@
******************************************************************************/
package org.mitre.openid.connect.client.service.impl;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@ -27,11 +32,6 @@ import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
/**
* @author wkim
*

12
openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -17,6 +17,11 @@
package org.mitre.openid.connect.client.service.impl;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@ -27,11 +32,6 @@ import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
/**
* @author wkim
*

11
openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,7 +16,9 @@
******************************************************************************/
package org.mitre.openid.connect.client.service.impl;
import java.util.Collections;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.junit.Assert.assertThat;
import java.util.Map;
import org.junit.Before;
@ -29,9 +31,6 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Sets;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.junit.Assert.assertThat;
/**
* @author wkim
*
@ -66,7 +65,7 @@ public class TestPlainAuthRequestUrlBuilder {
"&nonce=34fasf3ds" +
"&state=af0ifjsldkj" +
"&foo=bar";
Map<String, String> options = ImmutableMap.of("foo", "bar");
String actualUrl = urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, "https://client.example.org/", "34fasf3ds", "af0ifjsldkj", options);

14
openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,6 +16,10 @@
******************************************************************************/
package org.mitre.openid.connect.client.service.impl;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
@ -46,10 +50,6 @@ import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
/**
* @author wkim
*
@ -148,8 +148,8 @@ public class TestSignedAuthRequestUrlBuilder {
assertEquals(nonce, claims.getClaim("nonce"));
assertEquals(state, claims.getClaim("state"));
for (String claim : options.keySet()) {
assertEquals(options.get(claim), claims.getClaim(claim));
}
assertEquals(options.get(claim), claims.getClaim(claim));
}
}
@Test(expected = AuthenticationServiceException.class)

14
openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,6 +16,12 @@
******************************************************************************/
package org.mitre.openid.connect.client.service.impl;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import java.util.HashMap;
import java.util.Map;
@ -28,12 +34,6 @@ import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
/**
* @author wkim
*

14
openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,6 +16,12 @@
******************************************************************************/
package org.mitre.openid.connect.client.service.impl;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import java.util.HashMap;
import java.util.Map;
@ -26,12 +32,6 @@ import org.mitre.openid.connect.config.ServerConfiguration;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
/**
* @author wkim
*

10
openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,6 +16,10 @@
******************************************************************************/
package org.mitre.openid.connect.client.service.impl;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertThat;
import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
@ -26,10 +30,6 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
import com.google.common.collect.Sets;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertThat;
/**
* @author wkim
*

26
openid-connect-common/src/main/java/org/mitre/discovery/util/JsonUtils.java
View File

@ -26,7 +26,7 @@ import com.nimbusds.jose.JWSAlgorithm;
public class JsonUtils {
private static Gson gson = new Gson();
/**
* Translate a set of strings to a JSON array
* @param value
@ -119,7 +119,7 @@ public class JsonUtils {
return null;
}
}
/**
* Gets the value of the given given member as a set of strings, null if it doesn't exist
*/
@ -130,7 +130,7 @@ public class JsonUtils {
return null;
}
}
/**
* Gets the value of the given given member as a set of strings, null if it doesn't exist
*/
@ -141,7 +141,7 @@ public class JsonUtils {
return null;
}
}
/**
* Gets the value of the given member as a list of JWS Algorithms, null if it doesn't exist
*/
@ -150,14 +150,14 @@ public class JsonUtils {
if (strings != null) {
List<JWSAlgorithm> algs = new ArrayList<JWSAlgorithm>();
for (String alg : strings) {
algs.add(JWSAlgorithm.parse(alg));
}
algs.add(JWSAlgorithm.parse(alg));
}
return algs;
} else {
return null;
}
}
/**
* Gets the value of the given member as a list of JWS Algorithms, null if it doesn't exist
*/
@ -166,14 +166,14 @@ public class JsonUtils {
if (strings != null) {
List<JWEAlgorithm> algs = new ArrayList<JWEAlgorithm>();
for (String alg : strings) {
algs.add(JWEAlgorithm.parse(alg));
}
algs.add(JWEAlgorithm.parse(alg));
}
return algs;
} else {
return null;
}
}
/**
* Gets the value of the given member as a list of JWS Algorithms, null if it doesn't exist
*/
@ -182,12 +182,12 @@ public class JsonUtils {
if (strings != null) {
List<EncryptionMethod> algs = new ArrayList<EncryptionMethod>();
for (String alg : strings) {
algs.add(EncryptionMethod.parse(alg));
}
algs.add(EncryptionMethod.parse(alg));
}
return algs;
} else {
return null;
}
}
}

2
openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

18
openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -58,15 +58,15 @@ public class JWKSetKeyStore {
if (location.exists() && location.isReadable()) {
try {
// read in the file from disk
String s = CharStreams.toString(new InputStreamReader(location.getInputStream(), Charsets.UTF_8));
// read in the file from disk
String s = CharStreams.toString(new InputStreamReader(location.getInputStream(), Charsets.UTF_8));
// parse it into a jwkSet object
jwkSet = JWKSet.parse(s);
} catch (IOException e) {
throw new IllegalArgumentException("Key Set resource could not be read: " + location);
} catch (ParseException e) {
throw new IllegalArgumentException("Key Set resource could not be parsed: " + location); }
// parse it into a jwkSet object
jwkSet = JWKSet.parse(s);
} catch (IOException e) {
throw new IllegalArgumentException("Key Set resource could not be read: " + location);
} catch (ParseException e) {
throw new IllegalArgumentException("Key Set resource could not be parsed: " + location); }
} else {
throw new IllegalArgumentException("Key Set resource could not be read: " + location);

20
openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -31,38 +31,38 @@ import com.nimbusds.jose.jwk.JWK;
public interface JwtEncryptionAndDecryptionService {
/**
* Encrypts the JWT in place with the default encrypter.
* If an arbitrary payload is used, then pass in a JWEObject.
* Encrypts the JWT in place with the default encrypter.
* If an arbitrary payload is used, then pass in a JWEObject.
* Otherwise, if JWT claims are the payload, then use the JWEObject subclass EncryptedJWT instead.
* @param jwt
*/
public void encryptJwt(JWEObject jwt);
/**
* Decrypts the JWT in place with the default decrypter.
* If an arbitrary payload is used, then pass in a JWEObject.
* Decrypts the JWT in place with the default decrypter.
* If an arbitrary payload is used, then pass in a JWEObject.
* Otherwise, if JWT claims are the payload, then use the JWEObject subclass EncryptedJWT instead.
* @param jwt
*/
public void decryptJwt(JWEObject jwt);
/**
* Get all public keys for this service, mapped by their Key ID
*/
public Map<String, JWK> getAllPublicKeys();
/**
* Get the list of all encryption algorithms supported by this service.
* @return
*/
public Collection<JWEAlgorithm> getAllEncryptionAlgsSupported();
/**
* Get the list of all encryption methods supported by this service.
* @return
*/
public Collection<EncryptionMethod> getAllEncryptionEncsSupported();
/**
* TODO add functionality for encrypting and decrypting using a specified key id.
* Example: public void encryptJwt(EncryptedJWT jwt, String kid);

