18 |
19 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/wells.less:
--------------------------------------------------------------------------------
1 | //
2 | // Wells
3 | // --------------------------------------------------
4 |
5 |
6 | // Base class
7 | .well {
8 | min-height: 20px;
9 | padding: 19px;
10 | margin-bottom: 20px;
11 | background-color: @wellBackground;
12 | border: 1px solid darken(@wellBackground, 7%);
13 | .border-radius(@baseBorderRadius);
14 | .box-shadow(inset 0 1px 1px rgba(0,0,0,.05));
15 | blockquote {
16 | border-color: #ddd;
17 | border-color: rgba(0,0,0,.15);
18 | }
19 | }
20 |
21 | // Sizes
22 | .well-large {
23 | padding: 24px;
24 | .border-radius(@borderRadiusLarge);
25 | }
26 | .well-small {
27 | padding: 9px;
28 | .border-radius(@borderRadiusSmall);
29 | }
30 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/responsive-1200px-min.less:
--------------------------------------------------------------------------------
1 | //
2 | // Responsive: Large desktop and up
3 | // --------------------------------------------------
4 |
5 |
6 | @media (min-width: 1200px) {
7 |
8 | // Fixed grid
9 | #grid > .core(@gridColumnWidth1200, @gridGutterWidth1200);
10 |
11 | // Fluid grid
12 | #grid > .fluid(@fluidGridColumnWidth1200, @fluidGridGutterWidth1200);
13 |
14 | // Input grid
15 | #grid > .input(@gridColumnWidth1200, @gridGutterWidth1200);
16 |
17 | // Thumbnails
18 | .thumbnails {
19 | margin-left: -@gridGutterWidth1200;
20 | }
21 | .thumbnails > li {
22 | margin-left: @gridGutterWidth1200;
23 | }
24 | .row-fluid .thumbnails {
25 | margin-left: 0;
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/oracle/create_db-user:
--------------------------------------------------------------------------------
1 | drop user oauth cascade;
2 | drop tablespace data_ts INCLUDING CONTENTS AND DATAFILES;
3 | drop tablespace temp_ts INCLUDING CONTENTS AND DATAFILES;
4 | CREATE TABLESPACE data_ts DATAFILE 'data_ts.dat' SIZE 40M ONLINE;
5 | CREATE TEMPORARY TABLESPACE temp_ts TEMPFILE 'temp_ts.dbf' SIZE 5M AUTOEXTEND ON;
6 | create user oauth identified by test DEFAULT TABLESPACE data_ts QUOTA 500K ON data_ts TEMPORARY TABLESPACE temp_ts;
7 | GRANT CONNECT TO oauth;
8 | GRANT UNLIMITED TABLESPACE TO oauth;
9 | grant create session to oauth;
10 | grant create table to oauth;
11 | GRANT CREATE TABLESPACE TO oauth;
12 | GRANT CREATE VIEW TO oauth;
13 | GRANT CREATE ANY INDEX TO oauth;
14 | GRANT CREATE SEQUENCE TO oauth;
15 | GRANT CREATE SYNONYM TO oauth;
16 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/close.less:
--------------------------------------------------------------------------------
1 | //
2 | // Close icons
3 | // --------------------------------------------------
4 |
5 |
6 | .close {
7 | float: right;
8 | font-size: 20px;
9 | font-weight: bold;
10 | line-height: @baseLineHeight;
11 | color: @black;
12 | text-shadow: 0 1px 0 rgba(255,255,255,1);
13 | .opacity(20);
14 | &:hover,
15 | &:focus {
16 | color: @black;
17 | text-decoration: none;
18 | cursor: pointer;
19 | .opacity(40);
20 | }
21 | }
22 |
23 | // Additional properties for button version
24 | // iOS requires the button element instead of an anchor tag.
25 | // If you want the anchor version, it requires `href="#"`.
26 | button.close {
27 | padding: 0;
28 | cursor: pointer;
29 | background: transparent;
30 | border: 0;
31 | -webkit-appearance: none;
32 | }
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/accordion.less:
--------------------------------------------------------------------------------
1 | //
2 | // Accordion
3 | // --------------------------------------------------
4 |
5 |
6 | // Parent container
7 | .accordion {
8 | margin-bottom: @baseLineHeight;
9 | }
10 |
11 | // Group == heading + body
12 | .accordion-group {
13 | margin-bottom: 2px;
14 | border: 1px solid #e5e5e5;
15 | .border-radius(@baseBorderRadius);
16 | }
17 | .accordion-heading {
18 | border-bottom: 0;
19 | }
20 | .accordion-heading .accordion-toggle {
21 | display: block;
22 | padding: 8px 15px;
23 | }
24 |
25 | // General toggle styles
26 | .accordion-toggle {
27 | cursor: pointer;
28 | }
29 |
30 | // Inner needs the styles because you can't animate properly with any styles on the element
31 | .accordion-inner {
32 | padding: 9px 15px;
33 | border-top: 1px solid #e5e5e5;
34 | }
35 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/keystore.jwks:
--------------------------------------------------------------------------------
1 | {
2 | "keys": [
3 | {
4 | "alg": "RS256",
5 | "d": "PvBAngE3kkTnD3yDKo3wCvHJHm20kb9a0FVGLd0s2Y0E_3H2XnZC8-2zPhN6AQTjPhohSDCew20gzm76lyOvMqRiUP2Zpaopa1d2fGvNIQSdM07yKa6EivEYxqPQxa5esoZnexgnb9fom70I8n5OQRNQikwu-az26CsHX2zWMRodzSdN5CXHvb1PV09DmH8azTYwoMElPIqmcTfxiRw2Ov5ucmXXngKRFJgvfUgKd7v4ScBX7sQoQEjWEtt7ta0WvL3Ar5E1RAW4aHxuubZ6AtloxWCf17AAKw03dfP5RDm5TDmgm2B635ecJ7fTvneFmg8W_fdMTPRfBlCGNBp3wQ",
6 | "e": "AQAB",
7 | "n": "qt6yOiI_wCoCVlGO0MySsez0VkSqhPvDl3rfabOslx35mYEO-n4ABfIT5Gn2zN-CeIcOZ5ugAXvIIRWv5H55-tzjFazi5IKkOIMCiz5__MtsdxKCqGlZu2zt-BLpqTOAPiflNPpM3RUAlxKAhnYEqNha6-allPnFQupnW_eTYoyuzuedT7dSp90ry0ZcQDimntXWeaSbrYKCj9Rr9W1jn2uTowUuXaScKXTCjAmJVnsD75JNzQfa8DweklTyWQF-Y5Ky039I0VIu-0CIGhXY48GAFe2EFb8VpNhf07DP63p138RWQ1d3KPEM9mYJVpQC68j3wzDQYSljpLf9by7TGw",
8 | "kty": "RSA",
9 | "kid": "rsa1"
10 | }
11 | ]
12 | }
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.properties:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Copyright 2018 The MIT Internet Trust Consortium
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | ###############################################################################
16 | preProcessors=cssImport
17 | postProcessors=lessCss
18 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.xml:
--------------------------------------------------------------------------------
1 |
16 |
17 |
18 | /less/bootstrap.less
19 |
20 |
21 | /less/bootstrap-responsive.less
22 |
23 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/pager.less:
--------------------------------------------------------------------------------
1 | //
2 | // Pager pagination
3 | // --------------------------------------------------
4 |
5 |
6 | .pager {
7 | margin: @baseLineHeight 0;
8 | list-style: none;
9 | text-align: center;
10 | .clearfix();
11 | }
12 | .pager li {
13 | display: inline;
14 | }
15 | .pager li > a,
16 | .pager li > span {
17 | display: inline-block;
18 | padding: 5px 14px;
19 | background-color: #fff;
20 | border: 1px solid #ddd;
21 | .border-radius(15px);
22 | }
23 | .pager li > a:hover,
24 | .pager li > a:focus {
25 | text-decoration: none;
26 | background-color: #f5f5f5;
27 | }
28 | .pager .next > a,
29 | .pager .next > span {
30 | float: right;
31 | }
32 | .pager .previous > a,
33 | .pager .previous > span {
34 | float: left;
35 | }
36 | .pager .disabled > a,
37 | .pager .disabled > a:hover,
38 | .pager .disabled > a:focus,
39 | .pager .disabled > span {
40 | color: @grayLight;
41 | background-color: #fff;
42 | cursor: default;
43 | }
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/contact.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
3 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
4 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
5 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_index.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Indexes for Oracle
3 | --
4 |
5 | CREATE INDEX at_tv_idx ON access_token(token_value);
6 | CREATE INDEX ts_oi_idx ON token_scope(owner_id);
7 | CREATE INDEX at_exp_idx ON access_token(expiration);
8 | CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id);
9 | CREATE INDEX rf_tv_idx ON refresh_token(token_value);
10 | CREATE INDEX at_ahi_idx ON access_token(auth_holder_id);
11 | CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id);
12 | CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id);
13 | CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
14 | CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id);
15 | CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id);
