Compare commits
No commits in common. "master" and "mitreid-connect-1.3.0-RC2" have entirely different histories.
master
...
mitreid-co
|
|
@ -1,3 +1,4 @@
|
|||
local-values.conf
|
||||
target
|
||||
*~
|
||||
bin
|
||||
|
|
@ -10,3 +11,5 @@ bin
|
|||
/target
|
||||
.springBeans
|
||||
nb-configuration.xml
|
||||
openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/css/bootstrap-responsive.css
|
||||
openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/css/bootstrap.css
|
||||
|
|
|
|||
|
|
@ -1,11 +1,7 @@
|
|||
language: java
|
||||
jdk:
|
||||
- oraclejdk11
|
||||
- oraclejdk8
|
||||
sudo: false
|
||||
|
||||
after_success:
|
||||
- bash <(curl -s https://codecov.io/bash)
|
||||
|
||||
cache:
|
||||
directories:
|
||||
- $HOME/.m2
|
||||
|
|
|
|||
43
CHANGELOG.md
43
CHANGELOG.md
|
|
@ -1,43 +0,0 @@
|
|||
Unreleased:
|
||||
|
||||
*1.3.3*:
|
||||
- Authorization codes are now longer
|
||||
- Client/RS can parse the "sub" and "user_id" claims in introspection response
|
||||
- Database-direct queries for fetching tokens by user (optimization)
|
||||
- Device flow supports verification_uri_complete (must be turned on)
|
||||
- Long scopes display properly and are still checkable
|
||||
- Language system remebers when it can't find a file and stops throwing so many errors
|
||||
- Index added for refresh tokens
|
||||
- Updated to Spring Security 4.2.11
|
||||
- Updated Spring to 4.3.22
|
||||
- Change approve pages to use issuer instead of page context
|
||||
- Updated oracle database scripts
|
||||
|
||||
*1.3.2*:
|
||||
- Added changelog
|
||||
- Set default redirect URI resolver strict matching to true
|
||||
- Fixed XSS vulnerability on redirect URI display on approval page
|
||||
- Removed MITRE from copyright
|
||||
- Disallow unsigned JWTs on client authentication
|
||||
- Upgraded Nimbus revision
|
||||
- Added French translation
|
||||
- Added hooks for custom JWT claims
|
||||
- Removed "Not Yet Implemented" tag from post-logout redirect URI
|
||||
|
||||
*1.3.1*:
|
||||
- Added End Session endpoint
|
||||
- Fixed discovery endpoint
|
||||
- Downgrade MySQL connector dependency version from developer preview to GA release
|
||||
|
||||
*1.3.0*:
|
||||
- Added device flow support
|
||||
- Added PKCE support
|
||||
- Modularized UI to allow better overlay and extensions
|
||||
- Modularized data import/export API
|
||||
- Added software statements to dynamic client registration
|
||||
- Added assertion processing framework
|
||||
- Removed ID tokens from storage
|
||||
- Removed structured scopes
|
||||
|
||||
*1.2.6*:
|
||||
- Added strict HEART compliance mode
|
||||
|
|
@ -1,9 +1,8 @@
|
|||
Copyright 2018 The MIT Internet Trust Consortium
|
||||
|
||||
Portions copyright 2011-2013 The MITRE Corporation
|
||||
Copyright 2016 The MITRE Corporation
|
||||
and the MIT Internet Trust Consortium
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this project except in compliance with the License.
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# MITREid Connect
|
||||
---
|
||||
|
||||
[](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent) [](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server) [](https://codecov.io/github/mitreid-connect/OpenID-Connect-Java-Spring-Server)
|
||||
[](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent) [](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server)
|
||||
|
||||
This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning [server library](openid-connect-server), [deployable server package](openid-connect-server-webapp), [client (RP) library](openid-connect-client), and general [utility libraries](openid-connect-common). The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server.
|
||||
|
||||
|
|
@ -28,4 +28,5 @@ The authors and key contributors of the project include:
|
|||
* [Mark Janssen](https://github.com/praseodym)
|
||||
|
||||
|
||||
Licensed under the Apache 2.0 license, for details see `LICENSE.txt`.
|
||||
Copyright ©2017, [The MITRE Corporation](http://www.mitre.org/)
|
||||
and the [MIT Internet Trust Consortium](http://www.trust.mit.edu/). Licensed under the Apache 2.0 license, for details see `LICENSE.txt`.
|
||||
|
|
|
|||
|
|
@ -35,4 +35,5 @@
|
|||
|
||||
|
||||
|
||||
版权所有 ©2018 [MIT因特网信任联盟](http://www.mit-trust.org/). 采用Apache 2.0许可证, 详见 `LICENSE.txt`.
|
||||
版权所有 ©2016, [ MITRE公司 ](http://www.mitre.org/)
|
||||
以及 [MIT因特网信任联盟](http://www.mit-trust.org/). 采用Apache 2.0许可证, 详见 `LICENSE.txt`.
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
Copyright 2018 The MIT Internet Trust Consortium
|
||||
|
||||
Portions copyright 2011-2013 The MITRE Corporation
|
||||
Copyright 2017 The MITRE Corporation
|
||||
and the MIT Internet Trust Consortium
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
## Overview ##
|
||||
|
||||
This project contains an OpenID Connect Client implemented as a Spring Security AuthenticationFilter. The client facilitates a user's authentication into the secured application to an OpenID Connect Server following the OpenID Connect standard protocol.
|
||||
This project contains an OpenID Connect Client implemented as a Spring Security AuthenticationFilter. The client facilitates a user's authentication into the secured application to an OpenID Connect Java Spring Server following the OpenID Connect Standard protocol.
|
||||
|
||||
## Configuring ##
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
Copyright 2018 The MIT Internet Trust Consortium
|
||||
|
||||
Portions copyright 2011-2013 The MITRE Corporation
|
||||
Copyright 2017 The MITRE Corporation
|
||||
and the MIT Internet Trust Consortium
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
@ -22,7 +21,7 @@
|
|||
<parent>
|
||||
<artifactId>openid-connect-parent</artifactId>
|
||||
<groupId>org.mitre</groupId>
|
||||
<version>1.3.5-SNAPSHOT</version>
|
||||
<version>1.3.0-RC2</version>
|
||||
<relativePath>..</relativePath>
|
||||
</parent>
|
||||
<artifactId>openid-connect-client</artifactId>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -17,8 +16,6 @@
|
|||
*******************************************************************************/
|
||||
package org.mitre.oauth2.introspectingfilter;
|
||||
|
||||
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.util.Calendar;
|
||||
|
|
@ -57,6 +54,8 @@ import com.google.gson.JsonObject;
|
|||
import com.google.gson.JsonParser;
|
||||
import com.nimbusds.jose.util.Base64;
|
||||
|
||||
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
|
||||
|
||||
/**
|
||||
* This ResourceServerTokenServices implementation introspects incoming tokens at a
|
||||
* server's introspection endpoint URL and passes an Authentication object along
|
||||
|
|
@ -244,10 +243,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
|
|||
private Authentication createUserAuthentication(JsonObject token) {
|
||||
JsonElement userId = token.get("user_id");
|
||||
if(userId == null) {
|
||||
userId = token.get("sub");
|
||||
if (userId == null) {
|
||||
return null;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
return new PreAuthenticatedAuthenticationToken(userId.getAsString(), token, introspectionAuthorityGranter.getAuthorities(token));
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.introspectingfilter.service;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.introspectingfilter.service;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.introspectingfilter.service.impl;
|
||||
|
||||
|
|
@ -33,11 +32,11 @@ import com.nimbusds.jwt.JWT;
|
|||
import com.nimbusds.jwt.JWTParser;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Parses the incoming accesstoken as a JWT and determines the issuer based on
|
||||
* the "iss" field inside the JWT. Uses the ServerConfigurationService to determine
|
||||
* the introspection URL for that issuer.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -33,7 +34,7 @@ import com.google.gson.JsonObject;
|
|||
*
|
||||
*/
|
||||
public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionAuthorityGranter {
|
||||
|
||||
|
||||
private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_API");
|
||||
|
||||
/* (non-Javadoc)
|
||||
|
|
@ -42,7 +43,7 @@ public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionA
|
|||
@Override
|
||||
public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse) {
|
||||
List<GrantedAuthority> auth = new ArrayList<>(getAuthorities());
|
||||
|
||||
|
||||
if (introspectionResponse.has("scope") && introspectionResponse.get("scope").isJsonPrimitive()) {
|
||||
String scopeString = introspectionResponse.get("scope").getAsString();
|
||||
Set<String> scopes = OAuth2Utils.parseParameterList(scopeString);
|
||||
|
|
@ -50,7 +51,7 @@ public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionA
|
|||
auth.add(new SimpleGrantedAuthority("OAUTH_SCOPE_" + scope));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return auth;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.introspectingfilter.service.impl;
|
||||
|
||||
|
|
@ -29,9 +28,9 @@ import org.springframework.security.core.authority.AuthorityUtils;
|
|||
import com.google.gson.JsonObject;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Grants the same set of authorities no matter what's passed in.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.introspectingfilter.service.impl;
|
||||
|
||||
|
|
@ -24,10 +23,10 @@ import org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationSe
|
|||
import org.mitre.oauth2.model.RegisteredClient;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Always provides the (configured) IntrospectionURL and RegisteredClient regardless
|
||||
* of token. Useful for talking to a single, trusted authorization server.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,18 +1,3 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
package org.mitre.openid.connect.client;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
|
|
@ -22,9 +7,9 @@ public class AuthorizationEndpointException extends AuthenticationServiceExcepti
|
|||
private static final long serialVersionUID = 6953119789654778380L;
|
||||
|
||||
private String error;
|
||||
|
||||
|
||||
private String errorDescription;
|
||||
|
||||
|
||||
private String errorURI;
|
||||
|
||||
public AuthorizationEndpointException(String error, String errorDescription, String errorURI) {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client;
|
||||
|
||||
|
|
@ -35,13 +34,13 @@ import com.nimbusds.jwt.JWT;
|
|||
import com.nimbusds.jwt.JWTClaimsSet;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Simple mapper that adds ROLE_USER to the authorities map for all queries,
|
||||
* plus adds ROLE_ADMIN if the subject and issuer pair are found in the
|
||||
* configurable "admins" set.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*
|
||||
*/
|
||||
public class NamedAdminAuthoritiesMapper implements OIDCAuthoritiesMapper {
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -89,9 +88,9 @@ import com.nimbusds.jwt.SignedJWT;
|
|||
|
||||
/**
|
||||
* OpenID Connect Authentication Filter class
|
||||
*
|
||||
*
|
||||
* @author nemonik, jricher
|
||||
*
|
||||
*
|
||||
*/
|
||||
public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
|
||||
|
||||
|
|
@ -170,9 +169,9 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
|
||||
/*
|
||||
* This is the main entry point for the filter.
