Merge pull request #1570 from shrexster42/master

Upgrade to Java 11 and Spring 5

.gitignore

@@ -1,4 +1,3 @@
-local-values.conf
 target
 *~
 bin
@@ -11,5 +10,3 @@ bin
 /target
 .springBeans
 nb-configuration.xml
-openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/css/bootstrap-responsive.css
-openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/css/bootstrap.css

.travis.yml

@@ -1,7 +1,11 @@
 language: java
 jdk:
-  - oraclejdk8
+  - oraclejdk11
 sudo: false
 
 after_success:
   - bash <(curl -s https://codecov.io/bash)
+
+cache:
+  directories:
+  - $HOME/.m2

CHANGELOG.md

@@ -0,0 +1,43 @@
+Unreleased:
+
+*1.3.3*:
+- Authorization codes are now longer
+- Client/RS can parse the "sub" and "user_id" claims in introspection response
+- Database-direct queries for fetching tokens by user (optimization)
+- Device flow supports verification_uri_complete (must be turned on)
+- Long scopes display properly and are still checkable
+- Language system remebers when it can't find a file and stops throwing so many errors
+- Index added for refresh tokens
+- Updated to Spring Security 4.2.11
+- Updated Spring to 4.3.22
+- Change approve pages to use issuer instead of page context
+- Updated oracle database scripts
+
+*1.3.2*:
+- Added changelog
+- Set default redirect URI resolver strict matching to true
+- Fixed XSS vulnerability on redirect URI display on approval page
+- Removed MITRE from copyright
+- Disallow unsigned JWTs on client authentication
+- Upgraded Nimbus revision
+- Added French translation
+- Added hooks for custom JWT claims
+- Removed "Not Yet Implemented" tag from post-logout redirect URI
+
+*1.3.1*:
+- Added End Session endpoint
+- Fixed discovery endpoint
+- Downgrade MySQL connector dependency version from developer preview to GA release
+
+*1.3.0*:
+- Added device flow support
+- Added PKCE support
+- Modularized UI to allow better overlay and extensions
+- Modularized data import/export API
+- Added software statements to dynamic client registration
+- Added assertion processing framework
+- Removed ID tokens from storage
+- Removed structured scopes
+
+*1.2.6*: 
+- Added strict HEART compliance mode

LICENSE.txt

@@ -1,8 +1,9 @@
-Copyright 2016 The MITRE Corporation
-  and the MIT Internet Trust Consortium
+Copyright 2018 The MIT Internet Trust Consortium
+
+Portions copyright 2011-2013 The MITRE Corporation
 
 Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
+you may not use this project except in compliance with the License.
 You may obtain a copy of the License at
 
     http://www.apache.org/licenses/LICENSE-2.0

README.md

@@ -1,7 +1,7 @@
 # MITREid Connect
 ---
 
-[![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent) [![Travis CI](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server.svg?branch=master)](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server)
+[![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent) [![Travis CI](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server.svg?branch=master)](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server)  [![Codecov](https://codecov.io/github/mitreid-connect/OpenID-Connect-Java-Spring-Server/coverage.svg?branch=master)](https://codecov.io/github/mitreid-connect/OpenID-Connect-Java-Spring-Server)
 
 This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning [server library](openid-connect-server), [deployable server package](openid-connect-server-webapp), [client (RP) library](openid-connect-client), and general [utility libraries](openid-connect-common). The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server.
 
@@ -28,5 +28,4 @@ The authors and key contributors of the project include:
 * [Mark Janssen](https://github.com/praseodym)
 
 
-Copyright ©2017, [The MITRE Corporation](http://www.mitre.org/)
-  and the [MIT Internet Trust Consortium](http://www.trust.mit.edu/). Licensed under the Apache 2.0 license, for details see `LICENSE.txt`. 
+Licensed under the Apache 2.0 license, for details see `LICENSE.txt`. 

README_zh_CN.md

@@ -35,5 +35,4 @@
 
 
 
-版权所有 ©2016, [ MITRE公司 ](http://www.mitre.org/)
-  以及 [MIT因特网信任联盟](http://www.mit-trust.org/). 采用Apache 2.0许可证, 详见 `LICENSE.txt`. 
+版权所有 ©2018 [MIT因特网信任联盟](http://www.mit-trust.org/). 采用Apache 2.0许可证, 详见 `LICENSE.txt`. 

checkstyle.xml

@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-    Copyright 2017 The MITRE Corporation
-      and the MIT Internet Trust Consortium
+    Copyright 2018 The MIT Internet Trust Consortium
+   
+    Portions copyright 2011-2013 The MITRE Corporation
    
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

openid-connect-client/README.md

@@ -2,7 +2,7 @@
 
 ## Overview ##
 
-This project contains an OpenID Connect Client implemented as a Spring Security AuthenticationFilter.  The client facilitates a user's authentication into the secured application to an OpenID Connect Java Spring Server following the OpenID Connect Standard protocol.
+This project contains an OpenID Connect Client implemented as a Spring Security AuthenticationFilter.  The client facilitates a user's authentication into the secured application to an OpenID Connect Server following the OpenID Connect standard protocol.
 
 ## Configuring ##
 

openid-connect-client/pom.xml

@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-    Copyright 2017 The MITRE Corporation
-      and the MIT Internet Trust Consortium
+    Copyright 2018 The MIT Internet Trust Consortium
+   
+    Portions copyright 2011-2013 The MITRE Corporation
    
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -21,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.0-RC2</version>
+		<version>1.3.5-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-client</artifactId>

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +17,8 @@
  *******************************************************************************/
 package org.mitre.oauth2.introspectingfilter;
 
+import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
+
 import java.io.IOException;
 import java.net.URI;
 import java.util.Calendar;
@@ -54,8 +57,6 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.nimbusds.jose.util.Base64;
 
-import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
-
 /**
  * This ResourceServerTokenServices implementation introspects incoming tokens at a
  * server's introspection endpoint URL and passes an Authentication object along
@@ -243,7 +244,10 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
 	private Authentication createUserAuthentication(JsonObject token) {
 		JsonElement userId = token.get("user_id");
 		if(userId == null) {
-			return null;
+			userId = token.get("sub");
+			if (userId == null) {
+				return null;
+			}
 		}
 
 		return new PreAuthenticatedAuthenticationToken(userId.getAsString(), token, introspectionAuthorityGranter.getAuthorities(token));

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.introspectingfilter.service;
 

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.introspectingfilter.service;
 

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/JWTParsingIntrospectionConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.introspectingfilter.service.impl;
 
@@ -32,11 +33,11 @@ import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTParser;
 
 /**
- * 
+ *
  * Parses the incoming accesstoken as a JWT and determines the issuer based on
  * the "iss" field inside the JWT. Uses the ServerConfigurationService to determine
  * the introspection URL for that issuer.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +33,7 @@ import com.google.gson.JsonObject;
  *
  */
 public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionAuthorityGranter {
-	
+
 	private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_API");
 
 	/* (non-Javadoc)
@@ -43,7 +42,7 @@ public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionA
 	@Override
 	public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse) {
 		List<GrantedAuthority> auth = new ArrayList<>(getAuthorities());
-		
+
 		if (introspectionResponse.has("scope") && introspectionResponse.get("scope").isJsonPrimitive()) {
 			String scopeString = introspectionResponse.get("scope").getAsString();
 			Set<String> scopes = OAuth2Utils.parseParameterList(scopeString);
@@ -51,7 +50,7 @@ public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionA
 				auth.add(new SimpleGrantedAuthority("OAUTH_SCOPE_" + scope));
 			}
 		}
-		
+
 		return auth;
 	}
 

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/SimpleIntrospectionAuthorityGranter.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.introspectingfilter.service.impl;
 
@@ -28,9 +29,9 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import com.google.gson.JsonObject;
 
 /**
- * 
+ *
  * Grants the same set of authorities no matter what's passed in.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/StaticIntrospectionConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.introspectingfilter.service.impl;
 
