26a7d0b8a8
Fixed typo
2013-09-17 11:03:09 -04:00
c98f77c405
Remove @PostConstruct from JWKSetKeyStore
2013-09-17 10:54:19 -04:00
b75d77495a
if there's only one key, return it as the default
2013-09-16 17:27:05 -04:00
fb2f2f9792
spelling, property access, and cleanup
2013-09-16 17:27:04 -04:00
1d0560edbc
refactored some json utils to their own static class
2013-09-16 17:27:04 -04:00
aeab1ac3cb
added encryption method list to encryption/decryption service
2013-09-16 17:27:04 -04:00
6605877a1b
added encryption/decryption to cached JWK-URI service
2013-09-16 17:27:04 -04:00
2b0d02dc72
added additional discoverable fields to ServerConfig object
2013-09-16 17:27:04 -04:00
85d9e07a94
Removed @PostConstruct; placed buildSignersAndVerifiers() calls inside both constructors.
2013-09-13 14:44:38 -04:00
c22cd62977
Added null check;
2013-09-13 14:44:38 -04:00
aecf4958ed
Testing removing extra method calls
2013-09-13 14:44:38 -04:00
e67a41c556
added transient passthroughs to JOSE algorithms for client
2013-09-12 14:08:37 -04:00
f9ca15139d
added phone-number verified, addresses #505
...
affects #455
2013-09-12 10:19:14 -04:00
0281cf02fe
calculate pairwise based on redirect uri rather than client id
2013-09-11 14:37:17 -04:00
b1a6127d06
added equality checks to data model objects
2013-09-11 11:59:40 -04:00
dbdc2e777d
added pairwise identifier service and repository
2013-09-10 17:15:58 -04:00
914f2e4d93
added new call to get the UserInfo in context with the requesting client to allow for pairwise identifiers.
...
temporary implementation of pairwise identifiers in place
2013-09-10 16:01:17 -04:00
596b385d2a
interceptor shouldn't ever overwrite stuff from the base model
2013-09-10 15:27:04 -04:00
b9da10d176
look up by username instead of subject
2013-09-10 11:39:00 -04:00
61544ed774
cleanup
2013-09-06 16:07:24 -04:00
72f0ab631d
added transient structured value to system scope, added scope matcher function to scope service
2013-09-06 16:07:24 -04:00
1ef18a3a93
missed a service definition
2013-09-06 16:07:24 -04:00
b416888b07
Structured Scopes from BB+
2013-09-06 16:07:24 -04:00
0a962e17fa
stopgap to prevent some leaks due to #492
2013-08-30 16:38:11 -04:00
235029ba0e
inject user's authorities into javascript context
2013-08-29 16:58:36 -04:00
be6179d1ac
inject the current user into the javascript context
2013-08-29 16:44:01 -04:00
6276ec8e66
Revert "PlainSigner and PlainVerifier created for alg:none JWS support."
...
This reverts commit 30d7aaa66a
2013-08-26 15:33:14 -04:00
2108311d65
Revert "refactored code to use the more generic JWT declaration."
...
This reverts commit e0b56bc72a
2013-08-26 15:33:08 -04:00
1514b2d2e0
Revert "placeholder"
...
This reverts commit d763a954da
2013-08-26 15:33:00 -04:00
dd35dc60df
Revert "implemented alg:none at the signing service."
...
This reverts commit 02078ebccb
2013-08-26 15:32:55 -04:00
78559b625a
Revert "removed the plain verifer. validating a no-signature is simply handled as a special case in validateSignature(). Also, doing some type safety checks."
...
This reverts commit c957d59f7c
2013-08-26 15:32:50 -04:00
15ec027505
Revert "junit test added for signing service."
...
This reverts commit 9f89f84da1
2013-08-26 15:32:43 -04:00
9f89f84da1
junit test added for signing service.
2013-08-26 14:57:26 -04:00
c957d59f7c
removed the plain verifer. validating a no-signature is simply handled as a special case in validateSignature(). Also, doing some type safety checks.
2013-08-26 14:55:52 -04:00
02078ebccb
implemented alg:none at the signing service.
2013-08-26 14:21:09 -04:00
d763a954da
placeholder
2013-08-26 11:48:23 -04:00
e0b56bc72a
refactored code to use the more generic JWT declaration.
2013-08-26 11:32:46 -04:00
30d7aaa66a
PlainSigner and PlainVerifier created for alg:none JWS support.