|
||||
*
|
||||
*
|
||||
* (non-Javadoc)
|
||||
*
|
||||
*
|
||||
* @see org.springframework.security.web.authentication.
|
||||
* AbstractAuthenticationProcessingFilter
|
||||
* #attemptAuthentication(javax.servlet.http.HttpServletRequest,
|
||||
|
|
@ -205,7 +204,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
|
||||
/**
|
||||
* Initiate an Authorization request
|
||||
*
|
||||
*
|
||||
* @param request
|
||||
* The request from which to extract parameters and perform the
|
||||
* authentication
|
||||
|
|
@ -271,7 +270,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
String state = createState(session);
|
||||
|
||||
Map<String, String> options = authOptions.getOptions(serverConfig, clientConfig, request);
|
||||
|
||||
|
||||
// if we're using PKCE, handle the challenge here
|
||||
if (clientConfig.getCodeChallengeMethod() != null) {
|
||||
String codeVerifier = createCodeVerifier(session);
|
||||
|
|
@ -288,7 +287,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
e.printStackTrace();
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -331,7 +330,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
form.add("grant_type", "authorization_code");
|
||||
form.add("code", authorizationCode);
|
||||
form.setAll(authOptions.getTokenOptions(serverConfig, clientConfig, request));
|
||||
|
||||
|
||||
String codeVerifier = getStoredCodeVerifier(session);
|
||||
if (codeVerifier != null) {
|
||||
form.add("code_verifier", codeVerifier);
|
||||
|
|
@ -346,11 +345,11 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
|
||||
if(httpClient == null) {
|
||||
httpClient = HttpClientBuilder.create()
|
||||
.useSystemProperties()
|
||||
.setDefaultRequestConfig(RequestConfig.custom()
|
||||
.setSocketTimeout(httpSocketTimeout)
|
||||
.build())
|
||||
.build();
|
||||
.useSystemProperties()
|
||||
.setDefaultRequestConfig(RequestConfig.custom()
|
||||
.setSocketTimeout(httpSocketTimeout)
|
||||
.build())
|
||||
.build();
|
||||
}
|
||||
|
||||
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||
|
|
@ -635,7 +634,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
|
||||
/**
|
||||
* Handle Authorization Endpoint error
|
||||
*
|
||||
*
|
||||
* @param request
|
||||
* The request from which to extract parameters and handle the
|
||||
* error
|
||||
|
|
@ -709,7 +708,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
protected static String getStoredState(HttpSession session) {
|
||||
return getStoredSessionString(session, STATE_SESSION_VARIABLE);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Create a random code challenge and store it in the session
|
||||
* @param session
|
||||
|
|
@ -720,7 +719,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
|||
session.setAttribute(CODE_VERIFIER_SESSION_VARIABLE, challenge);
|
||||
return challenge;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Retrieve the stored challenge from our session
|
||||
* @param session
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -35,7 +34,7 @@ import com.nimbusds.jwt.JWT;
|
|||
|
||||
/**
|
||||
* @author nemonik, Justin Richer
|
||||
*
|
||||
*
|
||||
*/
|
||||
public class OIDCAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
|
|
@ -47,7 +46,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
|
|||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
*
|
||||
*
|
||||
* @see org.springframework.security.authentication.AuthenticationProvider#
|
||||
* authenticate(org.springframework.security.core.Authentication)
|
||||
*/
|
||||
|
|
@ -87,7 +86,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
|
|||
/**
|
||||
* Override this function to return a different kind of Authentication, processes the authorities differently,
|
||||
* or do post-processing based on the UserInfo object.
|
||||
*
|
||||
*
|
||||
* @param token
|
||||
* @param authorities
|
||||
* @param userInfo
|
||||
|
|
@ -116,7 +115,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
|
|||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
*
|
||||
*
|
||||
* @see
|
||||
* org.springframework.security.authentication.AuthenticationProvider#supports
|
||||
* (java.lang.Class)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -18,7 +19,7 @@ package org.mitre.openid.connect.client;
|
|||
/**
|
||||
* Simple target URI checker, checks whether the string in question starts
|
||||
* with a configured prefix. Returns "/" if the match fails.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -14,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client;
|
||||
|
||||
|
|
@ -23,9 +24,9 @@ import org.springframework.security.core.GrantedAuthority;
|
|||
import com.google.common.base.Strings;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Simple authority representing a user at an issuer.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
@ -50,9 +51,9 @@ public class SubjectIssuerGrantedAuthority implements GrantedAuthority {
|
|||
|
||||
/**
|
||||
* Returns a string formed by concatenating the subject with the issuer, separated by _ and prepended with OIDC_
|
||||
*
|
||||
*
|
||||
* For example, the user "bob" from issuer "http://id.example.com/" would return the authority string of:
|
||||
*
|
||||
*
|
||||
* OIDC_bob_http://id.example.com/
|
||||
*/
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -19,7 +20,7 @@ public interface TargetLinkURIChecker {
|
|||
|
||||
/**
|
||||
* Check the parameter to make sure that it's a valid deep-link into this application.
