Compare commits

..

126 Commits

Author SHA1 Message Date
Justin Richer d074573de0
Merge pull request #1570 from shrexster42/master
Upgrade to Java 11 and Spring 5
2022-04-19 14:17:46 -04:00
shrexster42 5e87fa7650
Update .travis.yml to use oraclejdk11 2022-04-18 17:20:36 +01:00
shrexster42 7e85d2575e
Merge branch 'mitreid-connect:master' into master 2022-04-17 18:16:56 +01:00
Chen Zhang 05fd73e643 Improve Travis CI build Performance 2022-03-29 11:29:46 -04:00
faidh 2c41e6a267 Add SNAPSHOT back to pom files 2022-03-29 11:29:22 -04:00
faidh 8a58d12600 Merge latest MitreID with updated 3pps back to GitHub fork 2022-03-29 11:29:22 -04:00
Justin Richer f5df762153 [maven-release-plugin] prepare for next development iteration 2021-12-20 13:09:11 -05:00
Justin Richer a0bd2c70ac [maven-release-plugin] prepare release mitreid-connect-1.3.4 2021-12-20 13:09:08 -05:00
shrexster42 6906f616e2 Upgrade to Java 11 and Spring 5 2021-12-18 22:30:43 +00:00
Michael Stepankin 7eba3c12fe Fix Spring Autobinding vulnerability
1. Make authorizationRequest no longer affected by http request parameters due to @ModelAttribute. See http://agrrrdog.blogspot.com/2017/03/autobinding-vulns-and-spring-mvc.html
2021-02-18 16:13:36 -05:00
Justin Richer 0d4ef2cb4f
Update README.md 2019-08-01 16:41:55 -04:00
ruslan cc6bd4b590 upgrade eclipselink to v. 2.7.4 2019-04-29 16:13:21 -04:00
Justin Richer 621e86e62d [maven-release-plugin] prepare for next development iteration 2019-04-19 16:04:45 -04:00
Justin Richer 73459f0348 [maven-release-plugin] prepare release mitreid-connect-1.3.3 2019-04-19 16:04:40 -04:00
Justin Richer 5aa8b2a0a7 updated changelog for release 2019-04-19 16:00:06 -04:00
Martin Kuba ae7debba2f added refresh_token into grant_types_supported 2019-03-07 12:14:30 -05:00
Martin Kuba ad64aef0c5 updated dependencies patchlevels 2019-03-07 12:12:27 -05:00
Justin Richer 703c341308
Merge pull request #1436 from blm126/upgrade-guava
#1435: Update guava dependency to latest version.
2018-12-10 14:26:20 -05:00
Stephen Moore 8430b42ab3 Both approve pages were using pagecontext rather than the configured
issuer
2018-12-10 12:35:03 -05:00
Brady Mulhollem 4979f9f50e #1435: Update guava dependency to latest version. 2018-11-27 16:06:38 -05:00
Justin Richer a2e8cb1a67
Merge pull request #1410 from hausenism/master
fix bug #1397 Attempting to execute an operation on a closed EntityMa…
2018-06-21 15:50:12 -04:00
鄭脈龍 676451c73d fix bug #1397 Attempting to execute an operation on a closed EntityManager. 2018-06-21 10:05:49 +08:00
Justin Richer 04f439ec58
Merge pull request #1405 from angelok1/db_script_fixes
Corrected Oracle create script
2018-06-11 16:23:28 -04:00
Justin Richer aa2dc78148
Merge pull request #1406 from angelok1/db_script_schema_fixes
Fixed broken scripts from schema change on system_scope
2018-06-11 16:21:41 -04:00
Angelo Kastroulis f56918982a Fixed broken scripts from schema change on system_scope 2018-06-11 16:13:30 -04:00
Angelo Kastroulis 69afba59cc Corrected create script 2018-06-11 15:52:17 -04:00
Justin Richer 802e40ebc9 Updated changelog 2018-05-03 14:52:49 -04:00
Justin Richer ea6960e66a
Merge pull request #1259 from sbke/patch-1
Adjustment to generate longer codes
2018-05-03 14:48:52 -04:00
Justin Richer 9d6f42b141
Merge pull request #1320 from bverhoeven/rfc7662-sub
Client: Parse 'sub' key to identify resource owner in introspection response (RFC7662)
2018-05-03 14:46:49 -04:00
Justin Richer dd922b4cf7
Merge pull request #1378 from ketola/fetch-tokens-by-sub
Fetch tokens by user name
2018-05-03 14:44:51 -04:00
Justin Richer 938d7e00c2 Merge branch 'ondrejvelisek/verification-uri-complete'
Closes #1386
2018-05-03 14:39:23 -04:00
Justin Richer a596cc1fd4 Made full URLs for device flow switchable server-wide instead of per-client 2018-05-03 14:37:50 -04:00
Justin Richer 7ad29ae9c6 Revert "Add possibility to disable verification_uri_complete per client"
This reverts commit dae674af67.
2018-05-03 13:59:38 -04:00
Justin Richer e3cfb80c33
Merge pull request #1390 from mobilcom-debitel/master
Update admin.js
2018-05-03 11:40:26 -04:00
jansinger fd938e11e9
Update admin.js
Allow scope names longer than 30 characters to be checked in the client scope list.
2018-05-03 14:48:01 +02:00
ondrejvelisek dae674af67 Add possibility to disable verification_uri_complete per client 2018-05-01 13:46:23 +02:00
