diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java index 8ce59373a..1b6bfc9f5 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,8 @@ ******************************************************************************/ package org.mitre.oauth2.introspectingfilter; +import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC; + import java.io.IOException; import java.net.URI; import java.util.Date; @@ -29,7 +31,6 @@ import org.mitre.oauth2.introspectingfilter.service.IntrospectionAuthorityGrante import org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationService; import org.mitre.oauth2.introspectingfilter.service.impl.SimpleIntrospectionAuthorityGranter; import org.mitre.oauth2.model.RegisteredClient; -import org.mitre.openid.connect.client.service.ClientConfigurationService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpMethod; @@ -53,8 +54,6 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import com.nimbusds.jose.util.Base64; -import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC; - /** * This ResourceServerTokenServices implementation introspects incoming tokens at a * server's introspection endpoint URL and passes an Authentication object along @@ -63,13 +62,13 @@ import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC * */ public class IntrospectingTokenService implements ResourceServerTokenServices { - + private IntrospectionConfigurationService introspectionConfigurationService; private IntrospectionAuthorityGranter introspectionAuthorityGranter = new SimpleIntrospectionAuthorityGranter(); private DefaultHttpClient httpClient = new DefaultHttpClient(); private HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient); - + // Inner class to store in the hash map private class TokenCacheObject { OAuth2AccessToken token; @@ -142,14 +141,14 @@ public class IntrospectingTokenService implements ResourceServerTokenServices { // find out which URL to ask String introspectionUrl; - RegisteredClient client; - try { - introspectionUrl = introspectionConfigurationService.getIntrospectionUrl(accessToken); - client = introspectionConfigurationService.getClientConfiguration(accessToken); - } catch (IllegalArgumentException e) { - logger.error("Unable to load introspection URL or client configuration", e); - return false; - } + RegisteredClient client; + try { + introspectionUrl = introspectionConfigurationService.getIntrospectionUrl(accessToken); + client = introspectionConfigurationService.getClientConfiguration(accessToken); + } catch (IllegalArgumentException e) { + logger.error("Unable to load introspection URL or client configuration", e); + return false; + } // Use the SpringFramework RestTemplate to send the request to the // endpoint String validatedToken = null; @@ -159,7 +158,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices { final String clientId = client.getClientId(); final String clientSecret = client.getClientSecret(); - + if (SECRET_BASIC.equals(client.getTokenEndpointAuthMethod())){ // use BASIC auth if configured to do so restTemplate = new RestTemplate(factory) { @@ -178,7 +177,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices { form.add("client_id", clientId); form.add("client_secret", clientSecret); } - + form.add("token", accessToken); try { diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java index 108f43a65..3ca18af37 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +32,6 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken; import com.google.common.base.Splitter; import com.google.common.collect.Sets; -import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -54,7 +53,7 @@ public class OAuth2AccessTokenImpl implements OAuth2AccessToken { DateFormat dateFormater = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"); if (token.get("exp") != null) { try { - expireDate = dateFormater.parse(token.get("exp").getAsString()); + expireDate = dateFormater.parse(token.get("exp").getAsString()); } catch (ParseException ex) { Logger.getLogger(IntrospectingTokenService.class.getName()).log(Level.SEVERE, null, ex); } diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java index 0320b1f52..559cd1191 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java index 0cc8ee8ef..d86b47959 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,7 +34,7 @@ public interface IntrospectionConfigurationService { */ public String getIntrospectionUrl(String accessToken); - + /** * Get the client configuration to use to connect to the * introspection endpoint. In particular, this cares about @@ -42,5 +42,5 @@ public interface IntrospectionConfigurationService { * fields. */ public RegisteredClient getClientConfiguration(String accessToken); - + } diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java index c62748c00..bb03619e1 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -62,17 +62,17 @@ public class JWTParsingIntrospectionConfigurationService implements Introspectio private String getIssuer(String accessToken) { try { - JWT jwt = JWTParser.parse(accessToken); + JWT jwt = JWTParser.parse(accessToken); - String issuer = jwt.getJWTClaimsSet().getIssuer(); + String issuer = jwt.getJWTClaimsSet().getIssuer(); - return issuer; + return issuer; - } catch (ParseException e) { - throw new IllegalArgumentException("Unable to parse JWT", e); - } + } catch (ParseException e) { + throw new IllegalArgumentException("Unable to parse JWT", e); + } } - + /* (non-Javadoc) * @see org.mitre.oauth2.introspectingfilter.IntrospectionConfigurationService#getIntrospectionUrl(java.lang.String) */ @@ -98,28 +98,28 @@ public class JWTParsingIntrospectionConfigurationService implements Introspectio /* (non-Javadoc) * @see org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationService#getClientConfiguration(java.lang.String) */ - @Override - public RegisteredClient getClientConfiguration(String accessToken) { - - String issuer = getIssuer(accessToken); - if (!Strings.isNullOrEmpty(issuer)) { - ServerConfiguration server = serverConfigurationService.getServerConfiguration(issuer); - if (server != null) { - RegisteredClient client = clientConfigurationService.getClientConfiguration(server); - if (client != null) { - return client; - } else { - throw new IllegalArgumentException("Could not find client configuration for issuer " + issuer); - } - } else { - throw new IllegalArgumentException("Could not find server configuration for issuer " + issuer); - } - } else { - throw new IllegalArgumentException("No issuer claim found in JWT"); - } - - } + @Override + public RegisteredClient getClientConfiguration(String accessToken) { + + String issuer = getIssuer(accessToken); + if (!Strings.isNullOrEmpty(issuer)) { + ServerConfiguration server = serverConfigurationService.getServerConfiguration(issuer); + if (server != null) { + RegisteredClient client = clientConfigurationService.getClientConfiguration(server); + if (client != null) { + return client; + } else { + throw new IllegalArgumentException("Could not find client configuration for issuer " + issuer); + } + } else { + throw new IllegalArgumentException("Could not find server configuration for issuer " + issuer); + } + } else { + throw new IllegalArgumentException("No issuer claim found in JWT"); + } + + } + - } diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java index 9154bf19b..3a541285e 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java index fb2acd475..1efb80354 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,7 @@ import org.mitre.oauth2.model.RegisteredClient; /** * - * Always provides the (configured) IntrospectionURL and RegisteredClient regardless + * Always provides the (configured) IntrospectionURL and RegisteredClient regardless * of token. Useful for talking to a single, trusted authorization server. * * @author jricher @@ -74,9 +74,9 @@ public class StaticIntrospectionConfigurationService implements IntrospectionCon /* (non-Javadoc) * @see org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationService#getClientConfiguration(java.lang.String) */ - @Override - public RegisteredClient getClientConfiguration(String accessToken) { - return getClientConfiguration(); - } + @Override + public RegisteredClient getClientConfiguration(String accessToken) { + return getClientConfiguration(); + } } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java index 33b961fef..d43bcfcad 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java index 4e73cad39..11f628209 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,8 @@ ******************************************************************************/ package org.mitre.openid.connect.client; +import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC; + import java.io.IOException; import java.math.BigInteger; import java.net.URI; @@ -63,8 +65,6 @@ import com.nimbusds.jose.util.Base64; import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; import com.nimbusds.jwt.SignedJWT; -import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.*; - /** * OpenID Connect Authentication Filter class * @@ -93,7 +93,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi private IssuerService issuerService; private AuthRequestOptionsService authOptions = new StaticAuthRequestOptionsService(); // initialize with an empty set of options private AuthRequestUrlBuilder authRequestBuilder; - + protected int httpSocketTimeout = HTTP_SOCKET_TIMEOUT; /** @@ -206,7 +206,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi String state = createState(session); Map options = authOptions.getOptions(serverConfig, clientConfig, request); - + String authRequest = authRequestBuilder.buildAuthRequestUrl(serverConfig, clientConfig, redirectUri, nonce, state, options); logger.debug("Auth Request: " + authRequest); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java index 624348255..9e8f9f870 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java index d3d3fae5e..fb5c2dc40 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java index b54a1315f..94b1013f2 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,30 +34,30 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; /** - * Utility class to fetch userinfo from the userinfo endpoint, if available. + * Utility class to fetch userinfo from the userinfo endpoint, if available. * @author jricher * */ public class UserInfoFetcher { private Logger logger = LoggerFactory.getLogger(UserInfoFetcher.class); - + public UserInfo loadUserInfo(OIDCAuthenticationToken token) { ServerConfiguration serverConfiguration = token.getServerConfiguration(); - + if (serverConfiguration == null) { logger.warn("No server configuration found."); return null; } - + if (Strings.isNullOrEmpty(serverConfiguration.getUserInfoUri())) { logger.warn("No userinfo endpoint, not fetching."); return null; } // if we got this far, try to actually get the userinfo - + HttpClient httpClient = new DefaultHttpClient(); HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient); @@ -69,11 +69,11 @@ public class UserInfoFetcher { try { String userInfoString = restTemplate.postForObject(serverConfiguration.getUserInfoUri(), form, String.class); - + JsonObject userInfoJson = new JsonParser().parse(userInfoString).getAsJsonObject(); - + UserInfo userInfo = DefaultUserInfo.fromJson(userInfoJson); - + return userInfo; } catch (Exception e) { logger.warn("Error fetching userinfo", e); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java index f4d6d3b9d..745c10018 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java index 2e07b3225..5b0ddcee8 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java index 005bdcfc8..22f333a48 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java index ef8347f7f..47decf603 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java index 9d441a0e5..de651f63a 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java @@ -12,7 +12,7 @@ import org.mitre.openid.connect.config.ServerConfiguration; /** * - * This service provides any extra options that need to be passed to the authentication request. + * This service provides any extra options that need to be passed to the authentication request. * These options may depend on the server configuration, client configuration, or HTTP request. * * @author jricher @@ -21,5 +21,5 @@ import org.mitre.openid.connect.config.ServerConfiguration; public interface AuthRequestOptionsService { public Map getOptions(ServerConfiguration server, RegisteredClient client, HttpServletRequest request); - + } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java index 5c2cea338..a1b22892c 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java index bbb9df386..e8de0fbc0 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java index 865fab9f7..d55c26614 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java index deccc3fe2..c91df5509 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java index e7af3dee4..fe77a0bd6 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java index 748f62de3..a0717bdb1 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -165,7 +165,7 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf private HttpClient httpClient = new DefaultHttpClient(); private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient); private Gson gson = new Gson(); // note that this doesn't serialize nulls by default - + @Override public RegisteredClient load(ServerConfiguration serverConfig) throws Exception { RestTemplate restTemplate = new RestTemplate(httpFactory); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java index 0e8b7711f..47156495d 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,6 +19,13 @@ */ package org.mitre.openid.connect.client.service.impl; +import static org.mitre.discovery.util.JsonUtils.getAsBoolean; +import static org.mitre.discovery.util.JsonUtils.getAsEncryptionMethodList; +import static org.mitre.discovery.util.JsonUtils.getAsJweAlgorithmList; +import static org.mitre.discovery.util.JsonUtils.getAsJwsAlgorithmList; +import static org.mitre.discovery.util.JsonUtils.getAsString; +import static org.mitre.discovery.util.JsonUtils.getAsStringList; + import java.util.HashSet; import java.util.Set; import java.util.concurrent.ExecutionException; @@ -40,8 +47,6 @@ import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import static org.mitre.discovery.util.JsonUtils.*; - /** * * Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations. @@ -150,7 +155,7 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer conf.setIssuer(o.get("issuer").getAsString()); - + conf.setAuthorizationEndpointUri(getAsString(o, "authorization_endpoint")); conf.setTokenEndpointUri(getAsString(o, "token_endpoint")); conf.setJwksUri(getAsString(o, "jwks_uri")); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java index 805345b6b..1d96fc877 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java @@ -27,13 +27,13 @@ import com.nimbusds.jwt.JWTClaimsSet; * */ public class EncryptedAuthRequestUrlBuilder implements AuthRequestUrlBuilder { - + private JWKSetCacheService encrypterService; - + private JWEAlgorithm alg; private EncryptionMethod enc; - - + + /* (non-Javadoc) * @see org.mitre.openid.connect.client.service.AuthRequestUrlBuilder#buildAuthRequestUrl(org.mitre.openid.connect.config.ServerConfiguration, org.mitre.oauth2.model.RegisteredClient, java.lang.String, java.lang.String, java.lang.String, java.util.Map) */ @@ -56,18 +56,18 @@ public class EncryptedAuthRequestUrlBuilder implements AuthRequestUrlBuilder { // this comes back in the auth request return claims.setClaim("state", state); - + // Optional parameters for (Entry option : options.entrySet()) { claims.setClaim(option.getKey(), option.getValue()); } EncryptedJWT jwt = new EncryptedJWT(new JWEHeader(alg, enc), claims); - + JwtEncryptionAndDecryptionService encryptor = encrypterService.getEncrypter(serverConfig.getJwksUri()); - + encryptor.encryptJwt(jwt); - + try { URIBuilder uriBuilder = new URIBuilder(serverConfig.getAuthorizationEndpointUri()); uriBuilder.addParameter("request", jwt.serialize()); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java index c5f01f60b..4088264a2 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java index f050f4130..f7848bc82 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java @@ -13,7 +13,7 @@ import com.google.common.collect.Sets; * * Issuer service that tries to parse input from the inputs from a third-party * account chooser service (if possible), but falls back to webfinger discovery - * if not. + * if not. * * @author jricher * @@ -22,10 +22,10 @@ public class HybridIssuerService implements IssuerService { private ThirdPartyIssuerService thirdPartyIssuerService = new ThirdPartyIssuerService(); private WebfingerIssuerService webfingerIssuerService = new WebfingerIssuerService(); - + @Override public IssuerServiceResponse getIssuer(HttpServletRequest request) { - + IssuerServiceResponse resp = thirdPartyIssuerService.getIssuer(request); if (resp.shouldRedirect()) { // if it wants us to redirect, try the webfinger approach first @@ -33,9 +33,9 @@ public class HybridIssuerService implements IssuerService { } else { return resp; } - + } - + public Set getWhitelist() { return Sets.union(thirdPartyIssuerService.getWhitelist(), webfingerIssuerService.getWhitelist()); } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java index 61aee5889..a666618c8 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java index e5cbf95b3..1fdfb22db 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java index 1e7111592..d9e1453b7 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java index 8dbde0311..44012d0dd 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -60,8 +60,8 @@ public class PlainAuthRequestUrlBuilder implements AuthRequestUrlBuilder { // Optional parameters: for (Entry option : options.entrySet()) { - uriBuilder.addParameter(option.getKey(), option.getValue()); - } + uriBuilder.addParameter(option.getKey(), option.getValue()); + } return uriBuilder.build().toString(); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java index 79413a69f..fdcfdf468 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -65,13 +65,13 @@ public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder { // this comes back in the auth request return claims.setClaim("state", state); - + // Optional parameters for (Entry option : options.entrySet()) { - claims.setClaim(option.getKey(), option.getValue()); - } + claims.setClaim(option.getKey(), option.getValue()); + } + - SignedJWT jwt = new SignedJWT(new JWSHeader(signingAndValidationService.getDefaultSigningAlgorithm()), claims); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java index 4952d32f2..05da21d4a 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java @@ -22,7 +22,7 @@ import org.mitre.openid.connect.config.ServerConfiguration; public class StaticAuthRequestOptionsService implements AuthRequestOptionsService { private Map options = new HashMap(); - + /* (non-Javadoc) * @see org.mitre.openid.connect.client.service.AuthRequestOptionsService#getOptions(org.mitre.openid.connect.config.ServerConfiguration, org.mitre.oauth2.model.RegisteredClient, javax.servlet.http.HttpServletRequest) */ @@ -45,6 +45,6 @@ public class StaticAuthRequestOptionsService implements AuthRequestOptionsServic this.options = options; } - - + + } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java index 4baf6b729..4ec889982 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java index d06a2fd2b..f73935aad 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java index 89bb2880a..7676c3b78 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java index 768f6990f..104e949a4 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java index c500af7df..22630cb0a 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java index ef63f468d..1554c2a15 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,11 @@ ******************************************************************************/ package org.mitre.openid.connect.client.service.impl; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -27,11 +32,6 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java index 105f52150..660296847 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,6 +17,11 @@ package org.mitre.openid.connect.client.service.impl; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -27,11 +32,6 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java index f00bff00c..e6d0f302a 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,7 +16,9 @@ ******************************************************************************/ package org.mitre.openid.connect.client.service.impl; -import java.util.Collections; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.junit.Assert.assertThat; + import java.util.Map; import org.junit.Before; @@ -29,9 +31,6 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio import com.google.common.collect.ImmutableMap; import com.google.common.collect.Sets; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.junit.Assert.assertThat; - /** * @author wkim * @@ -66,7 +65,7 @@ public class TestPlainAuthRequestUrlBuilder { "&nonce=34fasf3ds" + "&state=af0ifjsldkj" + "&foo=bar"; - + Map options = ImmutableMap.of("foo", "bar"); String actualUrl = urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, "https://client.example.org/", "34fasf3ds", "af0ifjsldkj", options); diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java index e952dae2b..ed7661ae9 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,10 @@ ******************************************************************************/ package org.mitre.openid.connect.client.service.impl; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + import java.net.URI; import java.net.URISyntaxException; import java.security.NoSuchAlgorithmException; @@ -46,10 +50,6 @@ import com.nimbusds.jose.util.Base64URL; import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; import com.nimbusds.jwt.SignedJWT; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - /** * @author wkim * @@ -148,8 +148,8 @@ public class TestSignedAuthRequestUrlBuilder { assertEquals(nonce, claims.getClaim("nonce")); assertEquals(state, claims.getClaim("state")); for (String claim : options.keySet()) { - assertEquals(options.get(claim), claims.getClaim(claim)); - } + assertEquals(options.get(claim), claims.getClaim(claim)); + } } @Test(expected = AuthenticationServiceException.class) diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java index 97baad341..b6f944de4 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,12 @@ ******************************************************************************/ package org.mitre.openid.connect.client.service.impl; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + import java.util.HashMap; import java.util.Map; @@ -28,12 +34,6 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java index 327a9b816..d8025575c 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,12 @@ ******************************************************************************/ package org.mitre.openid.connect.client.service.impl; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + import java.util.HashMap; import java.util.Map; @@ -26,12 +32,6 @@ import org.mitre.openid.connect.config.ServerConfiguration; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java index d908a84c5..ab9939af4 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,10 @@ ******************************************************************************/ package org.mitre.openid.connect.client.service.impl; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + import javax.servlet.http.HttpServletRequest; import org.junit.Before; @@ -26,10 +30,6 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio import com.google.common.collect.Sets; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; - /** * @author wkim * diff --git a/openid-connect-common/src/main/java/org/mitre/discovery/util/JsonUtils.java b/openid-connect-common/src/main/java/org/mitre/discovery/util/JsonUtils.java index a1ccb8535..562a2ef35 100644 --- a/openid-connect-common/src/main/java/org/mitre/discovery/util/JsonUtils.java +++ b/openid-connect-common/src/main/java/org/mitre/discovery/util/JsonUtils.java @@ -26,7 +26,7 @@ import com.nimbusds.jose.JWSAlgorithm; public class JsonUtils { private static Gson gson = new Gson(); - + /** * Translate a set of strings to a JSON array * @param value @@ -119,7 +119,7 @@ public class JsonUtils { return null; } } - + /** * Gets the value of the given given member as a set of strings, null if it doesn't exist */ @@ -130,7 +130,7 @@ public class JsonUtils { return null; } } - + /** * Gets the value of the given given member as a set of strings, null if it doesn't exist */ @@ -141,7 +141,7 @@ public class JsonUtils { return null; } } - + /** * Gets the value of the given member as a list of JWS Algorithms, null if it doesn't exist */ @@ -150,14 +150,14 @@ public class JsonUtils { if (strings != null) { List algs = new ArrayList(); for (String alg : strings) { - algs.add(JWSAlgorithm.parse(alg)); - } + algs.add(JWSAlgorithm.parse(alg)); + } return algs; } else { return null; } } - + /** * Gets the value of the given member as a list of JWS Algorithms, null if it doesn't exist */ @@ -166,14 +166,14 @@ public class JsonUtils { if (strings != null) { List algs = new ArrayList(); for (String alg : strings) { - algs.add(JWEAlgorithm.parse(alg)); - } + algs.add(JWEAlgorithm.parse(alg)); + } return algs; } else { return null; } } - + /** * Gets the value of the given member as a list of JWS Algorithms, null if it doesn't exist */ @@ -182,12 +182,12 @@ public class JsonUtils { if (strings != null) { List algs = new ArrayList(); for (String alg : strings) { - algs.add(EncryptionMethod.parse(alg)); - } + algs.add(EncryptionMethod.parse(alg)); + } return algs; } else { return null; } } - + } diff --git a/openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java b/openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java index 194e91e08..a0b2eab20 100644 --- a/openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java +++ b/openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java index 696f451f0..0741bf8cd 100644 --- a/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java +++ b/openid-connect-common/src/main/java/org/mitre/jose/JWEAlgorithmEmbed.