|
||||
*
|
||||
*
|
||||
* @param target
|
||||
* @return
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -61,7 +60,7 @@ public class UserInfoFetcher {
|
|||
private static final Logger logger = LoggerFactory.getLogger(UserInfoFetcher.class);
|
||||
|
||||
private LoadingCache<PendingOIDCAuthenticationToken, UserInfo> cache;
|
||||
|
||||
|
||||
public UserInfoFetcher() {
|
||||
this(HttpClientBuilder.create().useSystemProperties().build());
|
||||
}
|
||||
|
|
@ -72,7 +71,7 @@ public class UserInfoFetcher {
|
|||
.maximumSize(100)
|
||||
.build(new UserInfoLoader(httpClient));
|
||||
}
|
||||
|
||||
|
||||
public UserInfo loadUserInfo(final PendingOIDCAuthenticationToken token) {
|
||||
try {
|
||||
return cache.get(token);
|
||||
|
|
@ -82,8 +81,8 @@ public class UserInfoFetcher {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
private class UserInfoLoader extends CacheLoader<PendingOIDCAuthenticationToken, UserInfo> {
|
||||
private HttpComponentsClientHttpRequestFactory factory;
|
||||
|
||||
|
|
@ -91,23 +90,22 @@ public class UserInfoFetcher {
|
|||
this.factory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserInfo load(final PendingOIDCAuthenticationToken token) throws URISyntaxException {
|
||||
|
||||
|
||||
ServerConfiguration serverConfiguration = token.getServerConfiguration();
|
||||
|
||||
|
||||
if (serverConfiguration == null) {
|
||||
logger.warn("No server configuration found.");
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
if (Strings.isNullOrEmpty(serverConfiguration.getUserInfoUri())) {
|
||||
logger.warn("No userinfo endpoint, not fetching.");
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
String userInfoString = null;
|
||||
|
||||
|
||||
if (serverConfiguration.getUserInfoTokenMethod() == null || serverConfiguration.getUserInfoTokenMethod().equals(UserInfoTokenMethod.HEADER)) {
|
||||
RestTemplate restTemplate = new RestTemplate(factory) {
|
||||
|
||||
|
|
@ -147,7 +145,7 @@ public class UserInfoFetcher {
|
|||
// didn't get anything throw exception
|
||||
throw new IllegalArgumentException("Unable to load user info");
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.keypublisher;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.keypublisher;
|
||||
|
||||
|
|
@ -27,9 +26,9 @@ import org.springframework.web.servlet.View;
|
|||
import org.springframework.web.servlet.ViewResolver;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Simple view resolver to map JWK view names to appropriate beans
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,14 +15,14 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.model;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Data container to facilitate returns from the IssuerService API.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service;
|
||||
|
||||
|
|
@ -28,11 +27,11 @@ import org.mitre.oauth2.model.RegisteredClient;
|
|||
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* This service provides any extra options that need to be passed to the authentication request,
|
||||
* either through the authorization endpoint (getOptions) or the token endpoint (getTokenOptions).
|
||||
* These options may depend on the server configuration, client configuration, or HTTP request.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
@ -40,7 +39,7 @@ public interface AuthRequestOptionsService {
|
|||
|
||||
/**
|
||||
* The set of options needed at the authorization endpoint.
|
||||
*
|
||||
*
|
||||
* @param server
|
||||
* @param client
|
||||
* @param request
|
||||
|
|
@ -50,7 +49,7 @@ public interface AuthRequestOptionsService {
|
|||
|
||||
/**
|
||||
* The set of options needed at the token endpoint.
|
||||
*
|
||||
*
|
||||
* @param server
|
||||
* @param client
|
||||
* @param request
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service;
|
||||
|
||||
|
|
@ -27,7 +26,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
|
|||
|
||||
/**
|
||||
* Builds a URL string to the IdP's authorization endpoint.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service;
|
||||
|
||||
|
|
@ -25,9 +24,9 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import org.mitre.openid.connect.client.model.IssuerServiceResponse;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Gets an issuer for the given request. Might do dynamic discovery, or might be statically configured.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,10 +15,12 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.mitre.oauth2.model.RegisteredClient;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -165,10 +164,10 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
|
|||
|
||||
/**
|
||||
* Loader class that fetches the client information.
|
||||
*
|
||||
*
|
||||
* If a client has been registered (ie, it's known to the RegisteredClientService), then this
|
||||
* will fetch the client's configuration from the server.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
@ -204,12 +203,12 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
|
|||
|
||||
try {
|
||||
String registered = restTemplate.postForObject(serverConfig.getRegistrationEndpointUri(), entity, String.class);
|
||||
|
||||
|
||||
RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
|
||||
|
||||
|
||||
// save this client for later
|
||||
registeredClientService.save(serverConfig.getIssuer(), client);
|
||||
|
||||
|
||||
return client;
|
||||
} catch (RestClientException rce) {
|
||||
throw new InvalidClientException("Error registering client with server");
|
||||
|
|
@ -228,9 +227,9 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
|
|||
try {
|
||||
String registered = restTemplate.exchange(knownClient.getRegistrationClientUri(), HttpMethod.GET, entity, String.class).getBody();
|
||||
// TODO: handle HTTP errors
|
||||
|
||||
|
||||
RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
|
||||
|
||||
|
||||
return client;
|
||||
} catch (RestClientException rce) {
|
||||
throw new InvalidClientException("Error loading previously registered client information from server");
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,17 +15,10 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
import static org.mitre.util.JsonUtils.getAsBoolean;
|
||||
import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
|
||||
import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
|
||||
import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
|
||||
import static org.mitre.util.JsonUtils.getAsString;
|
||||
import static org.mitre.util.JsonUtils.getAsStringList;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
|
|
@ -49,10 +41,17 @@ import com.google.gson.JsonElement;
|
|||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParser;
|
||||
|
||||
import static org.mitre.util.JsonUtils.getAsBoolean;
|
||||
import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
|
||||
import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
|
||||
import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
|
||||
import static org.mitre.util.JsonUtils.getAsString;
|
||||
import static org.mitre.util.JsonUtils.getAsStringList;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
@ -134,9 +133,9 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer
|
|||
private HttpComponentsClientHttpRequestFactory httpFactory;
|
||||
private JsonParser parser = new JsonParser();
|
||||
|
||||
OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
|
||||
this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||
}
|
||||
OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
|
||||
this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||
}
|
||||
|
||||
@Override
|
||||
public ServerConfiguration load(String issuer) throws Exception {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -32,12 +31,12 @@ import org.mitre.openid.connect.config.ServerConfiguration;
|
|||
* Houses both a static client configuration and a dynamic client configuration
|
||||
* service in one object. Checks the static service first, then falls through to
|
||||
* the dynamic service.
|
||||
*
|
||||
*
|
||||
* Provides configuration passthrough for the template, registered client service, whitelist,
|
||||
* and blacklist for the dynamic service, and to the static service's client map.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*
|
||||
*/
|
||||
public class HybridClientConfigurationService implements ClientConfigurationService {
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -27,11 +26,11 @@ import org.mitre.openid.connect.client.service.IssuerService;
|
|||
import com.google.common.collect.Sets;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Issuer service that tries to parse input from the inputs from a third-party
|
||||
* account chooser service (if possible), but falls back to webfinger discovery
|
||||
* if not.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -30,11 +29,11 @@ import org.mitre.openid.connect.config.ServerConfiguration;
|
|||
* Houses both a static server configuration and a dynamic server configuration
|
||||
* service in one object. Checks the static service first, then falls through to
|
||||
* the dynamic service.
|
||||
*
|
||||
*
|
||||
* Provides configuration passthrough to the dynamic service's whitelist and blacklist,
|
||||
* and to the static service's server map.
|
||||
*
|
||||
*
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -56,20 +55,20 @@ public class JsonFileRegisteredClientService implements RegisteredClientService
|
|||
private static final Logger logger = LoggerFactory.getLogger(JsonFileRegisteredClientService.class);
|
||||
|
||||
private Gson gson = new GsonBuilder()
|
||||
.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
|
||||
@Override
|
||||
public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
|
||||
return ClientDetailsEntityJsonProcessor.serialize(src);
|
||||
}
|
||||
})
|
||||
.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
|
||||
@Override
|
||||
public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
|
||||
return ClientDetailsEntityJsonProcessor.parseRegistered(json);
|
||||
}
|
||||
})
|
||||
.setPrettyPrinting()
|
||||
.create();
|
||||
.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
|
||||
@Override
|
||||
public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
|
||||
return ClientDetailsEntityJsonProcessor.serialize(src);
|
||||
}
|
||||
})
|
||||
.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
|
||||
@Override
|
||||
public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
|
||||
return ClientDetailsEntityJsonProcessor.parseRegistered(json);
|
||||
}
|
||||
})
|
||||
.setPrettyPrinting()
|
||||
.create();
|
||||
|
||||
private File file;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -34,9 +33,9 @@ import com.google.common.base.Joiner;
|
|||
import com.google.common.base.Strings;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Builds an auth request redirect URI with normal query parameters.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -30,9 +29,9 @@ import org.mitre.openid.connect.client.service.AuthRequestOptionsService;
|
|||
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Always returns the same set of options.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -30,9 +29,9 @@ import org.mitre.openid.connect.config.ServerConfiguration;
|
|||
|
||||
/**
|
||||
* Client configuration service that holds a static map from issuer URL to a ClientDetails object to use at that issuer.