ondrejvelisek 67c87d56a6 Add support for verification_uri_complete 2018-05-01 10:45:49 +02:00
Justin Richer 4a818c7b4b
Merge pull request #1385 from elennick/master
"Unable to load locale" log should not be ERROR level
2018-04-23 15:38:46 -04:00
Evan Lennick fe000d91cb undid autoformatting again 2018-04-23 14:30:43 -04:00
Evan Lennick 011bf8adb8 addressed review feedback 2018-04-23 14:29:38 -04:00
Evan Lennick 0ee4ee2f58 undid some autoformatting changes 2018-04-21 13:22:17 -04:00
Evan Lennick 0b531a0fd3 fixed an issue where missing locales would generate a lot of ERROR level log messages 2018-04-21 13:19:44 -04:00
Sauli Ketola e6a8e0c17d Integration tests for new repository methods 2018-04-11 13:16:28 +03:00
Sauli Ketola a070f61edf Clean up code in modified classes, remove line breaks, add static imports 2018-04-06 09:12:47 +03:00
Sauli Ketola 51b580aa18 Use 'userName' instead of 'sub' in naming 2018-04-06 08:55:06 +03:00
Sauli Ketola 3f277047e3 Use query by user sub to get all tokens for user 2018-04-06 08:47:37 +03:00
Sauli Ketola 417a6b7c74 Removed some line breaks and auto generated comments for consistency 2018-04-05 19:29:54 +03:00
Sauli Ketola bf8149605a Create queries for getting access and refresh tokens by user sub 2018-04-05 19:25:23 +03:00
Justin Richer 64fbee7935
Merge pull request #1377 from ketola/master
Add an index for refresh_token.token_value
2018-04-04 10:12:53 -04:00
Sauli Ketola bca388d740 Add an index for refresh_token.token_value 2018-04-04 15:49:13 +03:00
Justin Richer e2d94f422a new year 2018 2018-02-12 10:39:04 -05:00
Justin Richer a5a16f27c7
Merge pull request #1353 from col-panic/master
Minor typo in en/messages.json (Registrered -> Registered)
2018-02-08 16:49:44 -05:00
Justin Richer 4dd907ea16
Merge pull request #1357 from praseodym/spring-security-4.2.4
Upgrade to Spring Security 4.2.4
2018-02-08 15:34:30 -05:00
Mark Janssen d119559d4d Upgrade to Spring Security 4.2.4
https://spring.io/blog/2018/01/30/cve-2018-1199-spring-security-5-0-1-4-2-4-4-1-5-released
2018-02-08 21:03:31 +01:00
Justin Richer b804f22bc8 [maven-release-plugin] prepare for next development iteration 2018-02-07 09:14:16 -05:00
Justin Richer f72e6b3e08 [maven-release-plugin] prepare release mitreid-connect-1.3.2 2018-02-07 09:14:10 -05:00
Justin Richer 1feb0958bd prepare for release 2018-02-07 09:09:07 -05:00
Justin Richer 6497af40e8 removed erroneous not yet implemented tag from client page 2018-02-07 09:05:43 -05:00
Justin Richer 7dc309c5af
Update CHANGELOG.md 2018-02-07 09:03:09 -05:00
Justin Richer 7f956a5854
Merge pull request #1355 from ocadotechnology/jwt_fix
Throwing exception on all other JWT types than SignedJWT
2018-02-07 08:52:59 -05:00
Tomasz Borowiec 37fba622b9 Throwing exception on all other JWT types than SignedJWT 2018-02-07 11:00:28 +01:00
Tomasz Borowiec c38b9d7a42 added PlainJWT and EncryptedJWT support + tests 2018-02-07 11:00:15 +01:00
Marco Descher 36ec1b82e6
Minor type (Registrered -> Registered) 2018-02-06 08:41:14 +01:00
Justin Richer fcb119ff6a
Merge pull request #1270 from bodewig/custom_claim_friendly_token_enhancer
add hook for custom JWT claims to ConnectTokenEnhancer
2018-02-05 16:01:09 -05:00
Justin Richer 8fb9adefc1
Merge pull request #1342 from bodewig/custom_claims_in_id_token
add hook for custom JWT claims to DefaultOIDCTokenService
2018-02-05 15:43:22 -05:00
Justin Richer 0ce55d079a
Merge pull request #1352 from blm126/upgrade-nimbus
Upgrade nimbus-jose-jwt to 5.4.
2018-02-05 15:26:50 -05:00
Brady Mulhollem f7da25fbe8 Upgrade nimbus-jose-jwt to 5.4. 2018-02-05 13:28:48 -05:00
Justin Richer 1c7b9d5b44
Merge pull request #1346 from praseodym/fix-admin-interface-without-trailing-slash
Fix interface for issuer URI without trailing slash
2018-01-22 05:54:25 -05:00
Mark Janssen a1a45aa36a Fix interface for issuer URI without trailing slash 2018-01-21 12:01:25 +01:00
Stefan Bodewig 01eb1401a3 add hook for custom JWT claims to DefaultOIDCTokenService 2018-01-12 15:22:37 +01:00
Justin Richer e6130872a9
Merge pull request #1324 from patfrat/master
Add French messages
2017-11-22 13:23:56 -05:00
Patrick Fratczak ca3642b6c3 Add French messages 2017-11-22 14:27:15 +01:00
Bas Verhoeven 85246d2d3e
Parse 'sub' to identify resource owner
As per https://tools.ietf.org/html/rfc7662#section-2.2 the `sub` key should
identify the resource owner in oauth2 introspection responses. 