@@ -23,10 +24,10 @@ import org.mitre.oauth2.introspectingfilter.service.IntrospectionConfigurationSe
 import org.mitre.oauth2.model.RegisteredClient;
 
 /**
- * 
+ *
  * Always provides the (configured) IntrospectionURL and RegisteredClient regardless
  * of token. Useful for talking to a single, trusted authorization server.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/AuthorizationEndpointException.java

@@ -1,3 +1,18 @@
+/*******************************************************************************
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
 package org.mitre.openid.connect.client;
 
 import org.springframework.security.authentication.AuthenticationServiceException;
@@ -7,9 +22,9 @@ public class AuthorizationEndpointException extends AuthenticationServiceExcepti
 	private static final long serialVersionUID = 6953119789654778380L;
 
 	private String error;
-	
+
 	private String errorDescription;
-	
+
 	private String errorURI;
 
 	public AuthorizationEndpointException(String error, String errorDescription, String errorURI) {

openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client;
 
@@ -34,13 +35,13 @@ import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
 
 /**
- * 
+ *
  * Simple mapper that adds ROLE_USER to the authorities map for all queries,
  * plus adds ROLE_ADMIN if the subject and issuer pair are found in the
  * configurable "admins" set.
- * 
+ *
  * @author jricher
- * 
+ *
  */
 public class NamedAdminAuthoritiesMapper implements OIDCAuthoritiesMapper {
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -88,9 +89,9 @@ import com.nimbusds.jwt.SignedJWT;
 
 /**
  * OpenID Connect Authentication Filter class
- * 
+ *
  * @author nemonik, jricher
- * 
+ *
  */
 public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
@@ -169,9 +170,9 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 
 	/*
 	 * This is the main entry point for the filter.
-	 * 
+	 *
 	 * (non-Javadoc)
-	 * 
+	 *
 	 * @see org.springframework.security.web.authentication.
 	 * AbstractAuthenticationProcessingFilter
 	 * #attemptAuthentication(javax.servlet.http.HttpServletRequest,
@@ -204,7 +205,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 
 	/**
 	 * Initiate an Authorization request
-	 * 
+	 *
 	 * @param request
 	 *            The request from which to extract parameters and perform the
 	 *            authentication
@@ -270,7 +271,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 			String state = createState(session);
 
 			Map<String, String> options = authOptions.getOptions(serverConfig, clientConfig, request);
-			
+
 			// if we're using PKCE, handle the challenge here
 			if (clientConfig.getCodeChallengeMethod() != null) {
 				String codeVerifier = createCodeVerifier(session);
@@ -287,7 +288,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 						e.printStackTrace();
 					}
 
-					
+
 				}
 			}
 
@@ -330,7 +331,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 		form.add("grant_type", "authorization_code");
 		form.add("code", authorizationCode);
 		form.setAll(authOptions.getTokenOptions(serverConfig, clientConfig, request));
-		
+
 		String codeVerifier = getStoredCodeVerifier(session);
 		if (codeVerifier != null) {
 			form.add("code_verifier", codeVerifier);
@@ -345,11 +346,11 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 
 		if(httpClient == null) {
 			httpClient = HttpClientBuilder.create()
-										  .useSystemProperties()
-										  .setDefaultRequestConfig(RequestConfig.custom()
-																				.setSocketTimeout(httpSocketTimeout)
-																				.build())
-										  .build();
+					.useSystemProperties()
+					.setDefaultRequestConfig(RequestConfig.custom()
+							.setSocketTimeout(httpSocketTimeout)
+							.build())
+					.build();
 		}
 
 		HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
@@ -634,7 +635,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 
 	/**
 	 * Handle Authorization Endpoint error
-	 * 
+	 *
 	 * @param request
 	 *            The request from which to extract parameters and handle the
 	 *            error
@@ -708,7 +709,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 	protected static String getStoredState(HttpSession session) {
 		return getStoredSessionString(session, STATE_SESSION_VARIABLE);
 	}
-	
+
 	/**
 	 * Create a random code challenge and store it in the session
 	 * @param session
@@ -719,7 +720,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 		session.setAttribute(CODE_VERIFIER_SESSION_VARIABLE, challenge);
 		return challenge;
 	}
-	
+
 	/**
 	 * Retrieve the stored challenge from our session
 	 * @param session

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +35,7 @@ import com.nimbusds.jwt.JWT;
 
 /**
  * @author nemonik, Justin Richer
- * 
+ *
  */
 public class OIDCAuthenticationProvider implements AuthenticationProvider {
 
@@ -46,7 +47,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
 
 	/*
 	 * (non-Javadoc)
-	 * 
+	 *
 	 * @see org.springframework.security.authentication.AuthenticationProvider#
 	 * authenticate(org.springframework.security.core.Authentication)
 	 */
@@ -86,7 +87,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
 	/**
 	 * Override this function to return a different kind of Authentication, processes the authorities differently,
 	 * or do post-processing based on the UserInfo object.
-	 * 
+	 *
 	 * @param token
 	 * @param authorities
 	 * @param userInfo
@@ -115,7 +116,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
 
 	/*
 	 * (non-Javadoc)
-	 * 
+	 *
 	 * @see
 	 * org.springframework.security.authentication.AuthenticationProvider#supports
 	 * (java.lang.Class)

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthoritiesMapper.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/main/java/org/mitre/openid/connect/client/StaticPrefixTargetLinkURIChecker.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,7 +18,7 @@ package org.mitre.openid.connect.client;
 /**
  * Simple target URI checker, checks whether the string in question starts
  * with a configured prefix. Returns "/" if the match fails.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/SubjectIssuerGrantedAuthority.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +14,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client;
 
@@ -24,9 +23,9 @@ import org.springframework.security.core.GrantedAuthority;
 import com.google.common.base.Strings;
 
 /**
- * 
+ *
  * Simple authority representing a user at an issuer.
- * 
+ *
  * @author jricher
  *
  */
@@ -51,9 +50,9 @@ public class SubjectIssuerGrantedAuthority implements GrantedAuthority {
 
 	/**
 	 * Returns a string formed by concatenating the subject with the issuer, separated by _ and prepended with OIDC_
-	 * 
+	 *
 	 * For example, the user "bob" from issuer "http://id.example.com/" would return the authority string of:
-	 * 
+	 *
 	 * OIDC_bob_http://id.example.com/
 	 */
 	@Override

openid-connect-client/src/main/java/org/mitre/openid/connect/client/TargetLinkURIChecker.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,7 +19,7 @@ public interface TargetLinkURIChecker {
 
 	/**
 	 * Check the parameter to make sure that it's a valid deep-link into this application.
-	 * 
+	 *
 	 * @param target
 	 * @return
 	 */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -60,7 +61,7 @@ public class UserInfoFetcher {
 	private static final Logger logger = LoggerFactory.getLogger(UserInfoFetcher.class);
 
 	private LoadingCache<PendingOIDCAuthenticationToken, UserInfo> cache;
-	
+
 	public UserInfoFetcher() {
 		this(HttpClientBuilder.create().useSystemProperties().build());
 	}
@@ -71,7 +72,7 @@ public class UserInfoFetcher {
 				.maximumSize(100)
 				.build(new UserInfoLoader(httpClient));
 	}
-	
+
 	public UserInfo loadUserInfo(final PendingOIDCAuthenticationToken token) {
 		try {
 			return cache.get(token);
@@ -81,8 +82,8 @@ public class UserInfoFetcher {
 		}
 
 	}
-	
-	
+
+
 	private class UserInfoLoader extends CacheLoader<PendingOIDCAuthenticationToken, UserInfo> {
 		private HttpComponentsClientHttpRequestFactory factory;
 
@@ -90,22 +91,23 @@ public class UserInfoFetcher {
 			this.factory = new HttpComponentsClientHttpRequestFactory(httpClient);
 		}
 