|
||||
*
|
||||
*
|
||||
* Designed to be configured as a bean.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
@ -57,7 +56,7 @@ public class StaticClientConfigurationService implements ClientConfigurationServ
|
|||
|
||||
/**
|
||||
* Get the client configured for this issuer
|
||||
*
|
||||
*
|
||||
* @see org.mitre.openid.connect.client.service.ClientConfigurationService#getClientConfiguration(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -29,7 +28,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
|
|||
|
||||
/**
|
||||
* Statically configured server configuration service that maps issuer URLs to server configurations to use at that issuer.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -52,7 +51,7 @@ public class StaticSingleIssuerService implements IssuerService {
|
|||
|
||||
/**
|
||||
* Always returns the configured issuer URL
|
||||
*
|
||||
*
|
||||
* @see org.mitre.openid.connect.client.service.IssuerService#getIssuer(javax.servlet.http.HttpServletRequest)
|
||||
*/
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -35,9 +34,9 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
|
|||
import com.google.common.base.Strings;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Determines the issuer using an account chooser or other third-party-initiated login
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.openid.connect.client.service.impl;
|
||||
|
||||
|
|
@ -75,7 +74,7 @@ public class WebfingerIssuerService implements IssuerService {
|
|||
this.issuer = issuer;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private Set<String> whitelist = new HashSet<>();
|
||||
private Set<String> blacklist = new HashSet<>();
|
||||
|
||||
|
|
@ -119,7 +118,7 @@ public class WebfingerIssuerService implements IssuerService {
|
|||
if (blacklist.contains(lr.issuer)) {
|
||||
throw new AuthenticationServiceException("Issuer was in blacklist: " + lr.issuer);
|
||||
}
|
||||
|
||||
|
||||
return new IssuerServiceResponse(lr.issuer, lr.loginHint, request.getParameter("target_link_uri"));
|
||||
} catch (UncheckedExecutionException | ExecutionException e) {
|
||||
logger.warn("Issue fetching issuer for user input: " + identifier + ": " + e.getMessage());
|
||||
|
|
@ -219,7 +218,7 @@ public class WebfingerIssuerService implements IssuerService {
|
|||
public LoadingResult load(String identifier) throws Exception {
|
||||
|
||||
UriComponents key = WebfingerURLNormalizer.normalizeResource(identifier);
|
||||
|
||||
|
||||
RestTemplate restTemplate = new RestTemplate(httpFactory);
|
||||
// construct the URL to go to
|
||||
|
||||
|
|
@ -269,7 +268,7 @@ public class WebfingerIssuerService implements IssuerService {
|
|||
|
||||
// we found the issuer, return it
|
||||
String href = linkObj.get("href").getAsString();
|
||||
|
||||
|
||||
if (identifier.equals(href)
|
||||
|| identifier.startsWith("http")) {
|
||||
// try to avoid sending a URL as the login hint
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -37,7 +38,7 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
|
|||
private JsonObject introspectionResponse;
|
||||
|
||||
private ScopeBasedIntrospectionAuthoritiesGranter granter = new ScopeBasedIntrospectionAuthoritiesGranter();
|
||||
|
||||
|
||||
/**
|
||||
* @throws java.lang.Exception
|
||||
*/
|
||||
|
|
@ -52,16 +53,16 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
|
|||
@Test
|
||||
public void testGetAuthoritiesJsonObject_withScopes() {
|
||||
introspectionResponse.addProperty("scope", "foo bar baz batman");
|
||||
|
||||
|
||||
List<GrantedAuthority> expected = new ArrayList<>();
|
||||
expected.add(new SimpleGrantedAuthority("ROLE_API"));
|
||||
expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_foo"));
|
||||
expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_bar"));
|
||||
expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_baz"));
|
||||
expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_batman"));
|
||||
|
||||
|
||||
List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
|
||||
|
||||
|
||||
assertTrue(authorities.containsAll(expected));
|
||||
assertTrue(expected.containsAll(authorities));
|
||||
}
|
||||
|
|
@ -71,12 +72,12 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
|
|||
*/
|
||||
@Test
|
||||
public void testGetAuthoritiesJsonObject_withoutScopes() {
|
||||
|
||||
|
||||
List<GrantedAuthority> expected = new ArrayList<>();
|
||||
expected.add(new SimpleGrantedAuthority("ROLE_API"));
|
||||
|
||||
|
||||
List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
|
||||
|
||||
|
||||
assertTrue(authorities.containsAll(expected));
|
||||
assertTrue(expected.containsAll(authorities));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,20 +1,11 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
package org.mitre.openid.connect.client;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.instanceOf;
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
|
|
@ -22,21 +13,13 @@ import org.junit.Test;
|
|||
import org.mockito.Mockito;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.instanceOf;
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
public class TestOIDCAuthenticationFilter {
|
||||
|
||||
private OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter();
|
||||
|
||||
|
||||
@Test
|
||||
public void attemptAuthentication_error() throws Exception {
|
||||
|
||||
|
||||
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
|
||||
Mockito.when(request.getParameter("error")).thenReturn("Error");
|
||||
Mockito.when(request.getParameter("error_description")).thenReturn("Description");
|
||||
|
|
@ -44,13 +27,13 @@ public class TestOIDCAuthenticationFilter {
|
|||
|
||||
try {
|
||||
filter.attemptAuthentication(request, mock(HttpServletResponse.class));
|
||||
|
||||
|
||||
fail("AuthorizationEndpointException expected.");
|
||||
}
|
||||
catch (AuthorizationEndpointException exception) {
|
||||
assertThat(exception.getMessage(),
|
||||
is("Error from Authorization Endpoint: Error Description http://example.com"));
|
||||
|
||||
|
||||
assertThat(exception.getError(), is("Error"));
|
||||
assertThat(exception.getErrorDescription(), is("Description"));
|
||||
assertThat(exception.getErrorURI(), is("http://example.com"));
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -53,7 +52,7 @@ import static org.junit.Assert.fail;
|
|||
|
||||
/**
|
||||
* @author wkim
|
||||
*
|
||||
*
|
||||
*/
|
||||
public class TestSignedAuthRequestUrlBuilder {
|
||||
|
||||
|
|
@ -92,7 +91,7 @@ public class TestSignedAuthRequestUrlBuilder {
|
|||
@Before
|
||||
public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException {
|
||||
|
||||
RSAKey key = new RSAKey(new Base64URL(n), new Base64URL(e), new Base64URL(d), KeyUse.SIGNATURE, null, new Algorithm(alg), kid, null, null, null, null, null);
|
||||
RSAKey key = new RSAKey(new Base64URL(n), new Base64URL(e), new Base64URL(d), KeyUse.SIGNATURE, null, new Algorithm(alg), kid, null, null, null);
|
||||
Map<String, JWK> keys = Maps.newHashMap();
|
||||
keys.put("client", key);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
Copyright 2018 The MIT Internet Trust Consortium
|
||||
|
||||
Portions copyright 2011-2013 The MITRE Corporation
|
||||
Copyright 2017 The MITRE Corporation
|
||||
and the MIT Internet Trust Consortium
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
Copyright 2018 The MIT Internet Trust Consortium
|
||||
|
||||
Portions copyright 2011-2013 The MITRE Corporation
|
||||
Copyright 2017 The MITRE Corporation
|
||||
and the MIT Internet Trust Consortium
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
@ -22,7 +21,7 @@
|
|||
<parent>
|
||||
<artifactId>openid-connect-parent</artifactId>
|
||||
<groupId>org.mitre</groupId>
|
||||
<version>1.3.5-SNAPSHOT</version>
|
||||
<version>1.3.0-RC2</version>
|
||||
<relativePath>..</relativePath>
|
||||
</parent>
|
||||
<artifactId>openid-connect-common</artifactId>
|
||||
|
|
@ -87,26 +86,6 @@
|
|||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.annotation</groupId>
|
||||
<artifactId>javax.annotation-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>jakarta.xml.bind</groupId>
|
||||
<artifactId>jakarta.xml.bind-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.activation</groupId>
|
||||
<artifactId>activation</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.glassfish.jaxb</groupId>
|
||||
<artifactId>jaxb-runtime</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<packaging>jar</packaging>
|
||||
|
|
|
|||
|
|
@ -1,27 +1,12 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
package org.mitre.data;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* Abstract class for performing an operation on a potentially large
|
||||
* number of items by paging through the items in discreet chunks.
|
||||
|
|
@ -31,162 +16,162 @@ import org.slf4j.LoggerFactory;
|
|||
*/
|
||||
public abstract class AbstractPageOperationTemplate<T> {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
|
||||
private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
|
||||
|
||||
private static int DEFAULT_MAX_PAGES = 1000;
|
||||
private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
|
||||
private static int DEFAULT_MAX_PAGES = 1000;
|
||||
private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
|
||||
|
||||
/**
|
||||
* int specifying the maximum number of
|
||||
* pages which should be fetched before
|
||||
* execution should terminate
|
||||
*/
|
||||
private int maxPages;
|
||||
/**
|
||||
* int specifying the maximum number of
|
||||
* pages which should be fetched before
|
||||
* execution should terminate
|
||||
*/
|
||||
private int maxPages;
|
||||
|
||||
/**
|
||||
* long specifying the maximum execution time
|
||||
* in milliseconds
|
||||
*/
|
||||
private long maxTime;
|
||||
/**
|
||||
* long specifying the maximum execution time
|
||||
* in milliseconds
|
||||
*/
|
||||
private long maxTime;
|
||||
|
||||
/**
|
||||
* boolean specifying whether or not Exceptions
|
||||
* incurred performing the operation should be
|
||||
* swallowed during execution default true.