This change adds support for the `sub` key and will allow the introspection 
response of RFC-compliant servers to be parsed.

Will still try `user_id` first as to not break backward compatibility.
2017-11-13 16:46:52 +01:00
Justin Richer ce9bf3507f
Merge pull request #1312 from kules/master
Correct minor typo error for confirmation message displayed when logging out from IDP
2017-11-01 13:56:24 -04:00
still fetalvero 9bff58085d Fix typo error for log out to IDP confirmation message 2017-10-30 22:56:07 +08:00
Stefan Bodewig 514dcc3851 add hook for custom JWT claims to ConnectTokenEnhancer 2017-07-18 16:10:58 +02:00
sbke 8b4e461748 Adjustment to generate longer codes
RandomValueStringGenerator default constructor creates a code of length six only. The RFC 6819 (OAuth 2.0 Threat Model and Security Considerations) suggests (5.1.4.2.2.  Use High Entropy for Secrets) that secrets that aren't used by humans (e.g. client secrets or token handles) have a reasonable level of enthropy. They propose a token lengths of at least 128 bits. Since the RandomValueStringGenerator only uses case sensitive alpha numeric symbols, 22 symbols are needed to achieve an enthropy >=128 bits.
2017-06-28 14:20:11 +02:00
Justin Richer ef01d3032e Merge pull request #1228 from leonard84/fix-psql-scripts
Fix psql_database script, replace SERIAL with BIGSERIAL and fix ...
2017-06-15 09:45:13 -04:00
Justin Richer bba18fd118 Merge pull request #1240 from Connz/patch-2
Corrected typo
2017-06-15 09:44:46 -04:00
Justin Richer 28ad78e9f3 Merge pull request #1233 from Connz/patch-1
Removed double 'sure'
2017-06-15 09:44:33 -04:00
Justin Richer 059e140164 removed old document PDFs from repo 2017-05-27 06:49:34 -04:00
Justin Richer 0b1f9000db check for missing refresh token value on refresh, closes #1242 2017-05-26 20:30:09 -04:00
Justin Richer 705ac9879c removed unused field from UI config bean 2017-05-26 20:20:11 -04:00
Justin Richer 4dc31cdfbd fixed client readme file 2017-05-26 20:17:29 -04:00
Justin Richer 661c242a9f Updated copyrights 2017-05-26 20:17:17 -04:00
Connz 0859a5d122 Corrected typo 2017-05-16 12:09:54 +02:00
Justin Richer c11e47a75b fixed unit test for new default redirect behavior 2017-05-11 11:27:41 -04:00
Justin Richer 2f31ceddf8 set redirect URI matching to strict by default 2017-05-10 17:39:59 -04:00
Justin Richer 7e6864ff38 escaped output values on approval page, closes #1111 2017-05-10 17:39:48 -04:00
Justin Richer a316306f33 added changelog file 2017-05-09 14:54:47 -04:00
Justin Richer 7b06d91700 [maven-release-plugin] prepare for next development iteration 2017-05-09 14:29:53 -04:00
Justin Richer 8301f35e17 [maven-release-plugin] prepare release mitreid-connect-1.3.1 2017-05-09 14:29:49 -04:00
Justin Richer f17a44e9b4 downgrade mysql dependency to GA version 2017-05-09 14:25:03 -04:00
Connz 90c3c396ee Removed double 'sure' 2017-05-04 15:35:34 +02:00
Justin Richer 713e872b8a fixed discovery endpoint, closes #1230 2017-04-29 15:01:15 -04:00
Justin Richer 9baacc0eaf Completed end session endpoint
Addresses #1129, addresses #972, addresses #891, addresses #1223
2017-04-29 14:58:37 -04:00
Justin Richer 2aa12fc0e3 end session endpoint 2017-04-28 19:05:30 -04:00
Justin Richer 0c46e7cb7a skeleton of end session endpoint, maybe need a change to user info lookup 2017-04-27 14:29:05 -04:00
Leonard Brünings e6679b6e4b Fix psql_database script, replace SERIAL with BIGSERIAL and fix ...
BIGINT AUTO_INCREMENT to BIGSERIAL