16 | CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id);
17 | CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id);
18 | CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id);
19 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/about.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
3 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
4 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
5 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/openid-connect-client/src/test/resources/x509/x509:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICxDCCAi0CBECcV/wwDQYJKoZIhvcNAQEEBQAwgagxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVU
3 | ZXhhczEPMA0GA1UEBxMGQXVzdGluMSowKAYDVQQKEyFUaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBh
4 | dCBBdXN0aW4xKDAmBgNVBAsTH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgU2VydmljZXMxIjAgBgNV
5 | BAMTGXhtbGdhdGV3YXkuaXRzLnV0ZXhhcy5lZHUwHhcNMDQwNTA4MDM0NjA0WhcNMDQwODA2MDM0
6 | NjA0WjCBqDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xKjAo
7 | BgNVBAoTIVRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IEF1c3RpbjEoMCYGA1UECxMfSW5mb3Jt
8 | YXRpb24gVGVjaG5vbG9neSBTZXJ2aWNlczEiMCAGA1UEAxMZeG1sZ2F0ZXdheS5pdHMudXRleGFz
9 | LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsmc+6+NjLmanvh+FvBziYdBwTiz+d/DZ
10 | Uy2jyvij6f8Xly6zkhHLSsuBzw08wPzr2K+F359bf9T3uiZMuao//FBGtDrTYpvQwkn4PFZwSeY2
11 | Ynw4edxp1JEWT2zfOY+QJDfNgpsYQ9hrHDwqnpbMVVqjdBq5RgTKGhFBj9kxEq0CAwEAATANBgkq
12 | hkiG9w0BAQQFAAOBgQCPYGXF6oRbnjti3CPtjfwORoO7ab1QzNS9Z2rLMuPnt6POlm1A3UPEwCS8
13 | 6flTlAqg19Sh47H7+Iq/LuzotKvUE5ugK52QRNMa4c0OSaO5UEM5EfVox1pT9tZV1Z3whYYMhThg
14 | oC4y/On0NUVMN5xfF/GpSACga/bVjoNvd8HWEg==
15 | -----END CERTIFICATE-----
--------------------------------------------------------------------------------
/openid-connect-client/src/test/resources/x509/x509Encrypted:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICxDCCAi0CBECcV/wwDQYJKoZIhvcNAQEEBQAwgagxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVU
3 | ZXhhczEPMA0GA1UEBxMGQXVzdGluMSowKAYDVQQKEyFUaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBh
4 | dCBBdXN0aW4xKDAmBgNVBAsTH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgU2VydmljZXMxIjAgBgNV
5 | BAMTGXhtbGdhdGV3YXkuaXRzLnV0ZXhhcy5lZHUwHhcNMDQwNTA4MDM0NjA0WhcNMDQwODA2MDM0
6 | NjA0WjCBqDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xKjAo
7 | BgNVBAoTIVRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IEF1c3RpbjEoMCYGA1UECxMfSW5mb3Jt
8 | YXRpb24gVGVjaG5vbG9neSBTZXJ2aWNlczEiMCAGA1UEAxMZeG1sZ2F0ZXdheS5pdHMudXRleGFz
9 | LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsmc+6+NjLmanvh+FvBziYdBwTiz+d/DZ
10 | Uy2jyvij6f8Xly6zkhHLSsuBzw08wPzr2K+F359bf9T3uiZMuao//FBGtDrTYpvQwkn4PFZwSeY2
11 | Ynw4edxp1JEWT2zfOY+QJDfNgpsYQ9hrHDwqnpbMVVqjdBq5RgTKGhFBj9kxEq0CAwEAATANBgkq
12 | hkiG9w0BAQQFAAOBgQCPYGXF6oRbnjti3CPtjfwORoO7ab1QzNS9Z2rLMuPnt6POlm1A3UPEwCS8
13 | 6flTlAqg19Sh47H7+Iq/LuzotKvUE5ugK52QRNMa4c0OSaO5UEM5EfVox1pT9tZV1Z3whYYMhThg
14 | oC4y/On0NUVMN5xfF/GpSACga/bVjoNvd8HWEg==
15 | -----END CERTIFICATE-----
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_index.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Indexes for MySQL
3 | --
4 |
5 | CREATE INDEX at_tv_idx ON access_token(token_value(767));
6 | CREATE INDEX ts_oi_idx ON token_scope(owner_id);
7 | CREATE INDEX at_exp_idx ON access_token(expiration);
8 | CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id);
9 | CREATE INDEX rf_tv_idx ON refresh_token(token_value(105));
10 | CREATE INDEX cd_ci_idx ON client_details(client_id);
11 | CREATE INDEX at_ahi_idx ON access_token(auth_holder_id);
12 | CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id);
13 | CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id);
14 | CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
15 | CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id);
16 | CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id);
17 | CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id);
18 | CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id);
19 | CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id);
20 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/jwt/assertion/AssertionValidator.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.jwt.assertion;
18 |
19 | import com.nimbusds.jwt.JWT;
20 |
21 | /**
22 | * @author jricher
23 | *
24 | */
25 | public interface AssertionValidator {
26 |
27 | public boolean isValid(JWT assertion);
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/media.less:
--------------------------------------------------------------------------------
1 | // Media objects
2 | // Source: http://stubbornella.org/content/?p=497
3 | // --------------------------------------------------
4 |
5 |
6 | // Common styles
7 | // -------------------------
8 |
9 | // Clear the floats
10 | .media,
11 | .media-body {
12 | overflow: hidden;
13 | *overflow: visible;
14 | zoom: 1;
15 | }
16 |
17 | // Proper spacing between instances of .media
18 | .media,
19 | .media .media {
20 | margin-top: 15px;
21 | }
22 | .media:first-child {
23 | margin-top: 0;
24 | }
25 |
26 | // For images and videos, set to block
27 | .media-object {
28 | display: block;
29 | }
30 |
31 | // Reset margins on headings for tighter default spacing
32 | .media-heading {
33 | margin: 0 0 5px;
34 | }
35 |
36 |
37 | // Media image alignment
38 | // -------------------------
39 |
40 | .media > .pull-left {
41 | margin-right: 10px;
42 | }
43 | .media > .pull-right {
44 | margin-left: 10px;
45 | }
46 |
47 |
48 | // Media list variation
49 | // -------------------------
50 |
51 | // Undo default ul/ol styles
52 | .media-list {
53 | margin-left: 0;
54 | list-style: none;
55 | }
56 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/data/PageCriteria.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 | package org.mitre.data;
17 |
18 | /**
19 | * Interface which defines page criteria for use in
20 | * a repository operation.
21 | *
22 | * @author Colm Smyth
23 | */
24 | public interface PageCriteria {
25 |
26 | public int getPageNumber();
27 | public int getPageSize();
28 | }
29 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/scaffolding.less:
--------------------------------------------------------------------------------
1 | //
2 | // Scaffolding
3 | // --------------------------------------------------
4 |
5 |
6 | // Body reset
7 | // -------------------------
8 |
9 | body {
10 | margin: 0;
11 | font-family: @baseFontFamily;
12 | font-size: @baseFontSize;
13 | line-height: @baseLineHeight;
14 | color: @textColor;
15 | background-color: @bodyBackground;
16 | }
17 |
18 |
19 | // Links
20 | // -------------------------
21 |
22 | a {
23 | color: @linkColor;
24 | text-decoration: none;
25 | }
26 | a:hover,
27 | a:focus {
28 | color: @linkColorHover;
29 | text-decoration: underline;
30 | }
31 |
32 |
33 | // Images
34 | // -------------------------
35 |
36 | // Rounded corners
37 | .img-rounded {
38 | .border-radius(6px);
39 | }
40 |
41 | // Add polaroid-esque trim
42 | .img-polaroid {
43 | padding: 4px;
44 | background-color: #fff;
45 | border: 1px solid #ccc;
46 | border: 1px solid rgba(0,0,0,.2);
47 | .box-shadow(0 1px 3px rgba(0,0,0,.1));
48 | }
49 |
50 | // Perfect circle
51 | .img-circle {
52 | .border-radius(500px); // crank the border-radius so it works with most reasonably sized images
53 | }
54 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/service/LoginHintExtracter.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.service;
18 |
19 | /**
20 | * @author jricher
21 | *
22 | */
23 | public interface LoginHintExtracter {
24 |
25 | /**
26 | * @param loginHint
27 | * @return
28 | */
29 | public String extractHint(String loginHint);
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/openid/connect/client/TargetLinkURIChecker.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 | package org.mitre.openid.connect.client;
17 |
18 | public interface TargetLinkURIChecker {
19 |
20 | /**
21 | * Check the parameter to make sure that it's a valid deep-link into this application.