2013-08-23 14:07:19 -04:00
da915d8b35
explicitly try to initialize the JWK set if it's null by the time the getter is called
2013-08-22 14:08:54 -04:00
0059c7b4cc
Use clients preferred algorithm, if any, to sign
2013-08-19 16:33:18 -04:00
a80c19384f
added 'use server default' to JOSE options, addresses #462
2013-08-19 15:52:00 -04:00
ba0c3c5d78
id tokens always expire, addresses #416
2013-08-19 12:42:37 -04:00
21068f57e6
cached jwk services expire after an hour
2013-08-16 12:06:49 -04:00
6e2baa3ec4
updated comments for jwe service.
2013-08-08 09:13:54 -04:00
e1b072c991
Updated nimbusds library version to 2.17.2 and made relevant changes in enc./dec. service and test
2013-08-07 18:07:58 -04:00
372675fd2a
changed encrypt/decrypt parameter to use JWEObject instead of EncryptedJWT
2013-08-07 18:07:58 -04:00
f0b77f8614
RSA encryption service tested.
2013-08-07 18:07:58 -04:00
3a1c551ff7
implemented symmetric key encryption.
2013-08-07 18:07:58 -04:00
dfbefe0780
encrypt/decrypt implemented. initial commit for unit testing of jwe service.
2013-08-07 18:07:58 -04:00
ae6721dd10
jwe service accessor methods and private initializing method done.
2013-08-07 18:07:58 -04:00
887338b2d9
jwe service init commit.
2013-08-07 18:07:57 -04:00
be97aedbc7
Used Predicates to filter expired tokens and approved sites;
2013-08-06 16:42:49 -04:00
b3bb43881d
Moved getExpired to service layers
2013-08-06 16:33:27 -04:00
eea37cf79c
Fixed token expiration bug by removing jsql queries. Instead expired tokens or approved sites are filtered at the repository level
2013-08-06 11:28:13 -04:00
2f711c88a7
Removed nonce service
2013-08-02 10:56:28 -04:00
d4fbb4f599
Removed Event class
2013-08-02 10:06:41 -04:00
beaeaa4ccc
I can spell "consortium", I promise
2013-07-29 17:40:26 -04:00
856c0ea0b5
Merge commit '023dd440d4a0e6e59a14c88013837d79a77c74e0' into 1.1-merge
...
Conflicts:
openid-connect-client/pom.xml
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/AuthorizationRequestImpl.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectionAuthorityGranter.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectionUrlProvider.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
openid-connect-client/src/test/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilterTest.java
openid-connect-common/pom.xml
openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetSigningAndValidationServiceCacheService.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/Event.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java
openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java
openid-connect-server/.gitignore
openid-connect-server/pom.xml
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java
openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/InvalidJwtSignatureException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/UnknownUserInfoSchemaException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/UserNotFoundException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultNonceService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ExceptionAsJSONView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/POCOUserInfoView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/StatsSummary.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/RequestObjectAuthorizationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java
openid-connect-server/src/main/webapp/WEB-INF/tags/aboutContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/breadcrumbs.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/contactContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/copyright.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/header.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageAbout.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageContact.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageStats.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageWelcome.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/sidebar.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/statsContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/topbar.tag
openid-connect-server/src/main/webapp/WEB-INF/views/about.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/approve.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/contact.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/exception/usernotfound.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/login.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/manage.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/stats.jsp
pom.xml
2013-07-29 16:21:20 -04:00
e658ffd7fc
format/cleanup and copyright
2013-07-29 11:28:51 -04:00
906db0ac86
Opened token api access to all users; restricted to only show currently-logged-in-users tokens
2013-07-29 09:18:08 -04:00
fb448a246a
converted test data to map, use new serializer
2013-07-26 12:55:22 -04:00
8edd6da136
added serializer for non-heirarchical URIs
2013-07-26 12:55:03 -04:00
5893d8f8f8
fixed up parsing regular expression
2013-07-26 12:54:09 -04:00
f565688e59
changed name issuer->normalized. the result of normalization is not necessarily the issuer.
2013-07-25 18:12:02 -04:00
d80aaced9a
reorganized test data and test methods.
2013-07-25 17:56:33 -04:00
809a243b64
tests for webfinger url normalization.
2013-07-25 15:00:10 -04:00
eaa7298ef1
init commit for Webfinger normilizer utility class.
2013-07-25 12:15:50 -04:00
b397f0ae15
First go at adding token API; needs to be tested
2013-07-24 09:14:46 -04:00
88db457fc4
Removed .springBeans from tracking; removed initializingbean in favor of @PostConstruct
2013-07-18 09:34:52 -04:00
a4a18fd54c
externalized introspection URL from client's introspecting token service, addresses #435
...
added service to parses token as JWT and pulls out issuer to find server
added introspection url to serverconfig object
added introspection parsing (and parse checks) to dynamic server config object
2013-07-16 17:00:40 -04:00
aad432c5d7
replaced stracktrace-printing with logger messages. removed some unused imports.