Change-Id: I19b4433d3bae29b0879be7d9dd9405eabe490482
2017-04-19 14:24:11 +02:00
Justin Richer 0efa77b580 [maven-release-plugin] prepare for next development iteration 2017-04-15 13:20:13 -04:00
Justin Richer b9b7bf53c3 [maven-release-plugin] prepare release mitreid-connect-1.3.0 2017-04-15 13:20:05 -04:00
Justin Richer 0aedfc8e22 minor cleanup 2017-04-14 17:21:50 -04:00
Justin Richer 0d564d9714 made token service transactional, closes #1222 2017-04-14 15:27:16 -04:00
Justin Richer 11f3cccab9 fix JWKS parsing in software statements, closes #1220 2017-04-14 14:42:49 -04:00
Justin Richer 702a775881 handle creation time stamp in clients, closes #1210 2017-04-13 11:50:57 -04:00
Justin Richer 45ea899de8 made user codes case insensitive 2017-04-12 16:00:23 -04:00
Justin Richer d317cf5024 added exception handling to device code creation step 2017-04-12 15:59:17 -04:00
Justin Richer cc0622edd0 internalized random string generation for device codes 2017-04-12 14:59:18 -04:00
Justin Richer 52829d4adb mapped user info and server config interceptors to only interactive portions of the site, closes #1206 2017-04-07 17:02:50 -04:00
Mark Janssen 903168a949 Decrease log level of trailing slash warning
Having an issuer without trailing slash configured is just fine, so
there is no reason to log a warning for this every time the discovery
endpoint is called.
2017-04-07 14:59:58 -04:00
Justin Richer 6216659cd6 manage reporting plugin versions, added jacoco coverage to reporting 2017-04-07 14:58:11 -04:00
Leonard Brünings 9d1a50d17e Add codecov badge
Change-Id: I04f56036af6bd2ac663843c2c10e8c0cebfb05d3
2017-04-07 13:38:25 -04:00
Leonard Brünings 2aecedfb3d Replace cobertura with jacoco to generate code-coverage for codecov.io
Change-Id: I031144c375d73aaa39d0a6111d37223ad6e4d655
2017-04-07 13:38:25 -04:00
Justin Richer f43ff53683 Extracted database indexes to separate files 2017-04-06 14:12:27 -04:00
Justin Richer bf49cd193d removed incompatible constraints on mysql files 2017-04-06 14:07:39 -04:00
Justin Richer 835a326627 allow polling of device codes, fixed UI for device code input 2017-03-27 14:39:40 -05:00
Justin Richer 1d7fba5d6e added cascade to address object, closes #1209 2017-03-24 12:44:49 -04:00
Justin Richer 2ea5f8fd28 sync’d databases with HSQL schema, closes #1212 2017-03-24 12:41:14 -04:00
Justin Richer 050662dd5c updated dependencies 2017-03-24 12:12:06 -04:00
Justin Richer 7767c7a831 add “if not exists” to all indexes in HSQL 2017-03-22 17:30:08 -04:00
Justin Richer 7a225e56c4 don’t pack wro4j into .war file
We use it only during compilation, not runtime
2017-03-22 17:29:37 -04:00
Justin Richer 78b9b6ced4 auto format and cleanup javascript 2017-03-21 15:04:18 -04:00
Justin Richer bd72b4138d added missing copyright declarations 2017-03-21 14:11:40 -04:00
Justin Richer 32ce21b5cd automated code formatting and cleanup 2017-03-21 14:07:20 -04:00
Justin Richer b6cf8fe22b cleanup 2017-03-20 13:45:55 -04:00
Justin Richer dd0f69ba6d [maven-release-plugin] prepare for next development iteration 2017-03-20 11:58:58 -04:00
394 changed files with 41198 additions and 28824 deletions