+		@Override
 		public UserInfo load(final PendingOIDCAuthenticationToken token) throws URISyntaxException {
-	
+
 			ServerConfiguration serverConfiguration = token.getServerConfiguration();
-	
+
 			if (serverConfiguration == null) {
 				logger.warn("No server configuration found.");
 				return null;
 			}
-	
+
 			if (Strings.isNullOrEmpty(serverConfiguration.getUserInfoUri())) {
 				logger.warn("No userinfo endpoint, not fetching.");
 				return null;
 			}
-	
+
 			String userInfoString = null;
-	
+
 			if (serverConfiguration.getUserInfoTokenMethod() == null || serverConfiguration.getUserInfoTokenMethod().equals(UserInfoTokenMethod.HEADER)) {
 				RestTemplate restTemplate = new RestTemplate(factory) {
 
@@ -145,7 +147,7 @@ public class UserInfoFetcher {
 				// didn't get anything throw exception
 				throw new IllegalArgumentException("Unable to load user info");
 			}
-	
+
 		}
 	}
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.keypublisher;
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.keypublisher;
 
@@ -26,9 +27,9 @@ import org.springframework.web.servlet.View;
 import org.springframework.web.servlet.ViewResolver;
 
 /**
- * 
+ *
  * Simple view resolver to map JWK view names to appropriate beans
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/model/IssuerServiceResponse.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,14 +16,14 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.model;
 
 /**
- * 
+ *
  * Data container to facilitate returns from the IssuerService API.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service;
 
@@ -27,11 +28,11 @@ import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.openid.connect.config.ServerConfiguration;
 
 /**
- * 
+ *
  * This service provides any extra options that need to be passed to the authentication request,
  * either through the authorization endpoint (getOptions) or the token endpoint (getTokenOptions).
  * These options may depend on the server configuration, client configuration, or HTTP request.
- * 
+ *
  * @author jricher
  *
  */
@@ -39,7 +40,7 @@ public interface AuthRequestOptionsService {
 
 	/**
 	 * The set of options needed at the authorization endpoint.
-	 * 
+	 *
 	 * @param server
 	 * @param client
 	 * @param request
@@ -49,7 +50,7 @@ public interface AuthRequestOptionsService {
 
 	/**
 	 * The set of options needed at the token endpoint.
-	 * 
+	 *
 	 * @param server
 	 * @param client
 	 * @param request

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service;
 
@@ -26,7 +27,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 
 /**
  * Builds a URL string to the IdP's authorization endpoint.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service;
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service;
 
@@ -24,9 +25,9 @@ import javax.servlet.http.HttpServletRequest;
 import org.mitre.openid.connect.client.model.IssuerServiceResponse;
 
 /**
- * 
+ *
  * Gets an issuer for the given request. Might do dynamic discovery, or might be statically configured.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,12 +16,10 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service;
 
-import java.util.List;
-
 import org.mitre.oauth2.model.RegisteredClient;
 
 /**

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service;
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicRegistrationClientConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -164,10 +165,10 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
 
 	/**
 	 * Loader class that fetches the client information.
-	 * 
+	 *
 	 * If a client has been registered (ie, it's known to the RegisteredClientService), then this
 	 * will fetch the client's configuration from the server.
-	 * 
+	 *
 	 * @author jricher
 	 *
 	 */
@@ -203,12 +204,12 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
 
 				try {
 					String registered = restTemplate.postForObject(serverConfig.getRegistrationEndpointUri(), entity, String.class);
-	
+
 					RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
-	
+
 					// save this client for later
 					registeredClientService.save(serverConfig.getIssuer(), client);
-	
+
 					return client;
 				} catch (RestClientException rce) {
 					throw new InvalidClientException("Error registering client with server");
@@ -227,9 +228,9 @@ public class DynamicRegistrationClientConfigurationService implements ClientConf
 					try {
 						String registered = restTemplate.exchange(knownClient.getRegistrationClientUri(), HttpMethod.GET, entity, String.class).getBody();
 						// TODO: handle HTTP errors
-	
+
 						RegisteredClient client = ClientDetailsEntityJsonProcessor.parseRegistered(registered);
-	
+
 						return client;
 					} catch (RestClientException rce) {
 						throw new InvalidClientException("Error loading previously registered client information from server");

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,10 +16,17 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
+import static org.mitre.util.JsonUtils.getAsBoolean;
+import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
+import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
+import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
+import static org.mitre.util.JsonUtils.getAsString;
+import static org.mitre.util.JsonUtils.getAsStringList;
+
 import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
@@ -41,17 +49,10 @@ import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 
-import static org.mitre.util.JsonUtils.getAsBoolean;
-import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
-import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
-import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
-import static org.mitre.util.JsonUtils.getAsString;
-import static org.mitre.util.JsonUtils.getAsStringList;
-
 /**
- * 
+ *
  * Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
- * 
+ *
  * @author jricher
  *
  */
@@ -133,9 +134,9 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer
 		private HttpComponentsClientHttpRequestFactory httpFactory;
 		private JsonParser parser = new JsonParser();
 
-        OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
-            this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
-        }
+		OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
+			this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
+		}
 
 		@Override
 		public ServerConfiguration load(String issuer) throws Exception {

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridClientConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -31,12 +32,12 @@ import org.mitre.openid.connect.config.ServerConfiguration;
  * Houses both a static client configuration and a dynamic client configuration
  * service in one object. Checks the static service first, then falls through to
  * the dynamic service.
- * 
+ *
  * Provides configuration passthrough for the template, registered client service, whitelist,
  * and blacklist for the dynamic service, and to the static service's client map.
- * 
+ *
  * @author jricher
- * 
+ *
  */
 public class HybridClientConfigurationService implements ClientConfigurationService {
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridIssuerService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,11 +27,11 @@ import org.mitre.openid.connect.client.service.IssuerService;
 import com.google.common.collect.Sets;
 
 /**
- * 
+ *
  * Issuer service that tries to parse input from the inputs from a third-party
  * account chooser service (if possible), but falls back to webfinger discovery
  * if not.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/HybridServerConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -29,11 +30,11 @@ import org.mitre.openid.connect.config.ServerConfiguration;
  * Houses both a static server configuration and a dynamic server configuration
  * service in one object. Checks the static service first, then falls through to
  * the dynamic service.
- * 
+ *
  * Provides configuration passthrough to the dynamic service's whitelist and blacklist,
  * and to the static service's server map.
- * 
- * 
+ *
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -55,20 +56,20 @@ public class JsonFileRegisteredClientService implements RegisteredClientService
 	private static final Logger logger = LoggerFactory.getLogger(JsonFileRegisteredClientService.class);
 
 	private Gson gson = new GsonBuilder()
-	.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
-		@Override
-		public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
-			return ClientDetailsEntityJsonProcessor.serialize(src);
-		}
-	})
-	.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
-		@Override
-		public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-			return ClientDetailsEntityJsonProcessor.parseRegistered(json);
-		}
-	})
-	.setPrettyPrinting()
-	.create();
+			.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
+				@Override
+				public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
+					return ClientDetailsEntityJsonProcessor.serialize(src);
+				}
+			})
+			.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
+				@Override
+				public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+					return ClientDetailsEntityJsonProcessor.parseRegistered(json);
+				}
+			})
+			.setPrettyPrinting()
+			.create();
 
 	private File file;
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -33,9 +34,9 @@ import com.google.common.base.Joiner;
 import com.google.common.base.Strings;
 
 /**
- * 
+ *
  * Builds an auth request redirect URI with normal query parameters.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticAuthRequestOptionsService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -29,9 +30,9 @@ import org.mitre.openid.connect.client.service.AuthRequestOptionsService;
 import org.mitre.openid.connect.config.ServerConfiguration;
 
 /**
- * 
+ *
  * Always returns the same set of options.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -29,9 +30,9 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 
 /**
  * Client configuration service that holds a static map from issuer URL to a ClientDetails object to use at that issuer.
- * 
+ *
  * Designed to be configured as a bean.
- * 
+ *
  * @author jricher
  *
  */
@@ -56,7 +57,7 @@ public class StaticClientConfigurationService implements ClientConfigurationServ
 
 	/**
 	 * Get the client configured for this issuer
-	 * 
+	 *
 	 * @see org.mitre.openid.connect.client.service.ClientConfigurationService#getClientConfiguration(java.lang.String)
 	 */
 	@Override