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java index 83a29cef9..8948bc524 100644 --- a/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java +++ b/openid-connect-common/src/main/java/org/mitre/jose/JWEEncryptionMethodEmbed.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java b/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java index 2057d2993..13da6f4ec 100644 --- a/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java +++ b/openid-connect-common/src/main/java/org/mitre/jose/JWSAlgorithmEmbed.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java b/openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java index e777a5986..d7bfdc335 100644 --- a/openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java +++ b/openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -58,15 +58,15 @@ public class JWKSetKeyStore { if (location.exists() && location.isReadable()) { try { - // read in the file from disk - String s = CharStreams.toString(new InputStreamReader(location.getInputStream(), Charsets.UTF_8)); + // read in the file from disk + String s = CharStreams.toString(new InputStreamReader(location.getInputStream(), Charsets.UTF_8)); - // parse it into a jwkSet object - jwkSet = JWKSet.parse(s); - } catch (IOException e) { - throw new IllegalArgumentException("Key Set resource could not be read: " + location); - } catch (ParseException e) { - throw new IllegalArgumentException("Key Set resource could not be parsed: " + location); } + // parse it into a jwkSet object + jwkSet = JWKSet.parse(s); + } catch (IOException e) { + throw new IllegalArgumentException("Key Set resource could not be read: " + location); + } catch (ParseException e) { + throw new IllegalArgumentException("Key Set resource could not be parsed: " + location); } } else { throw new IllegalArgumentException("Key Set resource could not be read: " + location); diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java index 106c61ae8..336e21a36 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JwtEncryptionAndDecryptionService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -31,38 +31,38 @@ import com.nimbusds.jose.jwk.JWK; public interface JwtEncryptionAndDecryptionService { /** - * Encrypts the JWT in place with the default encrypter. - * If an arbitrary payload is used, then pass in a JWEObject. + * Encrypts the JWT in place with the default encrypter. + * If an arbitrary payload is used, then pass in a JWEObject. * Otherwise, if JWT claims are the payload, then use the JWEObject subclass EncryptedJWT instead. * @param jwt */ public void encryptJwt(JWEObject jwt); - + /** - * Decrypts the JWT in place with the default decrypter. - * If an arbitrary payload is used, then pass in a JWEObject. + * Decrypts the JWT in place with the default decrypter. + * If an arbitrary payload is used, then pass in a JWEObject. * Otherwise, if JWT claims are the payload, then use the JWEObject subclass EncryptedJWT instead. * @param jwt */ public void decryptJwt(JWEObject jwt); - + /** * Get all public keys for this service, mapped by their Key ID */ public Map getAllPublicKeys(); - + /** * Get the list of all encryption algorithms supported by this service. * @return */ public Collection getAllEncryptionAlgsSupported(); - + /** * Get the list of all encryption methods supported by this service. * @return */ public Collection getAllEncryptionEncsSupported(); - + /** * TODO add functionality for encrypting and decrypting using a specified key id. * Example: public void encryptJwt(EncryptedJWT jwt, String kid); diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java index 18cb468b7..fff692bdf 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJwtEncryptionAndDecryptionService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -61,7 +61,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn private Map decrypters = new HashMap(); private String defaultEncryptionKeyId; - + private String defaultDecryptionKeyId; private JWEAlgorithm defaultAlgorithm; @@ -70,7 +70,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn private Map keys = new HashMap(); /** - * Build this service based on the keys given. All public keys will be used to make encrypters, + * Build this service based on the keys given. All public keys will be used to make encrypters, * all private keys will be used to make decrypters. * * @param keys @@ -82,7 +82,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn this.keys = keys; buildEncryptersAndDecrypters(); } - + /** * Build this service based on the given keystore. All keys must have a key * id ({@code kid}) field in order to be used. @@ -93,7 +93,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn * @throws JOSEException */ public DefaultJwtEncryptionAndDecryptionService(JWKSetKeyStore keyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException { - + // convert all keys in the keystore to a map based on key id for (JWK key : keyStore.getKeys()) { if (!Strings.isNullOrEmpty(key.getKeyID())) { @@ -102,11 +102,11 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn throw new IllegalArgumentException("Tried to load a key from a keystore without a 'kid' field: " + key); } } - + buildEncryptersAndDecrypters(); - + } - + @PostConstruct public void afterPropertiesSet() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException{ @@ -169,7 +169,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn try { jwt.encrypt(encrypter); } catch (JOSEException e) { - + logger.error("Failed to encrypt JWT, error was: ", e); } @@ -189,7 +189,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn try { jwt.decrypt(decrypter); } catch (JOSEException e) { - + logger.error("Failed to decrypt JWT, error was: ", e); } @@ -197,10 +197,10 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn /** * Builds all the encrypters and decrypters for this service based on the key map. - * @throws - * @throws InvalidKeySpecException - * @throws NoSuchAlgorithmException - * @throws JOSEException + * @throws + * @throws InvalidKeySpecException + * @throws NoSuchAlgorithmException + * @throws JOSEException */ private void buildEncryptersAndDecrypters() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException { @@ -229,7 +229,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn DirectEncrypter encrypter = new DirectEncrypter(((OctetSequenceKey) jwk).toByteArray()); DirectDecrypter decrypter = new DirectDecrypter(((OctetSequenceKey) jwk).toByteArray()); - + encrypters.put(id, encrypter); decrypters.put(id, decrypter); @@ -274,20 +274,20 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn /* (non-Javadoc) * @see org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService#getAllEncryptionEncsSupported() */ - @Override - public Collection getAllEncryptionEncsSupported() { - Set encs = new HashSet(); - - for (JWEEncrypter encrypter : encrypters.values()) { - encs.addAll(encrypter.supportedEncryptionMethods()); - } - - for (JWEDecrypter decrypter : decrypters.values()) { - encs.addAll(decrypter.supportedEncryptionMethods()); - } - - return encs; - } + @Override + public Collection getAllEncryptionEncsSupported() { + Set encs = new HashSet(); + + for (JWEEncrypter encrypter : encrypters.values()) { + encs.addAll(encrypter.supportedEncryptionMethods()); + } + + for (JWEDecrypter decrypter : decrypters.values()) { + encs.addAll(decrypter.supportedEncryptionMethods()); + } + + return encs; + } + - } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java index 04f8b69d1..e4ae66ff6 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java index 639e8e2b6..c058e0b99 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -60,7 +60,7 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid // map of identifier to key private Map keys = new HashMap(); - + /** * Build this service based on the keys given. All public keys will be used * to make verifiers, all private keys will be used to make signers. @@ -215,29 +215,29 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid public void signJwt(SignedJWT jwt, JWSAlgorithm alg) { JWSSigner signer = null; - + for (JWSSigner s : signers.values()) { if (s.supportedAlgorithms().contains(alg)) { signer = s; break; } } - + if (signer == null) { //If we can't find an algorithm that matches, we can't sign logger.error("No matching algirthm found for alg=" + alg); - + } - + try { jwt.sign(signer); } catch (JOSEException e) { logger.error("Failed to sign JWT, error was: ", e); } - + } - + @Override public boolean validateSignature(SignedJWT jwt) { diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java index 83cb1c5f4..636716cd3 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -54,7 +54,7 @@ public class JWKSetCacheService { // map of jwk set uri -> signing/validation service built on the keys found in that jwk set private LoadingCache validators; - + // map of jwk set uri -> encryption/decryption service built on the keys found in that jwk set private LoadingCache encrypters; @@ -92,7 +92,7 @@ public class JWKSetCacheService { return null; } } - + /** * @author jricher * @@ -122,27 +122,27 @@ public class JWKSetCacheService { } /** - * @author jricher - * - */ - private class JWKSetEncryptorFetcher extends CacheLoader { + * @author jricher + * + */ + private class JWKSetEncryptorFetcher extends CacheLoader { private HttpClient httpClient = new DefaultHttpClient(); private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient); private RestTemplate restTemplate = new RestTemplate(httpFactory); /* (non-Javadoc) * @see com.google.common.cache.CacheLoader#load(java.lang.Object) */ - @Override - public JwtEncryptionAndDecryptionService load(String key) throws Exception { + @Override + public JwtEncryptionAndDecryptionService load(String key) throws Exception { String jsonString = restTemplate.getForObject(key, String.class); JWKSet jwkSet = JWKSet.parse(jsonString); JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet); JwtEncryptionAndDecryptionService service = new DefaultJwtEncryptionAndDecryptionService(keyStore); - + return service; - } - } + } + } } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java index 1f55b5acb..2b80a3c39 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java index 75984d6f9..3957110a2 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index caf0a57eb..7aeef22ec 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -74,7 +74,7 @@ public class ClientDetailsEntity implements ClientDetails { /** * */ - private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600; + private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600; private static final long serialVersionUID = -1617727085733786296L; @@ -110,7 +110,7 @@ public class ClientDetailsEntity implements ClientDetails { private JWSAlgorithmEmbed idTokenSignedResponseAlg = null; // id_token_signed_response_alg private JWEAlgorithmEmbed idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg private JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc - + private JWSAlgorithmEmbed tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg private Integer defaultMaxAge; // default_max_age @@ -233,8 +233,8 @@ public class ClientDetailsEntity implements ClientDetails { if (getIdTokenValiditySeconds() == null) { setIdTokenValiditySeconds(DEFAULT_ID_TOKEN_VALIDITY_SECONDS); } - } - + } + /** * @return the id */ @@ -781,11 +781,11 @@ public class ClientDetailsEntity implements ClientDetails { public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() { return tokenEndpointAuthSigningAlg; } - + public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) { this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlgEmbed; } - + // // Transient passthrough methods for JOSE elements // @@ -880,7 +880,7 @@ public class ClientDetailsEntity implements ClientDetails { public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) { this.idTokenEncryptedResponseEnc = new JWEEncryptionMethodEmbed(idTokenEncryptedResponseEnc); } - + @Transient public JWSAlgorithm getTokenEndpointAuthSigningAlg() { if (tokenEndpointAuthSigningAlg != null) { @@ -889,11 +889,11 @@ public class ClientDetailsEntity implements ClientDetails { return null; } } - + public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) { this.tokenEndpointAuthSigningAlg = new JWSAlgorithmEmbed(tokenEndpointAuthSigningAlg); } - + // END Transient JOSE methods @Basic diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index 1c3f37e52..d99b12a45 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java index 301b6c2f6..f05c1d7ab 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java index 59b1bc8df..8a6da50b7 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -579,257 +579,257 @@ public class RegisteredClient { * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlgEmbed() */ - public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() { - return client.getRequestObjectSigningAlgEmbed(); - } + public JWSAlgorithmEmbed getRequestObjectSigningAlgEmbed() { + return client.getRequestObjectSigningAlgEmbed(); + } /** * @param requestObjectSigningAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed) */ - public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) { - client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg); - } + public void setRequestObjectSigningAlgEmbed(JWSAlgorithmEmbed requestObjectSigningAlg) { + client.setRequestObjectSigningAlgEmbed(requestObjectSigningAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlgEmbed() */ - public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() { - return client.getUserInfoSignedResponseAlgEmbed(); - } + public JWSAlgorithmEmbed getUserInfoSignedResponseAlgEmbed() { + return client.getUserInfoSignedResponseAlgEmbed(); + } /** * @param userInfoSignedResponseAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed) */ - public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) { - client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg); - } + public void setUserInfoSignedResponseAlgEmbed(JWSAlgorithmEmbed userInfoSignedResponseAlg) { + client.setUserInfoSignedResponseAlgEmbed(userInfoSignedResponseAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlgEmbed() */ - public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() { - return client.getUserInfoEncryptedResponseAlgEmbed(); - } + public JWEAlgorithmEmbed getUserInfoEncryptedResponseAlgEmbed() { + return client.getUserInfoEncryptedResponseAlgEmbed(); + } /** * @param userInfoEncryptedResponseAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed) */ - public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) { - client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg); - } + public void setUserInfoEncryptedResponseAlgEmbed(JWEAlgorithmEmbed userInfoEncryptedResponseAlg) { + client.setUserInfoEncryptedResponseAlgEmbed(userInfoEncryptedResponseAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEncEmbed() */ - public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() { - return client.getUserInfoEncryptedResponseEncEmbed(); - } + public JWEEncryptionMethodEmbed getUserInfoEncryptedResponseEncEmbed() { + return client.getUserInfoEncryptedResponseEncEmbed(); + } /** * @param userInfoEncryptedResponseEnc * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed) */ - public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) { - client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc); - } + public void setUserInfoEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed userInfoEncryptedResponseEnc) { + client.setUserInfoEncryptedResponseEncEmbed(userInfoEncryptedResponseEnc); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlgEmbed() */ - public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() { - return client.getIdTokenSignedResponseAlgEmbed(); - } + public JWSAlgorithmEmbed getIdTokenSignedResponseAlgEmbed() { + return client.getIdTokenSignedResponseAlgEmbed(); + } /** * @param idTokenSignedResponseAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed) */ - public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) { - client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg); - } + public void setIdTokenSignedResponseAlgEmbed(JWSAlgorithmEmbed idTokenSignedResponseAlg) { + client.setIdTokenSignedResponseAlgEmbed(idTokenSignedResponseAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlgEmbed() */ - public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() { - return client.getIdTokenEncryptedResponseAlgEmbed(); - } + public JWEAlgorithmEmbed getIdTokenEncryptedResponseAlgEmbed() { + return client.getIdTokenEncryptedResponseAlgEmbed(); + } /** * @param idTokenEncryptedResponseAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlgEmbed(org.mitre.jose.JWEAlgorithmEmbed) */ - public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) { - client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg); - } + public void setIdTokenEncryptedResponseAlgEmbed(JWEAlgorithmEmbed idTokenEncryptedResponseAlg) { + client.setIdTokenEncryptedResponseAlgEmbed(idTokenEncryptedResponseAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEncEmbed() */ - public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() { - return client.getIdTokenEncryptedResponseEncEmbed(); - } + public JWEEncryptionMethodEmbed getIdTokenEncryptedResponseEncEmbed() { + return client.getIdTokenEncryptedResponseEncEmbed(); + } /** * @param idTokenEncryptedResponseEnc * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEncEmbed(org.mitre.jose.JWEEncryptionMethodEmbed) */ - public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) { - client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc); - } + public void setIdTokenEncryptedResponseEncEmbed(JWEEncryptionMethodEmbed idTokenEncryptedResponseEnc) { + client.setIdTokenEncryptedResponseEncEmbed(idTokenEncryptedResponseEnc); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg() */ - public JWSAlgorithm getRequestObjectSigningAlg() { - return client.getRequestObjectSigningAlg(); - } + public JWSAlgorithm getRequestObjectSigningAlg() { + return client.getRequestObjectSigningAlg(); + } /** * @param requestObjectSigningAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setRequestObjectSigningAlg(com.nimbusds.jose.JWSAlgorithm) */ - public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) { - client.setRequestObjectSigningAlg(requestObjectSigningAlg); - } + public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) { + client.setRequestObjectSigningAlg(requestObjectSigningAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoSignedResponseAlg() */ - public JWSAlgorithm getUserInfoSignedResponseAlg() { - return client.getUserInfoSignedResponseAlg(); - } + public JWSAlgorithm getUserInfoSignedResponseAlg() { + return client.getUserInfoSignedResponseAlg(); + } /** * @param userInfoSignedResponseAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm) */ - public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) { - client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg); - } + public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) { + client.setUserInfoSignedResponseAlg(userInfoSignedResponseAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseAlg() */ - public JWEAlgorithm getUserInfoEncryptedResponseAlg() { - return client.getUserInfoEncryptedResponseAlg(); - } + public JWEAlgorithm getUserInfoEncryptedResponseAlg() { + return client.getUserInfoEncryptedResponseAlg(); + } /** * @param userInfoEncryptedResponseAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm) */ - public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) { - client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg); - } + public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) { + client.setUserInfoEncryptedResponseAlg(userInfoEncryptedResponseAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getUserInfoEncryptedResponseEnc() */ - public EncryptionMethod getUserInfoEncryptedResponseEnc() { - return client.getUserInfoEncryptedResponseEnc(); - } + public EncryptionMethod getUserInfoEncryptedResponseEnc() { + return client.getUserInfoEncryptedResponseEnc(); + } /** * @param userInfoEncryptedResponseEnc * @see org.mitre.oauth2.model.ClientDetailsEntity#setUserInfoEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod) */ - public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) { - client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc); - } + public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) { + client.setUserInfoEncryptedResponseEnc(userInfoEncryptedResponseEnc); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenSignedResponseAlg() */ - public JWSAlgorithm getIdTokenSignedResponseAlg() { - return client.getIdTokenSignedResponseAlg(); - } + public JWSAlgorithm getIdTokenSignedResponseAlg() { + return client.getIdTokenSignedResponseAlg(); + } /** * @param idTokenSignedResponseAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenSignedResponseAlg(com.nimbusds.jose.JWSAlgorithm) */ - public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) { - client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg); - } + public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) { + client.setIdTokenSignedResponseAlg(idTokenSignedResponseAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseAlg() */ - public JWEAlgorithm getIdTokenEncryptedResponseAlg() { - return client.getIdTokenEncryptedResponseAlg(); - } + public JWEAlgorithm getIdTokenEncryptedResponseAlg() { + return client.getIdTokenEncryptedResponseAlg(); + } /** * @param idTokenEncryptedResponseAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseAlg(com.nimbusds.jose.JWEAlgorithm) */ - public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) { - client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg); - } + public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) { + client.setIdTokenEncryptedResponseAlg(idTokenEncryptedResponseAlg); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getIdTokenEncryptedResponseEnc() */ - public EncryptionMethod getIdTokenEncryptedResponseEnc() { - return client.getIdTokenEncryptedResponseEnc(); - } + public EncryptionMethod getIdTokenEncryptedResponseEnc() { + return client.getIdTokenEncryptedResponseEnc(); + } /** * @param idTokenEncryptedResponseEnc * @see org.mitre.oauth2.model.ClientDetailsEntity#setIdTokenEncryptedResponseEnc(com.nimbusds.jose.EncryptionMethod) */ - public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) { - client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc); - } + public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) { + client.setIdTokenEncryptedResponseEnc(idTokenEncryptedResponseEnc); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlgEmbed() */ - public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() { - return client.getTokenEndpointAuthSigningAlgEmbed(); - } + public JWSAlgorithmEmbed getTokenEndpointAuthSigningAlgEmbed() { + return client.getTokenEndpointAuthSigningAlgEmbed(); + } /** * @param tokenEndpointAuthSigningAlgEmbed * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlgEmbed(org.mitre.jose.JWSAlgorithmEmbed) */ - public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) { - client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed); - } + public void setTokenEndpointAuthSigningAlgEmbed(JWSAlgorithmEmbed tokenEndpointAuthSigningAlgEmbed) { + client.setTokenEndpointAuthSigningAlgEmbed(tokenEndpointAuthSigningAlgEmbed); + } /** * @return * @see org.mitre.oauth2.model.ClientDetailsEntity#getTokenEndpointAuthSigningAlg() */ - public JWSAlgorithm getTokenEndpointAuthSigningAlg() { - return client.getTokenEndpointAuthSigningAlg(); - } + public JWSAlgorithm getTokenEndpointAuthSigningAlg() { + return client.getTokenEndpointAuthSigningAlg(); + } /** * @param tokenEndpointAuthSigningAlg * @see org.mitre.oauth2.model.ClientDetailsEntity#setTokenEndpointAuthSigningAlg(com.nimbusds.jose.JWSAlgorithm) */ - public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) { - client.setTokenEndpointAuthSigningAlg(tokenEndpointAuthSigningAlg); - } + public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) { + client.setTokenEndpointAuthSigningAlg(tokenEndpointAuthSigningAlg); + } /** * @return diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java index f03a771a4..a8d05f1cb 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -51,7 +51,7 @@ public class SystemScope { private boolean structured = false; // is this a default scope for newly-registered clients? private String structuredParamDescription; private String structuredValue; - + /** * Make a blank system scope with no value */ @@ -66,7 +66,7 @@ public class SystemScope { public SystemScope(String value) { this.value = value; } - + /** * @return the id */ @@ -147,14 +147,14 @@ public class SystemScope { public boolean isDefaultScope() { return defaultScope; } - + /** * @param defaultScope the defaultScope to set */ public void setDefaultScope(boolean defaultScope) { this.defaultScope = defaultScope; } - + /** * @return the isStructured status */ @@ -163,7 +163,7 @@ public class SystemScope { public boolean isStructured() { return structured; } - + /** * @param structured the structured to set */ @@ -176,7 +176,7 @@ public class SystemScope { public String getStructuredParamDescription() { return structuredParamDescription; } - + /** * @param isStructured the isStructured to set */ @@ -184,7 +184,7 @@ public class SystemScope { this.structuredParamDescription = d; } - + /** * @return the structuredValue */ @@ -204,98 +204,98 @@ public class SystemScope { /* (non-Javadoc) * @see java.lang.Object#hashCode() */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + (allowDynReg ? 