2013-07-16 13:52:32 -04:00
15aea61fbe
Applied code cleanup
2013-07-12 16:58:41 -04:00
e00d696c60
deleted auto-generated TODO.
2013-07-12 11:40:11 -04:00
e9c246808f
only our entity version may be stored in our storage layer. removed TODO.
2013-07-12 11:40:11 -04:00
77be0d0ea8
implemented getExpiresIn() for oauth access token entities.
2013-07-11 15:22:35 -04:00
2d3f43e3b8
Added task scheduling for deleting expired tokens and approved sites. Configuration is all done in application-context.xml so that it is easy to configure
2013-07-10 14:34:37 -04:00
a668fb964d
changed String comparison implementation for better readability
2013-06-28 15:31:50 -04:00
ab4d1da9d4
added logger warning if issuer url does not use http scheme.
2013-06-28 15:31:50 -04:00
b438e87f98
passed wire testing and updated unit tests.
2013-06-24 15:09:12 -04:00
e74444e3d1
addresses issue #366
2013-06-24 15:09:12 -04:00
530c3a75ee
Applyed refactoring
2013-06-24 09:44:59 -04:00
d6109fd1ae
explicitly mapped missing JPA columns in common->openid.connect.model #317
2013-06-18 15:19:17 -04:00
46641a2fa1
explicitly mapped missing JPA columns in common-oauth2.model #317
2013-06-18 15:19:17 -04:00
c577b691c7
moved OIDC auth token and userinfo interception filter to common package, addresses #353
2013-06-12 14:45:03 -04:00
6ed7477bc0
added stats to admin UI page, restyled scopes and dynamically registered flags
2013-06-07 18:05:07 -04:00
de77f2c75a
commentary!
2013-05-31 15:48:56 -04:00
d0eb98b8ff
tests for embedded JOSE objects
2013-05-31 15:46:27 -04:00
8ee299aab3
added tests for ClientDetailsEntity and RegisteredClient data objects
2013-05-31 15:46:27 -04:00
c760ebf4a4
changed expires_at -> client_secret_expires_at, issued_at -> client_id_issued_at
2013-05-31 15:46:27 -04:00
317526b1ad
unit tests for basic data classes
2013-05-29 17:47:04 -04:00
cc1da67639
fixed expires_at property, hid helper functions
2013-05-29 17:46:54 -04:00
81cd13f6d3
added RegisteredClient class to facilitate client configuration and dynamic registration, addresses #335
2013-05-20 17:19:28 -04:00
1e870703f8
added licence/copyright header
2013-05-02 11:45:20 -04:00
8afab04544
whitespace, import, brace, annotation, and format cleanups
2013-05-02 10:47:15 -04:00
c80b1081cc
Cleaning up approvedsite => token linkage
2013-04-24 11:52:03 -04:00
939a801048
Redid approved site -> token mapping so it is unidirectional from ApprovedSite side. Fixed some error logging, added a new view for ApprovedSite which will only show the IDs of the tokens in the approvedTokens list
2013-04-23 17:40:22 -04:00
a79aca906e
Fixed error logging; added ApprovedSite tracking to tokens
2013-04-22 15:49:06 -04:00
7307b4b19d
added tostring to system scope to help with debugging
2013-04-19 16:11:42 -04:00
fb859fc39a
added client dynamic registration service, extracted clientdetails<->json processing into its own static class
2013-04-19 14:23:11 -04:00
cf39b49657
added registration uri to server config, changed index of client config service to be server config not just issuer
2013-04-19 14:21:53 -04:00
f76f44b999
added dynamic discovery to client
2013-04-16 15:01:08 -04:00
33af3b1ad6
updated discovery endpoint to latest spec, removed surplus specialized view
2013-04-16 15:00:57 -04:00
23c318f6c2
Updating guava to 14.0.1
2013-04-10 15:31:32 -04:00
86a42ce294
fixed typo for older versions of java/maven
2013-04-09 21:48:23 -04:00
4538d8fb14
made signing and verification service construction safe for public-only keys
2013-03-28 17:03:18 -04:00
6cc50e7cd5
switched signing & validation service to use JWK natively for keys
2013-03-28 16:43:26 -04:00
5a04198eac
moved to JPSK based key store
2013-03-28 15:06:30 -04:00
e2ad4d2e8f
cleaned up spurious nosuchalgorithm exceptions, addresses #285
2013-03-28 15:06:30 -04:00
5f7c46aecd
updated to nimbus 2.13
2013-03-28 15:06:30 -04:00
fcc95f8a0a
Moved nonce processing stuff into nonce service and out of ConnectAuthorizationRequestManager
2013-03-22 14:38:37 -04:00
08eaaa0a12
updated repository to use proper concrete class
2013-03-21 15:20:36 -04:00
8fccbf3483
added Id field to DefaultUserInfo object, switched "userId" terminology to "subject"
2013-03-20 14:29:00 -04:00
b8d2adcf31
added fixme note to hardcoded JWS algorithm, cleaned up x509 view
2013-03-15 15:01:30 -04:00
f44c704472
major refactor of client filter
...
Collapsed filter into single class
pulled server config and client config management into service classes
created service for issuer (will handle account chooser)
created auth request services (handle signed and unsigned requests)
2013-03-14 18:05:50 -04:00
6320fce9fd
url -> uri in approval page
2013-03-07 10:39:33 -05:00
ad3a22e5d4
changed client defaults for JOSE bits
2013-03-06 15:24:46 -05:00
87c8672948
nullsafe check for refresh
2013-03-06 11:32:36 -05:00
217916603f
cleaned out broken unit tests -- now we can start fresh
2013-03-06 09:48:04 -05:00
70b2342864
fixed split client views, fixed typos in various places
2013-03-05 17:26:25 -05:00
51a7ccc397
entity -> embed
2013-03-05 16:33:13 -05:00
0d25d4cb17
null-preserving static parsers instead of constructors
2013-03-05 12:10:33 -05:00
26f03ec070
timestamp for creation date
2013-03-04 16:11:20 -05:00
fc978ac994
made require_auth_time nullable again
2013-03-04 15:44:49 -05:00
bbde2d3b90
todo
2013-03-04 15:06:31 -05:00
db24c203ec
added parser to client registration endpoint
2013-03-04 15:01:02 -05:00
5c044b9eff
added extra client fields to DB model, moved services to use new client model object
2013-03-04 14:22:42 -05:00
3f8d7d70e5
updated client model to match OAuth Dyn Reg and OIDC Reg
2013-03-04 12:48:05 -05:00
5b9422ffdf
cleaned up old unit tests
2013-03-04 11:37:49 -05:00
d7c857b09f
switched jwk view to use nimubs
2013-03-01 17:44:44 -05:00
6c1e6b2d74
refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure
2013-03-01 17:44:44 -05:00
385853fa1f
refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure
2013-03-01 17:44:44 -05:00
60b679e942
First steps towards adding display variables to config bean
2013-02-22 17:10:14 -05:00
a184b79b06
store tokens with .serialize() not .toString()
2013-02-22 12:08:01 -05:00
970e3f2f79
not entities after all
2013-02-22 12:08:01 -05:00
3d9ec51eb3
converted client filters to nimbus-jose
2013-02-22 12:08:01 -05:00
8d8010d90f
missed a little bit there
2013-02-22 12:08:01 -05:00
87fc92f97d
extra constructors for algorithm wrappers
2013-02-22 12:08:01 -05:00
e5732da857
added system default signing algorithm, converted token provider and enhancer to use nimbus-jose
2013-02-22 12:08:01 -05:00
10ab55a7e2
moved jwk/x509 publishing over to nimbus-jose (mostly)
2013-02-22 12:08:01 -05:00
fca30cd13f
added provisions to bootstrap signing and validation service from config files
2013-02-22 12:08:01 -05:00
520f55f960
reinstated signing and validation service
2013-02-22 12:08:01 -05:00
46a3e70377
removed idtoken class, removed all jwe/jwt tests
2013-02-22 12:08:01 -05:00
d00b351f32
moved token classes to use Nimbus-JOSE
2013-02-22 12:08:01 -05:00
1f50945831
added wrapper classes for JWE/JWS algorithms, switched client entity model to use and store them.
2013-02-22 12:08:01 -05:00
6dc9020a31
deleted local JOSE implementation classes
2013-02-22 12:08:01 -05:00
d0fdf8140e
sorting on approval page
2013-02-05 15:47:32 -05:00
eb4773ce46
beginning dynamic scopes on auth page
2013-02-05 11:28:39 -05:00
c2b9fd4db1
system scope ordering consistency
2013-02-05 11:11:41 -05:00
cab36a2b80
added appropriate filterered and transformative actions to scope service
2013-02-03 22:04:55 -05:00
ab35186696
added scope service, repository, and API
2013-02-03 22:02:24 -05:00
19e7b62a42
removed persistence.xml and moved to pure spring-based config, addresses #194
2013-02-03 22:02:23 -05:00
a3619240e6
added site scope
2013-02-03 22:02:23 -05:00
f0ee36dad2
auth_type -> auth_method (addresses #258 )
2013-01-18 18:26:55 -05:00
e4284353e8
added azp, addresses #247
2013-01-18 18:09:32 -05:00
da43ba4d55
audience field is now plural
2013-01-18 17:59:46 -05:00
27a26e0a35
(user_id/prn) -> sub
2013-01-18 16:40:05 -05:00
0ab4ad4bbe
added "birthdate", addresses #253
2013-01-18 15:38:41 -05:00
a6806255b8
use sign-magnatude not twos-complement in key parsing
2013-01-18 15:10:48 -05:00
e8095bab26
principal and audience are different (I thought I fixed this??)
2013-01-18 15:10:48 -05:00
c946a84b09
adapted keyfetcher to be more general
2013-01-18 15:06:00 -05:00
a4637ec395
Fleshed out nonce service classes, added code to token service impl to check for and store nonces. Added JodaTime library for working with dates.
2013-01-04 15:30:24 -05:00
c7ae315e98
Added initial files for nonce service. Repository and service impls are stubs
2013-01-04 15:30:24 -05:00
18ddd8333f
added flag to allow introspection, relaxed same-client restrictions on introspection and chained tokens
2012-12-18 11:07:24 -05:00
51b67ebc03
added queries to get access token from id token
2012-12-14 17:35:20 -05:00
b49c6571e8
fixed empty constructor of id token, fixed bug in copy constructor of claimset
2012-12-14 17:35:20 -05:00
6344a72519
missed a few applicationName references, fixed API JSON rendering
2012-12-11 15:16:18 -05:00
33ceedb283
added scope and grant_type, switched to timeunit
2012-12-11 12:11:09 -05:00
e2bc15c2b2
beginning of client registration refactor to track IETF dynreg spec
2012-12-10 17:36:33 -05:00
0659432561
removed builder
2012-12-10 17:16:57 -05:00
7586c6d661
added "NONE" type auth
2012-12-10 17:16:35 -05:00
4bd289c18c
shadowed null id token from serializer
2012-12-10 11:30:16 -05:00
f072aba3f5
moved client details service, fixed authorities mapper
2012-12-10 09:49:07 -05:00
7342da6a51
completed making id tokens into access tokens
2012-12-06 16:24:04 -05:00
b8f701d9d8
switched id tokens to entities, they're now access tokens also
...
still needs some work to get the auth object right, for now we're just copying from the access token
2012-12-06 10:19:21 -05:00
4698552c2d
made email_verified nullable, addresses #237
2012-12-05 16:54:15 -05:00
413c477879
utility method for approved sites to check expiration
2012-11-26 14:25:38 -05:00
f50726ab31
Issue 209 - typo
2012-11-21 14:51:30 -05:00
9c08944a02
Changed arity on approved sites (now can have many per user/site combo)
2012-11-20 14:07:55 -05:00
e9d1ed270d
service layer cleanups
2012-11-19 13:46:09 -05:00
757e21a722
added blacklist API
2012-11-16 11:57:46 -05:00
2a0602863e
Conveted Booleans to booleans
2012-09-20 11:32:59 -04:00
51073a7f8d
Refactor part 3
2012-09-18 15:01:05 -04:00
dd2abd94d1
Refactoring part 2
2012-09-18 14:36:27 -04:00
c40efda6b5
Refactor part 1
2012-09-18 14:24:34 -04:00
920b2a59ba
Fixed error logging
2012-09-10 17:17:03 -04:00
2d24435365
Created custom resolver, handler mapper
...
moved endpoint back to server
2012-09-10 17:17:03 -04:00
be1046f9b6
bean-based configuration
2012-09-10 17:17:03 -04:00
7eb0a6f3d2
Moved JWK to commons
2012-09-10 17:17:03 -04:00
42389286e4
removed non-RSA algorithms from JWE encrypter/decrypter functions
2012-09-06 17:28:17 -04:00
558a6286e2
switched to Guava for parsing ints into bytes, addresses #154
2012-09-06 17:26:20 -04:00
2b62042696
unshadowed Jwe header, unshadowed IdTokenClaims, added smart copy constructor to ClaimSet
2012-09-06 17:20:22 -04:00
11b35267b4
Refactored stats processor into a service, made home page into a smart page.
2012-08-28 17:42:43 -04:00
d041ddb0e1
Added approvedSite API and support structure
2012-08-28 15:28:55 -04:00
8ae1b376fe
updated whitelist service and repository
2012-08-28 15:28:55 -04:00
140de779fd
converted userid type to enum
2012-08-27 16:00:27 -04:00
1c34f83297
Fixed JWS algorithm parsing
2012-08-27 15:58:23 -04:00
29ac1a3a70
reverse lookup for clientdetails utiltiy classes
2012-08-27 14:45:14 -04:00
21ff134383
JWS coment/format cleanup
2012-08-27 14:45:02 -04:00
b5ce8d5e8b
added getByUsername to userinfo repositories and supporting classes, updated calling classes to use this
...
fixed namedquery
2012-08-23 18:23:47 -04:00
ba24ca1f60
removed unused utility method
2012-08-23 18:22:29 -04:00
ba5572b28a
Tidied up a bit, added javadoc comments to new classes
2012-08-23 11:05:10 -04:00
c23b176567
Database backed authorization-code-service now works.
2012-08-23 10:46:08 -04:00
4b76cc514b
Added a database-backed authorization-code system. Untested; needs to be injected into configuration in the place of the in-memory one and tested
2012-08-22 16:54:00 -04:00
dc61068702
Split approved site and whitelisted site scope tables.
2012-08-22 15:21:42 -04:00
a02f37cec3
added generators to client service API
2012-08-20 12:22:18 -04:00
26d5a846e0
Updated validator structure and id token checking.
2012-08-17 16:18:08 -04:00
012bb4afd7
Changed casing on "URI" to "Url" to match other parameters.
2012-08-17 15:32:04 -04:00
d14f55004c
added parser to userinfo object, userinfo url in filter, fixed bug in user_id check
2012-08-17 14:40:13 -04:00
fbd6e67af8
Refactored auth provider to call the userinfo endpoint and provide info inside the auth token.
2012-08-17 14:40:13 -04:00
1efe7a1fc3
updated check of algorithm in signing method"
2012-08-14 10:55:07 -04:00
155974d8e3
moved services and api over to using new client Id field (instead of client_id)
2012-08-10 16:53:31 -04:00
eb5a24690f
added method to get client by its (new) Long id
2012-08-10 16:29:16 -04:00
47ff885032
removed unnecessary cached token values
2012-08-10 14:26:47 -04:00
74a40fc973
changed auth holder reference, moved dates to timestamps
2012-08-10 14:26:47 -04:00
bb7d6b2e94
split scopes table
2012-08-10 14:26:47 -04:00
ed99bd36cf
changed clientdetails entity to use @Enumerated, cleaned up .sql file foreign keys
2012-08-10 14:26:47 -04:00
2d8a5763a3
javafied auth holder class
2012-08-10 14:26:47 -04:00
97d7bc9c13
added field to indicate whether the client has been dynamically registered
2012-08-09 15:55:07 -04:00
f724d3a9fe
updated userinfo table definitions
2012-08-09 12:44:22 -04:00
617e9568d8
Fixed bugs; I can get tokens now. User approval handler seems to be working corrrectly.
2012-08-09 12:44:22 -04:00
49cb8bd0cb
fixing bugs; needed to make all ids BIGINT AUTO-INCREMENT PRIMARY KEY in sql files
2012-08-09 12:44:21 -04:00
0757642e67
removed "s" from allowed_scopes
2012-08-09 12:44:21 -04:00
9c32e92da5
Cleaned up sql tables some more; sticking to _ naming convention
2012-08-09 12:44:21 -04:00
d7deda1699
Propogated AuthenticationHolder effects; this is untested but compiles and I think it is mostly correct
2012-08-09 12:44:21 -04:00
90df91c351
Added AuthenticationHolder object, got references squared away for AccessToken side. Compiles.
2012-08-09 12:44:21 -04:00
cf348590b0
Removed unused ClientGeneratorFactory
2012-08-09 12:44:21 -04:00
d6d80c3e60
Gave OAuth2RefreshTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
6b1dad7215
Gave OAuth2AccessTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
780839dbf9
Made things compile after ClientDetailsEntity refactoring
2012-08-09 12:44:21 -04:00
a68a4f9796
Organized ClientDetailsEntity, updated JPA annotations. Updated sql files to match. Naming conventions: table and column names with multiple words should be seperated by underscores; table and column names should be singular.
2012-08-09 12:44:21 -04:00
15428a875e
Added additional fields to ClientDetailsEntity and did some reorganization, still some more to do. Added "id" field to the sql file, but the sql still needs all of the other additional fields.
2012-08-09 12:44:21 -04:00
8d4e046408
All logging is now org.slf4j. We had a mix of org.slf4j and apache commons-logging. Added error logging to all view which throw errors.
2012-08-07 10:04:38 -04:00
a061e64abf
Merge branch 'user-approval-handler-updated-rebase'
2012-08-06 16:30:03 -04:00
5fb67ab7bb
Did a lot of cleanup; untested but compiles
2012-08-06 14:33:16 -04:00
2f28cf33e7
Changed UserInfo refs in WhitelistedSite to String ids; updated the user approval handler to check if "remember this decision" is checked and only make a new AP if so, and to pull in the scopes selected on the approval page as the saved allowed scopes for that AP.
2012-08-03 16:43:37 -04:00
b87d54b06e
Changed UserInfo references to String "userId" references
2012-08-03 13:32:17 -04:00
845976b8ac
First stages of getting the graylist portion to work. Currently no mechanism for telling the system NOT to remember your decision; that will come later. All approvals will be automatically stored with this code.
2012-08-03 12:49:40 -04:00
51b8dbe065
Revert "updated jwtHeader typ to use an enum" -- set things back to using a string
...
This reverts commit 3b2268c622
2012-08-02 14:16:55 -04:00
164090e9d5
added jwt string stability to several places, fixed jwe parser
2012-07-31 15:29:33 -04:00
676808bdac
got things to deploy - could not reference UserInfo directly in ApprovedSite and WhitelistedSite; needed to reference DefaultUserInfo instead.
2012-07-31 14:50:24 -04:00
4e10fce7ef
Implementing user approval handler; made some modifications to ApprovedSite and WhitelistedSite models, repositories, and service layers.
2012-07-31 14:50:24 -04:00
3b2268c622
updated jwtHeader typ to use an enum
2012-07-31 11:29:48 -04:00
95dcb10472
updated encrypter/decrypter to store keys as member variables rather than to pass them in
2012-07-31 11:29:32 -04:00
61c7231d9a
updated encrypter and decrypter to use enum class rather than fragile parsing
2012-07-31 11:28:46 -04:00
5f80ebc89a
changing encryption/decryption code to use enum classes rather than shady parsing techniques
2012-07-31 11:28:23 -04:00
789f41bdbe
fixed client details regression
2012-07-31 10:44:25 -04:00
3e6f66e2dc
Merge branch 'master' of https://github.com/ssayer/OpenID-Connect-Java-Spring-Server into ssayer-pullreq-124
2012-07-31 10:43:33 -04:00
d07667576e
cleaned up old code
2012-07-30 16:50:44 -04:00
40f39a18e0
cleaning up introspection endpoint
2012-07-30 16:50:44 -04:00
f9dd9df7cd
added skip to test for encryption if not running unlimited strength java
2012-07-30 14:47:02 -04:00
92e779257d
testing key sizes, still failing outside of bouncycastle
2012-07-30 13:40:20 -04:00
1dd2aaf8a1
add JsonObject export for JWK keys
2012-07-30 09:27:03 -04:00
319568d971
refactored JWA algorithm markers to use enum instead of string as stored class
2012-07-23 20:21:31 -04:00
165f3ea292
fixed some unit tests, broke others
2012-07-23 18:44:47 -04:00
e4bc66ba33
small TODO statements cleared up
2012-07-23 18:31:27 -04:00
4deaffd686
updated hmac and rsa signer to use afterPropertiesSet(), abstract oidc auth filter now adds multiple signers to map and then picks the one it needs, and key fetcher now gets jwk
2012-07-23 18:31:27 -04:00
8b848af0fb
cleaned up signer initialization calls and algorithm-setting code, cleaned up algorithm names, renamed encrypter/decrypter classes
2012-07-23 18:17:31 -04:00
d204ff1e69
removed constructor for RsaDecrypter and RsaEncrypter
2012-07-17 14:07:58 -04:00
4f78c3db80
removed verification of signature in decryption
2012-07-17 13:40:14 -04:00
1dbf2808c1
changed imports
2012-07-17 10:57:36 -04:00
e380d85ad7
updated encryption/decryption to dynamically get mode for cipher. also made the keyDataLen come from the kdf parameter rather than enc
2012-07-17 10:57:10 -04:00
5d3d888c3f
finished testing. fixed MessageDigest problems in generating cek and cik
2012-07-17 10:56:43 -04:00
13e0a7c4bb