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -28,7 +29,7 @@ import org.mitre.openid.connect.config.ServerConfiguration;
 
 /**
  * Statically configured server configuration service that maps issuer URLs to server configurations to use at that issuer.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -51,7 +52,7 @@ public class StaticSingleIssuerService implements IssuerService {
 
 	/**
 	 * Always returns the configured issuer URL
-	 * 
+	 *
 	 * @see org.mitre.openid.connect.client.service.IssuerService#getIssuer(javax.servlet.http.HttpServletRequest)
 	 */
 	@Override

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -34,9 +35,9 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
 import com.google.common.base.Strings;
 
 /**
- * 
+ *
  * Determines the issuer using an account chooser or other third-party-initiated login
- * 
+ *
  * @author jricher
  *
  */

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.openid.connect.client.service.impl;
 
@@ -74,7 +75,7 @@ public class WebfingerIssuerService implements IssuerService {
 			this.issuer = issuer;
 		}
 	}
-	
+
 	private Set<String> whitelist = new HashSet<>();
 	private Set<String> blacklist = new HashSet<>();
 
@@ -118,7 +119,7 @@ public class WebfingerIssuerService implements IssuerService {
 				if (blacklist.contains(lr.issuer)) {
 					throw new AuthenticationServiceException("Issuer was in blacklist: " + lr.issuer);
 				}
-				
+
 				return new IssuerServiceResponse(lr.issuer, lr.loginHint, request.getParameter("target_link_uri"));
 			} catch (UncheckedExecutionException | ExecutionException e) {
 				logger.warn("Issue fetching issuer for user input: " + identifier + ": " + e.getMessage());
@@ -218,7 +219,7 @@ public class WebfingerIssuerService implements IssuerService {
 		public LoadingResult load(String identifier) throws Exception {
 
 			UriComponents key = WebfingerURLNormalizer.normalizeResource(identifier);
-			
+
 			RestTemplate restTemplate = new RestTemplate(httpFactory);
 			// construct the URL to go to
 
@@ -268,7 +269,7 @@ public class WebfingerIssuerService implements IssuerService {
 
 								// we found the issuer, return it
 								String href = linkObj.get("href").getAsString();
-								
+
 								if (identifier.equals(href)
 										|| identifier.startsWith("http")) {
 									// try to avoid sending a URL as the login hint

openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/service/impl/TestScopeBasedIntrospectionAuthoritiesGranter.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -38,7 +37,7 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
 	private JsonObject introspectionResponse;
 
 	private ScopeBasedIntrospectionAuthoritiesGranter granter = new ScopeBasedIntrospectionAuthoritiesGranter();
-	
+
 	/**
 	 * @throws java.lang.Exception
 	 */
@@ -53,16 +52,16 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
 	@Test
 	public void testGetAuthoritiesJsonObject_withScopes() {
 		introspectionResponse.addProperty("scope", "foo bar baz batman");
-		
+
 		List<GrantedAuthority> expected = new ArrayList<>();
 		expected.add(new SimpleGrantedAuthority("ROLE_API"));
 		expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_foo"));
 		expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_bar"));
 		expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_baz"));
 		expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_batman"));
-		
+
 		List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
-		
+
 		assertTrue(authorities.containsAll(expected));
 		assertTrue(expected.containsAll(authorities));
 	}
@@ -72,12 +71,12 @@ public class TestScopeBasedIntrospectionAuthoritiesGranter {
 	 */
 	@Test
 	public void testGetAuthoritiesJsonObject_withoutScopes() {
-		
+
 		List<GrantedAuthority> expected = new ArrayList<>();
 		expected.add(new SimpleGrantedAuthority("ROLE_API"));
-		
+
 		List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
-		
+
 		assertTrue(authorities.containsAll(expected));
 		assertTrue(expected.containsAll(authorities));
 	}

openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java

@@ -1,11 +1,20 @@
+/*******************************************************************************
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
 package org.mitre.openid.connect.client;
 
-import static org.hamcrest.CoreMatchers.instanceOf;
-import static org.hamcrest.CoreMatchers.is;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.fail;
-import static org.mockito.Mockito.mock;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -13,13 +22,21 @@ import org.junit.Test;
 import org.mockito.Mockito;
 import org.springframework.security.authentication.AuthenticationServiceException;
 
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.is;
+
+import static org.mockito.Mockito.mock;
+
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+
 public class TestOIDCAuthenticationFilter {
 
 	private OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter();
-	
+
 	@Test
 	public void attemptAuthentication_error() throws Exception {
-		
+
 		HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
 		Mockito.when(request.getParameter("error")).thenReturn("Error");
 		Mockito.when(request.getParameter("error_description")).thenReturn("Description");
@@ -27,13 +44,13 @@ public class TestOIDCAuthenticationFilter {
 
 		try {
 			filter.attemptAuthentication(request, mock(HttpServletResponse.class));
-			
+
 			fail("AuthorizationEndpointException expected.");
 		}
 		catch (AuthorizationEndpointException exception) {
 			assertThat(exception.getMessage(),
 					is("Error from Authorization Endpoint: Error Description http://example.com"));
-			
+
 			assertThat(exception.getError(), is("Error"));
 			assertThat(exception.getErrorDescription(), is("Description"));
 			assertThat(exception.getErrorURI(), is("http://example.com"));

openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,7 +53,7 @@ import static org.junit.Assert.fail;
 
 /**
  * @author wkim
- * 
+ *
  */
 public class TestSignedAuthRequestUrlBuilder {
 
@@ -91,7 +92,7 @@ public class TestSignedAuthRequestUrlBuilder {
 	@Before
 	public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException {
 
-		RSAKey key = new RSAKey(new Base64URL(n), new Base64URL(e), new Base64URL(d), KeyUse.SIGNATURE, null, new Algorithm(alg), kid, null, null, null);
+		RSAKey key = new RSAKey(new Base64URL(n), new Base64URL(e), new Base64URL(d), KeyUse.SIGNATURE, null, new Algorithm(alg), kid, null, null, null, null, null);
 		Map<String, JWK> keys = Maps.newHashMap();
 		keys.put("client", key);
 

openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-client/src/test/resources/test-context.xml

@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-    Copyright 2017 The MITRE Corporation
-      and the MIT Internet Trust Consortium
+    Copyright 2018 The MIT Internet Trust Consortium
+   
+    Portions copyright 2011-2013 The MITRE Corporation
    
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

openid-connect-common/pom.xml

@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-    Copyright 2017 The MITRE Corporation
-      and the MIT Internet Trust Consortium
+    Copyright 2018 The MIT Internet Trust Consortium
+   
+    Portions copyright 2011-2013 The MITRE Corporation
    
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -21,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.0-RC2</version>
+		<version>1.3.5-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-common</artifactId>
@@ -86,6 +87,26 @@
 			<groupId>org.bouncycastle</groupId>
 			<artifactId>bcprov-jdk15on</artifactId>
 		</dependency>
+		<dependency>
+			  <groupId>javax.annotation</groupId>
+			  <artifactId>javax.annotation-api</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>jakarta.xml.bind</groupId>
+			<artifactId>jakarta.xml.bind-api</artifactId>
+		</dependency>
+		<dependency>
+    		<groupId>javax.xml.bind</groupId>
+    		<artifactId>jaxb-api</artifactId>
+		</dependency>
+		<dependency>
+		    <groupId>javax.activation</groupId>
+		    <artifactId>activation</artifactId>
+		</dependency>
+		<dependency>
+		    <groupId>org.glassfish.jaxb</groupId>
+		    <artifactId>jaxb-runtime</artifactId>
+		</dependency>
 	</dependencies>
 
 	<packaging>jar</packaging>

openid-connect-common/src/main/java/org/mitre/data/AbstractPageOperationTemplate.java