60
openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -61,7 +61,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
private Map<String, JWEDecrypter> decrypters = new HashMap<String, JWEDecrypter>();
private String defaultEncryptionKeyId;
private String defaultDecryptionKeyId;
private JWEAlgorithm defaultAlgorithm;
@ -70,7 +70,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
private Map<String, JWK> keys = new HashMap<String, JWK>();
/**
* Build this service based on the keys given. All public keys will be used to make encrypters,
* Build this service based on the keys given. All public keys will be used to make encrypters,
* all private keys will be used to make decrypters.
*
* @param keys
@ -82,7 +82,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
this.keys = keys;
buildEncryptersAndDecrypters();
}
/**
* Build this service based on the given keystore. All keys must have a key
* id ({@code kid}) field in order to be used.
@ -93,7 +93,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
* @throws JOSEException
*/
public DefaultJwtEncryptionAndDecryptionService(JWKSetKeyStore keyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
// convert all keys in the keystore to a map based on key id
for (JWK key : keyStore.getKeys()) {
if (!Strings.isNullOrEmpty(key.getKeyID())) {
@ -102,11 +102,11 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
throw new IllegalArgumentException("Tried to load a key from a keystore without a 'kid' field: " + key);
}
}
buildEncryptersAndDecrypters();
}
@PostConstruct
public void afterPropertiesSet() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException{
@ -169,7 +169,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
try {
jwt.encrypt(encrypter);
} catch (JOSEException e) {
logger.error("Failed to encrypt JWT, error was: ", e);
}
@ -189,7 +189,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
try {
jwt.decrypt(decrypter);
} catch (JOSEException e) {
logger.error("Failed to decrypt JWT, error was: ", e);
}
@ -197,10 +197,10 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
/**
* Builds all the encrypters and decrypters for this service based on the key map.
* @throws
* @throws InvalidKeySpecException
* @throws NoSuchAlgorithmException
* @throws JOSEException
* @throws
* @throws InvalidKeySpecException
* @throws NoSuchAlgorithmException
* @throws JOSEException
*/
private void buildEncryptersAndDecrypters() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
@ -229,7 +229,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
DirectEncrypter encrypter = new DirectEncrypter(((OctetSequenceKey) jwk).toByteArray());
DirectDecrypter decrypter = new DirectDecrypter(((OctetSequenceKey) jwk).toByteArray());
encrypters.put(id, encrypter);
decrypters.put(id, decrypter);
@ -274,20 +274,20 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
/* (non-Javadoc)
* @see org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService#getAllEncryptionEncsSupported()
*/
@Override
public Collection<EncryptionMethod> getAllEncryptionEncsSupported() {
Set<EncryptionMethod> encs = new HashSet<EncryptionMethod>();
for (JWEEncrypter encrypter : encrypters.values()) {
encs.addAll(encrypter.supportedEncryptionMethods());
}
for (JWEDecrypter decrypter : decrypters.values()) {
encs.addAll(decrypter.supportedEncryptionMethods());
}
return encs;
}
@Override
public Collection<EncryptionMethod> getAllEncryptionEncsSupported() {
Set<EncryptionMethod> encs = new HashSet<EncryptionMethod>();
for (JWEEncrypter encrypter : encrypters.values()) {
encs.addAll(encrypter.supportedEncryptionMethods());
}
for (JWEDecrypter decrypter : decrypters.values()) {
encs.addAll(decrypter.supportedEncryptionMethods());
}
return encs;
}
}

2
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

16
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -60,7 +60,7 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
// map of identifier to key
private Map<String, JWK> keys = new HashMap<String, JWK>();
/**
* Build this service based on the keys given. All public keys will be used
* to make verifiers, all private keys will be used to make signers.
@ -215,29 +215,29 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
public void signJwt(SignedJWT jwt, JWSAlgorithm alg) {
JWSSigner signer = null;
for (JWSSigner s : signers.values()) {
if (s.supportedAlgorithms().contains(alg)) {
signer = s;
break;
}
}
if (signer == null) {
//If we can't find an algorithm that matches, we can't sign
logger.error("No matching algirthm found for alg=" + alg);
}
try {
jwt.sign(signer);
} catch (JOSEException e) {
logger.error("Failed to sign JWT, error was: ", e);
}
}
@Override
public boolean validateSignature(SignedJWT jwt) {

24
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -54,7 +54,7 @@ public class JWKSetCacheService {
// map of jwk set uri -> signing/validation service built on the keys found in that jwk set
private LoadingCache<String, JwtSigningAndValidationService> validators;
// map of jwk set uri -> encryption/decryption service built on the keys found in that jwk set
private LoadingCache<String, JwtEncryptionAndDecryptionService> encrypters;
@ -92,7 +92,7 @@ public class JWKSetCacheService {
return null;
}
}
/**
* @author jricher
*
@ -122,27 +122,27 @@ public class JWKSetCacheService {
}
/**
* @author jricher
*
*/
private class JWKSetEncryptorFetcher extends CacheLoader<String, JwtEncryptionAndDecryptionService> {
* @author jricher
*
*/
private class JWKSetEncryptorFetcher extends CacheLoader<String, JwtEncryptionAndDecryptionService> {
private HttpClient httpClient = new DefaultHttpClient();
private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
private RestTemplate restTemplate = new RestTemplate(httpFactory);
/* (non-Javadoc)
* @see com.google.common.cache.CacheLoader#load(java.lang.Object)
*/
@Override
public JwtEncryptionAndDecryptionService load(String key) throws Exception {
@Override
public JwtEncryptionAndDecryptionService load(String key) throws Exception {
String jsonString = restTemplate.getForObject(key, String.class);
JWKSet jwkSet = JWKSet.parse(jsonString);
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
JwtEncryptionAndDecryptionService service = new DefaultJwtEncryptionAndDecryptionService(keyStore);
return service;
}
}
}
}
}

2
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

20
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -74,7 +74,7 @@ public class ClientDetailsEntity implements ClientDetails {
/**
*
*/
private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600;
private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600;
private static final long serialVersionUID = -1617727085733786296L;
@ -110,7 +110,7 @@ public class ClientDetailsEntity implements ClientDetails {
private JWSAlgorithmEmbed idTokenSignedResponseAlg = null; // id_token_signed_response_alg
private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
private JWSAlgorithmEmbed tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg
private Integer defaultMaxAge; // default_max_age
@ -233,8 +233,8 @@ public class ClientDetailsEntity implements ClientDetails {
if (getIdTokenValiditySeconds() == null) {
setIdTokenValiditySeconds(DEFAULT_ID_TOKEN_VALIDITY_SECONDS);
}
}
}
/**
* @return the id
*/
@ -781,11 +781,11 @@ public class ClientDetailsEntity implements ClientDetails {
public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
return tokenEndpointAuthSigningAlg;
}
public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlgEmbed;
}
//
// Transient passthrough methods for JOSE elements
//
@ -880,7 +880,7 @@ public class ClientDetailsEntity implements ClientDetails {
public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
this.idTokenEncryptedResponseEnc = new JWEEncryptionMethodEmbed(idTokenEncryptedResponseEnc);
}
@Transient
public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
if (tokenEndpointAuthSigningAlg != null) {
@ -889,11 +889,11 @@ public class ClientDetailsEntity implements ClientDetails {
return null;
}
}
public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
this.tokenEndpointAuthSigningAlg = new JWSAlgorithmEmbed(tokenEndpointAuthSigningAlg);
}
// END Transient JOSE methods
@Basic