3
.gitignore vendored
View File

@ -1,4 +1,3 @@
local-values.conf
target target
*~ *~
bin bin
@ -11,5 +10,3 @@ bin
/target /target
.springBeans .springBeans
nb-configuration.xml nb-configuration.xml
openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/css/bootstrap-responsive.css
openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/css/bootstrap.css

View File

@ -1,7 +1,11 @@
language: java language: java
jdk: jdk:
- oraclejdk8 - oraclejdk11
sudo: false sudo: false
after_success: after_success:
- bash <(curl -s https://codecov.io/bash) - bash <(curl -s https://codecov.io/bash)
cache:
directories:
- $HOME/.m2

43
CHANGELOG.md Normal file
View File

@ -0,0 +1,43 @@
Unreleased:
*1.3.3*:
- Authorization codes are now longer
- Client/RS can parse the "sub" and "user_id" claims in introspection response
- Database-direct queries for fetching tokens by user (optimization)
- Device flow supports verification_uri_complete (must be turned on)
- Long scopes display properly and are still checkable
- Language system remebers when it can't find a file and stops throwing so many errors
- Index added for refresh tokens
- Updated to Spring Security 4.2.11
- Updated Spring to 4.3.22
- Change approve pages to use issuer instead of page context
- Updated oracle database scripts
*1.3.2*:
- Added changelog
- Set default redirect URI resolver strict matching to true
- Fixed XSS vulnerability on redirect URI display on approval page
- Removed MITRE from copyright
- Disallow unsigned JWTs on client authentication
- Upgraded Nimbus revision
- Added French translation
- Added hooks for custom JWT claims
- Removed "Not Yet Implemented" tag from post-logout redirect URI
*1.3.1*:
- Added End Session endpoint
- Fixed discovery endpoint
- Downgrade MySQL connector dependency version from developer preview to GA release
*1.3.0*:
- Added device flow support
- Added PKCE support
- Modularized UI to allow better overlay and extensions
- Modularized data import/export API
- Added software statements to dynamic client registration
- Added assertion processing framework
- Removed ID tokens from storage
- Removed structured scopes
*1.2.6*:
- Added strict HEART compliance mode

View File

@ -1,8 +1,9 @@
Copyright 2016 The MITRE Corporation Copyright 2018 The MIT Internet Trust Consortium
and the MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this project except in compliance with the License.
You may obtain a copy of the License at You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0

View File

@ -1,7 +1,7 @@
# MITREid Connect # MITREid Connect
--- ---
[![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent) [![Travis CI](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server.svg?branch=master)](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent) [![Travis CI](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server.svg?branch=master)](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server) [![Codecov](https://codecov.io/github/mitreid-connect/OpenID-Connect-Java-Spring-Server/coverage.svg?branch=master)](https://codecov.io/github/mitreid-connect/OpenID-Connect-Java-Spring-Server)
This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning [server library](openid-connect-server), [deployable server package](openid-connect-server-webapp), [client (RP) library](openid-connect-client), and general [utility libraries](openid-connect-common). The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server. This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning [server library](openid-connect-server), [deployable server package](openid-connect-server-webapp), [client (RP) library](openid-connect-client), and general [utility libraries](openid-connect-common). The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server.
@ -28,5 +28,4 @@ The authors and key contributors of the project include:
* [Mark Janssen](https://github.com/praseodym) * [Mark Janssen](https://github.com/praseodym)
Copyright &copy;2017, [The MITRE Corporation](http://www.mitre.org/) Licensed under the Apache 2.0 license, for details see `LICENSE.txt`.
and the [MIT Internet Trust Consortium](http://www.trust.mit.edu/). Licensed under the Apache 2.0 license, for details see `LICENSE.txt`.

View File

@ -35,5 +35,4 @@
版权所有 &copy;2016, [ MITRE公司 ](http://www.mitre.org/) 版权所有 &copy;2018 [MIT因特网信任联盟](http://www.mit-trust.org/). 采用Apache 2.0许可证, 详见 `LICENSE.txt`.
以及 [MIT因特网信任联盟](http://www.mit-trust.org/). 采用Apache 2.0许可证, 详见 `LICENSE.txt`.

View File

@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
Copyright 2017 The MITRE Corporation Copyright 2018 The MIT Internet Trust Consortium
and the MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

Binary file not shown.

Binary file not shown.