@@ -1,12 +1,27 @@
+/*******************************************************************************
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
 package org.mitre.data;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 /**
  * Abstract class for performing an operation on a potentially large
  * number of items by paging through the items in discreet chunks.
@@ -16,162 +31,162 @@ import java.util.Set;
  */
 public abstract class AbstractPageOperationTemplate<T> {
 
-    private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
+	private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
 
-    private static int DEFAULT_MAX_PAGES = 1000;
-    private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
+	private static int DEFAULT_MAX_PAGES = 1000;
+	private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
 
-    /**
-     * int specifying the maximum number of
-     * pages which should be fetched before
-     * execution should terminate
-     */
-    private int maxPages;
+	/**
+	 * int specifying the maximum number of
+	 * pages which should be fetched before
+	 * execution should terminate
+	 */
+	private int maxPages;
 
-    /**
-     * long specifying the maximum execution time
-     * in milliseconds
-     */
-    private long maxTime;
+	/**
+	 * long specifying the maximum execution time
+	 * in milliseconds
+	 */
+	private long maxTime;
 
-    /**
-     * boolean specifying whether or not Exceptions
-     * incurred performing the operation should be
-     * swallowed during execution default true.
-     */
-    private boolean swallowExceptions = true;
-    
-    /**
-     * String that is used for logging in final tallies.
-     */
-    private String operationName = "";
+	/**
+	 * boolean specifying whether or not Exceptions
+	 * incurred performing the operation should be
+	 * swallowed during execution default true.
+	 */
+	private boolean swallowExceptions = true;
+
+	/**
+	 * String that is used for logging in final tallies.
+	 */
+	private String operationName = "";
 
 
-    /**
-     * default constructor which sets the value of
-     * maxPages and maxTime to DEFAULT_MAX_PAGES and
-     * DEFAULT_MAX_TIME_MILLIS respectively
-     */
-    public AbstractPageOperationTemplate(String operationName){
-        this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
-    }
+	/**
+	 * default constructor which sets the value of
+	 * maxPages and maxTime to DEFAULT_MAX_PAGES and
+	 * DEFAULT_MAX_TIME_MILLIS respectively
+	 */
+	public AbstractPageOperationTemplate(String operationName){
+		this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
+	}
 
-    /**
-     * Instantiates a new AbstractPageOperationTemplate with the
-     * given maxPages and maxTime
-     *
-     * @param maxPages the maximum number of pages to fetch.
-     * @param maxTime the maximum execution time.
-     */
-    public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
-        this.maxPages = maxPages;
-        this.maxTime = maxTime;
-        this.operationName = operationName;
-    }
+	/**
+	 * Instantiates a new AbstractPageOperationTemplate with the
+	 * given maxPages and maxTime
+	 *
+	 * @param maxPages the maximum number of pages to fetch.
+	 * @param maxTime the maximum execution time.
+	 */
+	public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
+		this.maxPages = maxPages;
+		this.maxTime = maxTime;
+		this.operationName = operationName;
+	}
 
-    /**
-     * Execute the operation on each member of a page of results
-     * retrieved through the fetch method. the method will execute
-     * until either the maxPages or maxTime limit is reached or until
-     * the fetch method returns no more results. Exceptions thrown
-     * performing the operation on the item will be swallowed if the
-     * swallowException (default true) field is set true.
-     */
-    public void execute(){
-        logger.debug("[" + getOperationName() +  "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
+	/**
+	 * Execute the operation on each member of a page of results
+	 * retrieved through the fetch method. the method will execute
+	 * until either the maxPages or maxTime limit is reached or until
+	 * the fetch method returns no more results. Exceptions thrown
+	 * performing the operation on the item will be swallowed if the
+	 * swallowException (default true) field is set true.
+	 */
+	public void execute(){
+		logger.debug("[" + getOperationName() +  "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
 
-        long startTime = System.currentTimeMillis();
-        long executionTime = 0;
-        int i = 0;
+		long startTime = System.currentTimeMillis();
+		long executionTime = 0;
+		int i = 0;
 
-        int exceptionsSwallowedCount = 0;
-        int operationsCompleted = 0;
-        Set<String> exceptionsSwallowedClasses = new HashSet<String>();
+		int exceptionsSwallowedCount = 0;
+		int operationsCompleted = 0;
+		Set<String> exceptionsSwallowedClasses = new HashSet<String>();
 
 
-        while (i< maxPages && executionTime < maxTime){
-            Collection<T> page = fetchPage();
-            if(page == null || page.size() == 0){
-                break;
-            }
+		while (i< maxPages && executionTime < maxTime){
+			Collection<T> page = fetchPage();
+			if(page == null || page.size() == 0){
+				break;
+			}
 
-            for (T item : page) {
-                try {
-                    doOperation(item);
-                    operationsCompleted++;
-                } catch (Exception e){
-                    if(swallowExceptions){
-                        exceptionsSwallowedCount++;
-                        exceptionsSwallowedClasses.add(e.getClass().getName());
-                        logger.debug("Swallowing exception " + e.getMessage(), e);
-                    } else {
-                        logger.debug("Rethrowing exception " + e.getMessage());
-                        throw e;
-                    }
-                }
-            }
+			for (T item : page) {
+				try {
+					doOperation(item);
+					operationsCompleted++;
+				} catch (Exception e){
+					if(swallowExceptions){
+						exceptionsSwallowedCount++;
+						exceptionsSwallowedClasses.add(e.getClass().getName());
+						logger.debug("Swallowing exception " + e.getMessage(), e);
+					} else {
+						logger.debug("Rethrowing exception " + e.getMessage());
+						throw e;
+					}
+				}
+			}
 
-            i++;
-            executionTime = System.currentTimeMillis() - startTime;
-        }
+			i++;
+			executionTime = System.currentTimeMillis() - startTime;
+		}
 
-        finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
-    }
+		finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
+	}
 
 
 
-    /**
-     * method responsible for fetching
-     * a page of items.
-     *
-     * @return the collection of items
-     */
-    public abstract Collection<T> fetchPage();
+	/**
+	 * method responsible for fetching
+	 * a page of items.
+	 *
+	 * @return the collection of items
+	 */
+	public abstract Collection<T> fetchPage();
 
-    /**
-     * method responsible for performing desired
-     * operation on a fetched page item.
-     *
-     * @param item the item
-     */
-    protected abstract void doOperation(T item);
-    
-    /**
-     * Method responsible for final report of progress.
-     * @return
-     */
-    protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
-    	if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
-    		logger.info("[" + getOperationName() +  "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
-    	}
-    	for(String className:  exceptionsSwallowedClasses) {
-    		logger.warn("[" + getOperationName() +  "] Paged operation swallowed at least one exception of type " + className);
-    	}
-    }
+	/**
+	 * method responsible for performing desired
+	 * operation on a fetched page item.
+	 *
+	 * @param item the item
+	 */
+	protected abstract void doOperation(T item);
 
-    public int getMaxPages() {
-        return maxPages;
-    }
+	/**
+	 * Method responsible for final report of progress.
+	 * @return
+	 */
+	protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
+		if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
+			logger.info("[" + getOperationName() +  "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
+		}
+		for(String className:  exceptionsSwallowedClasses) {
+			logger.warn("[" + getOperationName() +  "] Paged operation swallowed at least one exception of type " + className);
+		}
+	}
 
-    public void setMaxPages(int maxPages) {
-        this.maxPages = maxPages;
-    }
+	public int getMaxPages() {
+		return maxPages;
+	}
 
-    public long getMaxTime() {
-        return maxTime;
-    }
+	public void setMaxPages(int maxPages) {
+		this.maxPages = maxPages;
+	}
 
-    public void setMaxTime(long maxTime) {
-        this.maxTime = maxTime;
-    }
+	public long getMaxTime() {
+		return maxTime;
+	}
 
-    public boolean isSwallowExceptions() {
-        return swallowExceptions;
-    }
+	public void setMaxTime(long maxTime) {
+		this.maxTime = maxTime;
+	}
 
-    public void setSwallowExceptions(boolean swallowExceptions) {
-        this.swallowExceptions = swallowExceptions;
-    }
+	public boolean isSwallowExceptions() {
+		return swallowExceptions;
+	}
+
+	public void setSwallowExceptions(boolean swallowExceptions) {
+		this.swallowExceptions = swallowExceptions;
+	}
 