1231 : 1237); - result = prime * result + (defaultScope ? 1231 : 1237); - result = prime * result + ((description == null) ? 0 : description.hashCode()); - result = prime * result + ((icon == null) ? 0 : icon.hashCode()); - result = prime * result + ((id == null) ? 0 : id.hashCode()); - result = prime * result + (structured ? 1231 : 1237); - result = prime * result + ((structuredParamDescription == null) ? 0 : structuredParamDescription.hashCode()); - result = prime * result + ((structuredValue == null) ? 0 : structuredValue.hashCode()); - result = prime * result + ((value == null) ? 0 : value.hashCode()); - return result; - } + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + (allowDynReg ? 1231 : 1237); + result = prime * result + (defaultScope ? 1231 : 1237); + result = prime * result + ((description == null) ? 0 : description.hashCode()); + result = prime * result + ((icon == null) ? 0 : icon.hashCode()); + result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + (structured ? 1231 : 1237); + result = prime * result + ((structuredParamDescription == null) ? 0 : structuredParamDescription.hashCode()); + result = prime * result + ((structuredValue == null) ? 0 : structuredValue.hashCode()); + result = prime * result + ((value == null) ? 0 : value.hashCode()); + return result; + } /* (non-Javadoc) * @see java.lang.Object#equals(java.lang.Object) */ - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (!(obj instanceof SystemScope)) { - return false; - } - SystemScope other = (SystemScope) obj; - if (allowDynReg != other.allowDynReg) { - return false; - } - if (defaultScope != other.defaultScope) { - return false; - } - if (description == null) { - if (other.description != null) { - return false; - } - } else if (!description.equals(other.description)) { - return false; - } - if (icon == null) { - if (other.icon != null) { - return false; - } - } else if (!icon.equals(other.icon)) { - return false; - } - if (id == null) { - if (other.id != null) { - return false; - } - } else if (!id.equals(other.id)) { - return false; - } - if (structured != other.structured) { - return false; - } - if (structuredParamDescription == null) { - if (other.structuredParamDescription != null) { - return false; - } - } else if (!structuredParamDescription.equals(other.structuredParamDescription)) { - return false; - } - if (structuredValue == null) { - if (other.structuredValue != null) { - return false; - } - } else if (!structuredValue.equals(other.structuredValue)) { - return false; - } - if (value == null) { - if (other.value != null) { - return false; - } - } else if (!value.equals(other.value)) { - return false; - } - return true; - } + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (!(obj instanceof SystemScope)) { + return false; + } + SystemScope other = (SystemScope) obj; + if (allowDynReg != other.allowDynReg) { + return false; + } + if (defaultScope != other.defaultScope) { + return false; + } + if (description == null) { + if (other.description != null) { + return false; + } + } else if (!description.equals(other.description)) { + return false; + } + if (icon == null) { + if (other.icon != null) { + return false; + } + } else if (!icon.equals(other.icon)) { + return false; + } + if (id == null) { + if (other.id != null) { + return false; + } + } else if (!id.equals(other.id)) { + return false; + } + if (structured != other.structured) { + return false; + } + if (structuredParamDescription == null) { + if (other.structuredParamDescription != null) { + return false; + } + } else if (!structuredParamDescription.equals(other.structuredParamDescription)) { + return false; + } + if (structuredValue == null) { + if (other.structuredValue != null) { + return false; + } + } else if (!structuredValue.equals(other.structuredValue)) { + return false; + } + if (value == null) { + if (other.value != null) { + return false; + } + } else if (!value.equals(other.value)) { + return false; + } + return true; + } /* (non-Javadoc) * @see java.lang.Object#toString() */ - @Override - public String toString() { - return "SystemScope [id=" + id + ", value=" + value + ", description=" + description + ", icon=" + icon + ", allowDynReg=" + allowDynReg + ", defaultScope=" + defaultScope + ", structured=" + structured + ", structuredParamDescription=" + structuredParamDescription + ", structuredValue=" - + structuredValue + "]"; - } + @Override + public String toString() { + return "SystemScope [id=" + id + ", value=" + value + ", description=" + description + ", icon=" + icon + ", allowDynReg=" + allowDynReg + ", defaultScope=" + defaultScope + ", structured=" + structured + ", structuredParamDescription=" + structuredParamDescription + ", structuredValue=" + + structuredValue + "]"; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java index 8c7592ff7..a8515f3d4 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java index 643b8d15b..ef628b1c3 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java index 5c21a9ad9..c3389bcff 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java index 96b402f1e..785586d37 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java index d2ff90d49..3409b5026 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java index 695e6dfb6..5fba7cc57 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java index 13fb0e133..f404c7553 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java index 02dacac20..163515a1a 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +32,7 @@ public interface SystemScopeService { public static final String OFFLINE_ACCESS = "offline_access"; public static final String ID_TOKEN_SCOPE = "id-token"; public static final String REGISTRATION_TOKEN_SCOPE = "registration-token"; - + public Set getAll(); /** @@ -80,7 +80,7 @@ public interface SystemScopeService { public boolean scopesMatch(Set expected, Set actual); /** - * Remove any system-restricted scopes from the set and return the result. + * Remove any system-restricted scopes from the set and return the result. * @param scopes * @return */ diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java index 7640473db..eb8d60aaa 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java index 74f77626f..f29c625ac 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,6 +20,14 @@ package org.mitre.openid.connect; +import static org.mitre.discovery.util.JsonUtils.getAsArray; +import static org.mitre.discovery.util.JsonUtils.getAsDate; +import static org.mitre.discovery.util.JsonUtils.getAsJweAlgorithm; +import static org.mitre.discovery.util.JsonUtils.getAsJweEncryptionMethod; +import static org.mitre.discovery.util.JsonUtils.getAsJwsAlgorithm; +import static org.mitre.discovery.util.JsonUtils.getAsString; +import static org.mitre.discovery.util.JsonUtils.getAsStringSet; + import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AppType; import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; @@ -33,8 +41,6 @@ import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import static org.mitre.discovery.util.JsonUtils.*; - /** * @author jricher * @@ -110,7 +116,7 @@ public class ClientDetailsEntityJsonProcessor { c.setIdTokenSignedResponseAlg(getAsJwsAlgorithm(o, "id_token_signed_response_alg")); c.setIdTokenEncryptedResponseAlg(getAsJweAlgorithm(o, "id_token_encrypted_response_alg")); c.setIdTokenEncryptedResponseEnc(getAsJweEncryptionMethod(o, "id_token_encrypted_response_enc")); - + c.setTokenEndpointAuthSigningAlg(getAsJwsAlgorithm(o, "token_endpoint_auth_signing_alg")); if (o.has("default_max_age")) { diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java index 3928c76e6..7561d21aa 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java index 0e9aba77c..fd764bef1 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,129 +36,129 @@ public class ServerConfiguration { /* * issuer - REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. + REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. authorization_endpoint - OPTIONAL. URL of the OP's Authentication and Authorization Endpoint [OpenID.Messages]. + OPTIONAL. URL of the OP's Authentication and Authorization Endpoint [OpenID.Messages]. token_endpoint - OPTIONAL. URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Messages]. + OPTIONAL. URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Messages]. userinfo_endpoint RECOMMENDED. URL of the OP's UserInfo Endpoint [OpenID.Messages]. This URL MUST use the - https scheme and MAY contain port, path, and query parameter components. + https scheme and MAY contain port, path, and query parameter components. check_session_iframe - OPTIONAL. URL of an OP endpoint that provides a page to support cross-origin communications for - session state information with the RP Client, using the HTML5 postMessage API. The page is loaded - from an invisible iframe embedded in an RP page so that it can run in the OP's security context. See [OpenID.Session]. + OPTIONAL. URL of an OP endpoint that provides a page to support cross-origin communications for + session state information with the RP Client, using the HTML5 postMessage API. The page is loaded + from an invisible iframe embedded in an RP page so that it can run in the OP's security context. See [OpenID.Session]. end_session_endpoint - OPTIONAL. URL of the OP's endpoint that initiates logging out the End-User. See [OpenID.Session]. + OPTIONAL. URL of the OP's endpoint that initiates logging out the End-User. See [OpenID.Session]. jwks_uri - REQUIRED. URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the - Client uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by Clients to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the document to indicate each key's intended usage. + REQUIRED. URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the + Client uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by Clients to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the document to indicate each key's intended usage. registration_endpoint - RECOMMENDED. URL of the OP's Dynamic Client Registration Endpoint [OpenID.Registration]. + RECOMMENDED. URL of the OP's Dynamic Client Registration Endpoint [OpenID.Registration]. scopes_supported - RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server + RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server response_types_supported - REQUIRED. JSON array containing a list of the OAuth 2.0 response_type values that this server - supports. The server MUST support the code, id_token, and the token id_token response type values. + REQUIRED. JSON array containing a list of the OAuth 2.0 response_type values that this server + supports. The server MUST support the code, id_token, and the token id_token response type values. grant_types_supported - OPTIONAL. JSON array containing a list of the OAuth 2.0 grant type values that this server supports. - The server MUST support the authorization_code and implicit grant type values and MAY support the - urn:ietf:params:oauth:grant-type:jwt-bearer grant type defined in OAuth JWT Bearer Token Profiles [OAuth.JWT]. - If omitted, the default value is ["authorization_code", "implicit"]. + OPTIONAL. JSON array containing a list of the OAuth 2.0 grant type values that this server supports. + The server MUST support the authorization_code and implicit grant type values and MAY support the + urn:ietf:params:oauth:grant-type:jwt-bearer grant type defined in OAuth JWT Bearer Token Profiles [OAuth.JWT]. + If omitted, the default value is ["authorization_code", "implicit"]. acr_values_supported - OPTIONAL. JSON array containing a list of the Authentication Context Class References that this server supports. + OPTIONAL. JSON array containing a list of the Authentication Context Class References that this server supports. subject_types_supported - REQUIRED. JSON array containing a list of the subject identifier types that this server supports. - Valid types include pairwise and public. + REQUIRED. JSON array containing a list of the subject identifier types that this server supports. + Valid types include pairwise and public. userinfo_signing_alg_values_supported - OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported - by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. + OPTIONAL. JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported + by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. userinfo_encryption_alg_values_supported - OPTIONAL. JSON array containing a list of the JWE [JWE] encryption algorithms (alg values) [JWA] supported - by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. + OPTIONAL. JSON array containing a list of the JWE [JWE] encryption algorithms (alg values) [JWA] supported + by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. userinfo_encryption_enc_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported - by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. + OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) [JWA] supported + by the UserInfo Endpoint to encode the Claims in a JWT [JWT]. id_token_signing_alg_values_supported - REQUIRED. JSON array containing a list of the JWS signing algorithms (alg values) supported by the - Authorization Server for the ID Token to encode the Claims in a JWT [JWT]. + REQUIRED. JSON array containing a list of the JWS signing algorithms (alg values) supported by the + Authorization Server for the ID Token to encode the Claims in a JWT [JWT]. id_token_encryption_alg_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the - Authorization Server for the ID Token to encode the Claims in a JWT [JWT]. + OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the + Authorization Server for the ID Token to encode the Claims in a JWT [JWT]. id_token_encryption_enc_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the - Authorization Server for the ID Token to encode the Claims in a JWT [JWT]. + OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the + Authorization Server for the ID Token to encode the Claims in a JWT [JWT]. request_object_signing_alg_values_supported - OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the - Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 - [OpenID.Messages]. These algorithms are used both when the Request Object is passed by value (using the - request parameter) and when it is passed by reference (using the request_uri parameter). Servers SHOULD - support none and RS256. + OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the + Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 + [OpenID.Messages]. These algorithms are used both when the Request Object is passed by value (using the + request parameter) and when it is passed by reference (using the request_uri parameter). Servers SHOULD + support none and RS256. request_object_encryption_alg_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the - Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 - [OpenID.Messages]. These algorithms are used both when the Request Object is passed by value and when it - is passed by reference. + OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values) supported by the + Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 + [OpenID.Messages]. These algorithms are used both when the Request Object is passed by value and when it + is passed by reference. request_object_encryption_enc_values_supported - OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the - Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 - [OpenID.Messages]. These algorithms are used both when the Request Object is passed by value and when - it is passed by reference. + OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values) supported by the + Authorization Server for the Request Object described in Section 2.9 of OpenID Connect Messages 1.0 + [OpenID.Messages]. These algorithms are used both when the Request Object is passed by value and when + it is passed by reference. token_endpoint_auth_methods_supported - OPTIONAL. JSON array containing a list of authentication methods supported by this Token Endpoint. - The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as - described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. Other authentication - methods MAY be defined by extensions. If omitted, the default is client_secret_basic -- the HTTP - Basic Authentication Scheme as specified in Section 2.3.1 of OAuth 2.0 [RFC6749]. + OPTIONAL. JSON array containing a list of authentication methods supported by this Token Endpoint. + The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as + described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. Other authentication + methods MAY be defined by extensions. If omitted, the default is client_secret_basic -- the HTTP + Basic Authentication Scheme as specified in Section 2.3.1 of OAuth 2.0 [RFC6749]. token_endpoint_auth_signing_alg_values_supported - OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the - Token Endpoint for the private_key_jwt and client_secret_jwt methods to encode the JWT [JWT]. Servers - SHOULD support RS256. + OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the + Token Endpoint for the private_key_jwt and client_secret_jwt methods to encode the JWT [JWT]. Servers + SHOULD support RS256. display_values_supported - OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider - supports. These values are described in Section 2.1.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. + OPTIONAL. JSON array containing a list of the display parameter values that the OpenID Provider + supports. These values are described in Section 2.1.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. claim_types_supported - OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim - Types are described in Section 2.6 of OpenID Connect Messages 1.0 [OpenID.Messages]. Values defined by - this specification are normal, aggregated, and distributed. If not specified, the implementation supports - only normal Claims. + OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim + Types are described in Section 2.6 of OpenID Connect Messages 1.0 [OpenID.Messages]. Values defined by + this specification are normal, aggregated, and distributed. If not specified, the implementation supports + only normal Claims. claims_supported - RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY - be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. + RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY + be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list. service_documentation - OPTIONAL. URL of a page containing human-readable information that developers might want or need to - know when using the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic - Client Registration, then information on how to register Clients needs to be provided in this documentation. + OPTIONAL. URL of a page containing human-readable information that developers might want or need to + know when using the OpenID Provider. In particular, if the OpenID Provider does not support Dynamic + Client Registration, then information on how to register Clients needs to be provided in this documentation. claims_locales_supported - OPTIONAL. Languages and scripts supported for values in Claims being returned, represented as a JSON array - of BCP47 [RFC5646] language tag values. Not all languages and scripts are necessarily supported for all - Claim values. + OPTIONAL. Languages and scripts supported for values in Claims being returned, represented as a JSON array + of BCP47 [RFC5646] language tag values. Not all languages and scripts are necessarily supported for all + Claim values. ui_locales_supported - OPTIONAL. Languages and scripts supported for the user interface, represented as a JSON array of BCP47 - [RFC5646] language tag values. + OPTIONAL. Languages and scripts supported for the user interface, represented as a JSON array of BCP47 + [RFC5646] language tag values. claims_parameter_supported - OPTIONAL. Boolean value specifying whether the OP supports use of the claims parameter, with true - indicating support. If omitted, the default value is false. + OPTIONAL. Boolean value specifying whether the OP supports use of the claims parameter, with true + indicating support. If omitted, the default value is false. request_parameter_supported - OPTIONAL. Boolean value specifying whether the OP supports use of the request parameter, with true - indicating support. If omitted, the default value is false. + OPTIONAL. Boolean value specifying whether the OP supports use of the request parameter, with true + indicating support. If omitted, the default value is false. request_uri_parameter_supported - OPTIONAL. Boolean value specifying whether the OP supports use of the request_uri parameter, with - true indicating support. If omitted, the default value is true. + OPTIONAL. Boolean value specifying whether the OP supports use of the request_uri parameter, with + true indicating support. If omitted, the default value is true. require_request_uri_registration - OPTIONAL. Boolean value specifying whether the OP requires any request_uri values used to be - pre-registered using the request_uris registration parameter. Pre-registration is REQUIRED when - the value is true. If omitted, the default value is false. + OPTIONAL. Boolean value specifying whether the OP requires any request_uri values used to be + pre-registered using the request_uris registration parameter. Pre-registration is REQUIRED when + the value is true. If omitted, the default value is false. op_policy_uri - OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read - about the OP's requirements on how the Relying Party can use the data provided by the OP. The - registration process SHOULD display this URL to the person registering the Client if it is given. + OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read + about the OP's requirements on how the Relying Party can use the data provided by the OP. The + registration process SHOULD display this URL to the person registering the Client if it is given. op_tos_uri - OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read about - OpenID Provider's terms of service. The registration process SHOULD display this URL to the person - registering the Client if it is given. + OPTIONAL. URL that the OpenID Provider provides to the person registering the Client to read about + OpenID Provider's terms of service. The registration process SHOULD display this URL to the person + registering the Client if it is given. */ - + private String authorizationEndpointUri; private String tokenEndpointUri; @@ -172,7 +172,7 @@ public class ServerConfiguration { private String userInfoUri; private String introspectionEndpointUri; - + private String revocationEndpointUri; public String getRevocationEndpointUri() { @@ -1094,6 +1094,6 @@ public class ServerConfiguration { } return true; } - + } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/Address.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/Address.java index 609500635..2177dd760 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/Address.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/Address.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -149,85 +149,85 @@ public class Address { /* (non-Javadoc) * @see java.lang.Object#hashCode() */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((country == null) ? 0 : country.hashCode()); - result = prime * result + ((formatted == null) ? 0 : formatted.hashCode()); - result = prime * result + ((id == null) ? 0 : id.hashCode()); - result = prime * result + ((locality == null) ? 0 : locality.hashCode()); - result = prime * result + ((postalCode == null) ? 0 : postalCode.hashCode()); - result = prime * result + ((region == null) ? 0 : region.hashCode()); - result = prime * result + ((streetAddress == null) ? 0 : streetAddress.hashCode()); - return result; - } + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((country == null) ? 0 : country.hashCode()); + result = prime * result + ((formatted == null) ? 0 : formatted.hashCode()); + result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + ((locality == null) ? 0 : locality.hashCode()); + result = prime * result + ((postalCode == null) ? 0 : postalCode.hashCode()); + result = prime * result + ((region == null) ? 0 : region.hashCode()); + result = prime * result + ((streetAddress == null) ? 0 : streetAddress.hashCode()); + return result; + } /* (non-Javadoc) * @see java.lang.Object#equals(java.lang.Object) */ - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (!(obj instanceof Address)) { - return false; - } - Address other = (Address) obj; - if (country == null) { - if (other.country != null) { - return false; - } - } else if (!country.equals(other.country)) { - return false; - } - if (formatted == null) { - if (other.formatted != null) { - return false; - } - } else if (!formatted.equals(other.formatted)) { - return false; - } - if (id == null) { - if (other.id != null) { - return false; - } - } else if (!id.equals(other.id)) { - return false; - } - if (locality == null) { - if (other.locality != null) { - return false; - } - } else if (!locality.equals(other.locality)) { - return false; - } - if (postalCode == null) { - if (other.postalCode != null) { - return false; - } - } else if (!postalCode.equals(other.postalCode)) { - return false; - } - if (region == null) { - if (other.region != null) { - return false; - } - } else if (!region.equals(other.region)) { - return false; - } - if (streetAddress == null) { - if (other.streetAddress != null) { - return false; - } - } else if (!streetAddress.equals(other.streetAddress)) { - return false; - } - return true; - } + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (!(obj instanceof Address)) { + return false; + } + Address other = (Address) obj; + if (country == null) { + if (other.country != null) { + return false; + } + } else if (!country.equals(other.country)) { + return false; + } + if (formatted == null) { + if (other.formatted != null) { + return false; + } + } else if (!formatted.equals(other.formatted)) { + return false; + } + if (id == null) { + if (other.id != null) { + return false; + } + } else if (!id.equals(other.id)) { + return false; + } + if (locality == null) { + if (other.locality != null) { + return false; + } + } else if (!locality.equals(other.locality)) { + return false; + } + if (postalCode == null) { + if (other.postalCode != null) { + return false; + } + } else if (!postalCode.equals(other.postalCode)) { + return false; + } + if (region == null) { + if (other.region != null) { + return false; + } + } else if (!region.equals(other.region)) { + return false; + } + if (streetAddress == null) { + if (other.streetAddress != null) { + return false; + } + } else if (!streetAddress.equals(other.streetAddress)) { + return false; + } + return true; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java index d970f35c5..f5bfe12d6 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java index 8fa035148..f2144a432 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java index 2a14f98c0..11dc4fcb1 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -336,19 +336,19 @@ public class DefaultUserInfo implements UserInfo { /* (non-Javadoc) * @see org.mitre.openid.connect.model.UserInfo#getPhoneNumberVerified() */ - @Override - @Basic - @Column(name="phone_number_verified") - public Boolean getPhoneNumberVerified() { - return phoneNumberVerified; - } + @Override + @Basic + @Column(name="phone_number_verified") + public Boolean getPhoneNumberVerified() { + return phoneNumberVerified; + } /* (non-Javadoc) * @see org.mitre.openid.connect.model.UserInfo#setPhoneNumberVerified(java.lang.Boolean) */ - @Override - public void setPhoneNumberVerified(Boolean phoneNumberVerified) { - this.phoneNumberVerified = phoneNumberVerified; - } + @Override + public void setPhoneNumberVerified(Boolean phoneNumberVerified) { + this.phoneNumberVerified = phoneNumberVerified; + } /* (non-Javadoc) * @see org.mitre.openid.connect.model.UserInfo#getAddress() */ @@ -398,7 +398,7 @@ public class DefaultUserInfo implements UserInfo { public void setBirthdate(String birthdate) { this.birthdate = birthdate; } - + @Override public JsonObject toJson() { JsonObject obj = new JsonObject(); @@ -419,7 +419,7 @@ public class DefaultUserInfo implements UserInfo { obj.addProperty("locale", this.getLocale()); obj.addProperty("updated_time", this.getUpdatedTime()); obj.addProperty("birthdate", this.getBirthdate()); - + obj.addProperty("email", this.getEmail()); obj.addProperty("email_verified", this.getEmailVerified()); @@ -441,7 +441,7 @@ public class DefaultUserInfo implements UserInfo { return obj; } - + /** * Parse a JsonObject into a UserInfo. * @param o @@ -490,201 +490,201 @@ public class DefaultUserInfo implements UserInfo { return ui; } - + /* (non-Javadoc) * @see java.lang.Object#hashCode() */ - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((address == null) ? 0 : address.hashCode()); - result = prime * result + ((birthdate == null) ? 0 : birthdate.hashCode()); - result = prime * result + ((email == null) ? 0 : email.hashCode()); - result = prime * result + ((emailVerified == null) ? 0 : emailVerified.hashCode()); - result = prime * result + ((familyName == null) ? 0 : familyName.hashCode()); - result = prime * result + ((gender == null) ? 0 : gender.hashCode()); - result = prime * result + ((givenName == null) ? 0 : givenName.hashCode()); - result = prime * result + ((id == null) ? 0 : id.hashCode()); - result = prime * result + ((locale == null) ? 0 : locale.hashCode()); - result = prime * result + ((middleName == null) ? 0 : middleName.hashCode()); - result = prime * result + ((name == null) ? 0 : name.hashCode()); - result = prime * result + ((nickname == null) ? 0 : nickname.hashCode()); - result = prime * result + ((phoneNumber == null) ? 0 : phoneNumber.hashCode()); - result = prime * result + ((phoneNumberVerified == null) ? 0 : phoneNumberVerified.hashCode()); - result = prime * result + ((picture == null) ? 0 : picture.hashCode()); - result = prime * result + ((preferredUsername == null) ? 0 : preferredUsername.hashCode()); - result = prime * result + ((profile == null) ? 0 : profile.hashCode()); - result = prime * result + ((sub == null) ? 0 : sub.hashCode()); - result = prime * result + ((updatedTime == null) ? 0 : updatedTime.hashCode()); - result = prime * result + ((website == null) ? 0 : website.hashCode()); - result = prime * result + ((zoneinfo == null) ? 0 : zoneinfo.hashCode()); - return result; - } - + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((address == null) ? 0 : address.hashCode()); + result = prime * result + ((birthdate == null) ? 0 : birthdate.hashCode()); + result = prime * result + ((email == null) ? 0 : email.hashCode()); + result = prime * result + ((emailVerified == null) ? 0 : emailVerified.hashCode()); + result = prime * result + ((familyName == null) ? 0 : familyName.hashCode()); + result = prime * result + ((gender == null) ? 0 : gender.hashCode()); + result = prime * result + ((givenName == null) ? 0 : givenName.hashCode()); + result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + ((locale == null) ? 0 : locale.hashCode()); + result = prime * result + ((middleName == null) ? 0 : middleName.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + ((nickname == null) ? 0 : nickname.hashCode()); + result = prime * result + ((phoneNumber == null) ? 0 : phoneNumber.hashCode()); + result = prime * result + ((phoneNumberVerified == null) ? 0 : phoneNumberVerified.hashCode()); + result = prime * result + ((picture == null) ? 0 : picture.hashCode()); + result = prime * result + ((preferredUsername == null) ? 0 : preferredUsername.hashCode()); + result = prime * result + ((profile == null) ? 0 : profile.hashCode()); + result = prime * result + ((sub == null) ? 0 : sub.hashCode()); + result = prime * result + ((updatedTime == null) ? 0 : updatedTime.hashCode()); + result = prime * result + ((website == null) ? 0 : website.hashCode()); + result = prime * result + ((zoneinfo == null) ? 0 : zoneinfo.hashCode()); + return result; + } + /* (non-Javadoc) * @see java.lang.Object#equals(java.lang.Object) */ - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (!(obj instanceof DefaultUserInfo)) { - return false; - } - DefaultUserInfo other = (DefaultUserInfo) obj; - if (address == null) { - if (other.address != null) { - return false; - } - } else if (!address.equals(other.address)) { - return false; - } - if (birthdate == null) { - if (other.birthdate != null) { - return false; - } - } else if (!birthdate.equals(other.birthdate)) { - return false; - } - if (email == null) { - if (other.email != null) { - return false; - } - } else if (!email.equals(other.email)) { - return false; - } - if (emailVerified == null) { - if (other.emailVerified != null) { - return false; - } - } else if (!emailVerified.equals(other.emailVerified)) { - return false; - } - if (familyName == null) { - if (other.familyName != null) { - return false; - } - } else if (!familyName.equals(other.familyName)) { - return false; - } - if (gender == null) { - if (other.gender != null) { - return false; - } - } else if (!gender.equals(other.gender)) { - return false; - } - if (givenName == null) { - if (other.givenName != null) { - return false; - } - } else if (!givenName.equals(other.givenName)) { - return false; - } - if (id == null) { - if (other.id != null) { - return false; - } - } else if (!id.equals(other.id)) { - return false; - } - if (locale == null) { - if (other.locale != null) { - return false; - } - } else if (!locale.equals(other.locale)) { - return false; - } - if (middleName == null) { - if (other.middleName != null) { - return false; - } - } else if (!middleName.equals(other.middleName)) { - return false; - } - if (name == null) { - if (other.name != null) { - return false; - } - } else if (!name.equals(other.name)) { - return false; - } - if (nickname == null) { - if (other.nickname != null) { - return false; - } - } else if (!nickname.equals(other.nickname)) { - return false; - } - if (phoneNumber == null) { - if (other.phoneNumber != null) { - return false; - } - } else if (!phoneNumber.equals(other.phoneNumber)) { - return false; - } - if (phoneNumberVerified == null) { - if (other.phoneNumberVerified != null) { - return false; - } - } else if (!phoneNumberVerified.equals(other.phoneNumberVerified)) { - return false; - } - if (picture == null) { - if (other.picture != null) { - return false; - } - } else if (!picture.equals(other.picture)) { - return false; - } - if (preferredUsername == null) { - if (other.preferredUsername != null) { - return false; - } - } else if (!preferredUsername.equals(other.preferredUsername)) { - return false; - } - if (profile == null) { - if (other.profile != null) { - return false; - } - } else if (!profile.equals(other.profile)) { - return false; - } - if (sub == null) { - if (other.sub != null) { - return false; - } - } else if (!sub.equals(other.sub)) { - return false; - } - if (updatedTime == null) { - if (other.updatedTime != null) { - return false; - } - } else if (!updatedTime.equals(other.updatedTime)) { - return false; - } - if (website == null) { - if (other.website != null) { - return false; - } - } else if (!website.equals(other.website)) { - return false; - } - if (zoneinfo == null) { - if (other.zoneinfo != null) { - return false; - } - } else if (!zoneinfo.equals(other.zoneinfo)) { - return false; - } - return true; - } + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (!(obj instanceof DefaultUserInfo)) { + return false; + } + DefaultUserInfo other = (DefaultUserInfo) obj; + if (address == null) { + if (other.address != null) { + return false; + } + } else if (!address.equals(other.address)) { + return false; + } + if (birthdate == null) { + if (other.birthdate != null) { + return false; + } + } else if (!birthdate.equals(other.birthdate)) { + return false; + } + if (email == null) { + if (other.email != null) { + return false; + } + } else if (!email.equals(other.email)) { + return false; + } + if (emailVerified == null) { + if (other.emailVerified != null) { + return false; + } + } else if (!emailVerified.equals(other.emailVerified)) { + return false; + } + if (familyName == null) { + if (other.familyName != null) { + return false; + } + } else if (!familyName.equals(other.familyName)) { + return false; + } + if (gender == null) { + if (other.gender != null) { + return false; + } + } else if (!gender.equals(other.gender)) { + return false; + } + if (givenName == null) { + if (other.givenName != null) { + return false; + } + } else if (!givenName.equals(other.givenName)) { + return false; + } + if (id == null) { + if (other.id != null) { + return false; + } + } else if (!id.equals(other.id)) { + return false; + } + if (locale == null) { + if (other.locale != null) { + return false; + } + } else if (!locale.equals(other.locale)) { + return false; + } + if (middleName == null) { + if (other.middleName != null) { + return false; + } + } else if (!middleName.equals(other.middleName)) { + return false; + } + if (name == null) { + if (other.name != null) { + return false; + } + } else if (!name.equals(other.name)) { + return false; + } + if (nickname == null) { + if (other.nickname != null) { + return false; + } + } else if (!nickname.equals(other.nickname)) { + return false; + } + if (phoneNumber == null) { + if (other.phoneNumber != null) { + return false; + } + } else if (!phoneNumber.equals(other.phoneNumber)) { + return false; + } + if (phoneNumberVerified == null) { + if (other.phoneNumberVerified != null) { + return false; + } + } else if (!phoneNumberVerified.equals(other.phoneNumberVerified)) { + return false; + } + if (picture == null) { + if (other.picture != null) { + return false; + } + } else if (!picture.equals(other.picture)) { + return false; + } + if (preferredUsername == null) { + if (other.preferredUsername != null) { + return false; + } + } else if (!preferredUsername.equals(other.preferredUsername)) { + return false; + } + if (profile == null) { + if (other.profile != null) { + return false; + } + } else if (!profile.equals(other.profile)) { + return false; + } + if (sub == null) { + if (other.sub != null) { + return false; + } + } else if (!sub.equals(other.sub)) { + return false; + } + if (updatedTime == null) { + if (other.updatedTime != null) { + return false; + } + } else if (!updatedTime.equals(other.updatedTime)) { + return false; + } + if (website == null) { + if (other.website != null) { + return false; + } + } else if (!website.equals(other.website)) { + return false; + } + if (zoneinfo == null) { + if (other.zoneinfo != null) { + return false; + } + } else if (!zoneinfo.equals(other.zoneinfo)) { + return false; + } + return true; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java index e9b310e71..a6ab90e87 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java index f5eccf9c7..1828f0cf4 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java @@ -58,14 +58,14 @@ public class PairwiseIdentifier { public String getIdentifier() { return identifier; } - + /** * @param identifier the identifier to set */ public void setIdentifier(String identifier) { this.identifier = identifier; } - + /** * @return the userSub */ @@ -74,14 +74,14 @@ public class PairwiseIdentifier { public String getUserSub() { return userSub; } - + /** * @param userSub the userSub to set */ public void setUserSub(String userSub) { this.userSub = userSub; } - + /** * @return the sectorIdentifier */ @@ -90,7 +90,7 @@ public class PairwiseIdentifier { public String getSectorIdentifier() { return sectorIdentifier; } - + /** * @param sectorIdentifier the sectorIdentifier to set */ diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java index 0e97dcc94..b83a4e1af 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -180,12 +180,12 @@ public interface UserInfo { * @param phoneNumber the phoneNumber to set */ public abstract void setPhoneNumber(String phoneNumber); - + /** * */ public abstract Boolean getPhoneNumberVerified(); - + /** * * @param phoneNumberVerified @@ -224,7 +224,7 @@ public interface UserInfo { * @param birthdate */ public abstract void setBirthdate(String birthdate); - + /** * Serialize this UserInfo object to JSON * diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java index e35e51090..288ec6b07 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java index bd62bfd4f..64c7802cb 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java index 64681feb5..e0020ef3c 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/ApprovedSiteRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java index 861249353..f983fe4c1 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java index 519bc0fa6..f5f0423de 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java @@ -18,13 +18,13 @@ public interface PairwiseIdentifierRepository { * @param sectorIdentifierUri * @return */ - public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri); + public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri); + + /** + * Save a pairwise identifier to the database. + * + * @param pairwise + */ + public void save(PairwiseIdentifier pairwise); - /** - * Save a pairwise identifier to the database. - * - * @param pairwise - */ - public void save(PairwiseIdentifier pairwise); - } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java index c927a6540..5b200442c 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/WhitelistedSiteRepository.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/WhitelistedSiteRepository.java index 0b1bc7c36..8775329b6 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/WhitelistedSiteRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/WhitelistedSiteRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java index 212e88463..7fd322c3a 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ApprovedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/BlacklistedSiteService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/BlacklistedSiteService.java index 7b2c47f19..ad46fccde 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/BlacklistedSiteService.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/BlacklistedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java index fc259977f..546a863b1 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/OIDCTokenService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -55,5 +55,5 @@ public interface OIDCTokenService { * @return */ public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client); - + } \ No newline at end of file diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java index e8bf7c623..59551f71f 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java @@ -21,6 +21,6 @@ public interface PairwiseIdentiferService { * @param client * @return */ - public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client); + public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client); } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/StatsService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/StatsService.java index 17414c789..94c180a1a 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/StatsService.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/StatsService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java index ab2678bd5..d86b957e1 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -59,11 +59,11 @@ public interface UserInfoService { * @return */ public UserInfo getByUsername(String username); - + /** * Get the UserInfo for the given username (usually maps to the * preferredUsername field) and clientId. This allows pairwise - * client identifiers where appropriate. + * client identifiers where appropriate. * @param username * @param clientId * @return diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java index 524d6b7a0..11faaae5e 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java index 58b1ed9ea..3dfb43729 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java index 70492bc71..b3b5590be 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -49,15 +49,15 @@ import com.google.gson.JsonSerializer; * */ public class UserInfoInterceptor extends HandlerInterceptorAdapter { - + private Gson gson = new GsonBuilder() - .registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer() { - @Override - public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) { - return new JsonPrimitive(src.getAuthority()); - } - }) - .create(); + .registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer() { + @Override + public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) { + return new JsonPrimitive(src.getAuthority()); + } + }) + .create(); @Autowired private UserInfoService userInfoService; @@ -65,20 +65,20 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter { @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { - if (modelAndView != null && !modelAndView.getModel().containsKey("userInfo")) { // skip checking at all if we have no model and view to hand the user to - // or if there's already a userInfo object in there + if (modelAndView != null && !modelAndView.getModel().containsKey("userInfo")) { // skip checking at all if we have no model and view to hand the user to + // or if there's already a userInfo object in there // TODO: this is a patch to get around a potential information leak from #492 if (!(modelAndView.getView() instanceof RedirectView)) { - + // get our principal from the security context Principal p = request.getUserPrincipal(); - + if (p instanceof Authentication && !modelAndView.getModel().containsKey("userAuthorities")){ Authentication auth = (Authentication)p; modelAndView.addObject("userAuthorities", gson.toJson(auth.getAuthorities())); } - + if (p instanceof OIDCAuthenticationToken) { // if they're logging into this server from a remote OIDC server, pass through their user info OIDCAuthenticationToken oidc = (OIDCAuthenticationToken) p; @@ -86,10 +86,10 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter { modelAndView.addObject("userInfoJson", oidc.getUserInfo().toJson()); } else { if (p != null && p.getName() != null) { // don't bother checking if we don't have a principal - + // try to look up a user based on the principal's name UserInfo user = userInfoService.getByUsername(p.getName()); - + // if we have one, inject it so views can use it if (user != null) { modelAndView.addObject("userInfo", user); diff --git a/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java b/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java index 5e66c5406..6ae643c74 100644 --- a/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java +++ b/openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -28,12 +28,12 @@ import javax.persistence.EntityManager; public class JpaUtil { public static T getSingleResult(List list) { switch(list.size()) { - case 0: - return null; - case 1: - return list.get(0); - default: - throw new IllegalStateException("Expected single result, got " + list.size()); + case 0: + return null; + case 1: + return list.get(0); + default: + throw new IllegalStateException("Expected single result, got " + list.size()); } } diff --git a/openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java b/openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java index f95497ceb..51f99cc89 100644 --- a/openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java +++ b/openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,13 +16,13 @@ ******************************************************************************/ package org.mitre.discovery.util; +import static org.junit.Assert.assertEquals; + import org.junit.Test; import org.springframework.web.util.UriComponents; import com.google.common.collect.ImmutableMap; -import static org.junit.Assert.assertEquals; - /** * @author wkim * diff --git a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java b/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java index b04fa5221..f55ac8a22 100644 --- a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java +++ b/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,14 +19,14 @@ */ package org.mitre.jose; +import static org.junit.Assert.assertEquals; + import org.junit.Test; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWSAlgorithm; -import static org.junit.Assert.assertEquals; - /** * * These tests make sure that the algorithm name processing diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java b/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java index 11ed5cded..5e6b295aa 100644 --- a/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java +++ b/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJwtEncryptionAndDecryptionService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -49,11 +49,11 @@ import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; public class TestDefaultJwtEncryptionAndDecryptionService { private String plainText = "The true sign of intelligence is not knowledge but imagination."; - + private String issuer = "www.example.net"; private String subject = "example_user"; private JWTClaimsSet claimsSet = new JWTClaimsSet(); - + // Example data taken from Mike Jones's draft-ietf-jose-json-web-encryption-14 appendix examples private String compactSerializedJwe = "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." + "OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe" + @@ -66,7 +66,7 @@ public class TestDefaultJwtEncryptionAndDecryptionService { "5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji" + "SdiwkIr3ajwQzaBtQD_A." + "XFBoMYUZodetZdvTiFvSkQ"; - + private String RSAkid = "rsa321"; private JWK RSAjwk = new RSAKey(new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" + @@ -76,69 +76,69 @@ public class TestDefaultJwtEncryptionAndDecryptionService { "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n new Base64URL("AQAB"), // e new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" + - "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" + - "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" + - "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" + - "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" + - "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d - Use.ENCRYPTION, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null); - + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" + + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" + + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" + + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" + + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d + Use.ENCRYPTION, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null); + // AES key wrap not yet tested -// private String AESkid = "aes123"; -// private JWK AESjwk = new OctetSequenceKey(new Base64URL("GawgguFyGrWKav7AX4VKUg"), Use.ENCRYPTION, JWEAlgorithm.A128KW, AESkid); -// -// private Map keys = new ImmutableMap.Builder(). -// put(RSAkid, RSAjwk).put(AESkid, AESjwk).build(); - + // private String AESkid = "aes123"; + // private JWK AESjwk = new OctetSequenceKey(new Base64URL("GawgguFyGrWKav7AX4VKUg"), Use.ENCRYPTION, JWEAlgorithm.A128KW, AESkid); + // + // private Map keys = new ImmutableMap.Builder(). + // put(RSAkid, RSAjwk).put(AESkid, AESjwk).build(); + private Map keys = new ImmutableMap.Builder(). put(RSAkid, RSAjwk).build(); - + private DefaultJwtEncryptionAndDecryptionService service; - + @Before public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException { - + service = new DefaultJwtEncryptionAndDecryptionService(keys); - + claimsSet.setIssuer(issuer); claimsSet.setSubject(subject); } - + @Test public void decrypt_RSA() throws ParseException { - + service.setDefaultDecryptionKeyId(RSAkid); service.setDefaultEncryptionKeyId(RSAkid); - + JWEObject jwt = JWEObject.parse(compactSerializedJwe); - + assertThat(jwt.getPayload(), nullValue()); // observe..nothing is there - + service.decryptJwt(jwt); String result = jwt.getPayload().toString(); // and voila! decrypto-magic - + assertEquals(plainText, result); } - + @Test public void encryptThenDecrypt_RSA() throws ParseException { - + service.setDefaultDecryptionKeyId(RSAkid); service.setDefaultEncryptionKeyId(RSAkid); - + JWEHeader header = new JWEHeader(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A256GCM); - + EncryptedJWT jwt = new EncryptedJWT(header, claimsSet); - + service.encryptJwt(jwt); String serialized = jwt.serialize(); - + EncryptedJWT encryptedJwt = EncryptedJWT.parse(serialized); assertThat(encryptedJwt.getJWTClaimsSet(), nullValue()); service.decryptJwt(encryptedJwt); - + ReadOnlyJWTClaimsSet resultClaims = encryptedJwt.getJWTClaimsSet(); - + assertEquals(claimsSet.getIssuer(), resultClaims.getIssuer()); assertEquals(claimsSet.getSubject(), resultClaims.getSubject()); } diff --git a/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java b/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java index 08721d993..5e95a16e8 100644 --- a/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java +++ b/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,18 +19,16 @@ */ package org.mitre.oauth2.model; +import static org.junit.Assert.assertEquals; + import java.util.Date; import org.junit.Test; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; import com.google.common.collect.ImmutableSet; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; -import static org.junit.Assert.assertEquals; - /** * @author jricher * diff --git a/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java b/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java index a4d1f20c8..0f53186af 100644 --- a/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java +++ b/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,18 +19,16 @@ */ package org.mitre.oauth2.model; +import static org.junit.Assert.assertEquals; + import java.sql.Date; import org.junit.Test; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; import com.google.common.collect.ImmutableSet; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; -import static org.junit.Assert.assertEquals; - /** * @author jricher * diff --git a/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java b/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java index 9b2652b3d..8ed71a553 100644 --- a/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java +++ b/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,11 +19,12 @@ */ package org.mitre.openid.connect; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + import java.sql.Date; import org.junit.Test; -import org.mitre.jose.JWEAlgorithmEmbed; -import org.mitre.jose.JWEEncryptionMethodEmbed; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.RegisteredClient; @@ -33,9 +34,6 @@ import com.google.gson.JsonObject; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - /** * @author jricher * diff --git a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java index 85807d91b..2d3258e56 100644 --- a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java +++ b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,10 +19,10 @@ */ package org.mitre.openid.connect.config; -import org.junit.Test; - import static org.junit.Assert.assertEquals; +import org.junit.Test; + /** * @author jricher * diff --git a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ServerConfigurationTest.java b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ServerConfigurationTest.java index ce2f5b772..1f4e8a1b5 100644 --- a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ServerConfigurationTest.java +++ b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ServerConfigurationTest.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,11 +19,11 @@ */ package org.mitre.openid.connect.config; -import org.junit.Test; - import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; +import org.junit.Test; + /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java b/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java index 816eb7cbf..10acae71d 100644 --- a/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java +++ b/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java index 1fb555142..bb178ccf4 100644 --- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -61,7 +61,7 @@ public class DiscoveryEndpoint { @Autowired private JwtSigningAndValidationService signService; - + @Autowired private JwtEncryptionAndDecryptionService encService; @@ -306,7 +306,7 @@ public class DiscoveryEndpoint { m.put("introspection_endpoint", baseUrl + "introspect"); // token introspection endpoint for verifying tokens m.put("revocation_endpoint", baseUrl + "revoke"); // token revocation endpoint - + model.addAttribute("entity", m); return "jsonEntityView"; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java b/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java index 66f31391a..696c0071b 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java index a16d4af70..d2c3f2454 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java index 46921c265..0094a4dc0 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java index 364bb2bcb..4d5797874 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java index eac31a8a5..e381f66bd 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java index 75760c78c..9cfc0abfa 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java index 82084e00c..b1a3dfdaf 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java index 35e7e5614..fe39ceebe 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -58,7 +58,7 @@ import com.google.gson.JsonParser; public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEntityService { private static Logger logger = LoggerFactory.getLogger(DefaultOAuth2ClientDetailsEntityService.class); - + @Autowired private OAuth2ClientRepository clientRepository; @@ -73,7 +73,7 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt @Autowired private BlacklistedSiteService blacklistedSiteService; - + @Autowired private SystemScopeService scopeService; @@ -112,30 +112,30 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt // timestamp this to right now client.setCreatedAt(new Date()); - - + + // check the sector URI if (!Strings.isNullOrEmpty(client.getSectorIdentifierUri())) { try { - List redirects = sectorRedirects.get(client.getSectorIdentifierUri()); - - if (client.getRegisteredRedirectUri() != null) { - for (String uri : client.getRegisteredRedirectUri()) { - if (!redirects.contains(uri)) { - throw new IllegalArgumentException("Requested Redirect URI " + uri + " is not listed at sector identifier " + redirects); - } - } - } - - } catch (ExecutionException e) { - throw new IllegalArgumentException("Unable to load sector identifier URI: " + client.getSectorIdentifierUri()); - } + List redirects = sectorRedirects.get(client.getSectorIdentifierUri()); + + if (client.getRegisteredRedirectUri() != null) { + for (String uri : client.getRegisteredRedirectUri()) { + if (!redirects.contains(uri)) { + throw new IllegalArgumentException("Requested Redirect URI " + uri + " is not listed at sector identifier " + redirects); + } + } + } + + } catch (ExecutionException e) { + throw new IllegalArgumentException("Unable to load sector identifier URI: " + client.getSectorIdentifierUri()); + } } - + // make sure a client doesn't get any special system scopes client.setScope(scopeService.removeRestrictedScopes(client.getScope())); - + return clientRepository.saveClient(client); } @@ -218,24 +218,24 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt // check the sector URI if (!Strings.isNullOrEmpty(newClient.getSectorIdentifierUri())) { try { - List redirects = sectorRedirects.get(newClient.getSectorIdentifierUri()); - - if (newClient.getRegisteredRedirectUri() != null) { - for (String uri : newClient.getRegisteredRedirectUri()) { - if (!redirects.contains(uri)) { - throw new IllegalArgumentException("Requested Redirect URI " + uri + " is not listed at sector identifier " + redirects); - } - } - } - - } catch (ExecutionException e) { - throw new IllegalArgumentException("Unable to load sector identifier URI: " + newClient.getSectorIdentifierUri()); - } + List redirects = sectorRedirects.get(newClient.getSectorIdentifierUri()); + + if (newClient.getRegisteredRedirectUri() != null) { + for (String uri : newClient.getRegisteredRedirectUri()) { + if (!redirects.contains(uri)) { + throw new IllegalArgumentException("Requested Redirect URI " + uri + " is not listed at sector identifier " + redirects); + } + } + } + + } catch (ExecutionException e) { + throw new IllegalArgumentException("Unable to load sector identifier URI: " + newClient.getSectorIdentifierUri()); + } } // make sure a client doesn't get any special system scopes newClient.setScope(scopeService.removeRestrictedScopes(newClient.getScope())); - + return clientRepository.updateClient(oldClient.getId(), newClient); } throw new IllegalArgumentException("Neither old client or new client can be null!"); @@ -270,42 +270,42 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt /** * Utility class to load a sector identifier's set of authorized redirect URIs. * - * @author jricher - * - */ - private class SectorIdentifierLoader extends CacheLoader> { + * @author jricher + * + */ + private class SectorIdentifierLoader extends CacheLoader> { private HttpClient httpClient = new DefaultHttpClient(); private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient); private RestTemplate restTemplate = new RestTemplate(httpFactory); private JsonParser parser = new JsonParser(); - - @Override - public List load(String key) throws Exception { - if (!key.startsWith("https")) { - // TODO: this should optionally throw an error (#506) - logger.error("Sector identifier doesn't start with https, loading anyway..."); - } - - // key is the sector URI + @Override + public List load(String key) throws Exception { + + if (!key.startsWith("https")) { + // TODO: this should optionally throw an error (#506) + logger.error("Sector identifier doesn't start with https, loading anyway..."); + } + + // key is the sector URI String jsonString = restTemplate.getForObject(key, String.class); JsonElement json = parser.parse(jsonString); - + if (json.isJsonArray()) { List redirectUris = new ArrayList(); for (JsonElement el : json.getAsJsonArray()) { - redirectUris.add(el.getAsString()); - } + redirectUris.add(el.getAsString()); + } logger.info("Found " + redirectUris + " for sector " + key); - + return redirectUris; } else { return null; } - - } - } + } + + } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index d4bec2c03..bf58cc4e8 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -78,10 +78,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi @Autowired private TokenEnhancer tokenEnhancer; - - @Autowired + + @Autowired private SystemScopeService scopeService; - + @Override public Set getAllAccessTokensForUser(String id) { @@ -124,7 +124,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi @Autowired private ApprovedSiteService approvedSiteService; - + @Override public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication) throws AuthenticationException, InvalidClientException { @@ -151,7 +151,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi scopes = scopeService.removeRestrictedScopes(scopes); token.setScope(scopes); - // make it expire if necessary + // make it expire if necessary if (client.getAccessTokenValiditySeconds() != null && client.getAccessTokenValiditySeconds() > 0) { Date expiration = new Date(System.currentTimeMillis() + (client.getAccessTokenValiditySeconds() * 1000L)); token.setExpiration(expiration); @@ -261,7 +261,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi Set refreshScopes = new HashSet(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()); // remove any of the special system scopes refreshScopes = scopeService.removeRestrictedScopes(refreshScopes); - + Set scope = authRequest.getScope() == null ? new HashSet() : new HashSet(authRequest.getScope()); // remove any of the special system scopes scope = scopeService.removeRestrictedScopes(scope); @@ -408,21 +408,21 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi revokeRefreshToken(oAuth2RefreshTokenEntity); } } - + private Predicate isAccessTokenExpired = new Predicate() { @Override public boolean apply(OAuth2AccessTokenEntity input) { return (input != null && input.isExpired()); } }; - + private Predicate isRefreshTokenExpired = new Predicate() { @Override public boolean apply(OAuth2RefreshTokenEntity input) { return (input != null && input.isExpired()); } }; - + private Collection getExpiredAccessTokens() { return Collections2.filter(tokenRepository.getAllAccessTokens(), isAccessTokenExpired); } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java index 37082b600..fb695bd28 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -63,7 +63,7 @@ public class DefaultSystemScopeService implements SystemScopeService { return (input != null && input.isAllowDynReg()); } }; - + private Predicate isRestricted = new Predicate() { @Override public boolean apply(String input) { @@ -90,11 +90,11 @@ public class DefaultSystemScopeService implements SystemScopeService { s.setStructured(true); } } - + if (s.isStructured() && parts.size() > 1) { s.setStructuredValue(parts.get(1)); } - + return s; } } @@ -200,50 +200,50 @@ public class DefaultSystemScopeService implements SystemScopeService { private List parseStructuredScopeValue(String value) { return Lists.newArrayList(Splitter.on(":").split(value)); } - + /* (non-Javadoc) * @see org.mitre.oauth2.service.SystemScopeService#scopesMatch(java.util.Set, java.util.Set) */ - @Override - public boolean scopesMatch(Set expected, Set actual) { - - Set ex = fromStrings(expected); - Set act = fromStrings(actual); - - for (SystemScope actScope : act) { - // first check to see if there's an exact match - if (!ex.contains(actScope)) { - // we didn't find an exact match - if (actScope.isStructured() && !Strings.isNullOrEmpty(actScope.getStructuredValue())) { - // if we didn't get an exact match but the actual scope is structured, we need to check further + @Override + public boolean scopesMatch(Set expected, Set actual) { - // first, find the "base" scope for this - SystemScope base = getByValue(actScope.getValue()); - if (!ex.contains(base)) { - // if the expected doesn't contain the base scope, fail - return false; - } else { - // we did find an exact match, need to check the rest - } - } else { - // the scope wasn't structured, fail now - return false; - } - } else { - // if we did find an exact match, we need to check the rest - } - } - - // if we got all the way down here, the setup passed - return true; - - } + Set ex = fromStrings(expected); + Set act = fromStrings(actual); + + for (SystemScope actScope : act) { + // first check to see if there's an exact match + if (!ex.contains(actScope)) { + // we didn't find an exact match + if (actScope.isStructured() && !Strings.isNullOrEmpty(actScope.getStructuredValue())) { + // if we didn't get an exact match but the actual scope is structured, we need to check further + + // first, find the "base" scope for this + SystemScope base = getByValue(actScope.getValue()); + if (!ex.contains(base)) { + // if the expected doesn't contain the base scope, fail + return false; + } else { + // we did find an exact match, need to check the rest + } + } else { + // the scope wasn't structured, fail now + return false; + } + } else { + // if we did find an exact match, we need to check the rest + } + } + + // if we got all the way down here, the setup passed + return true; + + } @Override public Set removeRestrictedScopes(Set scopes) { - return new LinkedHashSet(Collections2.filter(scopes, isRestricted)); + return new LinkedHashSet(Collections2.filter(scopes, isRestricted)); } - - + + } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java index 16ec17d75..aca578e78 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java index af089e051..6812acaba 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/StructuredScopeAwareOAuth2RequestValidator.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/StructuredScopeAwareOAuth2RequestValidator.java index ac1614554..9f516e345 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/StructuredScopeAwareOAuth2RequestValidator.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/StructuredScopeAwareOAuth2RequestValidator.java @@ -3,13 +3,11 @@ */ package org.mitre.oauth2.token; -import java.util.Map; import java.util.Set; import org.mitre.oauth2.service.SystemScopeService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; -import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.OAuth2RequestValidator; @@ -27,7 +25,7 @@ public class StructuredScopeAwareOAuth2RequestValidator implements OAuth2Request @Autowired private SystemScopeService scopeService; - + /* (non-Javadoc) * @see org.springframework.security.oauth2.provider.OAuth2RequestValidator#validateScope(java.util.Map, java.util.Set) */ diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java index 85d23bee7..74687d08b 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/AccessTokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/AccessTokenAPI.java index 735ad52b6..82860bba3 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/AccessTokenAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/AccessTokenAPI.