|
||||
*/
|
||||
private boolean swallowExceptions = true;
|
||||
|
||||
/**
|
||||
* String that is used for logging in final tallies.
|
||||
*/
|
||||
private String operationName = "";
|
||||
/**
|
||||
* boolean specifying whether or not Exceptions
|
||||
* incurred performing the operation should be
|
||||
* swallowed during execution default true.
|
||||
*/
|
||||
private boolean swallowExceptions = true;
|
||||
|
||||
/**
|
||||
* String that is used for logging in final tallies.
|
||||
*/
|
||||
private String operationName = "";
|
||||
|
||||
|
||||
/**
|
||||
* default constructor which sets the value of
|
||||
* maxPages and maxTime to DEFAULT_MAX_PAGES and
|
||||
* DEFAULT_MAX_TIME_MILLIS respectively
|
||||
*/
|
||||
public AbstractPageOperationTemplate(String operationName){
|
||||
this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
|
||||
}
|
||||
/**
|
||||
* default constructor which sets the value of
|
||||
* maxPages and maxTime to DEFAULT_MAX_PAGES and
|
||||
* DEFAULT_MAX_TIME_MILLIS respectively
|
||||
*/
|
||||
public AbstractPageOperationTemplate(String operationName){
|
||||
this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
|
||||
}
|
||||
|
||||
/**
|
||||
* Instantiates a new AbstractPageOperationTemplate with the
|
||||
* given maxPages and maxTime
|
||||
*
|
||||
* @param maxPages the maximum number of pages to fetch.
|
||||
* @param maxTime the maximum execution time.
|
||||
*/
|
||||
public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
|
||||
this.maxPages = maxPages;
|
||||
this.maxTime = maxTime;
|
||||
this.operationName = operationName;
|
||||
}
|
||||
/**
|
||||
* Instantiates a new AbstractPageOperationTemplate with the
|
||||
* given maxPages and maxTime
|
||||
*
|
||||
* @param maxPages the maximum number of pages to fetch.
|
||||
* @param maxTime the maximum execution time.
|
||||
*/
|
||||
public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
|
||||
this.maxPages = maxPages;
|
||||
this.maxTime = maxTime;
|
||||
this.operationName = operationName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Execute the operation on each member of a page of results
|
||||
* retrieved through the fetch method. the method will execute
|
||||
* until either the maxPages or maxTime limit is reached or until
|
||||
* the fetch method returns no more results. Exceptions thrown
|
||||
* performing the operation on the item will be swallowed if the
|
||||
* swallowException (default true) field is set true.
|
||||
*/
|
||||
public void execute(){
|
||||
logger.debug("[" + getOperationName() + "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
|
||||
/**
|
||||
* Execute the operation on each member of a page of results
|
||||
* retrieved through the fetch method. the method will execute
|
||||
* until either the maxPages or maxTime limit is reached or until
|
||||
* the fetch method returns no more results. Exceptions thrown
|
||||
* performing the operation on the item will be swallowed if the
|
||||
* swallowException (default true) field is set true.
|
||||
*/
|
||||
public void execute(){
|
||||
logger.debug("[" + getOperationName() + "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
|
||||
|
||||
long startTime = System.currentTimeMillis();
|
||||
long executionTime = 0;
|
||||
int i = 0;
|
||||
long startTime = System.currentTimeMillis();
|
||||
long executionTime = 0;
|
||||
int i = 0;
|
||||
|
||||
int exceptionsSwallowedCount = 0;
|
||||
int operationsCompleted = 0;
|
||||
Set<String> exceptionsSwallowedClasses = new HashSet<String>();
|
||||
int exceptionsSwallowedCount = 0;
|
||||
int operationsCompleted = 0;
|
||||
Set<String> exceptionsSwallowedClasses = new HashSet<String>();
|
||||
|
||||
|
||||
while (i< maxPages && executionTime < maxTime){
|
||||
Collection<T> page = fetchPage();
|
||||
if(page == null || page.size() == 0){
|
||||
break;
|
||||
}
|
||||
while (i< maxPages && executionTime < maxTime){
|
||||
Collection<T> page = fetchPage();
|
||||
if(page == null || page.size() == 0){
|
||||
break;
|
||||
}
|
||||
|
||||
for (T item : page) {
|
||||
try {
|
||||
doOperation(item);
|
||||
operationsCompleted++;
|
||||
} catch (Exception e){
|
||||
if(swallowExceptions){
|
||||
exceptionsSwallowedCount++;
|
||||
exceptionsSwallowedClasses.add(e.getClass().getName());
|
||||
logger.debug("Swallowing exception " + e.getMessage(), e);
|
||||
} else {
|
||||
logger.debug("Rethrowing exception " + e.getMessage());
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
}
|
||||
for (T item : page) {
|
||||
try {
|
||||
doOperation(item);
|
||||
operationsCompleted++;
|
||||
} catch (Exception e){
|
||||
if(swallowExceptions){
|
||||
exceptionsSwallowedCount++;
|
||||
exceptionsSwallowedClasses.add(e.getClass().getName());
|
||||
logger.debug("Swallowing exception " + e.getMessage(), e);
|
||||
} else {
|
||||
logger.debug("Rethrowing exception " + e.getMessage());
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
i++;
|
||||
executionTime = System.currentTimeMillis() - startTime;
|
||||
}
|
||||
i++;
|
||||
executionTime = System.currentTimeMillis() - startTime;
|
||||
}
|
||||
|
||||
finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
|
||||
}
|
||||
finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* method responsible for fetching
|
||||
* a page of items.
|
||||
*
|
||||
* @return the collection of items
|
||||
*/
|
||||
public abstract Collection<T> fetchPage();
|
||||
/**
|
||||
* method responsible for fetching
|
||||
* a page of items.
|
||||
*
|
||||
* @return the collection of items
|
||||
*/
|
||||
public abstract Collection<T> fetchPage();
|
||||
|
||||
/**
|
||||
* method responsible for performing desired
|
||||
* operation on a fetched page item.
|
||||
*
|
||||
* @param item the item
|
||||
*/
|
||||
protected abstract void doOperation(T item);
|
||||
/**
|
||||
* method responsible for performing desired
|
||||
* operation on a fetched page item.
|
||||
*
|
||||
* @param item the item
|
||||
*/
|
||||
protected abstract void doOperation(T item);
|
||||
|
||||
/**
|
||||
* Method responsible for final report of progress.
|
||||
* @return
|
||||
*/
|
||||
protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
|
||||
if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
|
||||
logger.info("[" + getOperationName() + "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
|
||||
}
|
||||
for(String className: exceptionsSwallowedClasses) {
|
||||
logger.warn("[" + getOperationName() + "] Paged operation swallowed at least one exception of type " + className);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Method responsible for final report of progress.