2
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

194
openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -579,257 +579,257 @@ public class RegisteredClient {
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlgEmbed()
*/
public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() {
return client.getRequestObjectSigningAlgEmbed();
}
public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() {
return client.getRequestObjectSigningAlgEmbed();
}
/**
* @param requestObjectSigningAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
*/
public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) {
client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg);
}
public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) {
client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlgEmbed()
*/
public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() {
return client.getUserInfoSignedResponseAlgEmbed();
}
public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() {
return client.getUserInfoSignedResponseAlgEmbed();
}
/**
* @param userInfoSignedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
*/
public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) {
client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg);
}
public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) {
client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlgEmbed()
*/
public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() {
return client.getUserInfoEncryptedResponseAlgEmbed();
}
public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() {
return client.getUserInfoEncryptedResponseAlgEmbed();
}
/**
* @param userInfoEncryptedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
*/
public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) {
client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg);
}
public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) {
client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEncEmbed()
*/
public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() {
return client.getUserInfoEncryptedResponseEncEmbed();
}
public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() {
return client.getUserInfoEncryptedResponseEncEmbed();
}
/**
* @param userInfoEncryptedResponseEnc
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
*/
public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) {
client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc);
}
public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) {
client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlgEmbed()
*/
public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() {
return client.getIdTokenSignedResponseAlgEmbed();
}
public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() {
return client.getIdTokenSignedResponseAlgEmbed();
}
/**
* @param idTokenSignedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
*/
public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) {
client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg);
}
public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) {
client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlgEmbed()
*/
public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() {
return client.getIdTokenEncryptedResponseAlgEmbed();
}
public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() {
return client.getIdTokenEncryptedResponseAlgEmbed();
}
/**
* @param idTokenEncryptedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed)
*/
public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) {
client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg);
}
public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) {
client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEncEmbed()
*/
public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() {
return client.getIdTokenEncryptedResponseEncEmbed();
}
public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() {
return client.getIdTokenEncryptedResponseEncEmbed();
}
/**
* @param idTokenEncryptedResponseEnc
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed)
*/
public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) {
client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc);
}
public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) {
client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg()
*/
public JWSAlgorithm getRequestObjectSigningAlg() {
return client.getRequestObjectSigningAlg();
}
public JWSAlgorithm getRequestObjectSigningAlg() {
return client.getRequestObjectSigningAlg();
}
/**
* @param requestObjectSigningAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlg(com.nimbusds.jose.JWSAlgorithm)
*/
public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
client.setRequestObjectSigningAlg(requestObjectSigningAlg);
}
public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
client.setRequestObjectSigningAlg(requestObjectSigningAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlg()
*/
public JWSAlgorithm getUserInfoSignedResponseAlg() {
return client.getUserInfoSignedResponseAlg();
}
public JWSAlgorithm getUserInfoSignedResponseAlg() {
return client.getUserInfoSignedResponseAlg();
}
/**
* @param userInfoSignedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm)
*/
public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg);
}
public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlg()
*/
public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
return client.getUserInfoEncryptedResponseAlg();
}
public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
return client.getUserInfoEncryptedResponseAlg();
}
/**
* @param userInfoEncryptedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm)
*/
public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg);
}
public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEnc()
*/
public EncryptionMethod getUserInfoEncryptedResponseEnc() {
return client.getUserInfoEncryptedResponseEnc();
}
public EncryptionMethod getUserInfoEncryptedResponseEnc() {
return client.getUserInfoEncryptedResponseEnc();
}
/**
* @param userInfoEncryptedResponseEnc
* @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod)
*/
public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc);
}
public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlg()
*/
public JWSAlgorithm getIdTokenSignedResponseAlg() {
return client.getIdTokenSignedResponseAlg();
}
public JWSAlgorithm getIdTokenSignedResponseAlg() {
return client.getIdTokenSignedResponseAlg();
}
/**
* @param idTokenSignedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm)
*/
public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg);
}
public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlg()
*/
public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
return client.getIdTokenEncryptedResponseAlg();
}
public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
return client.getIdTokenEncryptedResponseAlg();
}
/**
* @param idTokenEncryptedResponseAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm)
*/
public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg);
}
public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEnc()
*/
public EncryptionMethod getIdTokenEncryptedResponseEnc() {
return client.getIdTokenEncryptedResponseEnc();
}
public EncryptionMethod getIdTokenEncryptedResponseEnc() {
return client.getIdTokenEncryptedResponseEnc();
}
/**
* @param idTokenEncryptedResponseEnc
* @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod)
*/
public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc);
}
public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlgEmbed()
*/
public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
return client.getTokenEndpointAuthSigningAlgEmbed();
}
public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() {
return client.getTokenEndpointAuthSigningAlgEmbed();
}
/**
* @param tokenEndpointAuthSigningAlgEmbed
* @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed)
*/
public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed);
}
public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) {
client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed);
}
/**
* @return
* @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg()
*/
public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
return client.getTokenEndpointAuthSigningAlg();
}
public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
return client.getTokenEndpointAuthSigningAlg();
}
/**
* @param tokenEndpointAuthSigningAlg
* @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlg(com.nimbusds.jose.JWSAlgorithm)
*/
public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
client.setTokenEndpointAuthSigningAlg(tokenEndpointAuthSigningAlg);
}
public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
client.setTokenEndpointAuthSigningAlg(tokenEndpointAuthSigningAlg);
}
/**
* @return

186
openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -51,7 +51,7 @@ public class SystemScope {
private boolean structured = false; // is this a default scope for newly-registered clients?
private String structuredParamDescription;
private String structuredValue;
/**
* Make a blank system scope with no value
*/
@ -66,7 +66,7 @@ public class SystemScope {
public SystemScope(String value) {
this.value = value;
}
/**
* @return the id
*/
@ -147,14 +147,14 @@ public class SystemScope {
public boolean isDefaultScope() {
return defaultScope;
}
/**
* @param defaultScope the defaultScope to set
*/
public void setDefaultScope(boolean defaultScope) {
this.defaultScope = defaultScope;
}
/**
* @return the isStructured status
*/
@ -163,7 +163,7 @@ public class SystemScope {
public boolean isStructured() {
return structured;
}
/**
* @param structured the structured to set
*/
@ -176,7 +176,7 @@ public class SystemScope {
public String getStructuredParamDescription() {
return structuredParamDescription;
}
/**
* @param isStructured the isStructured to set
*/
@ -184,7 +184,7 @@ public class SystemScope {
this.structuredParamDescription = d;
}
/**
* @return the structuredValue
*/
@ -204,98 +204,98 @@ public class SystemScope {
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + (allowDynReg ? 1231 : 1237);
result = prime * result + (defaultScope ? 1231 : 1237);
result = prime * result + ((description == null) ? 0 : description.hashCode());
result = prime * result + ((icon == null) ? 0 : icon.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + (structured ? 1231 : 1237);
result = prime * result + ((structuredParamDescription == null) ? 0 : structuredParamDescription.hashCode());
result = prime * result + ((structuredValue == null) ? 0 : structuredValue.hashCode());
result = prime * result + ((value == null) ? 0 : value.hashCode());
return result;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + (allowDynReg ? 1231 : 1237);
result = prime * result + (defaultScope ? 1231 : 1237);
result = prime * result + ((description == null) ? 0 : description.hashCode());
result = prime * result + ((icon == null) ? 0 : icon.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + (structured ? 1231 : 1237);
result = prime * result + ((structuredParamDescription == null) ? 0 : structuredParamDescription.hashCode());
result = prime * result + ((structuredValue == null) ? 0 : structuredValue.hashCode());
result = prime * result + ((value == null) ? 0 : value.hashCode());
return result;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof SystemScope)) {
return false;
}
SystemScope other = (SystemScope) obj;
if (allowDynReg != other.allowDynReg) {
return false;
}
if (defaultScope != other.defaultScope) {
return false;
}
if (description == null) {
if (other.description != null) {
return false;
}
} else if (!description.equals(other.description)) {
return false;
}
if (icon == null) {
if (other.icon != null) {
return false;
}
} else if (!icon.equals(other.icon)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (structured != other.structured) {
return false;
}
if (structuredParamDescription == null) {
if (other.structuredParamDescription != null) {
return false;
}
} else if (!structuredParamDescription.equals(other.structuredParamDescription)) {
return false;
}
if (structuredValue == null) {
if (other.structuredValue != null) {
return false;
}
} else if (!structuredValue.equals(other.structuredValue)) {
return false;
}
if (value == null) {
if (other.value != null) {
return false;
}
} else if (!value.equals(other.value)) {
return false;
}
return true;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof SystemScope)) {
return false;
}
SystemScope other = (SystemScope) obj;
if (allowDynReg != other.allowDynReg) {
return false;
}
if (defaultScope != other.defaultScope) {
return false;
}
if (description == null) {
if (other.description != null) {
return false;
}
} else if (!description.equals(other.description)) {
return false;
}
if (icon == null) {
if (other.icon != null) {
return false;
}
} else if (!icon.equals(other.icon)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (structured != other.structured) {
return false;
}
if (structuredParamDescription == null) {
if (other.structuredParamDescription != null) {
return false;
}
} else if (!structuredParamDescription.equals(other.structuredParamDescription)) {
return false;
}
if (structuredValue == null) {
if (other.structuredValue != null) {
return false;
}
} else if (!structuredValue.equals(other.structuredValue)) {
return false;
}
if (value == null) {
if (other.value != null) {
return false;
}
} else if (!value.equals(other.value)) {
return false;
}
return true;
}
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
return "SystemScope [id=" + id + ", value=" + value + ", description=" + description + ", icon=" + icon + ", allowDynReg=" + allowDynReg + ", defaultScope=" + defaultScope + ", structured=" + structured + ", structuredParamDescription=" + structuredParamDescription + ", structuredValue="
+ structuredValue + "]";
}
@Override
public String toString() {
return "SystemScope [id=" + id + ", value=" + value + ", description=" + description + ", icon=" + icon + ", allowDynReg=" + allowDynReg + ", defaultScope=" + defaultScope + ", structured=" + structured + ", structuredParamDescription=" + structuredParamDescription + ", structuredValue="
+ structuredValue + "]";
}
}

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

6
openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -32,7 +32,7 @@ public interface SystemScopeService {
public static final String OFFLINE_ACCESS = "offline_access";
public static final String ID_TOKEN_SCOPE = "id-token";
public static final String REGISTRATION_TOKEN_SCOPE = "registration-token";
public Set<SystemScope> getAll();
/**
@ -80,7 +80,7 @@ public interface SystemScopeService {
public boolean scopesMatch(Set<String> expected, Set<String> actual);
/**
* Remove any system-restricted scopes from the set and return the result.
* Remove any system-restricted scopes from the set and return the result.
* @param scopes
* @return
*/

2
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

14
openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -20,6 +20,14 @@
package org.mitre.openid.connect;
import static org.mitre.discovery.util.JsonUtils.getAsArray;
import static org.mitre.discovery.util.JsonUtils.getAsDate;
import static org.mitre.discovery.util.JsonUtils.getAsJweAlgorithm;
import static org.mitre.discovery.util.JsonUtils.getAsJweEncryptionMethod;
import static org.mitre.discovery.util.JsonUtils.getAsJwsAlgorithm;
import static org.mitre.discovery.util.JsonUtils.getAsString;
import static org.mitre.discovery.util.JsonUtils.getAsStringSet;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
@ -33,8 +41,6 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import static org.mitre.discovery.util.JsonUtils.*;
/**
* @author jricher
*
@ -110,7 +116,7 @@ public class ClientDetailsEntityJsonProcessor {
c.setIdTokenSignedResponseAlg(getAsJwsAlgorithm(o, "id_token_signed_response_alg"));
c.setIdTokenEncryptedResponseAlg(getAsJweAlgorithm(o, "id_token_encrypted_response_alg"));
c.setIdTokenEncryptedResponseEnc(getAsJweEncryptionMethod(o, "id_token_encrypted_response_enc"));
c.setTokenEndpointAuthSigningAlg(getAsJwsAlgorithm(o, "token_endpoint_auth_signing_alg"));
if (o.has("default_max_age")) {