 
 	/**

openid-connect-common/src/main/java/org/mitre/data/DefaultPageCriteria.java

@@ -1,3 +1,18 @@
+/*******************************************************************************
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
 package org.mitre.data;
 
 /**
@@ -8,28 +23,28 @@ package org.mitre.data;
  */
 public class DefaultPageCriteria implements PageCriteria {
 
-    private static final int DEFAULT_PAGE_NUMBER = 0;
-    private static final int DEFAULT_PAGE_SIZE = 100;
+	private static final int DEFAULT_PAGE_NUMBER = 0;
+	private static final int DEFAULT_PAGE_SIZE = 100;
 
-    private int pageNumber;
-    private int pageSize;
+	private int pageNumber;
+	private int pageSize;
 
-    public DefaultPageCriteria(){
-        this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
-    }
+	public DefaultPageCriteria(){
+		this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
+	}
 
-    public DefaultPageCriteria(int pageNumber, int pageSize) {
-        this.pageNumber = pageNumber;
-        this.pageSize = pageSize;
-    }
+	public DefaultPageCriteria(int pageNumber, int pageSize) {
+		this.pageNumber = pageNumber;
+		this.pageSize = pageSize;
+	}
 
-    @Override
-    public int getPageNumber() {
-        return pageNumber;
-    }
+	@Override
+	public int getPageNumber() {
+		return pageNumber;
+	}
 
-    @Override
-    public int getPageSize() {
-        return pageSize;
-    }
+	@Override
+	public int getPageSize() {
+		return pageSize;
+	}
 }

openid-connect-common/src/main/java/org/mitre/data/PageCriteria.java

@@ -1,3 +1,18 @@
+/*******************************************************************************
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
 package org.mitre.data;
 
 /**
@@ -8,6 +23,6 @@ package org.mitre.data;
  */
 public interface PageCriteria {
 
-    public int getPageNumber();
-    public int getPageSize();
+	public int getPageNumber();
+	public int getPageSize();
 }

openid-connect-common/src/main/java/org/mitre/discovery/util/WebfingerURLNormalizer.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,7 +30,7 @@ import com.google.common.base.Strings;
 
 /**
  * Provides utility methods for normalizing and parsing URIs for use with Webfinger Discovery.
- * 
+ *
  * @author wkim
  *
  */

openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.jose.keystore;
 

openid-connect-common/src/main/java/org/mitre/jwt/assertion/AssertionValidator.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,5 +25,5 @@ import com.nimbusds.jwt.JWT;
 public interface AssertionValidator {
 
 	public boolean isValid(JWT assertion);
-	
+
 }

openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/NullAssertionValidator.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,7 +22,7 @@ import com.nimbusds.jwt.JWT;
 
 /**
  * Reject all assertions passed in.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/SelfAssertionValidator.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,6 +24,7 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
 
 import com.google.common.base.Strings;
 import com.nimbusds.jwt.JWT;
@@ -33,27 +33,28 @@ import com.nimbusds.jwt.SignedJWT;
 
 /**
  * Validates all assertions generated by this server
- * 
+ *
  * @author jricher
  *
  */
+@Component("selfAssertionValidator")
 public class SelfAssertionValidator implements AssertionValidator {
 
 	private static Logger logger = LoggerFactory.getLogger(SelfAssertionValidator.class);
 
 	@Autowired
 	private ConfigurationPropertiesBean config;
-	
+
 	@Autowired
 	private JWTSigningAndValidationService jwtService;
-	
+
 	@Override
 	public boolean isValid(JWT assertion) {
 		if (!(assertion instanceof SignedJWT)) {
 			// unsigned assertion
 			return false;
 		}
-		
+
 		JWTClaimsSet claims;
 		try {
 			claims = assertion.getJWTClaimsSet();
@@ -61,17 +62,20 @@ public class SelfAssertionValidator implements AssertionValidator {
 			logger.debug("Invalid assertion claims");
 			return false;
 		}
-		
+
+		// make sure the issuer exists
 		if (Strings.isNullOrEmpty(claims.getIssuer())) {
 			logger.debug("No issuer for assertion, rejecting");
 			return false;
 		}
-		
-		if (claims.getIssuer().equals(config.getIssuer())) {
+
+		// make sure the issuer is us
+		if (!claims.getIssuer().equals(config.getIssuer())) {
 			logger.debug("Issuer is not the same as this server, rejecting");
 			return false;
 		}
-		
+
+		// validate the signature based on our public key
 		if (jwtService.validateSignature((SignedJWT) assertion)) {
 			return true;
 		} else {

openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/WhitelistedIssuerAssertionValidator.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,12 +40,12 @@ import com.nimbusds.jwt.SignedJWT;
 public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
 
 	private static Logger logger = LoggerFactory.getLogger(WhitelistedIssuerAssertionValidator.class);
-	
+
 	/**
 	 * Map of issuer -> JWKSetUri
 	 */
 	private Map<String, String> whitelist = new HashMap<>();
-	
+
 	/**
 	 * @return the whitelist
 	 */
@@ -63,15 +62,15 @@ public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
 
 	@Autowired
 	private JWKSetCacheService jwkCache;
-	
+
 	@Override
 	public boolean isValid(JWT assertion) {
-		
+
 		if (!(assertion instanceof SignedJWT)) {
 			// unsigned assertion
 			return false;
 		}
-		
+
 		JWTClaimsSet claims;
 		try {
 			claims = assertion.getJWTClaimsSet();
@@ -79,21 +78,21 @@ public class WhitelistedIssuerAssertionValidator implements AssertionValidator {
 			logger.debug("Invalid assertion claims");
 			return false;
 		}
-		
+
 		if (Strings.isNullOrEmpty(claims.getIssuer())) {
 			logger.debug("No issuer for assertion, rejecting");
 			return false;
 		}
-		
+
 		if (!whitelist.containsKey(claims.getIssuer())) {
 			logger.debug("Issuer is not in whitelist, rejecting");
 			return false;
 		}
-		
+
 		String jwksUri = whitelist.get(claims.getIssuer());
-		
+
 		JWTSigningAndValidationService validator = jwkCache.getValidator(jwksUri);
-		
+
 		if (validator.validateSignature((SignedJWT) assertion)) {
 			return true;
 		} else {

openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/JWTEncryptionAndDecryptionService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,7 +46,6 @@ import com.nimbusds.jose.crypto.ECDHEncrypter;
 import com.nimbusds.jose.crypto.RSADecrypter;
 import com.nimbusds.jose.crypto.RSAEncrypter;
 import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
-import com.nimbusds.jose.jca.JCAContext;
 import com.nimbusds.jose.jwk.ECKey;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.OctetSequenceKey;
@@ -80,7 +80,7 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
 	/**
 	 * Build this service based on the keys given. All public keys will be used to make encrypters,
 	 * all private keys will be used to make decrypters.
-	 * 
+	 *
 	 * @param keys
 	 * @throws NoSuchAlgorithmException
 	 * @throws InvalidKeySpecException
@@ -94,7 +94,7 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
 	/**
 	 * Build this service based on the given keystore. All keys must have a key
 	 * id ({@code kid}) field in order to be used.
-	 * 
+	 *
 	 * @param keyStore
 	 * @throws NoSuchAlgorithmException
 	 * @throws InvalidKeySpecException
@@ -240,13 +240,13 @@ public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAn
 					logger.warn("No private key for key #" + jwk.getKeyID());
 				}
 			} else if (jwk instanceof ECKey) {
-				
+
 				// build EC Encrypters and decrypters
-				
+
 				ECDHEncrypter encrypter = new ECDHEncrypter((ECKey) jwk);
 				encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
 				encrypters.put(id, encrypter);
-				
+
 				if (jwk.isPrivate()) { // we can decrypt too
 					ECDHDecrypter decrypter = new ECDHDecrypter((ECKey) jwk);
 					decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JWTSigningAndValidationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,7 +35,7 @@ public interface JWTSigningAndValidationService {
 	/**
 	 * Checks the signature of the given JWT against all configured signers,
 	 * returns true if at least one of the signers validates it.
-	 * 
+	 *
 	 * @param jwtString
 	 *            the string representation of the JWT as sent on the wire
 	 * @return true if the signature is valid, false if not
@@ -45,7 +46,7 @@ public interface JWTSigningAndValidationService {
 	/**
 	 * Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
 	 * Use the default algorithm to sign.
-	 * 
+	 *
 	 * @param jwt the jwt to sign
 	 * @return the signed jwt
 	 * @throws NoSuchAlgorithmException
@@ -67,7 +68,7 @@ public interface JWTSigningAndValidationService {
 	/**
 	 * Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified
 	 * in the JWT spec, section 6. I.E., "HS256" means HMAC with SHA-256 and corresponds to our HmacSigner class.
-	 * 
+	 *
 	 * @param jwt the jwt to sign
 	 * @param alg the name of the algorithm to use, as specified in JWS s.6
 	 * @return the signed jwt