View File

@ -2,7 +2,7 @@
## Overview ## ## Overview ##
This project contains an OpenID Connect Client implemented as a Spring Security AuthenticationFilter. The client facilitates a user's authentication into the secured application to an OpenID Connect Java Spring Server following the OpenID Connect Standard protocol. This project contains an OpenID Connect Client implemented as a Spring Security AuthenticationFilter. The client facilitates a user's authentication into the secured application to an OpenID Connect Server following the OpenID Connect standard protocol.
## Configuring ## ## Configuring ##

View File

@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
Copyright 2017 The MITRE Corporation Copyright 2018 The MIT Internet Trust Consortium
and the MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
@ -21,7 +22,7 @@
<parent> <parent>
<artifactId>openid-connect-parent</artifactId> <artifactId>openid-connect-parent</artifactId>
<groupId>org.mitre</groupId> <groupId>org.mitre</groupId>
<version>1.3.0-RC2</version> <version>1.3.5-SNAPSHOT</version>
<relativePath>..</relativePath> <relativePath>..</relativePath>
</parent> </parent>
<artifactId>openid-connect-client</artifactId> <artifactId>openid-connect-client</artifactId>

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,6 +17,8 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.oauth2.introspectingfilter; package org.mitre.oauth2.introspectingfilter;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
import java.io.IOException; import java.io.IOException;
import java.net.URI; import java.net.URI;
import java.util.Calendar; import java.util.Calendar;
@ -54,8 +57,6 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonParser; import com.google.gson.JsonParser;
import com.nimbusds.jose.util.Base64; import com.nimbusds.jose.util.Base64;
import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
/** /**
* This ResourceServerTokenServices implementation introspects incoming tokens at a * This ResourceServerTokenServices implementation introspects incoming tokens at a
* server's introspection endpoint URL and passes an Authentication object along * server's introspection endpoint URL and passes an Authentication object along
@ -243,8 +244,11 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
private Authentication createUserAuthentication(JsonObject token) { private Authentication createUserAuthentication(JsonObject token) {
JsonElement userId = token.get("user_id"); JsonElement userId = token.get("user_id");
if(userId == null) { if(userId == null) {
userId = token.get("sub");
if (userId == null) {
return null; return null;
} }
}
return new PreAuthenticatedAuthenticationToken(userId.getAsString(), token, introspectionAuthorityGranter.getAuthorities(token)); return new PreAuthenticatedAuthenticationToken(userId.getAsString(), token, introspectionAuthorityGranter.getAuthorities(token));
} }

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,3 +1,18 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package org.mitre.openid.connect.client; package org.mitre.openid.connect.client;
import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.AuthenticationServiceException;

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -90,6 +91,7 @@ public class UserInfoFetcher {
this.factory = new HttpComponentsClientHttpRequestFactory(httpClient); this.factory = new HttpComponentsClientHttpRequestFactory(httpClient);
} }
@Override
public UserInfo load(final PendingOIDCAuthenticationToken token) throws URISyntaxException { public UserInfo load(final PendingOIDCAuthenticationToken token) throws URISyntaxException {
ServerConfiguration serverConfiguration = token.getServerConfiguration(); ServerConfiguration serverConfiguration = token.getServerConfiguration();

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -19,8 +20,6 @@
*/ */
package org.mitre.openid.connect.client.service; package org.mitre.openid.connect.client.service;
import java.util.List;
import org.mitre.oauth2.model.RegisteredClient; import org.mitre.oauth2.model.RegisteredClient;
/** /**

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -19,6 +20,13 @@
*/ */
package org.mitre.openid.connect.client.service.impl; package org.mitre.openid.connect.client.service.impl;
import static org.mitre.util.JsonUtils.getAsBoolean;
import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
import static org.mitre.util.JsonUtils.getAsString;
import static org.mitre.util.JsonUtils.getAsStringList;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutionException;
@ -41,13 +49,6 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonObject; import com.google.gson.JsonObject;
import com.google.gson.JsonParser; import com.google.gson.JsonParser;
import static org.mitre.util.JsonUtils.getAsBoolean;
import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
import static org.mitre.util.JsonUtils.getAsString;
import static org.mitre.util.JsonUtils.getAsStringList;
/** /**
* *
* Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations. * Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,11 +1,20 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package org.mitre.openid.connect.client; package org.mitre.openid.connect.client;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -13,6 +22,14 @@ import org.junit.Test;
import org.mockito.Mockito; import org.mockito.Mockito;
import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.AuthenticationServiceException;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Mockito.mock;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
public class TestOIDCAuthenticationFilter { public class TestOIDCAuthenticationFilter {
private OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter(); private OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter();

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -91,7 +92,7 @@ public class TestSignedAuthRequestUrlBuilder {
@Before @Before
public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException { public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException {
RSAKey key = new RSAKey(new Base64URL(n), new Base64URL(e), new Base64URL(d), KeyUse.SIGNATURE, null, new Algorithm(alg), kid, null, null, null); RSAKey key = new RSAKey(new Base64URL(n), new Base64URL(e), new Base64URL(d), KeyUse.SIGNATURE, null, new Algorithm(alg), kid, null, null, null, null, null);
Map<String, JWK> keys = Maps.newHashMap(); Map<String, JWK> keys = Maps.newHashMap();
keys.put("client", key); keys.put("client", key);