22 | *
23 | * @param target
24 | * @return
25 | */
26 | public String filter(String target);
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/psql/scopes.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Turn off autocommit and start a transaction so that we can use the temp tables
3 | --
4 |
5 | --SET AUTOCOMMIT = OFF;
6 |
7 | START TRANSACTION;
8 |
9 | --
10 | -- Insert scope information into the temporary tables.
11 | --
12 |
13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
14 | ('openid', 'log in using your identity', 'user', false, true),
15 | ('profile', 'basic profile information', 'list-alt', false, true),
16 | ('email', 'email address', 'envelope', false, true),
17 | ('address', 'physical address', 'home', false, true),
18 | ('phone', 'telephone number', 'bell', false, true),
19 | ('offline_access', 'offline access', 'time', false, false);
20 |
21 | --
22 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
23 | --
24 |
25 | INSERT INTO system_scope (scope, description, icon, restricted, default_scope)
26 | SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP
27 | ON CONFLICT(scope)
28 | DO NOTHING;
29 |
30 | COMMIT;
31 |
32 | --SET AUTOCOMMIT = ON;
33 |
34 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/resources/css/bootstrap-sheet.css:
--------------------------------------------------------------------------------
1 | /*!
2 | * Bootstrap modal sheet
3 | *
4 | * Author: Michaël Perrin
5 | * https://github.com/michaelperrin/bootstrap-modal-sheet
6 | */
7 |
8 | .sheet form {
9 | margin: 0;
10 | }
11 |
12 | .sheet .form-actions {
13 | margin-top: 10px;
14 | margin-bottom: 0;
15 | padding: 10px 20px 10px;
16 | text-align: right;
17 | }
18 |
19 | .sheet {
20 | position: absolute;
21 | z-index: 1050;
22 |
23 | width: 600px;
24 | background: rgba(240, 240, 240, 0.9);
25 | border-color: #909090;
26 | border-style: solid;
27 | border-width: 0 1px 1px 1px;
28 | box-shadow: inset 0 15px 12px -10px rgba(0, 0, 0, 0.4), 0 5px 12px rgba(0, 0, 0, 0.4);
29 | padding-top: 15px;
30 | }
31 |
32 | .sheet.hide {
33 | display: none;
34 | }
35 |
36 | .sheet .sheet-body {
37 | padding-left: 15px;
38 | padding-right: 15px;
39 | }
40 |
41 | .sheet .sheet-footer {
42 | margin-top: 10px;
43 | margin-bottom: 0;
44 | padding: 10px 20px 10px;
45 | text-align: right;
46 | background-color: #f5f5f5;
47 | border-top: 1px solid #e5e5e5;
48 | }
49 |
50 | .sheet-backdrop {
51 | position: fixed;
52 | top: 0;
53 | right: 0;
54 | bottom: 0;
55 | left: 0;
56 | z-index: 1040;
57 | }
58 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/postLogout.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
2 | <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
3 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
4 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
5 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
6 | <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
7 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
8 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_index.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Indexes for HSQLDB
3 | --
4 |
5 | CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value);
6 | CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id);
7 | CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration);
8 | CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id);
9 | CREATE INDEX IF NOT EXISTS rf_tv_idx ON refresh_token(token_value);
10 | CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id);
11 | CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id);
12 | CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id);
13 | CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id);
14 | CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
15 | CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id);
16 | CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id);
17 | CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id);
18 | CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id);
19 | CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id);
20 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/psql/psql_database_index.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Indexes for PostgreSQL
3 | --
4 |
5 | CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value);
6 | CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id);
7 | CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration);
8 | CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id);
9 | CREATE INDEX IF NOT EXISTS rf_tv_idx ON refresh_token(token_value);
10 | CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id);
11 | CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id);
12 | CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id);
13 | CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id);
14 | CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
15 | CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id);
16 | CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id);
17 | CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id);
18 | CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id);
19 | CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id);
20 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ClientLogoLoadingService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.service;
18 |
19 | import org.mitre.oauth2.model.ClientDetailsEntity;
20 | import org.mitre.openid.connect.model.CachedImage;
21 |
22 | /**
23 | * @author jricher
24 | *
25 | */
26 | public interface ClientLogoLoadingService {
27 |
28 | /**
29 | * @param client
30 | * @return
31 | */
32 | public CachedImage getLogo(ClientDetailsEntity client);
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/stats.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
3 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
4 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
5 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | package org.mitre.oauth2.exception;
19 |
20 | public class DuplicateClientIdException extends RuntimeException {
21 |
22 | public DuplicateClientIdException(String clientId) {
23 | super("Duplicate client id: " + clientId);
24 | }
25 |
26 | /**
27 | *
28 | */
29 | private static final long serialVersionUID = 1L;
30 |
31 |
32 | }
33 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.client.service;
22 |
23 | import org.mitre.openid.connect.config.ServerConfiguration;
24 |
25 | /**
26 | * @author jricher
27 | *
28 | */
29 | public interface ServerConfigurationService {
30 |
31 | public ServerConfiguration getServerConfiguration(String issuer);
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/bootstrap-responsive.less:
--------------------------------------------------------------------------------
1 | /*!
2 | * Bootstrap Responsive v2.3.2
3 | *
4 | * Copyright 2013 Twitter, Inc
5 | * Licensed under the Apache License v2.0
6 | * http://www.apache.org/licenses/LICENSE-2.0
7 | *
8 | * Designed and built with all the love in the world by @mdo and @fat.
9 | */
10 |
11 |
12 | // Responsive.less
13 | // For phone and tablet devices
14 | // -------------------------------------------------------------
15 |
16 |
17 | // REPEAT VARIABLES & MIXINS
18 | // -------------------------
19 | // Required since we compile the responsive stuff separately
20 |
21 | @import "variables.less"; // Modify this for custom colors, font-sizes, etc
22 | @import "mixins.less";
23 |
24 |
25 | // RESPONSIVE CLASSES
26 | // ------------------
27 |
28 | @import "responsive-utilities.less";
29 |
30 |
31 | // MEDIA QUERIES
32 | // ------------------
33 |
34 | // Large desktops
35 | @import "responsive-1200px-min.less";
36 |
37 | // Tablets to regular desktops
38 | @import "responsive-768px-979px.less";
39 |
40 | // Phones to portrait tablets and narrow desktops
41 | @import "responsive-767px-max.less";
42 |
43 |
44 | // RESPONSIVE NAVBAR
45 | // ------------------
46 |
47 | // From 979px and below, show a button to toggle navbar contents
48 | @import "responsive-navbar.less";
49 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ScopeClaimTranslationService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.service;
22 |
23 | import java.util.Set;
24 |
25 | /**
26 | * @author jricher
27 | *
28 | */
29 | public interface ScopeClaimTranslationService {
30 |
31 | public Set getClaimsForScope(String scope);
32 |
33 | public Set getClaimsForScopeSet(Set scopes);
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/mysql/scopes.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Turn off autocommit and start a transaction so that we can use the temp tables
3 | --
4 |
5 | SET AUTOCOMMIT = 0;
6 |
7 | START TRANSACTION;
8 |
9 | --
10 | -- Insert scope information into the temporary tables.
11 | --
12 |
13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
14 | ('openid', 'log in using your identity', 'user', false, true),
15 | ('profile', 'basic profile information', 'list-alt', false, true),
16 | ('email', 'email address', 'envelope', false, true),
17 | ('address', 'physical address', 'home', false, true),
18 | ('phone', 'telephone number', 'bell', false, true),
19 | ('offline_access', 'offline access', 'time', false, false);
20 |
21 | --
22 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
23 | --
24 |
25 | INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description)
26 | SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP
27 | ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope;
28 |
29 | COMMIT;
30 |
31 | SET AUTOCOMMIT = 1;
32 |
--------------------------------------------------------------------------------
/uma-server-webapp/src/main/webapp/WEB-INF/views/external_login.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
3 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
4 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
5 |
6 |
7 |
8 |
9 |
10 |
11 |
Log In
12 |
13 |
Enter your email address to log in
14 |
15 |
16 |
17 |
18 |
19 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
42 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.client.service;
22 |
23 | import org.mitre.oauth2.model.RegisteredClient;
24 | import org.mitre.openid.connect.config.ServerConfiguration;
25 |
26 | /**
27 | * @author jricher
28 | *
29 | */
30 | public interface ClientConfigurationService {
31 |
32 | public RegisteredClient getClientConfiguration(ServerConfiguration issuer);
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ClientStat.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.model;
18 |
19 | /**
20 | * @author jricher
21 | *
22 | */
23 | public class ClientStat {
24 |
25 | private Integer approvedSiteCount;
26 |
27 | /**
28 | * @return the count
29 | */
30 | public Integer getApprovedSiteCount() {
31 | return approvedSiteCount;
32 | }
33 |
34 | /**
35 | * @param count the count to set
36 | */
37 | public void setApprovedSiteCount(Integer count) {
38 | this.approvedSiteCount = count;
39 | }
40 |
41 | }
42 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/hsql/scopes.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Turn off autocommit and start a transaction so that we can use the temp tables
3 | --
4 |
5 | SET AUTOCOMMIT FALSE;
6 |
7 | START TRANSACTION;
8 |
9 | --
10 | -- Insert scope information into the temporary tables.
11 | --
12 |
13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
14 | ('openid', 'log in using your identity', 'user', false, true),
15 | ('profile', 'basic profile information', 'list-alt', false, true),
16 | ('email', 'email address', 'envelope', false, true),
17 | ('address', 'physical address', 'home', false, true),
18 | ('phone', 'telephone number', 'bell', false, true),
19 | ('offline_access', 'offline access', 'time', false, false);
20 |
21 | --
22 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
23 | --
24 |
25 | MERGE INTO system_scope
26 | USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope)
27 | ON vals.scope = system_scope.scope
28 | WHEN NOT MATCHED THEN
29 | INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope);
30 |
31 | COMMIT;
32 |
33 | SET AUTOCOMMIT TRUE;
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/locale-config.xml:
--------------------------------------------------------------------------------
1 |
2 |
17 |
18 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/NullAssertionValidator.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.jwt.assertion.impl;
18 |
19 | import org.mitre.jwt.assertion.AssertionValidator;
20 |
21 | import com.nimbusds.jwt.JWT;
22 |
23 | /**
24 | * Reject all assertions passed in.
25 | *
26 | * @author jricher
27 | *
28 | */
29 | public class NullAssertionValidator implements AssertionValidator {
30 |
31 | /**
32 | * Reject all assertions passed in, always returns false.
33 | */
34 | @Override
35 | public boolean isValid(JWT assertion) {
36 | return false;
37 |
38 | }
39 |
40 | }
41 |
--------------------------------------------------------------------------------
/uma-server-webapp/src/main/resources/db/psql/scopes.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Turn off autocommit and start a transaction so that we can use the temp tables
3 | --
4 |
5 | --SET AUTOCOMMIT = OFF;
6 |
7 | START TRANSACTION;
8 |
9 | --
10 | -- Insert scope information into the temporary tables.
11 | --
12 |
13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
14 | ('openid', 'log in using your identity', 'user', false, true, false, null),
15 | ('profile', 'basic profile information', 'list-alt', false, true, false, null),
16 | ('email', 'email address', 'envelope', false, true, false, null),
17 | ('address', 'physical address', 'home', false, true, false, null),
18 | ('phone', 'telephone number', 'bell', false, true, false, null),
19 | ('offline_access', 'offline access', 'time', false, false, false, null);
20 |
21 | --
22 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
23 | --
24 |
25 | INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description)
26 | SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP
27 | ON CONFLICT(scope)
28 | DO NOTHING;
29 |
30 | COMMIT;
31 |
32 | --SET AUTOCOMMIT = ON;
33 |
34 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.oauth2.introspectingfilter.service;
22 |
23 | import java.util.List;
24 |
25 | import org.springframework.security.core.GrantedAuthority;
26 |
27 | import com.google.gson.JsonObject;
28 |
29 | /**
30 | * @author jricher
31 | *
32 | */
33 | public interface IntrospectionAuthorityGranter {
34 |
35 | public List getAuthorities(JsonObject introspectionResponse);
36 |
37 | }
38 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/thumbnails.less:
--------------------------------------------------------------------------------
1 | //
2 | // Thumbnails
3 | // --------------------------------------------------
4 |
5 |
6 | // Note: `.thumbnails` and `.thumbnails > li` are overriden in responsive files
7 |
8 | // Make wrapper ul behave like the grid
9 | .thumbnails {
10 | margin-left: -@gridGutterWidth;
11 | list-style: none;
12 | .clearfix();
13 | }
14 | // Fluid rows have no left margin
15 | .row-fluid .thumbnails {
16 | margin-left: 0;
17 | }
18 |
19 | // Float li to make thumbnails appear in a row
20 | .thumbnails > li {
21 | float: left; // Explicity set the float since we don't require .span* classes
22 | margin-bottom: @baseLineHeight;
23 | margin-left: @gridGutterWidth;
24 | }
25 |
26 | // The actual thumbnail (can be `a` or `div`)
27 | .thumbnail {
28 | display: block;
29 | padding: 4px;
30 | line-height: @baseLineHeight;
31 | border: 1px solid #ddd;
32 | .border-radius(@baseBorderRadius);
33 | .box-shadow(0 1px 3px rgba(0,0,0,.055));
34 | .transition(all .2s ease-in-out);
35 | }
36 | // Add a hover/focus state for linked versions only
37 | a.thumbnail:hover,
38 | a.thumbnail:focus {
39 | border-color: @linkColor;
40 | .box-shadow(0 1px 4px rgba(0,105,214,.25));
41 | }
42 |
43 | // Images and captions
44 | .thumbnail > img {
45 | display: block;
46 | max-width: 100%;
47 | margin-left: auto;
48 | margin-right: auto;
49 | }
50 | .thumbnail .caption {
51 | padding: 9px;
52 | color: @gray;
53 | }
54 |
--------------------------------------------------------------------------------
/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/PassAllLoginHints.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.service.impl;
18 |
19 | import org.mitre.openid.connect.service.LoginHintExtracter;
20 |
21 | /**
22 | * Sends all login hints through to the login page regardless of setup.
23 | *
24 | * @author jricher
25 | *
26 | */
27 | public class PassAllLoginHints implements LoginHintExtracter {
28 |
29 | /* (non-Javadoc)
30 | * @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String)
31 | */
32 | @Override
33 | public String extractHint(String loginHint) {
34 | return loginHint;
35 | }
36 |
37 | }
38 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/resources/js/profile.js:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 | ui.routes.push({
17 | path: "user/profile",
18 | name: "profile",
19 | callback: function() {
20 |
21 | this.breadCrumbView.collection.reset();
22 | this.breadCrumbView.collection.add([{
23 | text: $.t('admin.home'),
24 | href: ""
25 | }, {
26 | text: $.t('admin.user-profile.show'),
27 | href: "manage/#user/profile"
28 | }]);
29 |
30 | this.updateSidebar('user/profile');
31 |
32 | var view = new UserProfileView({
33 | model: getUserInfo()
34 | });
35 | $('#content').html(view.render().el);
36 |
37 | setPageTitle($.t('admin.user-profile.show'));
38 |
39 | }
40 | });
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.oauth2.repository;
22 |
23 | import java.util.Set;
24 |
25 | import org.mitre.oauth2.model.SystemScope;
26 |
27 | /**
28 | * @author jricher
29 | *
30 | */
31 | public interface SystemScopeRepository {
32 |
33 | public Set getAll();
34 |
35 | public SystemScope getById(Long id);
36 |
37 | public SystemScope getByValue(String value);
38 |
39 | public void remove(SystemScope scope);
40 |
41 | public SystemScope save(SystemScope scope);
42 |
43 | }
44 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/config/UIConfiguration.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.config;
18 |
19 | import java.util.Set;
20 |
21 | /**
22 | *
23 | * Bean for UI (front-end) configuration to be read at start-up.
24 | *
25 | * @author jricher
26 | *
27 | */
28 | public class UIConfiguration {
29 |
30 | private Set jsFiles;
31 |
32 | /**
33 | * @return the jsFiles
34 | */
35 | public Set getJsFiles() {
36 | return jsFiles;
37 | }
38 | /**
39 | * @param jsFiles the jsFiles to set
40 | */
41 | public void setJsFiles(Set jsFiles) {
42 | this.jsFiles = jsFiles;
43 | }
44 |
45 | }
46 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | package org.mitre.openid.connect.repository;
19 |
20 | import org.mitre.openid.connect.model.Address;
21 |
22 | /**
23 | * Address repository interface
24 | *
25 | * @author Michael Joseph Walsh
26 | *
27 | */
28 | public interface AddressRepository {
29 |
30 | /**
31 | * Returns the Address for the given id
32 | *
33 | * @param id
34 | * id the id of the Address
35 | * @return a valid Address if it exists, null otherwise
36 | */
37 | public Address getById(Long id);
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.client.service;
22 |
23 | import javax.servlet.http.HttpServletRequest;
24 |
25 | import org.mitre.openid.connect.client.model.IssuerServiceResponse;
26 |
27 | /**
28 | *
29 | * Gets an issuer for the given request. Might do dynamic discovery, or might be statically configured.
30 | *
31 | * @author jricher
32 | *
33 | */
34 | public interface IssuerService {
35 |
36 | public IssuerServiceResponse getIssuer(HttpServletRequest request);
37 |
38 | }
39 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/uma/service/SavedRegisteredClientService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.uma.service;
18 |
19 | import java.util.Collection;
20 |
21 | import org.mitre.oauth2.model.RegisteredClient;
22 | import org.mitre.uma.model.SavedRegisteredClient;
23 |
24 | /**
25 | * @author jricher
26 | *
27 | */
28 | public interface SavedRegisteredClientService {
29 |
30 | /**
31 | * Get a list of all the registered clients that we know about.
32 | *
33 | * @return
34 | */
35 | Collection getAll();
36 |
37 | /**
38 | * @param issuer
39 | * @param client
40 | */
41 | void save(String issuer, RegisteredClient client);
42 |
43 |
44 | }
45 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.uma.service;
18 |
19 | import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
20 | import org.mitre.uma.model.PermissionTicket;
21 | import org.mitre.uma.model.Policy;
22 | import org.springframework.security.oauth2.provider.OAuth2Authentication;
23 |
24 | /**
25 | * Service to create special tokens for UMA.
26 | *
27 | * @author jricher
28 | *
29 | */
30 | public interface UmaTokenService {
31 |
32 | /**
33 | * Create the RPT from the given authentication and ticket.
34 | *
35 | */
36 | public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy);
37 |
38 | }
39 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthoritiesMapper.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.client;
18 |
19 | import java.util.Collection;
20 |
21 | import org.mitre.openid.connect.model.UserInfo;
22 | import org.springframework.security.core.GrantedAuthority;
23 |
24 | import com.nimbusds.jwt.JWT;
25 |
26 | /**
27 | * @author jricher
28 | *
29 | */
30 | public interface OIDCAuthoritiesMapper {
31 |
32 | /**
33 | * @param idToken the ID Token (parsed as a JWT, cannot be @null)
34 | * @param userInfo userInfo of the current user (could be @null)
35 | * @return the set of authorities to map to this user
36 | */
37 | Collection mapAuthorities(JWT idToken, UserInfo userInfo);
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/uma-server-webapp/src/main/resources/db/hsql/scopes.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Turn off autocommit and start a transaction so that we can use the temp tables
3 | --
4 |
5 | SET AUTOCOMMIT FALSE;
6 |
7 | START TRANSACTION;
8 |
9 | --
10 | -- Insert scope information into the temporary tables.
11 | --
12 |
13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
14 | ('openid', 'log in using your identity', 'user', false, true),
15 | ('profile', 'basic profile information', 'list-alt', false, true),
16 | ('email', 'email address', 'envelope', false, true),
17 | ('address', 'physical address', 'home', false, true),
18 | ('phone', 'telephone number', 'bell', false, true),
19 | ('offline_access', 'offline access', 'time', false, false),
20 | ('uma_protection', 'manage protected resources', 'briefcase', false, false),
21 | ('uma_authorization', 'request access to protected resources', 'share', false, false);
22 |
23 | --
24 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
25 | --
26 |
27 | MERGE INTO system_scope
28 | USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope)
29 | ON vals.scope = system_scope.scope
30 | WHEN NOT MATCHED THEN
31 | INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope);
32 |
33 | COMMIT;
34 |
35 | SET AUTOCOMMIT TRUE;
36 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.uma.repository;
18 |
19 | import java.util.Collection;
20 |
21 | import org.mitre.uma.model.ResourceSet;
22 |
23 | /**
24 | * @author jricher
25 | *
26 | */
27 | public interface ResourceSetRepository {
28 |
29 | public ResourceSet save(ResourceSet rs);
30 |
31 | public ResourceSet getById(Long id);
32 |
33 | public void remove(ResourceSet rs);
34 |
35 | public Collection getAllForOwner(String owner);
36 |
37 | public Collection getAllForOwnerAndClient(String owner, String clientId);
38 |
39 | public Collection getAll();
40 |
41 | public Collection getAllForClient(String clientId);
42 |
43 | }
44 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/code.less:
--------------------------------------------------------------------------------
1 | //
2 | // Code (inline and blocK)
3 | // --------------------------------------------------
4 |
5 |
6 | // Inline and block code styles
7 | code,
8 | pre {
9 | padding: 0 3px 2px;
10 | #font > #family > .monospace;
11 | font-size: @baseFontSize - 2;
12 | color: @grayDark;
13 | .border-radius(3px);
14 | }
15 |
16 | // Inline code
17 | code {
18 | padding: 2px 4px;
19 | color: #d14;
20 | background-color: #f7f7f9;
21 | border: 1px solid #e1e1e8;
22 | white-space: nowrap;
23 | }
24 |
25 | // Blocks of code
26 | pre {
27 | display: block;
28 | padding: (@baseLineHeight - 1) / 2;
29 | margin: 0 0 @baseLineHeight / 2;
30 | font-size: @baseFontSize - 1; // 14px to 13px
31 | line-height: @baseLineHeight;
32 | word-break: break-all;
33 | word-wrap: break-word;
34 | white-space: pre;
35 | white-space: pre-wrap;
36 | background-color: #f5f5f5;
37 | border: 1px solid #ccc; // fallback for IE7-8
38 | border: 1px solid rgba(0,0,0,.15);
39 | .border-radius(@baseBorderRadius);
40 |
41 | // Make prettyprint styles more spaced out for readability
42 | &.prettyprint {
43 | margin-bottom: @baseLineHeight;
44 | }
45 |
46 | // Account for some code outputs that place code tags in pre tags
47 | code {
48 | padding: 0;
49 | color: inherit;
50 | white-space: pre;
51 | white-space: pre-wrap;
52 | background-color: transparent;
53 | border: 0;
54 | }
55 | }
56 |
57 | // Enable scrollable blocks of code
58 | .pre-scrollable {
59 | max-height: 340px;
60 | overflow-y: scroll;
61 | }
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/exception/DeviceCodeCreationException.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.exception;
18 |
19 | /**
20 | * @author jricher
21 | *
22 | */
23 | public class DeviceCodeCreationException extends Exception {
24 |
25 | private static final long serialVersionUID = 8078568710169208466L;
26 |
27 | private String error;
28 |
29 | public DeviceCodeCreationException(String error, String message) {
30 | super(message);
31 | this.error = error;
32 | }
33 |
34 | /**
35 | * @return the error
36 | */
37 | public String getError() {
38 | return error;
39 | }
40 |
41 | /**
42 | * @param error the error to set
43 | */
44 | public void setError(String error) {
45 | this.error = error;
46 | }
47 |
48 |
49 |
50 | }
51 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | package org.mitre.oauth2.repository;
19 |
20 | import java.util.Collection;
21 |
22 | import org.mitre.oauth2.model.ClientDetailsEntity;
23 |
24 | public interface OAuth2ClientRepository {
25 |
26 | public ClientDetailsEntity getById(Long id);
27 |
28 | public ClientDetailsEntity getClientByClientId(String clientId);
29 |
30 | public ClientDetailsEntity saveClient(ClientDetailsEntity client);
31 |
32 | public void deleteClient(ClientDetailsEntity client);
33 |
34 | public ClientDetailsEntity updateClient(Long id, ClientDetailsEntity client);
35 |
36 | public Collection getAllClients();
37 |
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.service;
22 |
23 | import org.mitre.oauth2.model.ClientDetailsEntity;
24 | import org.mitre.openid.connect.model.UserInfo;
25 |
26 | /**
27 | * @author jricher
28 | *
29 | */
30 | public interface PairwiseIdentiferService {
31 |
32 | /**
33 | * Calcualtes the pairwise identifier for the given userinfo object and client.
34 | *
35 | * Returns 'null' if no identifer could be calculated.
36 | *
37 | * @param userInfo
38 | * @param client
39 | * @return
40 | */
41 | public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client);
42 |
43 | }
44 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | package org.mitre.openid.connect.repository;
19 |
20 | import org.mitre.openid.connect.model.UserInfo;
21 |
22 | /**
23 | * UserInfo repository interface
24 | *
25 | * @author Michael Joseph Walsh
26 | *
27 | */
28 | public interface UserInfoRepository {
29 |
30 | /**
31 | * Get a UserInfo object by its preferred_username field
32 | * @param username
33 | * @return
34 | */
35 | public UserInfo getByUsername(String username);
36 |
37 | /**
38 | *
39 | * Get the UserInfo object by its email field
40 | *
41 | * @param email
42 | * @return
43 | */
44 | public UserInfo getByEmailAddress(String email);
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Insert scope information into the temporary tables.
3 | --
4 |
5 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
6 | ('openid', 'log in using your identity', 'user', 0, 1);
7 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
8 | ('profile', 'basic profile information', 'list-alt', 0, 1);
9 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
10 | ('email', 'email address', 'envelope', 0, 1);
11 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
12 | ('address', 'physical address', 'home', 0, 1);
13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
14 | ('phone', 'telephone number', 'bell', 0, 1, 0);
15 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
16 | ('offline_access', 'offline access', 'time', 0, 0);
17 | --
18 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
19 | --
20 |
21 | MERGE INTO system_scope
22 | USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) vals
23 | ON (vals.scope = system_scope.scope)
24 | WHEN NOT MATCHED THEN
25 | INSERT (id, scope, description, icon, restricted, default_scope) VALUES(system_scope_seq.nextval, vals.scope,
26 | vals.description, vals.icon, vals.restricted, vals.default_scope);
27 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.repository;
22 |
23 | import java.util.Collection;
24 |
25 | import org.mitre.openid.connect.model.BlacklistedSite;
26 |
27 | /**
28 | * @author jricher
29 | *
30 | */
31 | public interface BlacklistedSiteRepository {
32 |
33 | public Collection getAll();
34 |
35 | public BlacklistedSite getById(Long id);
36 |
37 | public void remove(BlacklistedSite blacklistedSite);
38 |
39 | public BlacklistedSite save(BlacklistedSite blacklistedSite);
40 |
41 | public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite);
42 |
43 | }
44 |
--------------------------------------------------------------------------------
/openid-connect-server/src/main/java/org/mitre/oauth2/exception/DeviceCodeExpiredException.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.exception;
18 |
19 | import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
20 |
21 | /**
22 | * @author jricher
23 | *
24 | */
25 | public class DeviceCodeExpiredException extends OAuth2Exception {
26 |
27 | /**
28 | * @param msg
29 | */
30 | public DeviceCodeExpiredException(String msg) {
31 | super(msg);
32 | }
33 |
34 | /**
35 | *
36 | */
37 | private static final long serialVersionUID = -7078098692596870940L;
38 |
39 | /* (non-Javadoc)
40 | * @see org.springframework.security.oauth2.common.exceptions.OAuth2Exception#getOAuth2ErrorCode()
41 | */
42 | @Override
43 | public String getOAuth2ErrorCode() {
44 | return "expired_token";
45 | }
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/uma-server-webapp/src/main/resources/db/mysql/scopes.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Turn off autocommit and start a transaction so that we can use the temp tables
3 | --
4 |
5 | SET AUTOCOMMIT = 0;
6 |
7 | START TRANSACTION;
8 |
9 | --
10 | -- Insert scope information into the temporary tables.
11 | --
12 |
13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
14 | ('openid', 'log in using your identity', 'user', false, true, false, null),
15 | ('profile', 'basic profile information', 'list-alt', false, true, false, null),
16 | ('email', 'email address', 'envelope', false, true, false, null),
17 | ('address', 'physical address', 'home', false, true, false, null),
18 | ('phone', 'telephone number', 'bell', false, true, false, null),
19 | ('offline_access', 'offline access', 'time', false, false, false, null),
20 | ('uma_protection', 'manage protected resources', 'briefcase', false, false, false, null),
21 | ('uma_authorization', 'request access to protected resources', 'share', false, false, false, null);
22 |
23 | --
24 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
25 | --
26 |
27 | INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description)
28 | SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP
29 | ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope;
30 |
31 | COMMIT;
32 |
33 | SET AUTOCOMMIT = 1;
34 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/config/JWKSetEditor.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.config;
18 |
19 | import java.beans.PropertyEditorSupport;
20 | import java.text.ParseException;
21 |
22 | import com.google.common.base.Strings;
23 | import com.nimbusds.jose.jwk.JWKSet;
24 |
25 | /**
26 | * Allows JWK Set strings to be used in XML configurations.
27 | *
28 | * @author jricher
29 | *
30 | */
31 | public class JWKSetEditor extends PropertyEditorSupport {
32 |
33 | @Override
34 | public void setAsText(String text) throws IllegalArgumentException {
35 | if (!Strings.isNullOrEmpty(text)) {
36 | try {
37 | setValue(JWKSet.parse(text));
38 | } catch (ParseException e) {
39 | throw new IllegalArgumentException(e);
40 | }
41 | } else {
42 | setValue(null);
43 | }
44 | }
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/service/BlacklistedSiteService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.service;
22 |
23 | import java.util.Collection;
24 |
25 | import org.mitre.openid.connect.model.BlacklistedSite;
26 |
27 | /**
28 | * @author jricher
29 | *
30 | */
31 | public interface BlacklistedSiteService {
32 |
33 | public Collection getAll();
34 |
35 | public BlacklistedSite getById(Long id);
36 |
37 | public void remove(BlacklistedSite blacklistedSite);
38 |
39 | public BlacklistedSite saveNew(BlacklistedSite blacklistedSite);
40 |
41 | public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite);
42 |
43 | public boolean isBlacklisted(String uri);
44 |
45 | }
46 |
--------------------------------------------------------------------------------
/openid-connect-server/src/main/java/org/mitre/oauth2/exception/AuthorizationPendingException.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.exception;
18 |
19 | import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
20 |
21 | /**
22 | * @author jricher
23 | *
24 | */
25 | public class AuthorizationPendingException extends OAuth2Exception {
26 |
27 | /**
28 | * @param msg
29 | */
30 | public AuthorizationPendingException(String msg) {
31 | super(msg);
32 | }
33 |
34 | /**
35 | *
36 | */
37 | private static final long serialVersionUID = -7078098692596870940L;
38 |
39 | /* (non-Javadoc)
40 | * @see org.springframework.security.oauth2.common.exceptions.OAuth2Exception#getOAuth2ErrorCode()
41 | */
42 | @Override
43 | public String getOAuth2ErrorCode() {
44 | return "authorization_pending";
45 | }
46 |
47 |
48 |
49 | }
50 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | package org.mitre.oauth2.repository;
19 |
20 | import java.util.List;
21 |
22 | import org.mitre.data.PageCriteria;
23 | import org.mitre.oauth2.model.AuthenticationHolderEntity;
24 |
25 | public interface AuthenticationHolderRepository {
26 | public List getAll();
27 |
28 | public AuthenticationHolderEntity getById(Long id);
29 |
30 | public void remove(AuthenticationHolderEntity a);
31 |
32 | public AuthenticationHolderEntity save(AuthenticationHolderEntity a);
33 |
34 | public List getOrphanedAuthenticationHolders();
35 |
36 | public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
37 | }
38 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | Unreleased:
2 |
3 | *1.3.3*:
4 | - Authorization codes are now longer
5 | - Client/RS can parse the "sub" and "user_id" claims in introspection response
6 | - Database-direct queries for fetching tokens by user (optimization)
7 | - Device flow supports verification_uri_complete (must be turned on)
8 | - Long scopes display properly and are still checkable
9 | - Language system remebers when it can't find a file and stops throwing so many errors
10 | - Index added for refresh tokens
11 | - Updated to Spring Security 4.2.11
12 | - Updated Spring to 4.3.22
13 | - Change approve pages to use issuer instead of page context
14 | - Updated oracle database scripts
15 |
16 | *1.3.2*:
17 | - Added changelog
18 | - Set default redirect URI resolver strict matching to true
19 | - Fixed XSS vulnerability on redirect URI display on approval page
20 | - Removed MITRE from copyright
21 | - Disallow unsigned JWTs on client authentication
22 | - Upgraded Nimbus revision
23 | - Added French translation
24 | - Added hooks for custom JWT claims
25 | - Removed "Not Yet Implemented" tag from post-logout redirect URI
26 |
27 | *1.3.1*:
28 | - Added End Session endpoint
29 | - Fixed discovery endpoint
30 | - Downgrade MySQL connector dependency version from developer preview to GA release
31 |
32 | *1.3.0*:
33 | - Added device flow support
34 | - Added PKCE support
35 | - Modularized UI to allow better overlay and extensions
36 | - Modularized data import/export API
37 | - Added software statements to dynamic client registration
38 | - Added assertion processing framework
39 | - Removed ID tokens from storage
40 | - Removed structured scopes
41 |
42 | *1.2.6*:
43 | - Added strict HEART compliance mode
44 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/openid/connect/client/StaticPrefixTargetLinkURIChecker.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 | package org.mitre.openid.connect.client;
17 |
18 | /**
19 | * Simple target URI checker, checks whether the string in question starts
20 | * with a configured prefix. Returns "/" if the match fails.