|
||||
* @return
|
||||
*/
|
||||
protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
|
||||
if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
|
||||
logger.info("[" + getOperationName() + "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
|
||||
}
|
||||
for(String className: exceptionsSwallowedClasses) {
|
||||
logger.warn("[" + getOperationName() + "] Paged operation swallowed at least one exception of type " + className);
|
||||
}
|
||||
}
|
||||
public int getMaxPages() {
|
||||
return maxPages;
|
||||
}
|
||||
|
||||
public int getMaxPages() {
|
||||
return maxPages;
|
||||
}
|
||||
public void setMaxPages(int maxPages) {
|
||||
this.maxPages = maxPages;
|
||||
}
|
||||
|
||||
public void setMaxPages(int maxPages) {
|
||||
this.maxPages = maxPages;
|
||||
}
|
||||
public long getMaxTime() {
|
||||
return maxTime;
|
||||
}
|
||||
|
||||
public long getMaxTime() {
|
||||
return maxTime;
|
||||
}
|
||||
public void setMaxTime(long maxTime) {
|
||||
this.maxTime = maxTime;
|
||||
}
|
||||
|
||||
public void setMaxTime(long maxTime) {
|
||||
this.maxTime = maxTime;
|
||||
}
|
||||
public boolean isSwallowExceptions() {
|
||||
return swallowExceptions;
|
||||
}
|
||||
|
||||
public boolean isSwallowExceptions() {
|
||||
return swallowExceptions;
|
||||
}
|
||||
|
||||
public void setSwallowExceptions(boolean swallowExceptions) {
|
||||
this.swallowExceptions = swallowExceptions;
|
||||
}
|
||||
public void setSwallowExceptions(boolean swallowExceptions) {
|
||||
this.swallowExceptions = swallowExceptions;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,18 +1,3 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
package org.mitre.data;
|
||||
|
||||
/**
|
||||
|
|
@ -23,28 +8,28 @@ package org.mitre.data;
|
|||
*/
|
||||
public class DefaultPageCriteria implements PageCriteria {
|
||||
|
||||
private static final int DEFAULT_PAGE_NUMBER = 0;
|
||||
private static final int DEFAULT_PAGE_SIZE = 100;
|
||||
private static final int DEFAULT_PAGE_NUMBER = 0;
|
||||
private static final int DEFAULT_PAGE_SIZE = 100;
|
||||
|
||||
private int pageNumber;
|
||||
private int pageSize;
|
||||
private int pageNumber;
|
||||
private int pageSize;
|
||||
|
||||
public DefaultPageCriteria(){
|
||||
this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
|
||||
}
|
||||
public DefaultPageCriteria(){
|
||||
this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
|
||||
}
|
||||
|
||||
public DefaultPageCriteria(int pageNumber, int pageSize) {
|
||||
this.pageNumber = pageNumber;
|
||||
this.pageSize = pageSize;
|
||||
}
|
||||
public DefaultPageCriteria(int pageNumber, int pageSize) {
|
||||
this.pageNumber = pageNumber;
|
||||
this.pageSize = pageSize;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getPageNumber() {
|
||||
return pageNumber;
|
||||
}
|
||||
@Override
|
||||
public int getPageNumber() {
|
||||
return pageNumber;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getPageSize() {
|
||||
return pageSize;
|
||||
}
|
||||
@Override
|
||||
public int getPageSize() {
|
||||
return pageSize;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,18 +1,3 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
package org.mitre.data;
|
||||
|
||||
/**
|
||||
|
|
@ -23,6 +8,6 @@ package org.mitre.data;
|
|||
*/
|
||||
public interface PageCriteria {
|
||||
|
||||
public int getPageNumber();
|
||||
public int getPageSize();
|
||||
public int getPageNumber();
|
||||
public int getPageSize();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -30,7 +29,7 @@ import com.google.common.base.Strings;
|
|||
|
||||
/**
|
||||
* Provides utility methods for normalizing and parsing URIs for use with Webfinger Discovery.
|
||||
*
|
||||
*
|
||||
* @author wkim
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.jose.keystore;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -25,5 +26,5 @@ import com.nimbusds.jwt.JWT;
|
|||
public interface AssertionValidator {
|
||||
|
||||
public boolean isValid(JWT assertion);
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -22,7 +23,7 @@ import com.nimbusds.jwt.JWT;
|
|||
|
||||
/**
|
||||
* Reject all assertions passed in.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -24,7 +25,6 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
|||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.nimbusds.jwt.JWT;
|
||||
|
|
@ -33,28 +33,27 @@ import com.nimbusds.jwt.SignedJWT;
|
|||
|
||||
/**
|
||||
* Validates all assertions generated by this server
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
@Component("selfAssertionValidator")
|
||||
public class SelfAssertionValidator implements AssertionValidator {
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(SelfAssertionValidator.class);
|
||||
|
||||
@Autowired
|
||||
private ConfigurationPropertiesBean config;
|
||||
|
||||
|
||||
@Autowired
|
||||
private JWTSigningAndValidationService jwtService;
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isValid(JWT assertion) {
|
||||
if (!(assertion instanceof SignedJWT)) {
|
||||
// unsigned assertion
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
JWTClaimsSet claims;
|
||||
try {
|
||||
claims = assertion.getJWTClaimsSet();
|
||||
|
|
@ -62,20 +61,17 @@ public class SelfAssertionValidator implements AssertionValidator {
|
|||
logger.debug("Invalid assertion claims");
|
||||
return false;
|
||||
}
|
||||
|
||||
// make sure the issuer exists
|
||||
|
||||
if (Strings.isNullOrEmpty(claims.getIssuer())) {
|
||||
logger.debug("No issuer for assertion, rejecting");
|
||||
return false;
|
||||
}
|
||||
|
||||
// make sure the issuer is us
|
||||
if (!claims.getIssuer().equals(config.getIssuer())) {
|
||||
|
||||
if (claims.getIssuer().equals(config.getIssuer())) {
|
||||
logger.debug("Issuer is not the same as this server, rejecting");
|
||||
return false;
|
||||
}
|
||||
|
||||
// validate the signature based on our public key
|
||||
|
||||
if (jwtService.validateSignature((SignedJWT) assertion)) {
|
||||
return true;
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -40,12 +41,12 @@ import com.nimbusds.jwt.SignedJWT;
|
|||
public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(WhitelistedIssuerAssertionValidator.class);
|
||||
|
||||
|
||||
/**
|
||||
* Map of issuer -> JWKSetUri
|
||||
*/
|
||||
private Map<String, String> whitelist = new HashMap<>();
|
||||
|
||||
|
||||
/**
|
||||
* @return the whitelist
|
||||
*/
|
||||
|
|
@ -62,15 +63,15 @@ public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
|
|||
|
||||
@Autowired
|
||||
private JWKSetCacheService jwkCache;
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isValid(JWT assertion) {
|
||||
|
||||
|
||||
if (!(assertion instanceof SignedJWT)) {
|
||||
// unsigned assertion
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
JWTClaimsSet claims;
|
||||
try {
|
||||
claims = assertion.getJWTClaimsSet();
|
||||
|
|
@ -78,21 +79,21 @@ public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
|
|||
logger.debug("Invalid assertion claims");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
if (Strings.isNullOrEmpty(claims.getIssuer())) {
|
||||
logger.debug("No issuer for assertion, rejecting");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
if (!whitelist.containsKey(claims.getIssuer())) {
|
||||
logger.debug("Issuer is not in whitelist, rejecting");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
String jwksUri = whitelist.get(claims.getIssuer());
|
||||
|
||||
|
||||
JWTSigningAndValidationService validator = jwkCache.getValidator(jwksUri);
|
||||
|
||||
|
||||
if (validator.validateSignature((SignedJWT) assertion)) {
|
||||
return true;
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -46,6 +45,7 @@ import com.nimbusds.jose.crypto.ECDHEncrypter;
|
|||
import com.nimbusds.jose.crypto.RSADecrypter;
|
||||
import com.nimbusds.jose.crypto.RSAEncrypter;
|
||||
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
|
||||
import com.nimbusds.jose.jca.JCAContext;
|
||||
import com.nimbusds.jose.jwk.ECKey;
|
||||
import com.nimbusds.jose.jwk.JWK;
|
||||
import com.nimbusds.jose.jwk.OctetSequenceKey;
|
||||
|
|
@ -80,7 +80,7 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
|
|||
/**
|
||||
* Build this service based on the keys given. All public keys will be used to make encrypters,
|
||||
* all private keys will be used to make decrypters.
|
||||
*
|
||||
*
|
||||
* @param keys
|
||||
* @throws NoSuchAlgorithmException
|
||||
* @throws InvalidKeySpecException
|
||||
|
|
@ -94,7 +94,7 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
|
|||
/**
|
||||
* Build this service based on the given keystore. All keys must have a key
|
||||
* id ({@code kid}) field in order to be used.
|
||||
*
|
||||
*
|
||||
* @param keyStore
|
||||
* @throws NoSuchAlgorithmException
|
||||
* @throws InvalidKeySpecException
|
||||
|
|
@ -240,13 +240,13 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
|
|||
logger.warn("No private key for key #" + jwk.getKeyID());
|
||||
}
|
||||
} else if (jwk instanceof ECKey) {
|
||||
|
||||
|
||||
// build EC Encrypters and decrypters
|
||||
|
||||
|
||||
ECDHEncrypter encrypter = new ECDHEncrypter((ECKey) jwk);
|
||||
encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
|
||||
encrypters.put(id, encrypter);
|
||||
|
||||
|
||||
if (jwk.isPrivate()) { // we can decrypt too
|
||||
ECDHDecrypter decrypter = new ECDHDecrypter((ECKey) jwk);
|
||||
decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -35,7 +34,7 @@ public interface JWTSigningAndValidationService {
|
|||
/**
|
||||
* Checks the signature of the given JWT against all configured signers,
|
||||
* returns true if at least one of the signers validates it.