2
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

178
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -36,129 +36,129 @@ public class ServerConfiguration {
/*
*
issuer
REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier.
REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier.
authorization_endpoint
OPTIONAL. URL of the OP's Authentication and Authorization Endpoint [OpenID.Messages].
OPTIONAL. URL of the OP's Authentication and Authorization Endpoint [OpenID.Messages].
token_endpoint
OPTIONAL. URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Messages].
OPTIONAL. URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Messages].
userinfo_endpoint
RECOMMENDED. URL of the OP's UserInfo Endpoint [OpenID.Messages]. This URL MUST use the
https scheme and MAY contain port, path, and query parameter components.
https scheme and MAY contain port, path, and query parameter components.
check_session_iframe
OPTIONAL. URL of an OP endpoint that provides a page to support cross-origin communications for
session state information with the RP Client, using the HTML5 postMessage API. The page is loaded
from an invisible iframe embedded in an RP page so that it can run in the OP's security context. See [OpenID.Session].
OPTIONAL. URL of an OP endpoint that provides a page to support cross-origin communications for
session state information with the RP Client, using the HTML5 postMessage API. The page is loaded
from an invisible iframe embedded in an RP page so that it can run in the OP's security context. See [OpenID.Session].
end_session_endpoint
OPTIONAL. URL of the OP's endpoint that initiates logging out the End-User. See [OpenID.Session].
OPTIONAL. URL of the OP's endpoint that initiates logging out the End-User. See [OpenID.Session].
jwks_uri
REQUIRED. URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the
Client uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by Clients to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the document to indicate each key's intended usage.
REQUIRED. URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the
Client uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by Clients to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the document to indicate each key's intended usage.
registration_endpoint
RECOMMENDED. URL of the OP's Dynamic Client Registration Endpoint [OpenID.Registration].
RECOMMENDED. URL of the OP's Dynamic Client Registration Endpoint [OpenID.Registration].
scopes_supported
RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server
RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server
response_types_supported
REQUIRED. JSON array containing a list of the OAuth 2.0 response_type values that this server
supports. The server MUST support the code, id_token, and the token id_token response type values.
REQUIRED. JSON array containing a list of the OAuth 2.0 response_type values that this server
supports. The server MUST support the code, id_token, and the token id_token response type values.
grant_types_supported
OPTIONAL. JSON array containing a list of the OAuth 2.0 grant type values that this server supports.
The server MUST support the authorization_code and implicit grant type values and MAY support the
urn:ietf:params:oauth:grant-type:jwt-bearer grant type defined in OAuth JWT Bearer Token Profiles [OAuth.JWT].
If omitted, the default value is ["authorization_code", "implicit"].
OPTIONAL. JSON array containing a list of the OAuth 2.0 grant type values that this server supports.
The server MUST support the authorization_code and implicit grant type values and MAY support the
urn:ietf:params:oauth:grant-type:jwt-bearer grant type defined in OAuth JWT Bearer Token Profiles [OAuth.JWT].
If omitted, the default value is ["authorization_code", "implicit"].
acr_values_supported
OPTIONAL. JSON array containing a list of the Authentication Context Class References that this server supports.
OPTIONAL. JSON array containing a list of the Authentication Context Class References that this server supports.
subject_types_supported
REQUIRED. JSON array containing a list of the subject identifier types that this server supports.
Valid types include pairwise and public.
REQUIRED. JSON array containing a list of the subject identifier types that this server supports.
Valid types include pairwise and public.
userinfo_signing_alg_values_supported
OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported
by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported
by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
userinfo_encryption_alg_values_supported
OPTIONAL. JSON array containing a list of the JWE [JWE] encryption algorithms (alg values) [JWA] supported
by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
OPTIONAL. JSON array containing a list of the JWE [JWE] encryption algorithms (alg values) [JWA] supported
by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
userinfo_encryption_enc_values_supported
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported
by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported
by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
id_token_signing_alg_values_supported
REQUIRED. JSON array containing a list of the JWS signing algorithms (alg values) supported by the
Authorization Server for the ID Token to encode the Claims in a JWT [JWT].
REQUIRED. JSON array containing a list of the JWS signing algorithms (alg values) supported by the
Authorization Server for the ID Token to encode the Claims in a JWT [JWT].
id_token_encryption_alg_values_supported
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the
Authorization Server for the ID Token to encode the Claims in a JWT [JWT].
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the
Authorization Server for the ID Token to encode the Claims in a JWT [JWT].
id_token_encryption_enc_values_supported
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the
Authorization Server for the ID Token to encode the Claims in a JWT [JWT].
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the
Authorization Server for the ID Token to encode the Claims in a JWT [JWT].
request_object_signing_alg_values_supported
OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the
Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0
[OpenID.Messages]. These algorithms are used both when the Request Object is passed by value (using the
request parameter) and when it is passed by reference (using the request_uri parameter). Servers SHOULD
support none and RS256.
OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the
Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0
[OpenID.Messages]. These algorithms are used both when the Request Object is passed by value (using the
request parameter) and when it is passed by reference (using the request_uri parameter). Servers SHOULD
support none and RS256.
request_object_encryption_alg_values_supported
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the
Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0
[OpenID.Messages]. These algorithms are used both when the Request Object is passed by value and when it
is passed by reference.
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the
Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0
[OpenID.Messages]. These algorithms are used both when the Request Object is passed by value and when it
is passed by reference.
request_object_encryption_enc_values_supported
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the
Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0
[OpenID.Messages]. These algorithms are used both when the Request Object is passed by value and when
it is passed by reference.
OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the
Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0
[OpenID.Messages]. These algorithms are used both when the Request Object is passed by value and when
it is passed by reference.
token_endpoint_auth_methods_supported
OPTIONAL. JSON array containing a list of authentication methods supported by this Token Endpoint.
The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as
described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. Other authentication
methods MAY be defined by extensions. If omitted, the default is client_secret_basic -- the HTTP
Basic Authentication Scheme as specified in Section 2.3.1 of OAuth 2.0 [RFC6749].
OPTIONAL. JSON array containing a list of authentication methods supported by this Token Endpoint.
The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as
described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. Other authentication
methods MAY be defined by extensions. If omitted, the default is client_secret_basic -- the HTTP
Basic Authentication Scheme as specified in Section 2.3.1 of OAuth 2.0 [RFC6749].
token_endpoint_auth_signing_alg_values_supported
OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the
Token Endpoint for the private_key_jwt and client_secret_jwt methods to encode the JWT [JWT]. Servers
SHOULD support RS256.
OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the
Token Endpoint for the private_key_jwt and client_secret_jwt methods to encode the JWT [JWT]. Servers
SHOULD support RS256.
display_values_supported
OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider
supports. These values are described in Section 2.1.1 of OpenID Connect Messages 1.0 [OpenID.Messages].
OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider
supports. These values are described in Section 2.1.1 of OpenID Connect Messages 1.0 [OpenID.Messages].
claim_types_supported
OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim
Types are described in Section 2.6 of OpenID Connect Messages 1.0 [OpenID.Messages]. Values defined by
this specification are normal, aggregated, and distributed. If not specified, the implementation supports
only normal Claims.
OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim
Types are described in Section 2.6 of OpenID Connect Messages 1.0 [OpenID.Messages]. Values defined by
this specification are normal, aggregated, and distributed. If not specified, the implementation supports
only normal Claims.
claims_supported
RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY
be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.
RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY
be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.
service_documentation
OPTIONAL. URL of a page containing human-readable information that developers might want or need to
know when using the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic
Client Registration, then information on how to register Clients needs to be provided in this documentation.
OPTIONAL. URL of a page containing human-readable information that developers might want or need to
know when using the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic
Client Registration, then information on how to register Clients needs to be provided in this documentation.
claims_locales_supported
OPTIONAL. Languages and scripts supported for values in Claims being returned, represented as a JSON array
of BCP47 [RFC5646] language tag values. Not all languages and scripts are necessarily supported for all
Claim values.
OPTIONAL. Languages and scripts supported for values in Claims being returned, represented as a JSON array
of BCP47 [RFC5646] language tag values. Not all languages and scripts are necessarily supported for all
Claim values.
ui_locales_supported
OPTIONAL. Languages and scripts supported for the user interface, represented as a JSON array of BCP47
[RFC5646] language tag values.
OPTIONAL. Languages and scripts supported for the user interface, represented as a JSON array of BCP47
[RFC5646] language tag values.
claims_parameter_supported
OPTIONAL. Boolean value specifying whether the OP supports use of the claims parameter, with true
indicating support. If omitted, the default value is false.
OPTIONAL. Boolean value specifying whether the OP supports use of the claims parameter, with true
indicating support. If omitted, the default value is false.
request_parameter_supported
OPTIONAL. Boolean value specifying whether the OP supports use of the request parameter, with true
indicating support. If omitted, the default value is false.
OPTIONAL. Boolean value specifying whether the OP supports use of the request parameter, with true
indicating support. If omitted, the default value is false.
request_uri_parameter_supported
OPTIONAL. Boolean value specifying whether the OP supports use of the request_uri parameter, with
true indicating support. If omitted, the default value is true.
OPTIONAL. Boolean value specifying whether the OP supports use of the request_uri parameter, with
true indicating support. If omitted, the default value is true.
require_request_uri_registration
OPTIONAL. Boolean value specifying whether the OP requires any request_uri values used to be
pre-registered using the request_uris registration parameter. Pre-registration is REQUIRED when
the value is true. If omitted, the default value is false.
OPTIONAL. Boolean value specifying whether the OP requires any request_uri values used to be
pre-registered using the request_uris registration parameter. Pre-registration is REQUIRED when
the value is true. If omitted, the default value is false.
op_policy_uri
OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read
about the OP's requirements on how the Relying Party can use the data provided by the OP. The
registration process SHOULD display this URL to the person registering the Client if it is given.
OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read
about the OP's requirements on how the Relying Party can use the data provided by the OP. The
registration process SHOULD display this URL to the person registering the Client if it is given.
op_tos_uri
OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read about
OpenID Provider's terms of service. The registration process SHOULD display this URL to the person
registering the Client if it is given.
OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read about
OpenID Provider's terms of service. The registration process SHOULD display this URL to the person
registering the Client if it is given.
*/
private String authorizationEndpointUri;
private String tokenEndpointUri;
@ -172,7 +172,7 @@ public class ServerConfiguration {
private String userInfoUri;
private String introspectionEndpointUri;
private String revocationEndpointUri;
public String getRevocationEndpointUri() {
@ -1094,6 +1094,6 @@ public class ServerConfiguration {
}
return true;
}
}