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/ClientKeyCacheService.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -39,10 +38,10 @@ import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.jwk.JWKSet;
 
 /**
- * 
+ *
  * Takes in a client and returns the appropriate validator or encrypter for
  * that client's registered key types.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,8 +18,6 @@
 package org.mitre.jwt.signer.service.impl;
 
 import java.security.NoSuchAlgorithmException;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Collection;
 import java.util.HashMap;
@@ -72,10 +71,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
 	/**
 	 * Build this service based on the keys given. All public keys will be used
 	 * to make verifiers, all private keys will be used to make signers.
-	 * 
+	 *
 	 * @param keys
 	 *            A map of key identifier to key
-	 * 
+	 *
 	 * @throws InvalidKeySpecException
 	 *             If the keys in the JWKs are not valid
 	 * @throws NoSuchAlgorithmException
@@ -89,10 +88,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
 	/**
 	 * Build this service based on the given keystore. All keys must have a key
 	 * id ({@code kid}) field in order to be used.
-	 * 
+	 *
 	 * @param keyStore
 	 *            the keystore to load all keys from
-	 * 
+	 *
 	 * @throws InvalidKeySpecException
 	 *             If the keys in the JWKs are not valid
 	 * @throws NoSuchAlgorithmException
@@ -165,37 +164,37 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
 			try {
 				if (jwk instanceof RSAKey) {
 					// build RSA signers & verifiers
-	
+
 					if (jwk.isPrivate()) { // only add the signer if there's a private key
 						RSASSASigner signer = new RSASSASigner((RSAKey) jwk);
 						signers.put(id, signer);
 					}
-	
+
 					RSASSAVerifier verifier = new RSASSAVerifier((RSAKey) jwk);
 					verifiers.put(id, verifier);
-	
+
 				} else if (jwk instanceof ECKey) {
 					// build EC signers & verifiers
-	
+
 					if (jwk.isPrivate()) {
 						ECDSASigner signer = new ECDSASigner((ECKey) jwk);
 						signers.put(id, signer);
 					}
-	
+
 					ECDSAVerifier verifier = new ECDSAVerifier((ECKey) jwk);
 					verifiers.put(id, verifier);
-	
+
 				} else if (jwk instanceof OctetSequenceKey) {
 					// build HMAC signers & verifiers
-	
+
 					if (jwk.isPrivate()) { // technically redundant check because all HMAC keys are private
 						MACSigner signer = new MACSigner((OctetSequenceKey) jwk);
 						signers.put(id, signer);
 					}
-	
+
 					MACVerifier verifier = new MACVerifier((OctetSequenceKey) jwk);
 					verifiers.put(id, verifier);
-	
+
 				} else {
 					logger.warn("Unknown key type: " + jwk);
 				}

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetCacheService.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.jwt.signer.service.impl;
 
@@ -43,12 +44,12 @@ import com.google.gson.JsonParseException;
 import com.nimbusds.jose.jwk.JWKSet;
 
 /**
- * 
+ *
  * Creates a caching map of JOSE signers/validators and encrypters/decryptors
  * keyed on the JWK Set URI. Dynamically loads JWK Sets to create the services.
- * 
+ *
  * @author jricher
- * 
+ *
  */
 @Service
 public class JWKSetCacheService {
@@ -150,11 +151,11 @@ public class JWKSetCacheService {
 			try {
 				String jsonString = restTemplate.getForObject(key, String.class);
 				JWKSet jwkSet = JWKSet.parse(jsonString);
-	
+
 				JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
-	
+
 				JWTEncryptionAndDecryptionService service = new DefaultJWTEncryptionAndDecryptionService(keyStore);
-	
+
 				return service;
 			} catch (JsonParseException | RestClientException e) {
 				throw new IllegalArgumentException("Unable to load JWK Set");

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/SymmetricKeyJWTValidatorCacheService.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,7 +40,7 @@ import com.nimbusds.jose.util.Base64URL;
 
 /**
  * Creates and caches symmetrical validators for clients based on client secrets.
- * 
+ *
  * @author jricher
  *
  */
@@ -66,7 +65,7 @@ public class SymmetricKeyJWTValidatorCacheService {
 
 	/**
 	 * Create a symmetric signing and validation service for the given client
-	 * 
+	 *
 	 * @param client
 	 * @return
 	 */
@@ -100,8 +99,10 @@ public class SymmetricKeyJWTValidatorCacheService {
 			try {
 
 				String id = "SYMMETRIC-KEY";
-
-				JWK jwk = new OctetSequenceKey(Base64URL.encode(key), KeyUse.SIGNATURE, null, null, id, null, null, null);
+				JWK jwk = new OctetSequenceKey.Builder(Base64URL.encode(key))
+					.keyUse(KeyUse.SIGNATURE)
+					.keyID(id)
+					.build();
 				Map<String, JWK> keys = ImmutableMap.of(id, jwk);
 				JWTSigningAndValidationService service = new DefaultJWTSigningAndValidationService(keys);
 

openid-connect-common/src/main/java/org/mitre/oauth2/exception/DeviceCodeCreationException.java

@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+
+package org.mitre.oauth2.exception;
+
+/**
+ * @author jricher
+ *
+ */
+public class DeviceCodeCreationException extends Exception {
+
+	private static final long serialVersionUID = 8078568710169208466L;
+
+	private String error;
+
+	public DeviceCodeCreationException(String error, String message) {
+		super(message);
+		this.error = error;
+	}
+	
+	/**
+	 * @return the error
+	 */
+	public String getError() {
+		return error;
+	}
+
+	/**
+	 * @param error the error to set
+	 */
+	public void setError(String error) {
+		this.error = error;
+	}
+	
+	
+	
+}

openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,7 +34,7 @@ import javax.persistence.Temporal;
 
 /**
  * Entity class for authorization codes
- * 
+ *
  * @author aanganes
  *
  */
@@ -67,7 +68,7 @@ public class AuthorizationCodeEntity {
 
 	/**
 	 * Create a new AuthorizationCodeEntity with the given code and AuthorizationRequestHolder.
-	 * 
+	 *
 	 * @param code 			the authorization code
 	 * @param authRequest	the AuthoriztionRequestHolder associated with the original code request
 	 */

openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.model;
 
@@ -57,7 +58,6 @@ import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.provider.ClientDetails;
 
-import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
@@ -66,7 +66,7 @@ import com.nimbusds.jwt.JWT;
 
 /**
  * @author jricher
- * 
+ *
  */
 @Entity
 @Table(name = "client_details")
@@ -151,10 +151,10 @@ public class ClientDetailsEntity implements ClientDetails {
 
 	/** fields for UMA */
 	private Set<String> claimsRedirectUris;
-	
+
 	/** Software statement **/
 	private JWT softwareStatement;
-	
+
 	/** PKCE **/
 	private PKCEAlgorithm codeChallengeMethod;
 