|
||||
*
|
||||
*
|
||||
* @param jwtString
|
||||
* the string representation of the JWT as sent on the wire
|
||||
* @return true if the signature is valid, false if not
|
||||
|
|
@ -46,7 +45,7 @@ public interface JWTSigningAndValidationService {
|
|||
/**
|
||||
* Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
|
||||
* Use the default algorithm to sign.
|
||||
*
|
||||
*
|
||||
* @param jwt the jwt to sign
|
||||
* @return the signed jwt
|
||||
* @throws NoSuchAlgorithmException
|
||||
|
|
@ -68,7 +67,7 @@ public interface JWTSigningAndValidationService {
|
|||
/**
|
||||
* Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified
|
||||
* in the JWT spec, section 6. I.E., "HS256" means HMAC with SHA-256 and corresponds to our HmacSigner class.
|
||||
*
|
||||
*
|
||||
* @param jwt the jwt to sign
|
||||
* @param alg the name of the algorithm to use, as specified in JWS s.6
|
||||
* @return the signed jwt
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -38,10 +39,10 @@ import com.nimbusds.jose.JWSAlgorithm;
|
|||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Takes in a client and returns the appropriate validator or encrypter for
|
||||
* that client's registered key types.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -18,6 +17,8 @@
|
|||
package org.mitre.jwt.signer.service.impl;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.interfaces.ECPrivateKey;
|
||||
import java.security.interfaces.ECPublicKey;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
|
|
@ -71,10 +72,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
|
|||
/**
|
||||
* Build this service based on the keys given. All public keys will be used
|
||||
* to make verifiers, all private keys will be used to make signers.
|
||||
*
|
||||
*
|
||||
* @param keys
|
||||
* A map of key identifier to key
|
||||
*
|
||||
*
|
||||
* @throws InvalidKeySpecException
|
||||
* If the keys in the JWKs are not valid
|
||||
* @throws NoSuchAlgorithmException
|
||||
|
|
@ -88,10 +89,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
|
|||
/**
|
||||
* Build this service based on the given keystore. All keys must have a key
|
||||
* id ({@code kid}) field in order to be used.
|
||||
*
|
||||
*
|
||||
* @param keyStore
|
||||
* the keystore to load all keys from
|
||||
*
|
||||
*
|
||||
* @throws InvalidKeySpecException
|
||||
* If the keys in the JWKs are not valid
|
||||
* @throws NoSuchAlgorithmException
|
||||
|
|
@ -164,37 +165,37 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
|
|||
try {
|
||||
if (jwk instanceof RSAKey) {
|
||||
// build RSA signers & verifiers
|
||||
|
||||
|
||||
if (jwk.isPrivate()) { // only add the signer if there's a private key
|
||||
RSASSASigner signer = new RSASSASigner((RSAKey) jwk);
|
||||
signers.put(id, signer);
|
||||
}
|
||||
|
||||
|
||||
RSASSAVerifier verifier = new RSASSAVerifier((RSAKey) jwk);
|
||||
verifiers.put(id, verifier);
|
||||
|
||||
|
||||
} else if (jwk instanceof ECKey) {
|
||||
// build EC signers & verifiers
|
||||
|
||||
|
||||
if (jwk.isPrivate()) {
|
||||
ECDSASigner signer = new ECDSASigner((ECKey) jwk);
|
||||
signers.put(id, signer);
|
||||
}
|
||||
|
||||
|
||||
ECDSAVerifier verifier = new ECDSAVerifier((ECKey) jwk);
|
||||
verifiers.put(id, verifier);
|
||||
|
||||
|
||||
} else if (jwk instanceof OctetSequenceKey) {
|
||||
// build HMAC signers & verifiers
|
||||
|
||||
|
||||
if (jwk.isPrivate()) { // technically redundant check because all HMAC keys are private
|
||||
MACSigner signer = new MACSigner((OctetSequenceKey) jwk);
|
||||
signers.put(id, signer);
|
||||
}
|
||||
|
||||
|
||||
MACVerifier verifier = new MACVerifier((OctetSequenceKey) jwk);
|
||||
verifiers.put(id, verifier);
|
||||
|
||||
|
||||
} else {
|
||||
logger.warn("Unknown key type: " + jwk);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.jwt.signer.service.impl;
|
||||
|
||||
|
|
@ -44,12 +43,12 @@ import com.google.gson.JsonParseException;
|
|||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* Creates a caching map of JOSE signers/validators and encrypters/decryptors
|
||||
* keyed on the JWK Set URI. Dynamically loads JWK Sets to create the services.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*
|
||||
*/
|
||||
@Service
|
||||
public class JWKSetCacheService {
|
||||
|
|
@ -151,11 +150,11 @@ public class JWKSetCacheService {
|
|||
try {
|
||||
String jsonString = restTemplate.getForObject(key, String.class);
|
||||
JWKSet jwkSet = JWKSet.parse(jsonString);
|
||||
|
||||
|
||||
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
|
||||
|
||||
|
||||
JWTEncryptionAndDecryptionService service = new DefaultJWTEncryptionAndDecryptionService(keyStore);
|
||||
|
||||
|
||||
return service;
|
||||
} catch (JsonParseException | RestClientException e) {
|
||||
throw new IllegalArgumentException("Unable to load JWK Set");
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -40,7 +41,7 @@ import com.nimbusds.jose.util.Base64URL;
|
|||
|
||||
/**
|
||||
* Creates and caches symmetrical validators for clients based on client secrets.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
@ -65,7 +66,7 @@ public class SymmetricKeyJWTValidatorCacheService {
|
|||
|
||||
/**
|
||||
* Create a symmetric signing and validation service for the given client
|
||||
*
|
||||
*
|
||||
* @param client
|
||||
* @return
|
||||
*/
|
||||
|
|
@ -99,10 +100,8 @@ public class SymmetricKeyJWTValidatorCacheService {
|
|||
try {
|
||||
|
||||
String id = "SYMMETRIC-KEY";
|
||||
JWK jwk = new OctetSequenceKey.Builder(Base64URL.encode(key))
|
||||
.keyUse(KeyUse.SIGNATURE)
|
||||
.keyID(id)
|
||||
.build();
|
||||
|
||||
JWK jwk = new OctetSequenceKey(Base64URL.encode(key), KeyUse.SIGNATURE, null, null, id, null, null, null);
|
||||
Map<String, JWK> keys = ImmutableMap.of(id, jwk);
|
||||
JWTSigningAndValidationService service = new DefaultJWTSigningAndValidationService(keys);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,50 +0,0 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
|
||||
package org.mitre.oauth2.exception;
|
||||
|
||||
/**
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public class DeviceCodeCreationException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = 8078568710169208466L;
|
||||
|
||||
private String error;
|
||||
|
||||
public DeviceCodeCreationException(String error, String message) {
|
||||
super(message);
|
||||
this.error = error;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the error
|
||||
*/
|
||||
public String getError() {
|
||||
return error;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param error the error to set
|
||||
*/
|
||||
public void setError(String error) {
|
||||
this.error = error;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -34,7 +33,7 @@ import javax.persistence.Temporal;
|
|||
|
||||
/**
|
||||
* Entity class for authorization codes
|
||||
*
|
||||
*
|
||||
* @author aanganes
|
||||
*
|
||||
*/
|
||||
|
|
@ -68,7 +67,7 @@ public class AuthorizationCodeEntity {
|
|||
|
||||
/**
|
||||
* Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
|
||||
*
|
||||
*
|
||||
* @param code the authorization code
|
||||
* @param authRequest the AuthoriztionRequestHolder associated with the original code request
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.model;
|
||||
|
||||
|
|
@ -58,6 +57,7 @@ import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
|
|||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.provider.ClientDetails;
|
||||
|
||||
import com.nimbusds.jose.Algorithm;
|
||||
import com.nimbusds.jose.EncryptionMethod;
|
||||
import com.nimbusds.jose.JWEAlgorithm;
|
||||
import com.nimbusds.jose.JWSAlgorithm;
|
||||
|
|
@ -66,7 +66,7 @@ import com.nimbusds.jwt.JWT;
|
|||
|
||||
/**
|
||||
* @author jricher
|
||||
*
|
||||
*
|
||||
*/
|
||||
@Entity
|
||||
@Table(name = "client_details")
|
||||
|
|
@ -151,10 +151,10 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
|
||||
/** fields for UMA */
|
||||
private Set<String> claimsRedirectUris;
|
||||
|
||||
|
||||
/** Software statement **/
|
||||
private JWT softwareStatement;
|
||||
|
||||
|
||||
/** PKCE **/
|
||||
private PKCEAlgorithm codeChallengeMethod;
|
||||
|
||||
|
|
@ -239,7 +239,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
return lookup.get(value);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Create a blank ClientDetailsEntity
|
||||
*/
|
||||
|
|
@ -267,7 +267,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* @param id the id to set
|
||||
*/
|
||||
public void setId(Long id) {
|
||||
|
|
@ -314,7 +314,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
|
||||
/**
|
||||
* Number of seconds ID token is valid for. MUST be a positive integer, can not be null.