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java index cd5542270..18957c2f0 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java @@ -30,7 +30,7 @@ public class CorsFilter extends OncePerRequestFilter { */ @Override public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { - + response.addHeader("Access-Control-Allow-Origin", "*"); if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { // CORS "pre-flight" request diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java index 871facb6f..c7f0ac22e 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java index 41e2964d3..055f37e15 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -109,7 +109,7 @@ public class OAuthConfirmationController { model.put("redirect_uri", redirect_uri); Set scopes = scopeService.fromStrings(clientAuth.getScope()); - + Set sortedScopes = new LinkedHashSet(scopes.size()); Set systemScopes = scopeService.getAll(); @@ -121,7 +121,7 @@ public class OAuthConfirmationController { } sortedScopes.addAll(Sets.difference(scopes, systemScopes)); - + model.put("scopes", sortedScopes); return "approve"; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RefreshTokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RefreshTokenAPI.java index da065253a..77ef99820 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RefreshTokenAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RefreshTokenAPI.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java index 6a26a5432..344879e94 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java index 757376fe3..1e6d72572 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java index 568454750..9518fdc2b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,9 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.DefaultOAuth2RequestFactory; -import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.stereotype.Component; import com.google.common.base.Strings; @@ -69,10 +67,10 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { @Autowired private JWKSetCacheService validators; - + @Autowired private SystemScopeService systemScopes; - + @Autowired private JwtEncryptionAndDecryptionService encryptionService; @@ -100,32 +98,32 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { null, false, inputParams.get(OAuth2Utils.STATE), inputParams.get(OAuth2Utils.REDIRECT_URI), OAuth2Utils.parseParameterList(inputParams.get(OAuth2Utils.RESPONSE_TYPE))); - + //Add extension parameters to the 'extensions' map - + if (inputParams.containsKey("prompt")) { request.getExtensions().put("prompt", inputParams.get("prompt")); } if (inputParams.containsKey("nonce")) { request.getExtensions().put("nonce", inputParams.get("nonce")); } - + if (inputParams.containsKey("claims")) { JsonObject claimsRequest = parseClaimRequest(inputParams.get("claims")); if (claimsRequest != null) { request.getExtensions().put("claims", claimsRequest.toString()); } } - + if (inputParams.containsKey("max_age")) { request.getExtensions().put("max_age", inputParams.get("max_age")); } - + if (inputParams.containsKey("request")) { request.getExtensions().put("request", inputParams.get("request")); processRequestObject(inputParams.get("request"), request); } - + if (request.getClientId() != null) { ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); @@ -133,7 +131,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { Set clientScopes = client.getScope(); request.setScope(clientScopes); } - + if (request.getExtensions().get("max_age") == null && client.getDefaultMaxAge() != null) { request.getExtensions().put("max_age", client.getDefaultMaxAge().toString()); } @@ -153,131 +151,131 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { JWT jwt = JWTParser.parse(jwtString); // TODO: move keys to constants - + if (jwt instanceof SignedJWT) { // it's a signed JWT, check the signature - + SignedJWT signedJwt = (SignedJWT)jwt; // need to check clientId first so that we can load the client to check other fields if (request.getClientId() == null) { request.setClientId(signedJwt.getJWTClaimsSet().getStringClaim("client_id")); } - + ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); - + if (client == null) { throw new InvalidClientException("Client not found: " + request.getClientId()); } - - + + JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm(); - + if (client.getRequestObjectSigningAlg() != null) { if (!client.getRequestObjectSigningAlg().equals(alg)) { throw new InvalidClientException("Client's registered request object signing algorithm (" + client.getRequestObjectSigningAlg() + ") does not match request object's actual algorithm (" + alg.getName() + ")"); } } - + if (alg.equals(JWSAlgorithm.RS256) || alg.equals(JWSAlgorithm.RS384) || alg.equals(JWSAlgorithm.RS512)) { - // it's RSA, need to find the JWK URI and fetch the key + // it's RSA, need to find the JWK URI and fetch the key if (client.getJwksUri() == null) { throw new InvalidClientException("Client must have a JWKS URI registered to use signed request objects."); } - + // check JWT signature JwtSigningAndValidationService validator = validators.getValidator(client.getJwksUri()); - + if (validator == null) { throw new InvalidClientException("Unable to create signature validator for client's JWKS URI: " + client.getJwksUri()); } - + if (!validator.validateSignature(signedJwt)) { throw new InvalidClientException("Signature did not validate for presented JWT request object."); } } else if (alg.equals(JWSAlgorithm.HS256) || alg.equals(JWSAlgorithm.HS384) || alg.equals(JWSAlgorithm.HS512)) { - + // it's HMAC, we need to make a validator based on the client secret - + JwtSigningAndValidationService validator = getSymmetricValidtor(client); - + if (validator == null) { throw new InvalidClientException("Unable to create signature validator for client's secret: " + client.getClientSecret()); } - + if (!validator.validateSignature(signedJwt)) { throw new InvalidClientException("Signature did not validate for presented JWT request object."); } - - + + } - - + + } else if (jwt instanceof PlainJWT) { PlainJWT plainJwt = (PlainJWT)jwt; - + // need to check clientId first so that we can load the client to check other fields if (request.getClientId() == null) { request.setClientId(plainJwt.getJWTClaimsSet().getStringClaim("client_id")); } - + ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); - + if (client == null) { throw new InvalidClientException("Client not found: " + request.getClientId()); } - - if (client.getRequestObjectSigningAlg() == null) { + + if (client.getRequestObjectSigningAlg() == null) { throw new InvalidClientException("Client is not registered for unsigned request objects (no request_object_signing_alg registered)"); } else if (!client.getRequestObjectSigningAlg().equals(Algorithm.NONE)) { throw new InvalidClientException("Client is not registered for unsigned request objects (request_object_signing_alg is " + client.getRequestObjectSigningAlg() +")"); } - + // if we got here, we're OK, keep processing - + } else if (jwt instanceof EncryptedJWT) { - + EncryptedJWT encryptedJWT = (EncryptedJWT)jwt; - + // decrypt the jwt if we can - + encryptionService.decryptJwt(encryptedJWT); - + // TODO: what if the content is a signed JWT? (#525) - + if (!encryptedJWT.getState().equals(State.DECRYPTED)) { throw new InvalidClientException("Unable to decrypt the request object"); } - + // need to check clientId first so that we can load the client to check other fields if (request.getClientId() == null) { request.setClientId(encryptedJWT.getJWTClaimsSet().getStringClaim("client_id")); } - + ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId()); - + if (client == null) { throw new InvalidClientException("Client not found: " + request.getClientId()); } - - + + } - - + + /* * NOTE: Claims inside the request object always take precedence over those in the parameter map. */ // now that we've got the JWT, and it's been parsed, validated, and/or decrypted, we can process the claims - + ReadOnlyJWTClaimsSet claims = jwt.getJWTClaimsSet(); - + Set responseTypes = OAuth2Utils.parseParameterList(claims.getStringClaim("response_type")); if (responseTypes != null && !responseTypes.isEmpty()) { if (!responseTypes.equals(request.getResponseTypes())) { @@ -286,7 +284,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { request.setResponseTypes(responseTypes); } - String redirectUri = claims.getStringClaim("redirect_uri"); + String redirectUri = claims.getStringClaim("redirect_uri"); if (redirectUri != null) { if (!redirectUri.equals(request.getRedirectUri())) { logger.info("Mismatch between request object and regular parameter for redirect_uri, using request object"); @@ -321,11 +319,11 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { String prompt = claims.getStringClaim("prompt"); if (prompt != null) { if (!prompt.equals(request.getExtensions().get("prompt"))) { - logger.info("Mismatch between request object and regular parameter for prompt, using request object"); + logger.info("Mismatch between request object and regular parameter for prompt, using request object"); } request.getExtensions().put("prompt", prompt); } - + Set scope = OAuth2Utils.parseParameterList(claims.getStringClaim("scope")); if (scope != null && !scope.isEmpty()) { if (!scope.equals(request.getScope())) { @@ -333,7 +331,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { } request.setScope(scope); } - + JsonObject claimRequest = parseClaimRequest(claims.getStringClaim("claims")); if (claimRequest != null) { if (!claimRequest.equals(parseClaimRequest(request.getExtensions().get("claims").toString()))) { @@ -342,7 +340,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { // we save the string because the object might not be a Java Serializable, and we can parse it easily enough anyway request.getExtensions().put("claims", claimRequest.toString()); } - + } catch (ParseException e) { logger.error("ParseException while parsing RequestObject:", e); } @@ -352,14 +350,14 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { * @param claimRequestString * @return */ - private JsonObject parseClaimRequest(String claimRequestString) { - JsonElement el = parser .parse(claimRequestString); - if (el != null && el.isJsonObject()) { - return el.getAsJsonObject(); - } else { - return null; - } - } + private JsonObject parseClaimRequest(String claimRequestString) { + JsonElement el = parser .parse(claimRequestString); + if (el != null && el.isJsonObject()) { + return el.getAsJsonObject(); + } else { + return null; + } + } /** * Create a symmetric signing and validation service for the given client @@ -367,34 +365,34 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { * @param client * @return */ - private JwtSigningAndValidationService getSymmetricValidtor(ClientDetailsEntity client) { + private JwtSigningAndValidationService getSymmetricValidtor(ClientDetailsEntity client) { - if (client == null) { - logger.error("Couldn't create symmetric validator for null client"); - return null; - } - - if (Strings.isNullOrEmpty(client.getClientSecret())) { - logger.error("Couldn't create symmetric validator for client " + client.getClientId() + " without a client secret"); - return null; - } - - try { - - JWK jwk = new OctetSequenceKey(Base64URL.encode(client.getClientSecret()), Use.SIGNATURE, null, client.getClientId(), null, null, null); - Map keys = ImmutableMap.of(client.getClientId(), jwk); - JwtSigningAndValidationService service = new DefaultJwtSigningAndValidationService(keys); - - return service; - - } catch (NoSuchAlgorithmException e) { - logger.error("Couldn't create symmetric validator for client " + client.getClientId(), e); - } catch (InvalidKeySpecException e) { - logger.error("Couldn't create symmetric validator for client " + client.getClientId(), e); - } - - return null; - - } + if (client == null) { + logger.error("Couldn't create symmetric validator for null client"); + return null; + } + + if (Strings.isNullOrEmpty(client.getClientSecret())) { + logger.error("Couldn't create symmetric validator for client " + client.getClientId() + " without a client secret"); + return null; + } + + try { + + JWK jwk = new OctetSequenceKey(Base64URL.encode(client.getClientSecret()), Use.SIGNATURE, null, client.getClientId(), null, null, null); + Map keys = ImmutableMap.of(client.getClientId(), jwk); + JwtSigningAndValidationService service = new DefaultJwtSigningAndValidationService(keys); + + return service; + + } catch (NoSuchAlgorithmException e) { + logger.error("Couldn't create symmetric validator for client " + client.getClientId(), e); + } catch (InvalidKeySpecException e) { + logger.error("Couldn't create symmetric validator for client " + client.getClientId(), e); + } + + return null; + + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAssertionAuthenticationToken.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAssertionAuthenticationToken.java index 0f27394c6..972506d5d 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAssertionAuthenticationToken.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAssertionAuthenticationToken.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java index 64db6e214..8669751c3 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java index dbbbc60d8..48b9e530f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java index 401162637..32f013e17 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/PromptFilter.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -43,8 +43,6 @@ import org.springframework.security.oauth2.provider.OAuth2RequestFactory; import org.springframework.stereotype.Component; import org.springframework.web.filter.GenericFilterBean; -import com.google.common.base.Strings; - /** * @author jricher * @@ -56,10 +54,10 @@ public class PromptFilter extends GenericFilterBean { public final static String PROMPTED = "PROMPT_FILTER_PROMPTED"; public final static String PROMPT_REQUESTED = "PROMPT_FILTER_REQUESTED"; - + @Autowired private OAuth2RequestFactory authRequestFactory; - + /** * */ @@ -68,7 +66,7 @@ public class PromptFilter extends GenericFilterBean { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; - + AuthorizationRequest authRequest = authRequestFactory.createAuthorizationRequest(createRequestMap(request.getParameterMap())); if (authRequest.getExtensions().get("prompt") != null) { @@ -92,31 +90,31 @@ public class PromptFilter extends GenericFilterBean { } } else if (prompt.equals("login")) { - // first see if the user's already been prompted in this session + // first see if the user's already been prompted in this session HttpSession session = request.getSession(); - if (session.getAttribute(PROMPTED) == null) { - // user hasn't been PROMPTED yet, we need to check + if (session.getAttribute(PROMPTED) == null) { + // user hasn't been PROMPTED yet, we need to check - session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE); - - // see if the user's logged in - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - if (auth != null) { - // user's been logged in already (by session management) - // log them out and continue - SecurityContextHolder.getContext().setAuthentication(null); - chain.doFilter(req, res); - } else { - // user hasn't been logged in yet, we can keep going since we'll get there - chain.doFilter(req, res); - } - } else { - // user has been PROMPTED, we're fine - - // but first, undo the prompt tag - session.removeAttribute(PROMPTED); - chain.doFilter(req, res); - } + session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE); + + // see if the user's logged in + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if (auth != null) { + // user's been logged in already (by session management) + // log them out and continue + SecurityContextHolder.getContext().setAuthentication(null); + chain.doFilter(req, res); + } else { + // user hasn't been logged in yet, we can keep going since we'll get there + chain.doFilter(req, res); + } + } else { + // user has been PROMPTED, we're fine + + // but first, undo the prompt tag + session.removeAttribute(PROMPTED); + chain.doFilter(req, res); + } } else { // prompt parameter is a value we don't care about, not our business chain.doFilter(req, res); @@ -133,12 +131,12 @@ public class PromptFilter extends GenericFilterBean { long seconds = (now.getTime() - authTime.getTime()) / 1000; if (seconds > max) { // session is too old, log the user out and continue - SecurityContextHolder.getContext().setAuthentication(null); + SecurityContextHolder.getContext().setAuthentication(null); } } - + chain.doFilter(req, res); - } else { + } else { // no prompt parameter, not our business chain.doFilter(req, res); } @@ -149,16 +147,16 @@ public class PromptFilter extends GenericFilterBean { * @param parameterMap * @return */ - private Map createRequestMap(Map parameterMap) { - Map requestMap = new HashMap(); - for (String key : parameterMap.keySet()) { - String[] val = parameterMap.get(key); + private Map createRequestMap(Map parameterMap) { + Map requestMap = new HashMap(); + for (String key : parameterMap.keySet()) { + String[] val = parameterMap.get(key); if (val != null && val.length > 0) { - requestMap.put(key, val[0]); // add the first value only (which is what Spring seems to do) - } - } - - return requestMap; - } + requestMap.put(key, val[0]); // add the first value only (which is what Spring seems to do) + } + } + + return requestMap; + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java index 56793e6fe..77c2a41c3 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,8 @@ ******************************************************************************/ package org.mitre.openid.connect.repository.impl; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; @@ -24,8 +26,6 @@ import org.mitre.openid.connect.repository.AddressRepository; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - /** * JPA Address repository implementation * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java index c96f119d7..f660885c2 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java index 69c4d5ee6..0aa32c93c 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,6 +19,8 @@ */ package org.mitre.openid.connect.repository.impl; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + import java.util.Collection; import javax.persistence.EntityManager; @@ -30,8 +32,6 @@ import org.mitre.openid.connect.repository.BlacklistedSiteRepository; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java index eac66095f..44eca14f7 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java @@ -3,6 +3,9 @@ */ package org.mitre.openid.connect.repository.impl; +import static org.mitre.util.jpa.JpaUtil.getSingleResult; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.persistence.TypedQuery; @@ -12,9 +15,6 @@ import org.mitre.openid.connect.repository.PairwiseIdentifierRepository; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; -import static org.mitre.util.jpa.JpaUtil.getSingleResult; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java index 27a4853a8..bcb2a576e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,9 @@ ******************************************************************************/ package org.mitre.openid.connect.repository.impl; +import static org.mitre.util.jpa.JpaUtil.getSingleResult; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + import java.util.Collection; import javax.persistence.EntityManager; @@ -28,9 +31,6 @@ import org.mitre.openid.connect.repository.UserInfoRepository; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; -import static org.mitre.util.jpa.JpaUtil.getSingleResult; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - /** * JPA UserInfo repository implementation * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java index dddf4b0a3..677823386 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,8 @@ ******************************************************************************/ package org.mitre.openid.connect.repository.impl; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + import java.util.Collection; import javax.persistence.EntityManager; @@ -28,8 +30,6 @@ import org.mitre.util.jpa.JpaUtil; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - /** * JPA WhitelistedSite repository implementation * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java index 9c29093cf..f9e7064c2 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -157,14 +157,14 @@ public class DefaultApprovedSiteService implements ApprovedSiteService { } } } - + private Predicate isExpired = new Predicate() { @Override public boolean apply(ApprovedSite input) { return (input != null && input.isExpired()); } }; - + private Collection getExpired() { return Collections2.filter(approvedSiteRepository.getAll(), isExpired); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultBlacklistedSiteService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultBlacklistedSiteService.java index cea94da0a..ee11c6090 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultBlacklistedSiteService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultBlacklistedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java index eac95aa74..7863e8ff9 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,7 +36,6 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.stereotype.Service; @@ -61,29 +60,29 @@ import com.nimbusds.jwt.SignedJWT; public class DefaultOIDCTokenService implements OIDCTokenService { Logger logger = LoggerFactory.getLogger(DefaultOIDCTokenService.class); - + @Autowired private JwtSigningAndValidationService jwtService; - + @Autowired private AuthenticationHolderRepository authenticationHolderRepository; - + @Autowired private ConfigurationPropertiesBean configBean; - + @Override public OAuth2AccessTokenEntity createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, JWSAlgorithm signingAlg, OAuth2AccessTokenEntity accessToken) { - + OAuth2AccessTokenEntity idTokenEntity = new OAuth2AccessTokenEntity(); JWTClaimsSet idClaims = new JWTClaimsSet(); - + if (request.getExtensions().containsKey(AuthenticationTimeStamper.AUTH_TIMESTAMP)) { Date authTime = (Date) request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP); idClaims.setClaim("auth_time", authTime.getTime() / 1000); } - + idClaims.setIssueTime(issueTime); - + if (client.getIdTokenValiditySeconds() != null) { Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L)); idClaims.setExpirationTime(expiration); @@ -98,15 +97,15 @@ public class DefaultOIDCTokenService implements OIDCTokenService { if (!Strings.isNullOrEmpty(nonce)) { idClaims.setCustomClaim("nonce", nonce); } - + Set responseTypes = request.getResponseTypes(); - + if (responseTypes.contains("token")) { // calculate the token hash Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, accessToken); idClaims.setClaim("at_hash", at_hash); } - + SignedJWT idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims); jwtService.signJwt(idToken); @@ -121,15 +120,16 @@ public class DefaultOIDCTokenService implements OIDCTokenService { idTokenEntity.setScope(idScopes); idTokenEntity.setClient(accessToken.getClient()); - + return idTokenEntity; } - + /** * @param client * @return * @throws AuthenticationException */ + @Override public OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) { Map authorizationParameters = Maps.newHashMap(); @@ -164,9 +164,9 @@ public class DefaultOIDCTokenService implements OIDCTokenService { token.setJwt(signed); return token; - + } - + /** * @return the configBean */ @@ -209,5 +209,5 @@ public class DefaultOIDCTokenService implements OIDCTokenService { AuthenticationHolderRepository authenticationHolderRepository) { this.authenticationHolderRepository = authenticationHolderRepository; } - + } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java index 259d46406..bf6449ce3 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java @@ -20,96 +20,96 @@ import com.google.common.collect.SetMultimap; @Service("scopeClaimTranslator") public class DefaultScopeClaimTranslationService implements ScopeClaimTranslationService { - private SetMultimap scopesToClaims = HashMultimap.create(); - private Map claimsToFields = Maps.newHashMap(); - - /** - * Default constructor; initializes scopesToClaims map - */ - public DefaultScopeClaimTranslationService() { - - scopesToClaims.put("openid", "sub"); - - scopesToClaims.put("profile", "name"); - scopesToClaims.put("profile", "preferred_username"); - scopesToClaims.put("profile", "given_name"); - scopesToClaims.put("profile", "family_name"); - scopesToClaims.put("profile", "middle_name"); - scopesToClaims.put("profile", "nickname"); - scopesToClaims.put("profile", "profile"); - scopesToClaims.put("profile", "picture"); - scopesToClaims.put("profile", "website"); - scopesToClaims.put("profile", "gender"); - scopesToClaims.put("profile", "zone_info"); - scopesToClaims.put("profile", "locale"); - scopesToClaims.put("profile", "updated_time"); - scopesToClaims.put("profile", "birthdate"); - - scopesToClaims.put("email", "email"); - scopesToClaims.put("email", "email_verified"); - - scopesToClaims.put("phone", "phone_number"); - scopesToClaims.put("phone", "phone_number_verified"); - - scopesToClaims.put("address", "address"); - - claimsToFields.put("sub", "sub"); - - claimsToFields.put("name", "name"); - claimsToFields.put("preferred_username", "preferredUsername"); - claimsToFields.put("given_name", "givenName"); - claimsToFields.put("family_name", "familyName"); - claimsToFields.put("middle_name", "middleName"); - claimsToFields.put("nickname", "nickname"); - claimsToFields.put("profile", "profile"); - claimsToFields.put("picture", "picture"); - claimsToFields.put("website", "website"); - claimsToFields.put("gender", "gender"); - claimsToFields.put("zone_info", "zoneinfo"); - claimsToFields.put("locale", "locale"); - claimsToFields.put("updated_time", "updatedTime"); - claimsToFields.put("birthdate", "birthdate"); - - claimsToFields.put("email", "email"); - claimsToFields.put("email_verified", "emailVerified"); - - claimsToFields.put("phone_number", "phoneNumber"); - claimsToFields.put("phone_number_verified", "phoneNumberVerified"); - - claimsToFields.put("address", "address"); - + private SetMultimap scopesToClaims = HashMultimap.create(); + private Map claimsToFields = Maps.newHashMap(); + + /** + * Default constructor; initializes scopesToClaims map + */ + public DefaultScopeClaimTranslationService() { + + scopesToClaims.put("openid", "sub"); + + scopesToClaims.put("profile", "name"); + scopesToClaims.put("profile", "preferred_username"); + scopesToClaims.put("profile", "given_name"); + scopesToClaims.put("profile", "family_name"); + scopesToClaims.put("profile", "middle_name"); + scopesToClaims.put("profile", "nickname"); + scopesToClaims.put("profile", "profile"); + scopesToClaims.put("profile", "picture"); + scopesToClaims.put("profile", "website"); + scopesToClaims.put("profile", "gender"); + scopesToClaims.put("profile", "zone_info"); + scopesToClaims.put("profile", "locale"); + scopesToClaims.put("profile", "updated_time"); + scopesToClaims.put("profile", "birthdate"); + + scopesToClaims.put("email", "email"); + scopesToClaims.put("email", "email_verified"); + + scopesToClaims.put("phone", "phone_number"); + scopesToClaims.put("phone", "phone_number_verified"); + + scopesToClaims.put("address", "address"); + + claimsToFields.put("sub", "sub"); + + claimsToFields.put("name", "name"); + claimsToFields.put("preferred_username", "preferredUsername"); + claimsToFields.put("given_name", "givenName"); + claimsToFields.put("family_name", "familyName"); + claimsToFields.put("middle_name", "middleName"); + claimsToFields.put("nickname", "nickname"); + claimsToFields.put("profile", "profile"); + claimsToFields.put("picture", "picture"); + claimsToFields.put("website", "website"); + claimsToFields.put("gender", "gender"); + claimsToFields.put("zone_info", "zoneinfo"); + claimsToFields.put("locale", "locale"); + claimsToFields.put("updated_time", "updatedTime"); + claimsToFields.put("birthdate", "birthdate"); + + claimsToFields.put("email", "email"); + claimsToFields.put("email_verified", "emailVerified"); + + claimsToFields.put("phone_number", "phoneNumber"); + claimsToFields.put("phone_number_verified", "phoneNumberVerified"); + + claimsToFields.put("address", "address"); + + } + + /* (non-Javadoc) + * @see org.mitre.openid.connect.service.ScopeClaimTranslationService#getClaimsForScope(java.lang.String) + */ + @Override + public Set getClaimsForScope(String scope) { + if (scopesToClaims.containsKey(scope)) { + return scopesToClaims.get(scope); + } else { + return new HashSet(); } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.ScopeClaimTranslationService#getClaimsForScope(java.lang.String) - */ - @Override - public Set getClaimsForScope(String scope) { - if (scopesToClaims.containsKey(scope)) { - return scopesToClaims.get(scope); - } else { - return new HashSet(); - } + } + + /* (non-Javadoc) + * @see org.mitre.openid.connect.service.ScopeClaimTranslationService#getClaimsForScopeSet(java.util.Set) + */ + @Override + public Set getClaimsForScopeSet(Set scopes) { + Set result = new HashSet(); + for (String scope : scopes) { + result.addAll(getClaimsForScope(scope)); } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.ScopeClaimTranslationService#getClaimsForScopeSet(java.util.Set) - */ - @Override - public Set getClaimsForScopeSet(Set scopes) { - Set result = new HashSet(); - for (String scope : scopes) { - result.addAll(getClaimsForScope(scope)); - } - return result; - } - - /* (non-Javadoc) - * @see org.mitre.openid.connect.service.ScopeClaimTranslationService#getFieldNameForClaim(java.lang.String) - */ - @Override - public String getFieldNameForClaim(String claim) { - return claimsToFields.get(claim); - } - + return result; + } + + /* (non-Javadoc) + * @see org.mitre.openid.connect.service.ScopeClaimTranslationService#getFieldNameForClaim(java.lang.String) + */ + @Override + public String getFieldNameForClaim(String claim) { + return claimsToFields.get(claim); + } + } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java index a251d8eeb..f2bf61f69 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java index 5234fe52d..fd44634d4 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -37,13 +37,13 @@ public class DefaultUserInfoService implements UserInfoService { @Autowired private UserInfoRepository userInfoRepository; - + @Autowired private ClientDetailsEntityService clientService; - + @Autowired private PairwiseIdentiferService pairwiseIdentifierService; - + @Override public void save(UserInfo userInfo) { userInfoRepository.save(userInfo); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java index ae9963261..d2cd92eb7 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java index 30f48fe2d..1b0bd0d54 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java index e0c5fdb75..103118613 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/UUIDPairwiseIdentiferService.java @@ -6,7 +6,6 @@ package org.mitre.openid.connect.service.impl; import java.util.Set; import java.util.UUID; -import org.apache.http.client.utils.URIBuilder; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.openid.connect.model.PairwiseIdentifier; import org.mitre.openid.connect.model.UserInfo; @@ -30,44 +29,44 @@ import com.google.common.collect.Iterables; public class UUIDPairwiseIdentiferService implements PairwiseIdentiferService { private static Logger logger = LoggerFactory.getLogger(UUIDPairwiseIdentiferService.class); - + @Autowired private PairwiseIdentifierRepository pairwiseIdentifierRepository; - + @Override - public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client) { - + public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client) { + String sectorIdentifier = null; - + if (!Strings.isNullOrEmpty(client.getSectorIdentifierUri())) { UriComponents uri = UriComponentsBuilder.fromUriString(client.getSectorIdentifierUri()).build(); sectorIdentifier = uri.getHost(); // calculate based on the host component only } else { - Set redirectUris = client.getRedirectUris(); + Set redirectUris = client.getRedirectUris(); UriComponents uri = UriComponentsBuilder.fromUriString(Iterables.getOnlyElement(redirectUris)).build(); sectorIdentifier = uri.getHost(); // calculate based on the host of the only redirect URI } - + if (sectorIdentifier != null) { // if there's a sector identifier, use that for the lookup PairwiseIdentifier pairwise = pairwiseIdentifierRepository.getBySectorIdentifier(userInfo.getSub(), sectorIdentifier); if (pairwise == null) { // we don't have an identifier, need to make and save one - + pairwise = new PairwiseIdentifier(); pairwise.setIdentifier(UUID.randomUUID().toString()); pairwise.setUserSub(userInfo.getSub()); pairwise.setSectorIdentifier(sectorIdentifier); - + pairwiseIdentifierRepository.save(pairwise); } - + return pairwise.getIdentifier(); } else { - + return null; } - } + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java index 878ee9db7..8952929c6 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -59,10 +59,10 @@ public class ConnectTokenEnhancer implements TokenEnhancer { @Autowired private ApprovedSiteService approvedSiteService; - + @Autowired private UserInfoService userInfoService; - + @Autowired private OIDCTokenService connectTokenService; @@ -91,7 +91,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer { if (client.getIdTokenSignedResponseAlg() != null) { signingAlg = client.getIdTokenSignedResponseAlg(); } - + SignedJWT signed = new SignedJWT(new JWSHeader(signingAlg), claims); jwtService.signJwt(signed); @@ -108,9 +108,9 @@ public class ConnectTokenEnhancer implements TokenEnhancer { String username = authentication.getName(); UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId); - - OAuth2AccessTokenEntity idTokenEntity = connectTokenService.createIdToken(client, - originalAuthRequest, (java.util.Date) claims.getIssueTime(), + + OAuth2AccessTokenEntity idTokenEntity = connectTokenService.createIdToken(client, + originalAuthRequest, claims.getIssueTime(), userInfo.getSub(), signingAlg, token); // attach the id token to the parent access token diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java index 00919f068..282fc4e65 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -133,39 +133,39 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { Collection aps = approvedSiteService.getByClientIdAndUserId(clientId, userId); for (ApprovedSite ap : aps) { - + if (!ap.isExpired()) { - + // if we find one that fits... if (systemScopes.scopesMatch(ap.getAllowedScopes(), authorizationRequest.getScope())) { - + //We have a match; update the access date on the AP entry and return true. ap.setAccessDate(new Date()); approvedSiteService.save(ap); - + authorizationRequest.getExtensions().put("approved_site", ap.getId()); authorizationRequest.setApproved(true); alreadyApproved = true; - + setAuthTime(authorizationRequest); } } } - + if (!alreadyApproved) { WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId); if (ws != null && systemScopes.scopesMatch(ws.getAllowedScopes(), authorizationRequest.getScope())) { - + //Create an approved site ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws); authorizationRequest.getExtensions().put("approved_site", newSite.getId()); authorizationRequest.setApproved(true); - + setAuthTime(authorizationRequest); } } } - + return authorizationRequest; } @@ -199,7 +199,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { String scope = approvalParams.get(key); Set approveSet = Sets.newHashSet(scope); - + //Make sure this scope is allowed for the given client if (systemScopes.scopesMatch(client.getScope(), approveSet)) { @@ -208,12 +208,12 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { if (systemScope.isStructured()){ String paramValue = approvalParams.get("scopeparam_" + scope); allowedScopes.add(scope + ":"+paramValue); - // .. and if it's unstructured, we're all set + // .. and if it's unstructured, we're all set } else { allowedScopes.add(scope); } } - + } } @@ -235,7 +235,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null); authorizationRequest.getExtensions().put("approved_site", newSite.getId()); } - + setAuthTime(authorizationRequest); @@ -245,7 +245,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { } /** - * Get the auth time out of the current session and add it to the + * Get the auth time out of the current session and add it to the * auth request in the extensions map. * * @param authorizationRequest diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java index de059334b..95c75ed39 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -38,7 +38,7 @@ import com.nimbusds.jose.util.Base64URL; public class IdTokenHashUtils { private static Logger logger = LoggerFactory.getLogger(IdTokenHashUtils.class); - + /** * Compute the SHA hash of an authorization code * @@ -49,7 +49,7 @@ public class IdTokenHashUtils { public static Base64URL getCodeHash(JWSAlgorithm signingAlg, String code) { return getHash(signingAlg, code.getBytes()); } - + /** * Compute the SHA hash of a token * @@ -58,38 +58,38 @@ public class IdTokenHashUtils { * @return */ public static Base64URL getAccessTokenHash(JWSAlgorithm signingAlg, OAuth2AccessTokenEntity token) { - + byte[] tokenBytes = token.getJwt().serialize().getBytes(); - + return getHash(signingAlg, tokenBytes); } - + public static Base64URL getHash(JWSAlgorithm signingAlg, byte[] bytes) { - + //Switch based on the given signing algorithm - use SHA-xxx with the same 'xxx' bitnumber //as the JWSAlgorithm to hash the token. String hashAlg = null; - + if (signingAlg.equals(JWSAlgorithm.HS256) || signingAlg.equals(JWSAlgorithm.ES256) || signingAlg.equals(JWSAlgorithm.RS256)) { hashAlg = "SHA-256"; } - + else if (signingAlg.equals(JWSAlgorithm.ES384) || signingAlg.equals(JWSAlgorithm.HS384) || signingAlg.equals(JWSAlgorithm.RS384)) { hashAlg = "SHA-384"; } - + else if (signingAlg.equals(JWSAlgorithm.ES512) || signingAlg.equals(JWSAlgorithm.HS512) || signingAlg.equals(JWSAlgorithm.RS512)) { hashAlg = "SHA-512"; } - + if (hashAlg != null) { try { MessageDigest hasher = MessageDigest.getInstance(hashAlg); hasher.reset(); hasher.update(bytes); - + byte[] hashBytes = hasher.digest(); byte[] hashBytesLeftHalf = Arrays.copyOf(hashBytes, hashBytes.length / 2); Base64URL encodedHash = Base64URL.encode(hashBytesLeftHalf); @@ -97,14 +97,14 @@ public class IdTokenHashUtils { return encodedHash; } catch (NoSuchAlgorithmException e) { - + logger.error("No such algorithm error: ", e); - + } } - + return null; } - + } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java index aa6f3c675..a7a095c0e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java index df28945ff..1de8b060a 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java index e8bba8c61..907d88539 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java index cff2433c0..5759f1a73 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java index 9ce73d968..162ed8c96 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java index bea29d566..853d1317a 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java index 84652fd6f..b5babd9a0 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java index c0446ca53..e1409ed9a 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java index e914765e0..7182f07af 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,8 +20,8 @@ import java.io.IOException; import java.io.Writer; import java.util.HashSet; import java.util.Map; -import java.util.Set; import java.util.Map.Entry; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -49,7 +49,7 @@ public class UserInfoView extends AbstractView { private static JsonParser jsonParser = new JsonParser(); private static Logger logger = LoggerFactory.getLogger(UserInfoView.class); - + @Autowired private ScopeClaimTranslationService translator; @@ -129,11 +129,11 @@ public class UserInfoView extends AbstractView { // get the base object JsonObject obj = ui.toJson(); - + Set allowedByScope = translator.getClaimsForScopeSet(scope); Set authorizedByClaims = new HashSet(); Set requestedByClaims = new HashSet(); - + if (authorizedClaims != null) { JsonObject userinfoAuthorized = authorizedClaims.getAsJsonObject().get("userinfo").getAsJsonObject(); for (Entry entry : userinfoAuthorized.getAsJsonObject().entrySet()) { @@ -146,24 +146,24 @@ public class UserInfoView extends AbstractView { requestedByClaims.add(entry.getKey()); } } - + // Filter claims by performing a manual intersection of claims that are allowed by the given scope, requested, and authorized. // We cannot use Sets.intersection() or similar because Entry<> objects will evaluate to being unequal if their values are // different, whereas we are only interested in matching the Entry<>'s key values. - JsonObject result = new JsonObject(); + JsonObject result = new JsonObject(); for (Entry entry : obj.entrySet()) { - + if (allowedByScope.contains(entry.getKey()) || authorizedByClaims.contains(entry.getKey())) { // it's allowed either by scope or by the authorized claims (either way is fine with us) - + if (requestedByClaims.isEmpty() || requestedByClaims.contains(entry.getKey())) { // the requested claims are empty (so we allow all), or they're not empty and this claim was specifically asked for result.add(entry.getKey(), entry.getValue()); } // otherwise there were specific claims requested and this wasn't one of them } } - + return result; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index 9ac3f0dcc..47efe162c 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthenticationTimeStamper.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthenticationTimeStamper.java index 8c21d094c..7968b91dc 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthenticationTimeStamper.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthenticationTimeStamper.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -61,12 +61,12 @@ public class AuthenticationTimeStamper extends SavedRequestAwareAuthenticationSu HttpSession session = request.getSession(); session.setAttribute(AUTH_TIMESTAMP, authTimestamp); - + if (session.getAttribute(PromptFilter.PROMPT_REQUESTED) != null) { session.setAttribute(PromptFilter.PROMPTED, Boolean.TRUE); session.removeAttribute(PromptFilter.PROMPT_REQUESTED); } - + logger.info("Successful Authentication at " + authTimestamp.toString()); super.onAuthenticationSuccess(request, response, authentication); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java index 4290d89f3..984f134c4 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index 0780a8812..6f9989281 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -64,10 +64,10 @@ public class ClientAPI { @Autowired private ClientDetailsEntityService clientService; - + @Autowired private UserInfoService userInfoService; - + private JsonParser parser = new JsonParser(); private Gson gson = new GsonBuilder() @@ -173,7 +173,7 @@ public class ClientAPI { client.setContacts(Sets.newHashSet(user.getEmail())); } } - + client.setDynamicallyRegistered(false); ClientDetailsEntity newClient = clientService.saveNewClient(client); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index b332e2ffa..b86cf771e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,12 +17,9 @@ package org.mitre.openid.connect.web; import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; import java.util.Set; import java.util.concurrent.TimeUnit; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.client.utils.URLEncodedUtils; import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; @@ -42,7 +39,6 @@ import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; -import org.springframework.security.web.util.UrlUtils; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.PathVariable; @@ -62,7 +58,7 @@ public class ClientDynamicRegistrationEndpoint { @Autowired private OAuth2TokenEntityService tokenService; - + @Autowired private JwtSigningAndValidationService jwtService; @@ -71,7 +67,7 @@ public class ClientDynamicRegistrationEndpoint { @Autowired private ConfigurationPropertiesBean config; - + @Autowired private OIDCTokenService connectTokenService; @@ -113,7 +109,7 @@ public class ClientDynamicRegistrationEndpoint { if (allowedScopes == null || allowedScopes.isEmpty()) { allowedScopes = scopeService.getDefaults(); } - + newClient.setScope(scopeService.toStrings(allowedScopes)); @@ -156,17 +152,17 @@ public class ClientDynamicRegistrationEndpoint { // now save it try { ClientDetailsEntity savedClient = clientService.saveNewClient(newClient); - + // generate the registration access token OAuth2AccessTokenEntity token = connectTokenService.createRegistrationAccessToken(savedClient); tokenService.saveAccessToken(token); - + // send it all out to the view - + RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.CREATED); // http 201 - + return "clientInformationResponseView"; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); @@ -175,7 +171,7 @@ public class ClientDynamicRegistrationEndpoint { } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); - + return "httpCodeView"; } } else { @@ -281,23 +277,23 @@ public class ClientDynamicRegistrationEndpoint { try { // save the client ClientDetailsEntity savedClient = clientService.updateClient(oldClient, newClient); - + // we return the token that we got in // TODO: rotate this after some set amount of time OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); - + RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); - + // send it all out to the view m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.OK); // http 200 - + return "clientInformationResponseView"; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); - + return "httpCodeView"; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java index e244752ae..0e5362769 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java index 4d119ea2a..c7f4c06c7 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java index baf3bfda4..97c376ffc 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java index a93ffe18b..47b37127f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index 6fb4fc235..fbfbb37ed 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -67,15 +67,15 @@ public class UserInfoEndpoint { model.addAttribute("code", HttpStatus.NOT_FOUND); return "httpCodeView"; } - + model.addAttribute("scope", auth.getOAuth2Request().getScope()); - + model.addAttribute("authorizedClaims", auth.getOAuth2Request().getExtensions().get("claims")); if (!Strings.isNullOrEmpty(claimsRequestJsonString)) { model.addAttribute("requestedClaims", claimsRequestJsonString); } - + model.addAttribute("userInfo", userInfo); return "userInfoView"; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index ce3ed070d..b3f47487f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java index bd5a3f603..016e006f2 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,11 @@ ******************************************************************************/ package org.mitre.oauth2.service.impl; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + import java.util.Set; import org.junit.Before; @@ -38,11 +43,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidClientExcept import com.google.common.collect.Sets; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - /** * @author wkim * @@ -67,7 +67,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService { @Mock private SystemScopeService scopeService; - + @InjectMocks private DefaultOAuth2ClientDetailsEntityService service; diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java index 992925fd7..bdfbee6d0 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -43,9 +43,7 @@ import org.mockito.InjectMocks; import org.mockito.Matchers; import org.mockito.Mock; import org.mockito.Mockito; -import org.mockito.invocation.InvocationOnMock; import org.mockito.runners.MockitoJUnitRunner; -import