21 | *
22 | * @author jricher
23 | *
24 | */
25 | public class StaticPrefixTargetLinkURIChecker implements TargetLinkURIChecker {
26 |
27 | private String prefix = "";
28 |
29 | @Override
30 | public String filter(String target) {
31 | if (target == null) {
32 | return "/";
33 | } else if (target.startsWith(prefix)) {
34 | return target;
35 | } else {
36 | return "/";
37 | }
38 | }
39 |
40 | public String getPrefix() {
41 | return prefix;
42 | }
43 |
44 | public void setPrefix(String prefix) {
45 | this.prefix = prefix;
46 | }
47 |
48 | }
49 |
--------------------------------------------------------------------------------
/openid-connect-server/src/main/java/org/mitre/oauth2/assertion/AssertionOAuth2RequestFactory.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.assertion;
18 |
19 | import org.springframework.security.oauth2.provider.ClientDetails;
20 | import org.springframework.security.oauth2.provider.OAuth2Request;
21 | import org.springframework.security.oauth2.provider.TokenRequest;
22 |
23 | import com.nimbusds.jwt.JWT;
24 |
25 | /**
26 | * Take in an assertion and token request and generate an OAuth2Request from it, including scopes and other important components
27 | *
28 | * @author jricher
29 | *
30 | */
31 | public interface AssertionOAuth2RequestFactory {
32 |
33 | /**
34 | * @param client
35 | * @param tokenRequest
36 | * @param assertion
37 | * @return
38 | */
39 | OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest, JWT assertion);
40 |
41 | }
42 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.repository;
22 |
23 | import org.mitre.openid.connect.model.PairwiseIdentifier;
24 |
25 | /**
26 | * @author jricher
27 | *
28 | */
29 | public interface PairwiseIdentifierRepository {
30 |
31 | /**
32 | * Get a pairwise identifier by its associated user subject and sector identifier.
33 | *
34 | * @param sub
35 | * @param sectorIdentifierUri
36 | * @return
37 | */
38 | public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri);
39 |
40 | /**
41 | * Save a pairwise identifier to the database.
42 | *
43 | * @param pairwise
44 | */
45 | public void save(PairwiseIdentifier pairwise);
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/RemoveLoginHintsWithHTTP.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.service.impl;
18 |
19 | import org.mitre.openid.connect.service.LoginHintExtracter;
20 |
21 | import com.google.common.base.Strings;
22 |
23 | /**
24 | * Passes login hints that don't start with "http"
25 | *
26 | * @author jricher
27 | *
28 | */
29 | public class RemoveLoginHintsWithHTTP implements LoginHintExtracter {
30 |
31 | /* (non-Javadoc)
32 | * @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String)
33 | */
34 | @Override
35 | public String extractHint(String loginHint) {
36 | if (Strings.isNullOrEmpty(loginHint)) {
37 | return null;
38 | } else {
39 | if (loginHint.startsWith("http")) {
40 | return null;
41 | } else {
42 | return loginHint;
43 | }
44 | }
45 | }
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/openid-connect-server/src/test/java/org/mitre/openid/connect/config/TestJsonMessageSource.java:
--------------------------------------------------------------------------------
1 | package org.mitre.openid.connect.config;
2 |
3 | import org.junit.Before;
4 | import org.junit.Test;
5 | import org.junit.runner.RunWith;
6 | import org.mockito.InjectMocks;
7 | import org.mockito.Spy;
8 | import org.mockito.runners.MockitoJUnitRunner;
9 | import org.springframework.core.io.ClassPathResource;
10 | import org.springframework.core.io.Resource;
11 |
12 | import java.text.MessageFormat;
13 | import java.util.Locale;
14 |
15 | import static org.junit.Assert.assertEquals;
16 | import static org.junit.Assert.assertNull;
17 |
18 | @RunWith(MockitoJUnitRunner.class)
19 | public class TestJsonMessageSource {
20 |
21 | @InjectMocks
22 | private JsonMessageSource jsonMessageSource;
23 |
24 | @Spy
25 | private ConfigurationPropertiesBean config;
26 |
27 | private Locale localeThatHasAFile = new Locale("en");
28 |
29 | private Locale localeThatDoesNotHaveAFile = new Locale("xx");
30 |
31 | @Before
32 | public void setup() {
33 | //test message files are located in test/resources/js/locale/
34 | Resource resource = new ClassPathResource("/resources/js/locale/");
35 | jsonMessageSource.setBaseDirectory(resource);
36 | }
37 |
38 | @Test
39 | public void verifyWhenLocaleExists_canResolveCode() {
40 | MessageFormat mf = jsonMessageSource.resolveCode("testAttribute", localeThatHasAFile);
41 | assertEquals(mf.getLocale().getLanguage(), "en");
42 | assertEquals(mf.toPattern(), "testValue");
43 | }
44 |
45 | @Test
46 | public void verifyWhenLocaleDoesNotExist_cannotResolveCode() {
47 | MessageFormat mf = jsonMessageSource.resolveCode("test", localeThatDoesNotHaveAFile);
48 | assertNull(mf);
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.uma.service;
18 |
19 | import org.mitre.uma.model.ClaimProcessingResult;
20 | import org.mitre.uma.model.PermissionTicket;
21 | import org.mitre.uma.model.ResourceSet;
22 |
23 | /**
24 | *
25 | * Processes claims presented during an UMA transaction.
26 | *
27 | * @author jricher
28 | *
29 | */
30 | public interface ClaimsProcessingService {
31 |
32 | /**
33 | *
34 | * Determine whether or not the claims that have been supplied are
35 | * sufficient to fulfill the requirements given by the claims that
36 | * are required.
37 | *
38 | * @param rs the required claims to check against
39 | * @param ticket the supplied claims to test
40 | * @return the result of the claims processing action
41 | */
42 | public ClaimProcessingResult claimsAreSatisfied(ResourceSet rs, PermissionTicket ticket);
43 |
44 | }
45 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 | package org.mitre.uma.service;
17 |
18 | import java.util.Collection;
19 |
20 | import org.mitre.oauth2.model.ClientDetailsEntity;
21 | import org.mitre.uma.model.ResourceSet;
22 |
23 | /**
24 | *
25 | * Manage registered resource sets at this authorization server.
26 | *
27 | * @author jricher
28 | *
29 | */
30 | public interface ResourceSetService {
31 |
32 | public ResourceSet saveNew(ResourceSet rs);
33 |
34 | public ResourceSet getById(Long id);
35 |
36 | public ResourceSet update(ResourceSet oldRs, ResourceSet newRs);
37 |
38 | public void remove(ResourceSet rs);
39 |
40 | public Collection getAllForOwner(String owner);
41 |
42 | public Collection getAllForOwnerAndClient(String owner, String authClientId);
43 |
44 | public Collection getAllForClient(ClientDetailsEntity client);
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/deviceApproved.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
2 | <%@ page import="org.springframework.security.core.AuthenticationException"%>
3 | <%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%>
4 | <%@ page import="org.springframework.security.web.WebAttributes"%>
5 | <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
6 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
7 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
8 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
9 | <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
10 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.oauth2.introspectingfilter.service;
22 |
23 | import org.mitre.oauth2.model.RegisteredClient;
24 |
25 | /**
26 | * @author jricher
27 | *
28 | */
29 | public interface IntrospectionConfigurationService {
30 |
31 | /**
32 | * Get the introspection URL based on the access token.
33 | * @param accessToken
34 | * @return
35 | */
36 | public String getIntrospectionUrl(String accessToken);
37 |
38 |
39 | /**
40 | * Get the client configuration to use to connect to the
41 | * introspection endpoint. In particular, this cares about
42 | * the clientId, clientSecret, and tokenEndpointAuthMethod
43 | * fields.
44 | */
45 | public RegisteredClient getClientConfiguration(String accessToken);
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/data/DefaultPageCriteria.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 | package org.mitre.data;
17 |
18 | /**
19 | * Default implementation of PageCriteria which specifies
20 | * both page to be retrieved and page size in the constructor.