|
||||
*
|
||||
*
|
||||
* @return the idTokenValiditySeconds
|
||||
*/
|
||||
@Basic
|
||||
|
|
@ -367,7 +367,7 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
@Override
|
||||
@Transient
|
||||
|
|
@ -580,9 +580,9 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
/**
|
||||
* This library does not make use of this field, so it is not
|
||||
* stored using our persistence layer.
|
||||
*
|
||||
*
|
||||
* However, it's somehow required by SECOUATH.
|
||||
*
|
||||
*
|
||||
* @return an empty map
|
||||
*/
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -53,11 +54,11 @@ public class DeviceCode {
|
|||
public static final String QUERY_BY_USER_CODE = "DeviceCode.queryByUserCode";
|
||||
public static final String QUERY_BY_DEVICE_CODE = "DeviceCode.queryByDeviceCode";
|
||||
public static final String QUERY_EXPIRED_BY_DATE = "DeviceCode.queryExpiredByDate";
|
||||
|
||||
|
||||
public static final String PARAM_USER_CODE = "userCode";
|
||||
public static final String PARAM_DEVICE_CODE = "deviceCode";
|
||||
public static final String PARAM_DATE = "date";
|
||||
|
||||
|
||||
private Long id;
|
||||
private String deviceCode;
|
||||
private String userCode;
|
||||
|
|
@ -67,11 +68,11 @@ public class DeviceCode {
|
|||
private Map<String, String> requestParameters;
|
||||
private boolean approved;
|
||||
private AuthenticationHolderEntity authenticationHolder;
|
||||
|
||||
|
||||
public DeviceCode() {
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
public DeviceCode(String deviceCode, String userCode, Set<String> scope, String clientId, Map<String, String> params) {
|
||||
this.deviceCode = deviceCode;
|
||||
this.userCode = userCode;
|
||||
|
|
@ -212,7 +213,7 @@ public class DeviceCode {
|
|||
public void setApproved(boolean approved) {
|
||||
this.approved = approved;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* The authentication in place when this token was created.
|
||||
* @return the authentication
|
||||
|
|
@ -230,5 +231,5 @@ public class DeviceCode {
|
|||
this.authenticationHolder = authenticationHolder;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.model;
|
||||
|
||||
|
|
@ -42,6 +41,7 @@ import javax.persistence.ManyToOne;
|
|||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
import javax.persistence.OneToMany;
|
||||
import javax.persistence.OneToOne;
|
||||
import javax.persistence.Table;
|
||||
import javax.persistence.Temporal;
|
||||
import javax.persistence.Transient;
|
||||
|
|
@ -71,8 +71,7 @@ import com.nimbusds.jwt.JWT;
|
|||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME)
|
||||
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID)
|
||||
})
|
||||
@org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class)
|
||||
@org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class)
|
||||
|
|
@ -87,7 +86,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate";
|
||||
public static final String QUERY_ALL = "OAuth2AccessTokenEntity.getAll";
|
||||
public static final String QUERY_BY_RESOURCE_SET = "OAuth2AccessTokenEntity.getByResourceSet";
|
||||
public static final String QUERY_BY_NAME = "OAuth2AccessTokenEntity.getByName";
|
||||
|
||||
public static final String PARAM_TOKEN_VALUE = "tokenValue";
|
||||
public static final String PARAM_CLIENT = "client";
|
||||
|
|
@ -95,7 +93,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
public static final String PARAM_DATE = "date";
|
||||
public static final String PARAM_RESOURCE_SET_ID = "rsid";
|
||||
public static final String PARAM_APPROVED_SITE = "approvedSite";
|
||||
public static final String PARAM_NAME = "name";
|
||||
|
||||
public static final String ID_TOKEN_FIELD_NAME = "id_token";
|
||||
|
||||
|
|
@ -116,9 +113,9 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
private Set<String> scope;
|
||||
|
||||
private Set<Permission> permissions;
|
||||
|
||||
|
||||
private ApprovedSite approvedSite;
|
||||
|
||||
|
||||
private Map<String, Object> additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response
|
||||
|
||||
/**
|
||||
|
|
@ -300,7 +297,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
|
|||
name = "access_token_permissions",
|
||||
joinColumns = @JoinColumn(name = "access_token_id"),
|
||||
inverseJoinColumns = @JoinColumn(name = "permission_id")
|
||||
)
|
||||
)
|
||||
public Set<Permission> getPermissions() {
|
||||
return permissions;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.model;
|
||||
|
||||
|
|
@ -53,8 +52,7 @@ import com.nimbusds.jwt.JWT;
|
|||
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"),
|
||||
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE),
|
||||
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT),
|
||||
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE),
|
||||
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2RefreshTokenEntity.PARAM_NAME)
|
||||
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE)
|
||||
})
|
||||
public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
|
||||
|
||||
|
|
@ -62,12 +60,10 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
|
|||
public static final String QUERY_BY_CLIENT = "OAuth2RefreshTokenEntity.getByClient";
|
||||
public static final String QUERY_EXPIRED_BY_DATE = "OAuth2RefreshTokenEntity.getAllExpiredByDate";
|
||||
public static final String QUERY_ALL = "OAuth2RefreshTokenEntity.getAll";
|
||||
public static final String QUERY_BY_NAME = "OAuth2RefreshTokenEntity.getByName";
|
||||
|
||||
public static final String PARAM_TOKEN_VALUE = "tokenValue";
|
||||
public static final String PARAM_CLIENT = "client";
|
||||
public static final String PARAM_DATE = "date";
|
||||
public static final String PARAM_NAME = "name";
|
||||
|
||||
private Long id;
|
||||
|
||||
|
|
@ -82,7 +78,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
|
|||
private Date expiration;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
public OAuth2RefreshTokenEntity() {
|
||||
|
||||
|
|
@ -108,7 +104,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
|
|||
/**
|
||||
* The authentication in place when the original access token was
|
||||
* created
|
||||
*
|
||||
*
|
||||
* @return the authentication
|
||||
*/
|
||||
@ManyToOne
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -25,13 +26,8 @@ import com.nimbusds.jose.Requirement;
|
|||
*/
|
||||
public final class PKCEAlgorithm extends Algorithm {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
private static final long serialVersionUID = 7752852583210088925L;
|
||||
|
||||
public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
|
||||
|
||||
|
||||
public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);
|
||||
|
||||
public PKCEAlgorithm(String name, Requirement req) {
|
||||
|
|
@ -41,7 +37,7 @@ public final class PKCEAlgorithm extends Algorithm {
|
|||
public PKCEAlgorithm(String name) {
|
||||
super(name, null);
|
||||
}
|
||||
|
||||
|
||||
public static PKCEAlgorithm parse(final String s) {
|
||||
if (s.equals(plain.getName())) {
|
||||
return plain;
|
||||
|
|
@ -51,7 +47,7 @@ public final class PKCEAlgorithm extends Algorithm {
|
|||
return new PKCEAlgorithm(s);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.model;
|
||||
|
||||
|
|
@ -51,7 +50,7 @@ public class RegisteredClient {
|
|||
private JsonObject src;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
public RegisteredClient() {
|
||||
this.client = new ClientDetailsEntity();
|
||||
|
|
@ -816,7 +815,7 @@ public class RegisteredClient {
|
|||
public void setSoftwareStatement(JWT softwareStatement) {
|
||||
client.setSoftwareStatement(softwareStatement);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @return
|
||||
* @see org.mitre.oauth2.model.ClientDetailsEntity#getCodeChallengeMethod()
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -39,7 +40,7 @@ import org.springframework.security.core.GrantedAuthority;
|
|||
|
||||
/**
|
||||
* This class stands in for an original Authentication object.
|
||||
*
|
||||
*
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
*
|
||||
* Portions copyright 2011-2013 The MITRE Corporation
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*******************************************************************************/
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
package org.mitre.oauth2.model;
|
||||
|
||||
|
|
@ -29,6 +28,7 @@ import javax.persistence.Id;
|
|||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
import javax.persistence.Table;
|
||||
import javax.persistence.Transient;
|
||||
|
||||
/**
|
||||
* @author jricher
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/*******************************************************************************
|
||||
* Copyright 2018 The MIT Internet Trust Consortium
|
||||
* Copyright 2017 The MITRE Corporation
|
||||
* and the MIT Internet Trust Consortium
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue