From f4edd3164feeedc8ff8a148cfdfed5acfa771aec Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Thu, 12 Jun 2014 19:37:32 -0400
Subject: [PATCH] made timeout field optional, tokens don't expire in the
 default case

---
 .../src/main/webapp/WEB-INF/server-config.xml | 11 ++++-
 .../ClientDynamicRegistrationEndpoint.java    | 43 +++++++++++--------
 2 files changed, 35 insertions(+), 19 deletions(-)

diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml
index 394401b70..767e7c73c 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml
@@ -29,10 +29,19 @@
 		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd">
 
 	<bean id="configBean" class="org.mitre.openid.connect.config.ConfigurationPropertiesBean">
+	    
+	    <!-- This property sets the root URL of the server, known as the issuer. -->
 		<property name="issuer" value="http://localhost:8080/openid-connect-server-webapp/" />
+		
+		<!-- This property is a URL pointing to a logo image 24px high to be used in the top bar -->
  		<property name="logoImageUrl" value="resources/images/openid_connect_small.png" />
+ 		
+ 		<!-- This property sets the display name of the server, displayed in the topbar and page title -->
  		<property name="topbarTitle" value="OpenID Connect Server" />
- 		<property name="regTokenLifeTime" value="172800" />
+ 		
+		<!-- This property sets the lifetime of registration access tokens, in seconds. Leave it unset (null) for no rotation. -->
+		<!-- <property name="regTokenLifeTime" value="172800" /> -->
+
 	</bean>
 	
 </beans>
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
index 3551d97d5..d40992bce 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
@@ -217,10 +217,6 @@ public class ClientDynamicRegistrationEndpoint {
 				logger.error("Unsupported encoding", e);
 				m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
 				return "httpCodeView";
-			} catch (ParseException e) {
-				logger.error("Invalid Token", e);
-				m.addAttribute("code", HttpStatus.BAD_REQUEST);
-				return "httpCodeView";
 			}
 			
 		} else {
@@ -314,10 +310,6 @@ public class ClientDynamicRegistrationEndpoint {
 				logger.error("Unsupported encoding", e);
 				m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
 				return "httpCodeView";
-			} catch (ParseException e) {
-				logger.error("Invalid Token", e);
-				m.addAttribute("code", HttpStatus.BAD_REQUEST);
-				return "httpCodeView";
 			}
 		} else {
 			// client mismatch
@@ -528,18 +520,33 @@ public class ClientDynamicRegistrationEndpoint {
 		return newClient;
 	}
 	
-	private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) throws ParseException
-	{
+	private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) {
+		
 		OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
 		OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
-		// Re-issue the token if it has been issued before [currentTime - validity]
-		Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
-		if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate))
-		{
-			tokenService.revokeAccessToken(token);
-			token = connectTokenService.createRegistrationAccessToken(client);
-			tokenService.saveAccessToken(token);
+		
+		if (config.getRegTokenLifeTime() != null) {
+		
+			try {
+				// Re-issue the token if it has been issued before [currentTime - validity]
+				Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
+				if(token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) {
+					logger.info("Rotating the registration access token for " + client.getClientId());
+					tokenService.revokeAccessToken(token);
+					OAuth2AccessTokenEntity newToken = connectTokenService.createRegistrationAccessToken(client);
+					tokenService.saveAccessToken(newToken);
+					return newToken;
+				} else {
+					// it's not expired, keep going
+					return token;
+				}
+			} catch (ParseException e) {
+				logger.error("Couldn't parse a known-valid token?", e);
+				return token;
+			}
+		} else {
+			// tokens don't expire, just return it
+			return token;
 		}
-		return token;
 	}
 }