154
openid-connect-common/src/main/java/org/mitre/openid/connect/model/Address.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -149,85 +149,85 @@ public class Address {
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((country == null) ? 0 : country.hashCode());
result = prime * result + ((formatted == null) ? 0 : formatted.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((locality == null) ? 0 : locality.hashCode());
result = prime * result + ((postalCode == null) ? 0 : postalCode.hashCode());
result = prime * result + ((region == null) ? 0 : region.hashCode());
result = prime * result + ((streetAddress == null) ? 0 : streetAddress.hashCode());
return result;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((country == null) ? 0 : country.hashCode());
result = prime * result + ((formatted == null) ? 0 : formatted.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((locality == null) ? 0 : locality.hashCode());
result = prime * result + ((postalCode == null) ? 0 : postalCode.hashCode());
result = prime * result + ((region == null) ? 0 : region.hashCode());
result = prime * result + ((streetAddress == null) ? 0 : streetAddress.hashCode());
return result;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof Address)) {
return false;
}
Address other = (Address) obj;
if (country == null) {
if (other.country != null) {
return false;
}
} else if (!country.equals(other.country)) {
return false;
}
if (formatted == null) {
if (other.formatted != null) {
return false;
}
} else if (!formatted.equals(other.formatted)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (locality == null) {
if (other.locality != null) {
return false;
}
} else if (!locality.equals(other.locality)) {
return false;
}
if (postalCode == null) {
if (other.postalCode != null) {
return false;
}
} else if (!postalCode.equals(other.postalCode)) {
return false;
}
if (region == null) {
if (other.region != null) {
return false;
}
} else if (!region.equals(other.region)) {
return false;
}
if (streetAddress == null) {
if (other.streetAddress != null) {
return false;
}
} else if (!streetAddress.equals(other.streetAddress)) {
return false;
}
return true;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof Address)) {
return false;
}
Address other = (Address) obj;
if (country == null) {
if (other.country != null) {
return false;
}
} else if (!country.equals(other.country)) {
return false;
}
if (formatted == null) {
if (other.formatted != null) {
return false;
}
} else if (!formatted.equals(other.formatted)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (locality == null) {
if (other.locality != null) {
return false;
}
} else if (!locality.equals(other.locality)) {
return false;
}
if (postalCode == null) {
if (other.postalCode != null) {
return false;
}
} else if (!postalCode.equals(other.postalCode)) {
return false;
}
if (region == null) {
if (other.region != null) {
return false;
}
} else if (!region.equals(other.region)) {
return false;
}
if (streetAddress == null) {
if (other.streetAddress != null) {
return false;
}
} else if (!streetAddress.equals(other.streetAddress)) {
return false;
}
return true;
}
}