org.mockito.stubbing.Answer; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; @@ -96,7 +94,7 @@ public class TestDefaultOAuth2ProviderTokenService { @Mock private SystemScopeService scopeService; - + @InjectMocks private DefaultOAuth2ProviderTokenService service; @@ -107,8 +105,8 @@ public class TestDefaultOAuth2ProviderTokenService { public void prepare() { Mockito.reset(tokenRepository, authenticationHolderRepository, clientDetailsService, tokenEnhancer); - - + + authentication = Mockito.mock(OAuth2Authentication.class); OAuth2Request clientAuth = new OAuth2Request(null, clientId, null, true, scope, null, null, null, null); Mockito.when(authentication.getOAuth2Request()).thenReturn(clientAuth); @@ -135,9 +133,9 @@ public class TestDefaultOAuth2ProviderTokenService { Mockito.when(refreshToken.getAuthenticationHolder()).thenReturn(storedAuthHolder); Mockito.when(storedAuthHolder.getAuthentication()).thenReturn(storedAuthentication); Mockito.when(storedAuthentication.getOAuth2Request()).thenReturn(storedAuthRequest); - + Mockito.when(authenticationHolderRepository.save(Matchers.any(AuthenticationHolderEntity.class))).thenReturn(storedAuthHolder); - + Mockito.when(scopeService.removeRestrictedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg()); } diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java index abbb951eb..1d35a9ce5 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,11 @@ ******************************************************************************/ package org.mitre.oauth2.service.impl; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + import java.util.Set; import org.junit.Before; @@ -32,11 +37,6 @@ import org.mockito.stubbing.Answer; import com.google.common.collect.Sets; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; - /** * @author wkim * @@ -100,11 +100,11 @@ public class TestDefaultSystemScopeService { // extraScope1 : extra scope that is neither (defaults to false/false) extraScope1 = new SystemScope(extraScope1String); - + // structuredScope1 : structured scope structuredScope1 = new SystemScope(structuredScope1String); structuredScope1.setStructured(true); - + // structuredScope1Value : structured scope with value structuredScope1Value = new SystemScope(structuredScope1String); structuredScope1Value.setStructured(true); @@ -122,14 +122,14 @@ public class TestDefaultSystemScopeService { // we re-use this value so we've got to use thenAnswer instead Mockito.when(repository.getByValue(structuredScope1String)).thenAnswer(new Answer() { @Override - public SystemScope answer(InvocationOnMock invocation) throws Throwable { + public SystemScope answer(InvocationOnMock invocation) throws Throwable { SystemScope s = new SystemScope(structuredScope1String); s.setStructured(true); return s; - } - + } + }); - + Mockito.when(repository.getAll()).thenReturn(allScopes); } @@ -175,41 +175,41 @@ public class TestDefaultSystemScopeService { @Test public void scopesMatch() { - + Set expected = Sets.newHashSet("foo", "bar", "baz"); Set actualGood = Sets.newHashSet("foo", "baz", "bar"); Set actualGood2 = Sets.newHashSet("foo", "bar"); Set actualBad = Sets.newHashSet("foo", "bob", "bar"); - + // same scopes, different order assertThat(service.scopesMatch(expected, actualGood), is(true)); // subset assertThat(service.scopesMatch(expected, actualGood2), is(true)); - + // extra scope (fail) assertThat(service.scopesMatch(expected, actualBad), is(false)); } - + @Test public void scopesMatch_structured() { Set expected = Sets.newHashSet("foo", "bar", "baz"); Set actualGood = Sets.newHashSet("foo:value", "baz", "bar"); Set actualBad = Sets.newHashSet("foo:value", "bar:value"); - + // note: we have to use "thenAnswer" here to mimic the repository not serializing the structuredValue field Mockito.when(repository.getByValue("foo")).thenAnswer(new Answer() { @Override - public SystemScope answer(InvocationOnMock invocation) throws Throwable { + public SystemScope answer(InvocationOnMock invocation) throws Throwable { SystemScope foo = new SystemScope("foo"); foo.setStructured(true); return foo; - } - + } + }); - + assertThat(service.scopesMatch(expected, actualGood), is(true)); - + assertThat(service.scopesMatch(expected, actualBad), is(false)); } } diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java index cc37fa5d6..c1efa98a4 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,10 @@ ******************************************************************************/ package org.mitre.openid.connect.service.impl; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.times; + import java.util.HashSet; import java.util.Set; @@ -34,10 +38,6 @@ import org.springframework.test.annotation.Rollback; import com.google.common.collect.Sets; -import static org.mockito.Matchers.any; -import static org.mockito.Mockito.never; -import static org.mockito.Mockito.times; - @RunWith(MockitoJUnitRunner.class) public class TestDefaultApprovedSiteService { diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java index ef1466a8c..f2204f162 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,10 @@ ******************************************************************************/ package org.mitre.openid.connect.service.impl; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.times; + import java.util.Set; import org.junit.Before; @@ -30,10 +34,6 @@ import org.mockito.runners.MockitoJUnitRunner; import com.google.common.collect.Sets; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.mockito.Mockito.times; - /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java index 6cf4b0ba4..45181f552 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,9 @@ ******************************************************************************/ package org.mitre.openid.connect.service.impl; +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; + import java.util.HashSet; import java.util.Map; @@ -33,9 +36,6 @@ import org.mockito.runners.MockitoJUnitRunner; import com.google.common.collect.Sets; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertThat; - /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java index f5a359484..bd9b856aa 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java @@ -3,6 +3,9 @@ */ package org.mitre.openid.connect.service.impl; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; + import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -14,15 +17,13 @@ import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.repository.UserInfoRepository; import org.mitre.openid.connect.service.PairwiseIdentiferService; import org.mockito.InjectMocks; +import org.mockito.Matchers; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.invocation.InvocationOnMock; import org.mockito.runners.MockitoJUnitRunner; import org.mockito.stubbing.Answer; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; - /** * @author jricher * @@ -37,42 +38,42 @@ public class TestDefaultUserInfoService { @Mock private ClientDetailsEntityService clientDetailsEntityService; - + @Mock private PairwiseIdentiferService pairwiseIdentiferService; - + private UserInfo userInfoAdmin; private UserInfo userInfoRegular; - + private ClientDetailsEntity publicClient1; private ClientDetailsEntity publicClient2; private ClientDetailsEntity pairwiseClient1; private ClientDetailsEntity pairwiseClient2; private ClientDetailsEntity pairwiseClient3; private ClientDetailsEntity pairwiseClient4; - + private String adminUsername = "username"; private String regularUsername = "regular"; private String adminSub = "adminSub12d3a1f34a2"; private String regularSub = "regularSub652ha23b"; - + private String pairwiseSub12 = "regularPairwise-12-31ijoef"; private String pairwiseSub3 = "regularPairwise-3-1ojadsio"; private String pairwiseSub4 = "regularPairwise-4-1ojadsio"; - + private String publicClientId1 = "publicClient-1-313124"; private String publicClientId2 = "publicClient-2-4109312"; private String pairwiseClientId1 = "pairwiseClient-1-2312"; private String pairwiseClientId2 = "pairwiseClient-2-324416"; private String pairwiseClientId3 = "pairwiseClient-3-154157"; private String pairwiseClientId4 = "pairwiseClient-4-4589723"; - + private String sectorIdentifier1 = "https://sector-identifier-12/url"; private String sectorIdentifier2 = "https://sector-identifier-12/url2"; private String sectorIdentifier3 = "https://sector-identifier-3/url"; - + /** * Initialize the service and the mocked repository. @@ -89,10 +90,10 @@ public class TestDefaultUserInfoService { userInfoRegular = new DefaultUserInfo(); userInfoRegular.setPreferredUsername(regularUsername); userInfoRegular.setSub(regularSub); - + publicClient1 = new ClientDetailsEntity(); publicClient1.setClientId(publicClientId1); - + publicClient2 = new ClientDetailsEntity(); publicClient2.setClientId(publicClientId2); publicClient2.setSubjectType(SubjectType.PUBLIC); @@ -102,7 +103,7 @@ public class TestDefaultUserInfoService { pairwiseClient1.setClientId(pairwiseClientId1); pairwiseClient1.setSubjectType(SubjectType.PAIRWISE); pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1); - + pairwiseClient2 = new ClientDetailsEntity(); pairwiseClient2.setClientId(pairwiseClientId2); pairwiseClient2.setSubjectType(SubjectType.PAIRWISE); @@ -113,14 +114,14 @@ public class TestDefaultUserInfoService { pairwiseClient3.setClientId(pairwiseClientId3); pairwiseClient3.setSubjectType(SubjectType.PAIRWISE); pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3); - + // pairwise with null sector pairwiseClient4 = new ClientDetailsEntity(); pairwiseClient4.setClientId(pairwiseClientId4); pairwiseClient4.setSubjectType(SubjectType.PAIRWISE); - - - + + + } @@ -156,7 +157,7 @@ public class TestDefaultUserInfoService { Mockito.when(userInfoRepository.getByUsername(adminUsername)).thenReturn(null); UserInfo user = service.getByUsername(adminUsername); - + assertNull(user); } @@ -165,17 +166,17 @@ public class TestDefaultUserInfoService { */ @Test public void getByUsernameAndClientId_publicClients() { - + Mockito.when(clientDetailsEntityService.loadClientByClientId(publicClientId1)).thenReturn(publicClient1); Mockito.when(clientDetailsEntityService.loadClientByClientId(publicClientId2)).thenReturn(publicClient2); - + Mockito.when(userInfoRepository.getByUsername(regularUsername)).thenReturn(userInfoRegular); - Mockito.verify(pairwiseIdentiferService, Mockito.never()).getIdentifier(Mockito.any(UserInfo.class), Mockito.any(ClientDetailsEntity.class)); - + Mockito.verify(pairwiseIdentiferService, Mockito.never()).getIdentifier(Matchers.any(UserInfo.class), Matchers.any(ClientDetailsEntity.class)); + UserInfo user1 = service.getByUsernameAndClientId(regularUsername, publicClientId1); UserInfo user2 = service.getByUsernameAndClientId(regularUsername, publicClientId2); - + assertEquals(regularSub, user1.getSub()); assertEquals(regularSub, user2.getSub()); } @@ -185,20 +186,21 @@ public class TestDefaultUserInfoService { */ @Test public void getByUsernameAndClientId_pairwiseClients() { - + Mockito.when(clientDetailsEntityService.loadClientByClientId(pairwiseClientId1)).thenReturn(pairwiseClient1); Mockito.when(clientDetailsEntityService.loadClientByClientId(pairwiseClientId2)).thenReturn(pairwiseClient2); Mockito.when(clientDetailsEntityService.loadClientByClientId(pairwiseClientId3)).thenReturn(pairwiseClient3); Mockito.when(clientDetailsEntityService.loadClientByClientId(pairwiseClientId4)).thenReturn(pairwiseClient4); - + Mockito.when(userInfoRepository.getByUsername(regularUsername)).thenAnswer(new Answer() { - public UserInfo answer(InvocationOnMock invocation) throws Throwable { - UserInfo userInfo = new DefaultUserInfo(); - userInfo.setPreferredUsername(regularUsername); - userInfo.setSub(regularSub); - - return userInfo; - } + @Override + public UserInfo answer(InvocationOnMock invocation) throws Throwable { + UserInfo userInfo = new DefaultUserInfo(); + userInfo.setPreferredUsername(regularUsername); + userInfo.setSub(regularSub); + + return userInfo; + } }); Mockito.when(pairwiseIdentiferService.getIdentifier(userInfoRegular, pairwiseClient1)).thenReturn(pairwiseSub12); @@ -210,14 +212,14 @@ public class TestDefaultUserInfoService { UserInfo user2 = service.getByUsernameAndClientId(regularUsername, pairwiseClientId2); UserInfo user3 = service.getByUsernameAndClientId(regularUsername, pairwiseClientId3); UserInfo user4 = service.getByUsernameAndClientId(regularUsername, pairwiseClientId4); - + assertEquals(pairwiseSub12, user1.getSub()); assertEquals(pairwiseSub12, user2.getSub()); assertEquals(pairwiseSub3, user3.getSub()); assertEquals(pairwiseSub4, user4.getSub()); } - - - + + + } diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoUserDetailsService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoUserDetailsService.java index aeae8ff6b..f8fbc4689 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoUserDetailsService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoUserDetailsService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,11 @@ ******************************************************************************/ package org.mitre.openid.connect.service.impl; +import static org.hamcrest.core.IsNot.not; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; +import static org.junit.matchers.JUnitMatchers.hasItem; + import java.util.ArrayList; import org.junit.Before; @@ -34,11 +39,6 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; import com.google.common.collect.Lists; -import static org.hamcrest.core.IsNot.not; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; -import static org.junit.matchers.JUnitMatchers.hasItem; - @RunWith(MockitoJUnitRunner.class) public class TestDefaultUserInfoUserDetailsService { @@ -50,12 +50,12 @@ public class TestDefaultUserInfoUserDetailsService { private UserInfo userInfoAdmin; private UserInfo userInfoRegular; - + private String adminUsername = "username"; private String regularUsername = "regular"; private String adminSub = "adminSub12d3a1f34a2"; private String regularSub = "regularSub652ha23b"; - + /** * Initialize the service and the mocked repository. * Initialize 2 users, one of them an admin, for use in unit tests. diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java index b0c95eefa..935c2c4de 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,6 +16,11 @@ ******************************************************************************/ package org.mitre.openid.connect.service.impl; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -26,11 +31,6 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java index e0aca3998..be4767afc 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java @@ -3,6 +3,9 @@ */ package org.mitre.openid.connect.service.impl; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotSame; + import java.util.Set; import java.util.UUID; @@ -16,15 +19,13 @@ import org.mitre.openid.connect.model.PairwiseIdentifier; import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.repository.PairwiseIdentifierRepository; import org.mockito.InjectMocks; +import org.mockito.Matchers; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; import com.google.common.collect.ImmutableSet; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotSame; - /** * @author jricher * @@ -37,30 +38,30 @@ public class TestUUIDPairwiseIdentiferService { @InjectMocks private UUIDPairwiseIdentiferService service; - + private UserInfo userInfoRegular; - + private ClientDetailsEntity pairwiseClient1; private ClientDetailsEntity pairwiseClient2; private ClientDetailsEntity pairwiseClient3; private ClientDetailsEntity pairwiseClient4; private ClientDetailsEntity pairwiseClient5; - + private String regularUsername = "regular"; private String regularSub = "regularSub652ha23b"; private String pairwiseSub = "pairwise-12-regular-user"; - + private String pairwiseClientId1 = "pairwiseClient-1-2312"; private String pairwiseClientId2 = "pairwiseClient-2-324416"; private String pairwiseClientId3 = "pairwiseClient-3-154157"; private String pairwiseClientId4 = "pairwiseClient-4-4589723"; private String pairwiseClientId5 = "pairwiseClient-5-34908713"; - + private String sectorHost12 = "sector-identifier-12"; private String sectorHost3 = "sector-identifier-3"; private String clientHost4 = "client-redirect-4"; private String clientHost5 = "client-redirect-5"; - + private String sectorIdentifier1 = "https://" + sectorHost12 + "/url"; private String sectorIdentifier2 = "https://" + sectorHost12 + "/url2"; private String sectorIdentifier3 = "https://" + sectorHost3 + "/url"; @@ -70,19 +71,19 @@ public class TestUUIDPairwiseIdentiferService { private Set pairwiseClient5RedirectUris = ImmutableSet.of("https://" + clientHost5 + "/oauth", "https://" + clientHost5 + "/other"); private PairwiseIdentifier savedPairwiseIdentifier; - + @Before public void prepare() { userInfoRegular = new DefaultUserInfo(); userInfoRegular.setPreferredUsername(regularUsername); userInfoRegular.setSub(regularSub); - + // pairwise set 1 pairwiseClient1 = new ClientDetailsEntity(); pairwiseClient1.setClientId(pairwiseClientId1); pairwiseClient1.setSubjectType(SubjectType.PAIRWISE); pairwiseClient1.setSectorIdentifierUri(sectorIdentifier1); - + pairwiseClient2 = new ClientDetailsEntity(); pairwiseClient2.setClientId(pairwiseClientId2); pairwiseClient2.setSubjectType(SubjectType.PAIRWISE); @@ -94,27 +95,27 @@ public class TestUUIDPairwiseIdentiferService { pairwiseClient3.setSubjectType(SubjectType.PAIRWISE); pairwiseClient3.setSectorIdentifierUri(sectorIdentifier3); pairwiseClient3.setRedirectUris(pairwiseClient3RedirectUris); - + // pairwise with null sector pairwiseClient4 = new ClientDetailsEntity(); pairwiseClient4.setClientId(pairwiseClientId4); pairwiseClient4.setSubjectType(SubjectType.PAIRWISE); pairwiseClient4.setRedirectUris(pairwiseClient4RedirectUris); - + // pairwise with multiple redirects and no sector (error) pairwiseClient5 = new ClientDetailsEntity(); pairwiseClient5.setClientId(pairwiseClientId5); pairwiseClient5.setSubjectType(SubjectType.PAIRWISE); pairwiseClient5.setRedirectUris(pairwiseClient5RedirectUris); - + // saved pairwise identifier from repository savedPairwiseIdentifier = new PairwiseIdentifier(); savedPairwiseIdentifier.setUserSub(regularSub); savedPairwiseIdentifier.setIdentifier(pairwiseSub); savedPairwiseIdentifier.setSectorIdentifier(sectorHost12); - + } - + /** * Test method for {@link org.mitre.openid.connect.service.impl.UUIDPairwiseIdentiferService#getIdentifier(org.mitre.openid.connect.model.UserInfo, org.mitre.oauth2.model.ClientDetailsEntity)}. */ @@ -122,59 +123,59 @@ public class TestUUIDPairwiseIdentiferService { public void testGetIdentifier_existingEqual() { Mockito.when(pairwiseIdentifierRepository.getBySectorIdentifier(regularSub, sectorHost12)).thenReturn(savedPairwiseIdentifier); - + String pairwise1 = service.getIdentifier(userInfoRegular, pairwiseClient1); String pairwise2 = service.getIdentifier(userInfoRegular, pairwiseClient2); assertEquals(pairwiseSub, pairwise1); assertEquals(pairwiseSub, pairwise2); - + } - + @Test public void testGetIdentifier_newEqual() { String pairwise1 = service.getIdentifier(userInfoRegular, pairwiseClient1); - Mockito.verify(pairwiseIdentifierRepository, Mockito.atLeast(1)).save(Mockito.any(PairwiseIdentifier.class)); - + Mockito.verify(pairwiseIdentifierRepository, Mockito.atLeast(1)).save(Matchers.any(PairwiseIdentifier.class)); + PairwiseIdentifier pairwiseId = new PairwiseIdentifier(); pairwiseId.setUserSub(regularSub); pairwiseId.setIdentifier(pairwise1); pairwiseId.setSectorIdentifier(sectorHost12); - + Mockito.when(pairwiseIdentifierRepository.getBySectorIdentifier(regularSub, sectorHost12)).thenReturn(pairwiseId); - + String pairwise2 = service.getIdentifier(userInfoRegular, pairwiseClient2); assertNotSame(pairwiseSub, pairwise1); assertNotSame(pairwiseSub, pairwise2); assertEquals(pairwise1, pairwise2); - + // see if the pairwise id's are actual UUIDs UUID uudi1 = UUID.fromString(pairwise1); UUID uuid2 = UUID.fromString(pairwise2); - + } - + @Test public void testGetIdentifer_unique() { String pairwise1 = service.getIdentifier(userInfoRegular, pairwiseClient1); String pairwise3 = service.getIdentifier(userInfoRegular, pairwiseClient3); String pairwise4 = service.getIdentifier(userInfoRegular, pairwiseClient4); - + // make sure nothing's equal assertNotSame(pairwise1, pairwise3); assertNotSame(pairwise1, pairwise4); assertNotSame(pairwise3, pairwise4); - + // see if the pairwise id's are actual UUIDs UUID uudi1 = UUID.fromString(pairwise1); UUID uudi3 = UUID.fromString(pairwise3); UUID uudi4 = UUID.fromString(pairwise4); } - + @Test(expected = IllegalArgumentException.class) public void testGetIdentifier_multipleRedirectError() { String pairwise5 = service.getIdentifier(userInfoRegular, pairwiseClient5); diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java index a7dfc883a..a34d58fdf 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright 2013 The MITRE Corporation + * Copyright 2013 The MITRE Corporation * and the MIT Kerberos and Internet Trust Consortium * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -39,31 +39,31 @@ import com.nimbusds.jwt.PlainJWT; */ @RunWith(MockitoJUnitRunner.class) public class TestIdTokenHashUtils { - + @Mock OAuth2AccessTokenEntity mockToken256; @Mock OAuth2AccessTokenEntity mockToken384; @Mock OAuth2AccessTokenEntity mockToken512; - + @Before public void prepare() { - + JWTClaimsSet claims = new JWTClaimsSet(); claims.setType("JWT"); claims.setIssuer("www.example.com"); claims.setSubject("example_user"); claims.setClaim("alg", "HS256"); Mockito.when(mockToken256.getJwt()).thenReturn(new PlainJWT(claims)); - + claims = new JWTClaimsSet(); claims.setType("JWT"); claims.setIssuer("www.another-example.net"); claims.setSubject("another_user"); claims.setClaim("alg", "ES384"); Mockito.when(mockToken384.getJwt()).thenReturn(new PlainJWT(claims)); - + claims = new JWTClaimsSet(); claims.setType("JWT"); claims.setIssuer("www.different.com"); @@ -71,10 +71,10 @@ public class TestIdTokenHashUtils { claims.setClaim("alg", "RS512"); Mockito.when(mockToken512.getJwt()).thenReturn(new PlainJWT(claims)); } - + @Test public void getAccessTokenHash256() { - + /* * independently generate hash ascii of token = eyJhbGciOiJub25lIn0.eyJhbGciOiJIUzI1NiIsInN1YiI6ImV4YW1wbGVfdXNlciIsImlzcyI6Ind3dy5leGFtcGxlLmNvbSIsInR5cCI6IkpXVCJ9. @@ -82,55 +82,55 @@ public class TestIdTokenHashUtils { */ String token = mockToken256.getJwt().serialize(); Base64URL expectedHash = new Base64URL("EP1gXNeESRH-n57baopfTQ"); - + Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256); - + assertEquals(expectedHash, resultHash); } - + @Test public void getAccessTokenHash384() { - + /* * independently generate hash ascii of token = eyJhbGciOiJub25lIn0.eyJhbGciOiJFUzM4NCIsInN1YiI6ImFub3RoZXJfdXNlciIsImlzcyI6Ind3dy5hbm90aGVyLWV4YW1wbGUubmV0IiwidHlwIjoiSldUIn0. base64url of hash = BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK */ - - String token = mockToken384.getJwt().serialize(); + + String token = mockToken384.getJwt().serialize(); Base64URL expectedHash = new Base64URL("BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK"); - + Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384); - + assertEquals(expectedHash, resultHash); } - + @Test public void getAccessTokenHash512() { - + /* * independently generate hash ascii of token = eyJhbGciOiJub25lIn0.eyJhbGciOiJSUzUxMiIsInN1YiI6ImRpZmZlcmVudF91c2VyIiwiaXNzIjoid3d3LmRpZmZlcmVudC5jb20iLCJ0eXAiOiJKV1QifQ. base64url of hash = vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k */ - - String token = mockToken512.getJwt().serialize(); + + String token = mockToken512.getJwt().serialize(); Base64URL expectedHash = new Base64URL("vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k"); - + Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512); - + assertEquals(expectedHash, resultHash); } - + @Test public void getCodeHash512() { - + String testCode = "b0x0rZ"; - + Base64URL expectedHash = new Base64URL("R5DCRi5eOjlvyTAJfry2dNM9adJ2ElpDEKYYByYU920"); // independently generated - + Base64URL resultHash = IdTokenHashUtils.getCodeHash(JWSAlgorithm.ES512, testCode); - + assertEquals(expectedHash, resultHash); } }