@@ -239,7 +239,7 @@ public class ClientDetailsEntity implements ClientDetails {
 			return lookup.get(value);
 		}
 	}
-	
+
 	/**
 	 * Create a blank ClientDetailsEntity
 	 */
@@ -267,7 +267,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	}
 
 	/**
-	 * 
+	 *
 	 * @param id the id to set
 	 */
 	public void setId(Long id) {
@@ -314,7 +314,7 @@ public class ClientDetailsEntity implements ClientDetails {
 
 	/**
 	 * Number of seconds ID token is valid for. MUST be a positive integer, can not be null.
-	 * 
+	 *
 	 * @return the idTokenValiditySeconds
 	 */
 	@Basic
@@ -367,7 +367,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	}
 
 	/**
-	 * 
+	 *
 	 */
 	@Override
 	@Transient
@@ -580,9 +580,9 @@ public class ClientDetailsEntity implements ClientDetails {
 	/**
 	 * This library does not make use of this field, so it is not
 	 * stored using our persistence layer.
-	 * 
+	 *
 	 * However, it's somehow required by SECOUATH.
-	 * 
+	 *
 	 * @return an empty map
 	 */
 	@Override

openid-connect-common/src/main/java/org/mitre/oauth2/model/DeviceCode.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,11 +53,11 @@ public class DeviceCode {
 	public static final String QUERY_BY_USER_CODE = "DeviceCode.queryByUserCode";
 	public static final String QUERY_BY_DEVICE_CODE = "DeviceCode.queryByDeviceCode";
 	public static final String QUERY_EXPIRED_BY_DATE = "DeviceCode.queryExpiredByDate";
-	
+
 	public static final String PARAM_USER_CODE = "userCode";
 	public static final String PARAM_DEVICE_CODE = "deviceCode";
 	public static final String PARAM_DATE = "date";
-	
+
 	private Long id;
 	private String deviceCode;
 	private String userCode;
@@ -68,11 +67,11 @@ public class DeviceCode {
 	private Map<String, String> requestParameters;
 	private boolean approved;
 	private AuthenticationHolderEntity authenticationHolder;
-	
+
 	public DeviceCode() {
-		
+
 	}
-	
+
 	public DeviceCode(String deviceCode, String userCode, Set<String> scope, String clientId, Map<String, String> params) {
 		this.deviceCode = deviceCode;
 		this.userCode = userCode;
@@ -213,7 +212,7 @@ public class DeviceCode {
 	public void setApproved(boolean approved) {
 		this.approved = approved;
 	}
-	
+
 	/**
 	 * The authentication in place when this token was created.
 	 * @return the authentication
@@ -231,5 +230,5 @@ public class DeviceCode {
 		this.authenticationHolder = authenticationHolder;
 	}
 
-	
+
 }

openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.model;
 
@@ -41,7 +42,6 @@ import javax.persistence.ManyToOne;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.OneToMany;
-import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
@@ -71,7 +71,8 @@ import com.nimbusds.jwt.JWT;
 	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
 	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE),
 	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
-	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID)
+	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
+	@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME)
 })
 @org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class)
 @org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class)
@@ -86,6 +87,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate";
 	public static final String QUERY_ALL = "OAuth2AccessTokenEntity.getAll";
 	public static final String QUERY_BY_RESOURCE_SET = "OAuth2AccessTokenEntity.getByResourceSet";
+	public static final String QUERY_BY_NAME = "OAuth2AccessTokenEntity.getByName";
 
 	public static final String PARAM_TOKEN_VALUE = "tokenValue";
 	public static final String PARAM_CLIENT = "client";
@@ -93,6 +95,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	public static final String PARAM_DATE = "date";
 	public static final String PARAM_RESOURCE_SET_ID = "rsid";
 	public static final String PARAM_APPROVED_SITE = "approvedSite";
+	public static final String PARAM_NAME = "name";
 
 	public static final String ID_TOKEN_FIELD_NAME = "id_token";
 
@@ -113,9 +116,9 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	private Set<String> scope;
 
 	private Set<Permission> permissions;
-	
+
 	private ApprovedSite approvedSite;
-	
+
 	private Map<String, Object> additionalInformation = new HashMap<>(); // ephemeral map of items to be added to the OAuth token response
 
 	/**
@@ -297,7 +300,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 			name = "access_token_permissions",
 			joinColumns = @JoinColumn(name = "access_token_id"),
 			inverseJoinColumns = @JoinColumn(name = "permission_id")
-	)
+			)
 	public Set<Permission> getPermissions() {
 		return permissions;
 	}

openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.model;
 
@@ -52,7 +53,8 @@ import com.nimbusds.jwt.JWT;
 	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"),
 	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE),
 	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT),
-	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE)
+	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE),
+	@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2RefreshTokenEntity.PARAM_NAME)
 })
 public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 
@@ -60,10 +62,12 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	public static final String QUERY_BY_CLIENT = "OAuth2RefreshTokenEntity.getByClient";
 	public static final String QUERY_EXPIRED_BY_DATE = "OAuth2RefreshTokenEntity.getAllExpiredByDate";
 	public static final String QUERY_ALL = "OAuth2RefreshTokenEntity.getAll";
+	public static final String QUERY_BY_NAME = "OAuth2RefreshTokenEntity.getByName";
 
 	public static final String PARAM_TOKEN_VALUE = "tokenValue";
 	public static final String PARAM_CLIENT = "client";
 	public static final String PARAM_DATE = "date";
+	public static final String PARAM_NAME = "name";
 
 	private Long id;
 
@@ -78,7 +82,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	private Date expiration;
 
 	/**
-	 * 
+	 *
 	 */
 	public OAuth2RefreshTokenEntity() {
 
@@ -104,7 +108,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	/**
 	 * The authentication in place when the original access token was
 	 * created
-	 * 
+	 *
 	 * @return the authentication
 	 */
 	@ManyToOne

openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,8 +25,13 @@ import com.nimbusds.jose.Requirement;
  */
 public final class PKCEAlgorithm extends Algorithm {
 
+	/**
+	 *
+	 */
+	private static final long serialVersionUID = 7752852583210088925L;
+
 	public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
-	
+
 	public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);
 
 	public PKCEAlgorithm(String name, Requirement req) {
@@ -37,7 +41,7 @@ public final class PKCEAlgorithm extends Algorithm {
 	public PKCEAlgorithm(String name) {
 		super(name, null);
 	}
-	
+
 	public static PKCEAlgorithm parse(final String s) {
 		if (s.equals(plain.getName())) {
 			return plain;
@@ -47,7 +51,7 @@ public final class PKCEAlgorithm extends Algorithm {
 			return new PKCEAlgorithm(s);
 		}
 	}
-	
-	
-	
+
+
+
 }

openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.model;
 
@@ -50,7 +51,7 @@ public class RegisteredClient {
 	private JsonObject src;
 
 	/**
-	 * 
+	 *
 	 */
 	public RegisteredClient() {
 		this.client = new ClientDetailsEntity();
@@ -815,7 +816,7 @@ public class RegisteredClient {
 	public void setSoftwareStatement(JWT softwareStatement) {
 		client.setSoftwareStatement(softwareStatement);
 	}
-	
+
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getCodeChallengeMethod()

openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClientFields.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,7 +39,7 @@ import org.springframework.security.core.GrantedAuthority;
 
 /**
  * This class stands in for an original Authentication object.
- * 
+ *
  * @author jricher
  *
  */

openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java

@@ -1,6 +1,7 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
+ *
+ * Portions copyright 2011-2013 The MITRE Corporation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +16,7 @@
  * limitations under the License.
  *******************************************************************************/
 /**
- * 
+ *
  */
 package org.mitre.oauth2.model;
 
@@ -28,7 +29,6 @@ import javax.persistence.Id;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.Table;
-import javax.persistence.Transient;
 
 /**
  * @author jricher

openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEEncryptionMethodStringConverter.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java

@@ -1,6 +1,5 @@
 /*******************************************************************************
- * Copyright 2017 The MITRE Corporation
- *   and the MIT Internet Trust Consortium
+ * Copyright 2018 The MIT Internet Trust Consortium
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.