tests for encryption/decryption done
2012-07-17 10:56:09 -04:00
88a052019a
added testing for encryption and decryption. slight bug where [ ] gets appended to clearText. working on that
2012-07-17 10:55:46 -04:00
5152fa1c69
added tests for encryption and decryption. WIP
2012-07-17 10:55:10 -04:00
26792d2fba
updated decryption to generate cik and cek based off of key derivation
2012-07-17 10:54:36 -04:00
d86ee2329b
updated encryption to generate cek and cik through key derivation. also fixed signers to use afterPropertiesSet()
2012-07-17 10:54:09 -04:00
7e7cd4f480
update to encryption/decryption. added cmk, cek, and cik use
2012-07-17 10:53:36 -04:00
bc1ff0d964
updated jwe, jwt, and jwk models to have new parameters that were released in latest JOSE update
2012-07-17 10:53:04 -04:00
70e90bc4c1
updated decryption
2012-07-17 10:52:38 -04:00
025f7f3d66
updated encryption to sign using int value rather than alg
2012-07-17 10:52:16 -04:00
754e8406bb
removed web app from this git repository
2012-07-17 10:51:20 -04:00
99a574d303
encryption completed, decryption WIP
2012-07-17 10:50:35 -04:00
cee44de3d1
updated encryption class to include AbstractJwtEncrypter
2012-07-17 10:50:06 -04:00
caf2a7b494
updated encryption service to encrypt key and claims and then sign the jwe. decryption updated to decrypt encrypted key and ciphertext
2012-07-17 10:49:29 -04:00
cf0ce7b1fb
updated encryption and decryption for claims. WIP
2012-07-17 10:48:47 -04:00
e252951612
added encrypter/decrypter for claims to get ciphertext
2012-07-17 10:48:07 -04:00
33cc3fa899
Added spring simple web app for testing, encryption and decryption classes for rsa and hmac, still WIP
2012-07-17 10:47:41 -04:00
01793ec57f
added preferred_username claim to userinfo endpoint
2012-07-06 16:02:11 -04:00
50241e4da1
changed UserInfo.verified to UserInfo.emailVerified.
2012-07-06 14:11:43 -04:00
f0c949fd09
added scope-based filter for userinfo
2012-07-05 17:14:51 -04:00
c24a2206e9
updated jwtheader parser
2012-07-03 16:43:00 -04:00
ac7a53b234
bugfix: call setNonce instead of setType
2012-07-03 16:38:53 -04:00
a03129f70a
added documentation updates
2012-07-02 14:18:25 -04:00
4e3c99abe4
Merge branch 'validityIntegers'
2012-06-26 13:55:26 -04:00
81d1af40bd
Updated our ClientDetailsEntity *TokenTimeout fields to be *ValiditySeconds, which are now typed as proper Integers in the SECOAUTH ClientDetails interface
2012-06-26 13:54:01 -04:00
1127a7cfbc
refactored JWKs, updated signing servier to use them
2012-06-25 17:19:25 -04:00
adb8499bee
merged derryberry code, plus tweaks, still WIP
2012-06-25 16:42:41 -04:00
b1fc07bcb8
updated -common code to get a validation service from a server configuration
2012-06-21 14:37:30 -04:00
b94fbd7439
updated -common and -client code by removing throws exception, changing to rest templates, and updating test cases to use annotations
2012-06-20 09:36:55 -04:00
fe3bbfb3d5
Further cleanups. Still missing:
...
- All tests extend TestCase, should use annotations instead
- Several elements throw Exception
- Key Fetchers should use RESTTemplates and be in a separate utility set
2012-06-15 17:11:58 -04:00
b86abdd761
merge from pull request, plus cleanup
2012-06-15 15:36:14 -04:00
ace5dd1f1e
imported userinfouserdetails filter from MITRE codebase
2012-06-13 16:33:55 -04:00
65dc3daaf8
smart client
2012-06-12 16:09:01 -04:00
2a05ff995d
Added support for additional field in ClientDetailsEntity.java.
2012-06-11 16:27:35 -04:00
3e810cb5dc
Merge remote-tracking branch 'mitre/master'
2012-06-07 14:29:13 -04:00
fad6caa968
Added testing for signers for Hmac, Rsa, and Plaintext
2012-06-07 14:28:09 -04:00
e44697cef9
updated JWK display to latest, closes #58
2012-06-05 16:07:19 -04:00
5c72d8b95f
revocation endpoint cleanup, still needs views
2012-06-05 11:24:11 -04:00
27219c066d
refactored our service to reflect upstream
2012-06-05 10:18:26 -04:00
Amanda Anganes