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
Copyright 2017 The MITRE Corporation Copyright 2018 The MIT Internet Trust Consortium
and the MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

View File

@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
Copyright 2017 The MITRE Corporation Copyright 2018 The MIT Internet Trust Consortium
and the MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
@ -21,7 +22,7 @@
<parent> <parent>
<artifactId>openid-connect-parent</artifactId> <artifactId>openid-connect-parent</artifactId>
<groupId>org.mitre</groupId> <groupId>org.mitre</groupId>
<version>1.3.0-RC2</version> <version>1.3.5-SNAPSHOT</version>
<relativePath>..</relativePath> <relativePath>..</relativePath>
</parent> </parent>
<artifactId>openid-connect-common</artifactId> <artifactId>openid-connect-common</artifactId>
@ -86,6 +87,26 @@
<groupId>org.bouncycastle</groupId> <groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId> <artifactId>bcprov-jdk15on</artifactId>
</dependency> </dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
</dependency>
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
</dependency>
</dependencies> </dependencies>
<packaging>jar</packaging> <packaging>jar</packaging>

View File

@ -1,12 +1,27 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package org.mitre.data; package org.mitre.data;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.Collection; import java.util.Collection;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* Abstract class for performing an operation on a potentially large * Abstract class for performing an operation on a potentially large
* number of items by paging through the items in discreet chunks. * number of items by paging through the items in discreet chunks.

View File

@ -1,3 +1,18 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package org.mitre.data; package org.mitre.data;
/** /**

View File

@ -1,3 +1,18 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package org.mitre.data; package org.mitre.data;
/** /**

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -25,6 +24,7 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.google.common.base.Strings; import com.google.common.base.Strings;
import com.nimbusds.jwt.JWT; import com.nimbusds.jwt.JWT;
@ -37,6 +37,7 @@ import com.nimbusds.jwt.SignedJWT;
* @author jricher * @author jricher
* *
*/ */
@Component("selfAssertionValidator")
public class SelfAssertionValidator implements AssertionValidator { public class SelfAssertionValidator implements AssertionValidator {
private static Logger logger = LoggerFactory.getLogger(SelfAssertionValidator.class); private static Logger logger = LoggerFactory.getLogger(SelfAssertionValidator.class);
@ -62,16 +63,19 @@ public class SelfAssertionValidator implements AssertionValidator {
return false; return false;
} }
// make sure the issuer exists
if (Strings.isNullOrEmpty(claims.getIssuer())) { if (Strings.isNullOrEmpty(claims.getIssuer())) {
logger.debug("No issuer for assertion, rejecting"); logger.debug("No issuer for assertion, rejecting");
return false; return false;
} }
if (claims.getIssuer().equals(config.getIssuer())) { // make sure the issuer is us
if (!claims.getIssuer().equals(config.getIssuer())) {
logger.debug("Issuer is not the same as this server, rejecting"); logger.debug("Issuer is not the same as this server, rejecting");
return false; return false;
} }
// validate the signature based on our public key
if (jwtService.validateSignature((SignedJWT) assertion)) { if (jwtService.validateSignature((SignedJWT) assertion)) {
return true; return true;
} else { } else {

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -45,7 +46,6 @@ import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.RSADecrypter; import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter; import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton; import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jca.JCAContext;
import com.nimbusds.jose.jwk.ECKey; import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK; import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.OctetSequenceKey; import com.nimbusds.jose.jwk.OctetSequenceKey;

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -17,8 +18,6 @@
package org.mitre.jwt.signer.service.impl; package org.mitre.jwt.signer.service.impl;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -100,8 +99,10 @@ public class SymmetricKeyJWTValidatorCacheService {
try { try {
String id = "SYMMETRIC-KEY"; String id = "SYMMETRIC-KEY";
JWK jwk = new OctetSequenceKey.Builder(Base64URL.encode(key))
JWK jwk = new OctetSequenceKey(Base64URL.encode(key), KeyUse.SIGNATURE, null, null, id, null, null, null); .keyUse(KeyUse.SIGNATURE)
.keyID(id)
.build();
Map<String, JWK> keys = ImmutableMap.of(id, jwk); Map<String, JWK> keys = ImmutableMap.of(id, jwk);
JWTSigningAndValidationService service = new DefaultJWTSigningAndValidationService(keys); JWTSigningAndValidationService service = new DefaultJWTSigningAndValidationService(keys);