2
openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

408
openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -336,19 +336,19 @@ public class DefaultUserInfo implements UserInfo {
/* (non-Javadoc)
* @see org.mitre.openid.connect.model.UserInfo#getPhoneNumberVerified()
*/
@Override
@Basic
@Column(name="phone_number_verified")
public Boolean getPhoneNumberVerified() {
return phoneNumberVerified;
}
@Override
@Basic
@Column(name="phone_number_verified")
public Boolean getPhoneNumberVerified() {
return phoneNumberVerified;
}
/* (non-Javadoc)
* @see org.mitre.openid.connect.model.UserInfo#setPhoneNumberVerified(java.lang.Boolean)
*/
@Override
public void setPhoneNumberVerified(Boolean phoneNumberVerified) {
this.phoneNumberVerified = phoneNumberVerified;
}
@Override
public void setPhoneNumberVerified(Boolean phoneNumberVerified) {
this.phoneNumberVerified = phoneNumberVerified;
}
/* (non-Javadoc)
* @see org.mitre.openid.connect.model.UserInfo#getAddress()
*/
@ -398,7 +398,7 @@ public class DefaultUserInfo implements UserInfo {
public void setBirthdate(String birthdate) {
this.birthdate = birthdate;
}
@Override
public JsonObject toJson() {
JsonObject obj = new JsonObject();
@ -419,7 +419,7 @@ public class DefaultUserInfo implements UserInfo {
obj.addProperty("locale", this.getLocale());
obj.addProperty("updated_time", this.getUpdatedTime());
obj.addProperty("birthdate", this.getBirthdate());
obj.addProperty("email", this.getEmail());
obj.addProperty("email_verified", this.getEmailVerified());
@ -441,7 +441,7 @@ public class DefaultUserInfo implements UserInfo {
return obj;
}
/**
* Parse a JsonObject into a UserInfo.
* @param o
@ -490,201 +490,201 @@ public class DefaultUserInfo implements UserInfo {
return ui;
}
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((address == null) ? 0 : address.hashCode());
result = prime * result + ((birthdate == null) ? 0 : birthdate.hashCode());
result = prime * result + ((email == null) ? 0 : email.hashCode());
result = prime * result + ((emailVerified == null) ? 0 : emailVerified.hashCode());
result = prime * result + ((familyName == null) ? 0 : familyName.hashCode());
result = prime * result + ((gender == null) ? 0 : gender.hashCode());
result = prime * result + ((givenName == null) ? 0 : givenName.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((locale == null) ? 0 : locale.hashCode());
result = prime * result + ((middleName == null) ? 0 : middleName.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((nickname == null) ? 0 : nickname.hashCode());
result = prime * result + ((phoneNumber == null) ? 0 : phoneNumber.hashCode());
result = prime * result + ((phoneNumberVerified == null) ? 0 : phoneNumberVerified.hashCode());
result = prime * result + ((picture == null) ? 0 : picture.hashCode());
result = prime * result + ((preferredUsername == null) ? 0 : preferredUsername.hashCode());
result = prime * result + ((profile == null) ? 0 : profile.hashCode());
result = prime * result + ((sub == null) ? 0 : sub.hashCode());
result = prime * result + ((updatedTime == null) ? 0 : updatedTime.hashCode());
result = prime * result + ((website == null) ? 0 : website.hashCode());
result = prime * result + ((zoneinfo == null) ? 0 : zoneinfo.hashCode());
return result;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((address == null) ? 0 : address.hashCode());
result = prime * result + ((birthdate == null) ? 0 : birthdate.hashCode());
result = prime * result + ((email == null) ? 0 : email.hashCode());
result = prime * result + ((emailVerified == null) ? 0 : emailVerified.hashCode());
result = prime * result + ((familyName == null) ? 0 : familyName.hashCode());
result = prime * result + ((gender == null) ? 0 : gender.hashCode());
result = prime * result + ((givenName == null) ? 0 : givenName.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((locale == null) ? 0 : locale.hashCode());
result = prime * result + ((middleName == null) ? 0 : middleName.hashCode());
result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((nickname == null) ? 0 : nickname.hashCode());
result = prime * result + ((phoneNumber == null) ? 0 : phoneNumber.hashCode());
result = prime * result + ((phoneNumberVerified == null) ? 0 : phoneNumberVerified.hashCode());
result = prime * result + ((picture == null) ? 0 : picture.hashCode());
result = prime * result + ((preferredUsername == null) ? 0 : preferredUsername.hashCode());
result = prime * result + ((profile == null) ? 0 : profile.hashCode());
result = prime * result + ((sub == null) ? 0 : sub.hashCode());
result = prime * result + ((updatedTime == null) ? 0 : updatedTime.hashCode());
result = prime * result + ((website == null) ? 0 : website.hashCode());
result = prime * result + ((zoneinfo == null) ? 0 : zoneinfo.hashCode());
return result;
}
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof DefaultUserInfo)) {
return false;
}
DefaultUserInfo other = (DefaultUserInfo) obj;
if (address == null) {
if (other.address != null) {
return false;
}
} else if (!address.equals(other.address)) {
return false;
}
if (birthdate == null) {
if (other.birthdate != null) {
return false;
}
} else if (!birthdate.equals(other.birthdate)) {
return false;
}
if (email == null) {
if (other.email != null) {
return false;
}
} else if (!email.equals(other.email)) {
return false;
}
if (emailVerified == null) {
if (other.emailVerified != null) {
return false;
}
} else if (!emailVerified.equals(other.emailVerified)) {
return false;
}
if (familyName == null) {
if (other.familyName != null) {
return false;
}
} else if (!familyName.equals(other.familyName)) {
return false;
}
if (gender == null) {
if (other.gender != null) {
return false;
}
} else if (!gender.equals(other.gender)) {
return false;
}
if (givenName == null) {
if (other.givenName != null) {
return false;
}
} else if (!givenName.equals(other.givenName)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (locale == null) {
if (other.locale != null) {
return false;
}
} else if (!locale.equals(other.locale)) {
return false;
}
if (middleName == null) {
if (other.middleName != null) {
return false;
}
} else if (!middleName.equals(other.middleName)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (nickname == null) {
if (other.nickname != null) {
return false;
}
} else if (!nickname.equals(other.nickname)) {
return false;
}
if (phoneNumber == null) {
if (other.phoneNumber != null) {
return false;
}
} else if (!phoneNumber.equals(other.phoneNumber)) {
return false;
}
if (phoneNumberVerified == null) {
if (other.phoneNumberVerified != null) {
return false;
}
} else if (!phoneNumberVerified.equals(other.phoneNumberVerified)) {
return false;
}
if (picture == null) {
if (other.picture != null) {
return false;
}
} else if (!picture.equals(other.picture)) {
return false;
}
if (preferredUsername == null) {
if (other.preferredUsername != null) {
return false;
}
} else if (!preferredUsername.equals(other.preferredUsername)) {
return false;
}
if (profile == null) {
if (other.profile != null) {
return false;
}
} else if (!profile.equals(other.profile)) {
return false;
}
if (sub == null) {
if (other.sub != null) {
return false;
}
} else if (!sub.equals(other.sub)) {
return false;
}
if (updatedTime == null) {
if (other.updatedTime != null) {
return false;
}
} else if (!updatedTime.equals(other.updatedTime)) {
return false;
}
if (website == null) {
if (other.website != null) {
return false;
}
} else if (!website.equals(other.website)) {
return false;
}
if (zoneinfo == null) {
if (other.zoneinfo != null) {
return false;
}
} else if (!zoneinfo.equals(other.zoneinfo)) {
return false;
}
return true;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof DefaultUserInfo)) {
return false;
}
DefaultUserInfo other = (DefaultUserInfo) obj;
if (address == null) {
if (other.address != null) {
return false;
}
} else if (!address.equals(other.address)) {
return false;
}
if (birthdate == null) {
if (other.birthdate != null) {
return false;
}
} else if (!birthdate.equals(other.birthdate)) {
return false;
}
if (email == null) {
if (other.email != null) {
return false;
}
} else if (!email.equals(other.email)) {
return false;
}
if (emailVerified == null) {
if (other.emailVerified != null) {
return false;
}
} else if (!emailVerified.equals(other.emailVerified)) {
return false;
}
if (familyName == null) {
if (other.familyName != null) {
return false;
}
} else if (!familyName.equals(other.familyName)) {
return false;
}
if (gender == null) {
if (other.gender != null) {
return false;
}
} else if (!gender.equals(other.gender)) {
return false;
}
if (givenName == null) {
if (other.givenName != null) {
return false;
}
} else if (!givenName.equals(other.givenName)) {
return false;
}
if (id == null) {
if (other.id != null) {
return false;
}
} else if (!id.equals(other.id)) {
return false;
}
if (locale == null) {
if (other.locale != null) {
return false;
}
} else if (!locale.equals(other.locale)) {
return false;
}
if (middleName == null) {
if (other.middleName != null) {
return false;
}
} else if (!middleName.equals(other.middleName)) {
return false;
}
if (name == null) {
if (other.name != null) {
return false;
}
} else if (!name.equals(other.name)) {
return false;
}
if (nickname == null) {
if (other.nickname != null) {
return false;
}
} else if (!nickname.equals(other.nickname)) {
return false;
}
if (phoneNumber == null) {
if (other.phoneNumber != null) {
return false;
}
} else if (!phoneNumber.equals(other.phoneNumber)) {
return false;
}
if (phoneNumberVerified == null) {
if (other.phoneNumberVerified != null) {
return false;
}
} else if (!phoneNumberVerified.equals(other.phoneNumberVerified)) {
return false;
}
if (picture == null) {
if (other.picture != null) {
return false;
}
} else if (!picture.equals(other.picture)) {
return false;
}
if (preferredUsername == null) {
if (other.preferredUsername != null) {
return false;
}
} else if (!preferredUsername.equals(other.preferredUsername)) {
return false;
}
if (profile == null) {
if (other.profile != null) {
return false;
}
} else if (!profile.equals(other.profile)) {
return false;
}
if (sub == null) {
if (other.sub != null) {
return false;
}
} else if (!sub.equals(other.sub)) {
return false;
}
if (updatedTime == null) {
if (other.updatedTime != null) {
return false;
}
} else if (!updatedTime.equals(other.updatedTime)) {
return false;
}
if (website == null) {
if (other.website != null) {
return false;
}
} else if (!website.equals(other.website)) {
return false;
}
if (zoneinfo == null) {
if (other.zoneinfo != null) {
return false;
}
} else if (!zoneinfo.equals(other.zoneinfo)) {
return false;
}
return true;
}
}