View File

@ -0,0 +1,50 @@
/*******************************************************************************
* Copyright 2018 The MIT Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package org.mitre.oauth2.exception;
/**
* @author jricher
*
*/
public class DeviceCodeCreationException extends Exception {
private static final long serialVersionUID = 8078568710169208466L;
private String error;
public DeviceCodeCreationException(String error, String message) {
super(message);
this.error = error;
}
/**
* @return the error
*/
public String getError() {
return error;
}
/**
* @param error the error to set
*/
public void setError(String error) {
this.error = error;
}
}

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -57,7 +58,6 @@ import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetails;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.JWSAlgorithm;

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -41,7 +42,6 @@ import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries; import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery; import javax.persistence.NamedQuery;
import javax.persistence.OneToMany; import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import javax.persistence.Table; import javax.persistence.Table;
import javax.persistence.Temporal; import javax.persistence.Temporal;
import javax.persistence.Transient; import javax.persistence.Transient;
@ -71,7 +71,8 @@ import com.nimbusds.jwt.JWT;
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT), @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE), @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.jwt = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE), @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_APPROVED_SITE, query = "select a from OAuth2AccessTokenEntity a where a.approvedSite = :" + OAuth2AccessTokenEntity.PARAM_APPROVED_SITE),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID) @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME)
}) })
@org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class) @org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class)
@org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class) @org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class)
@ -86,6 +87,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate"; public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate";
public static final String QUERY_ALL = "OAuth2AccessTokenEntity.getAll"; public static final String QUERY_ALL = "OAuth2AccessTokenEntity.getAll";
public static final String QUERY_BY_RESOURCE_SET = "OAuth2AccessTokenEntity.getByResourceSet"; public static final String QUERY_BY_RESOURCE_SET = "OAuth2AccessTokenEntity.getByResourceSet";
public static final String QUERY_BY_NAME = "OAuth2AccessTokenEntity.getByName";
public static final String PARAM_TOKEN_VALUE = "tokenValue"; public static final String PARAM_TOKEN_VALUE = "tokenValue";
public static final String PARAM_CLIENT = "client"; public static final String PARAM_CLIENT = "client";
@ -93,6 +95,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public static final String PARAM_DATE = "date"; public static final String PARAM_DATE = "date";
public static final String PARAM_RESOURCE_SET_ID = "rsid"; public static final String PARAM_RESOURCE_SET_ID = "rsid";
public static final String PARAM_APPROVED_SITE = "approvedSite"; public static final String PARAM_APPROVED_SITE = "approvedSite";
public static final String PARAM_NAME = "name";
public static final String ID_TOKEN_FIELD_NAME = "id_token"; public static final String ID_TOKEN_FIELD_NAME = "id_token";

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -52,7 +53,8 @@ import com.nimbusds.jwt.JWT;
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"), @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE), @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT), @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE) @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.jwt = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE),
@NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2RefreshTokenEntity.PARAM_NAME)
}) })
public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
@ -60,10 +62,12 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
public static final String QUERY_BY_CLIENT = "OAuth2RefreshTokenEntity.getByClient"; public static final String QUERY_BY_CLIENT = "OAuth2RefreshTokenEntity.getByClient";
public static final String QUERY_EXPIRED_BY_DATE = "OAuth2RefreshTokenEntity.getAllExpiredByDate"; public static final String QUERY_EXPIRED_BY_DATE = "OAuth2RefreshTokenEntity.getAllExpiredByDate";
public static final String QUERY_ALL = "OAuth2RefreshTokenEntity.getAll"; public static final String QUERY_ALL = "OAuth2RefreshTokenEntity.getAll";
public static final String QUERY_BY_NAME = "OAuth2RefreshTokenEntity.getByName";
public static final String PARAM_TOKEN_VALUE = "tokenValue"; public static final String PARAM_TOKEN_VALUE = "tokenValue";
public static final String PARAM_CLIENT = "client"; public static final String PARAM_CLIENT = "client";
public static final String PARAM_DATE = "date"; public static final String PARAM_DATE = "date";
public static final String PARAM_NAME = "name";
private Long id; private Long id;

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -26,6 +25,11 @@ import com.nimbusds.jose.Requirement;
*/ */
public final class PKCEAlgorithm extends Algorithm { public final class PKCEAlgorithm extends Algorithm {
/**
*
*/
private static final long serialVersionUID = 7752852583210088925L;
public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED); public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL); public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,7 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium *
* Portions copyright 2011-2013 The MITRE Corporation
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -28,7 +29,6 @@ import javax.persistence.Id;
import javax.persistence.NamedQueries; import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery; import javax.persistence.NamedQuery;
import javax.persistence.Table; import javax.persistence.Table;
import javax.persistence.Transient;
/** /**
* @author jricher * @author jricher

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@ -1,6 +1,5 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2017 The MITRE Corporation * Copyright 2018 The MIT Internet Trust Consortium
* and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

Some files were not shown because too many files have changed in this diff Show More