2
openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

10
openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
View File

@ -58,14 +58,14 @@ public class PairwiseIdentifier {
public String getIdentifier() {
return identifier;
}
/**
* @param identifier the identifier to set
*/
public void setIdentifier(String identifier) {
this.identifier = identifier;
}
/**
* @return the userSub
*/
@ -74,14 +74,14 @@ public class PairwiseIdentifier {
public String getUserSub() {
return userSub;
}
/**
* @param userSub the userSub to set
*/
public void setUserSub(String userSub) {
this.userSub = userSub;
}
/**
* @return the sectorIdentifier
*/
@ -90,7 +90,7 @@ public class PairwiseIdentifier {
public String getSectorIdentifier() {
return sectorIdentifier;
}
/**
* @param sectorIdentifier the sectorIdentifier to set
*/

8
openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -180,12 +180,12 @@ public interface UserInfo {
* @param phoneNumber the phoneNumber to set
*/
public abstract void setPhoneNumber(String phoneNumber);
/**
*
*/
public abstract Boolean getPhoneNumberVerified();
/**
*
* @param phoneNumberVerified
@ -224,7 +224,7 @@ public interface UserInfo {
* @param birthdate
*/
public abstract void setBirthdate(String birthdate);
/**
* Serialize this UserInfo object to JSON
*

2
openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

16
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java
View File

@ -18,13 +18,13 @@ public interface PairwiseIdentifierRepository {
* @param sectorIdentifierUri
* @return
*/
public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri);
public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri);
/**
* Save a pairwise identifier to the database.
*
* @param pairwise
*/
public void save(PairwiseIdentifier pairwise);
/**
* Save a pairwise identifier to the database.
*
* @param pairwise
*/
public void save(PairwiseIdentifier pairwise);
}

2
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/WhitelistedSiteRepository.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/openid/connect/service/BlacklistedSiteService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

4
openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -55,5 +55,5 @@ public interface OIDCTokenService {
* @return
*/
public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client);
}

2
openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java
View File

@ -21,6 +21,6 @@ public interface PairwiseIdentiferService {
* @param client
* @return
*/
public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client);
public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client);
}

2
openid-connect-common/src/main/java/org/mitre/openid/connect/service/StatsService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

6
openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -59,11 +59,11 @@ public interface UserInfoService {
* @return
*/
public UserInfo getByUsername(String username);
/**
* Get the UserInfo for the given username (usually maps to the
* preferredUsername field) and clientId. This allows pairwise
* client identifiers where appropriate.
* client identifiers where appropriate.
* @param username
* @param clientId
* @return

2
openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

2
openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");

32
openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -49,15 +49,15 @@ import com.google.gson.JsonSerializer;
*
*/
public class UserInfoInterceptor extends HandlerInterceptorAdapter {
private Gson gson = new GsonBuilder()
.registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
@Override
public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getAuthority());
}
})
.create();
.registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
@Override
public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getAuthority());
}
})
.create();
@Autowired
private UserInfoService userInfoService;
@ -65,20 +65,20 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
if (modelAndView != null && !modelAndView.getModel().containsKey("userInfo")) { // skip checking at all if we have no model and view to hand the user to
// or if there's already a userInfo object in there
if (modelAndView != null && !modelAndView.getModel().containsKey("userInfo")) { // skip checking at all if we have no model and view to hand the user to
// or if there's already a userInfo object in there
// TODO: this is a patch to get around a potential information leak from #492
if (!(modelAndView.getView() instanceof RedirectView)) {
// get our principal from the security context
Principal p = request.getUserPrincipal();
if (p instanceof Authentication && !modelAndView.getModel().containsKey("userAuthorities")){
Authentication auth = (Authentication)p;
modelAndView.addObject("userAuthorities", gson.toJson(auth.getAuthorities()));
}
if (p instanceof OIDCAuthenticationToken) {
// if they're logging into this server from a remote OIDC server, pass through their user info
OIDCAuthenticationToken oidc = (OIDCAuthenticationToken) p;
@ -86,10 +86,10 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
modelAndView.addObject("userInfoJson", oidc.getUserInfo().toJson());
} else {
if (p != null && p.getName() != null) { // don't bother checking if we don't have a principal
// try to look up a user based on the principal's name
UserInfo user = userInfoService.getByUsername(p.getName());
// if we have one, inject it so views can use it
if (user != null) {
modelAndView.addObject("userInfo", user);

14
openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -28,12 +28,12 @@ import javax.persistence.EntityManager;
public class JpaUtil {
public static <T> T getSingleResult(List<T> list) {
switch(list.size()) {
case 0:
return null;
case 1:
return list.get(0);
default:
throw new IllegalStateException("Expected single result, got " + list.size());
case 0:
return null;
case 1:
return list.get(0);
default:
throw new IllegalStateException("Expected single result, got " + list.size());
}
}

6
openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java
View File

@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2013 The MITRE Corporation
* Copyright 2013 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -16,13 +16,13 @@
******************************************************************************/
package org.mitre.discovery.util;
import static org.junit.Assert.assertEquals;
import org.junit.Test;
import org.springframework.web.util.UriComponents;
import com.google.common.collect.ImmutableMap;
import static org.junit.Assert.assertEquals;
/**
* @author wkim
*

Some files were not shown because too many files have changed in this diff Show More