21 | *
22 | * @author Colm Smyth
23 | */
24 | public class DefaultPageCriteria implements PageCriteria {
25 |
26 | private static final int DEFAULT_PAGE_NUMBER = 0;
27 | private static final int DEFAULT_PAGE_SIZE = 100;
28 |
29 | private int pageNumber;
30 | private int pageSize;
31 |
32 | public DefaultPageCriteria(){
33 | this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
34 | }
35 |
36 | public DefaultPageCriteria(int pageNumber, int pageSize) {
37 | this.pageNumber = pageNumber;
38 | this.pageSize = pageSize;
39 | }
40 |
41 | @Override
42 | public int getPageNumber() {
43 | return pageNumber;
44 | }
45 |
46 | @Override
47 | public int getPageSize() {
48 | return pageSize;
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.model.convert;
18 |
19 | import javax.persistence.AttributeConverter;
20 | import javax.persistence.Converter;
21 |
22 | import com.nimbusds.jose.JWEAlgorithm;
23 |
24 | @Converter
25 | public class JWEAlgorithmStringConverter implements AttributeConverter {
26 |
27 | @Override
28 | public String convertToDatabaseColumn(JWEAlgorithm attribute) {
29 | if (attribute != null) {
30 | return attribute.getName();
31 | } else {
32 | return null;
33 | }
34 | }
35 |
36 | /* (non-Javadoc)
37 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
38 | */
39 | @Override
40 | public JWEAlgorithm convertToEntityAttribute(String dbData) {
41 | if (dbData != null) {
42 | return JWEAlgorithm.parse(dbData);
43 | } else {
44 | return null;
45 | }
46 | }
47 | }
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.model.convert;
18 |
19 | import javax.persistence.AttributeConverter;
20 | import javax.persistence.Converter;
21 |
22 | import com.nimbusds.jose.JWSAlgorithm;
23 |
24 | @Converter
25 | public class JWSAlgorithmStringConverter implements AttributeConverter {
26 |
27 | @Override
28 | public String convertToDatabaseColumn(JWSAlgorithm attribute) {
29 | if (attribute != null) {
30 | return attribute.getName();
31 | } else {
32 | return null;
33 | }
34 | }
35 |
36 | /* (non-Javadoc)
37 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
38 | */
39 | @Override
40 | public JWSAlgorithm convertToEntityAttribute(String dbData) {
41 | if (dbData != null) {
42 | return JWSAlgorithm.parse(dbData);
43 | } else {
44 | return null;
45 | }
46 | }
47 | }
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/alerts.less:
--------------------------------------------------------------------------------
1 | //
2 | // Alerts
3 | // --------------------------------------------------
4 |
5 |
6 | // Base styles
7 | // -------------------------
8 |
9 | .alert {
10 | padding: 8px 35px 8px 14px;
11 | margin-bottom: @baseLineHeight;
12 | text-shadow: 0 1px 0 rgba(255,255,255,.5);
13 | background-color: @warningBackground;
14 | border: 1px solid @warningBorder;
15 | .border-radius(@baseBorderRadius);
16 | }
17 | .alert,
18 | .alert h4 {
19 | // Specified for the h4 to prevent conflicts of changing @headingsColor
20 | color: @warningText;
21 | }
22 | .alert h4 {
23 | margin: 0;
24 | }
25 |
26 | // Adjust close link position
27 | .alert .close {
28 | position: relative;
29 | top: -2px;
30 | right: -21px;
31 | line-height: @baseLineHeight;
32 | }
33 |
34 |
35 | // Alternate styles
36 | // -------------------------
37 |
38 | .alert-success {
39 | background-color: @successBackground;
40 | border-color: @successBorder;
41 | color: @successText;
42 | }
43 | .alert-success h4 {
44 | color: @successText;
45 | }
46 | .alert-danger,
47 | .alert-error {
48 | background-color: @errorBackground;
49 | border-color: @errorBorder;
50 | color: @errorText;
51 | }
52 | .alert-danger h4,
53 | .alert-error h4 {
54 | color: @errorText;
55 | }
56 | .alert-info {
57 | background-color: @infoBackground;
58 | border-color: @infoBorder;
59 | color: @infoText;
60 | }
61 | .alert-info h4 {
62 | color: @infoText;
63 | }
64 |
65 |
66 | // Block alerts
67 | // -------------------------
68 |
69 | .alert-block {
70 | padding-top: 14px;
71 | padding-bottom: 14px;
72 | }
73 | .alert-block > p,
74 | .alert-block > ul {
75 | margin-bottom: 0;
76 | }
77 | .alert-block p + p {
78 | margin-top: 5px;
79 | }
80 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.client.service;
22 |
23 | import java.util.Map;
24 |
25 | import org.mitre.oauth2.model.RegisteredClient;
26 | import org.mitre.openid.connect.config.ServerConfiguration;
27 |
28 | /**
29 | * Builds a URL string to the IdP's authorization endpoint.
30 | *
31 | * @author jricher
32 | *
33 | */
34 | public interface AuthRequestUrlBuilder {
35 |
36 | /**
37 | * @param serverConfig
38 | * @param clientConfig
39 | * @param redirectUri
40 | * @param nonce
41 | * @param state
42 | * @param loginHint
43 | * @return
44 | */
45 | public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state, Map options, String loginHint);
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEEncryptionMethodStringConverter.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.model.convert;
18 |
19 | import javax.persistence.AttributeConverter;
20 | import javax.persistence.Converter;
21 |
22 | import com.nimbusds.jose.EncryptionMethod;
23 |
24 | @Converter
25 | public class JWEEncryptionMethodStringConverter implements AttributeConverter {
26 |
27 | @Override
28 | public String convertToDatabaseColumn(EncryptionMethod attribute) {
29 | if (attribute != null) {
30 | return attribute.getName();
31 | } else {
32 | return null;
33 | }
34 | }
35 |
36 | /* (non-Javadoc)
37 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
38 | */
39 | @Override
40 | public EncryptionMethod convertToEntityAttribute(String dbData) {
41 | if (dbData != null) {
42 | return EncryptionMethod.parse(dbData);
43 | } else {
44 | return null;
45 | }
46 | }
47 | }
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.model.convert;
18 |
19 | import javax.persistence.AttributeConverter;
20 | import javax.persistence.Converter;
21 |
22 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
23 |
24 | /**
25 | * @author jricher
26 | *
27 | */
28 | @Converter
29 | public class SimpleGrantedAuthorityStringConverter implements AttributeConverter {
30 |
31 | @Override
32 | public String convertToDatabaseColumn(SimpleGrantedAuthority attribute) {
33 | if (attribute != null) {
34 | return attribute.getAuthority();
35 | } else {
36 | return null;
37 | }
38 | }
39 |
40 | @Override
41 | public SimpleGrantedAuthority convertToEntityAttribute(String dbData) {
42 | if (dbData != null) {
43 | return new SimpleGrantedAuthority(dbData);
44 | } else {
45 | return null;
46 | }
47 | }
48 |
49 | }
50 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.repository.impl;
18 |
19 | import java.util.Collection;
20 |
21 | import org.mitre.oauth2.model.DeviceCode;
22 |
23 | /**
24 | * @author jricher
25 | *
26 | */
27 | public interface DeviceCodeRepository {
28 |
29 | /**
30 | * @param id
31 | * @return
32 | */
33 | public DeviceCode getById(Long id);
34 |
35 | /**
36 | * @param deviceCode
37 | * @return
38 | */
39 | public DeviceCode getByDeviceCode(String deviceCode);
40 |
41 | /**
42 | * @param scope
43 | */
44 | public void remove(DeviceCode scope);
45 |
46 | /**
47 | * @param scope
48 | * @return
49 | */
50 | public DeviceCode save(DeviceCode scope);
51 |
52 | /**
53 | * @param userCode
54 | * @return
55 | */
56 | public DeviceCode getByUserCode(String userCode);
57 |
58 | /**
59 | * @return
60 | */
61 | public Collection getExpiredCodes();
62 |
63 | }
64 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/resources/db/psql/users.sql:
--------------------------------------------------------------------------------
1 | --
2 | -- Turn off autocommit and start a transaction so that we can use the temp tables
3 | --
4 |
5 | --SET AUTOCOMMIT FALSE;
6 |
7 | START TRANSACTION;
8 |
9 | --
10 | -- Insert user information into the temporary tables. To add users to the HSQL database, edit things here.
11 | --
12 |
13 | INSERT INTO users_TEMP (username, password, enabled) VALUES
14 | ('admin','password',true),
15 | ('user','password',true);
16 |
17 |
18 | INSERT INTO authorities_TEMP (username, authority) VALUES
19 | ('admin','ROLE_ADMIN'),
20 | ('admin','ROLE_USER'),
21 | ('user','ROLE_USER');
22 |
23 | -- By default, the username column here has to match the username column in the users table, above
24 | INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES
25 | ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true),
26 | ('01921.FLANRJQW','user','Demo User','user@example.com', true);
27 |
28 |
29 | --
30 | -- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
31 | --
32 |
33 | INSERT INTO users
34 | SELECT username, password, enabled FROM users_TEMP
35 | ON CONFLICT(username)
36 | DO NOTHING;
37 |
38 | INSERT INTO authorities
39 | SELECT username, authority FROM authorities_TEMP
40 | ON CONFLICT(username, authority)
41 | DO NOTHING;
42 |
43 | INSERT INTO user_info (sub, preferred_username, name, email, email_verified)
44 | SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP
45 | ON CONFLICT
46 | DO NOTHING;
47 |
48 | --
49 | -- Close the transaction and turn autocommit back on
50 | --
51 |
52 | COMMIT;
53 |
54 | --SET AUTOCOMMIT TRUE;
55 |
56 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/bootstrap.less:
--------------------------------------------------------------------------------
1 | /*!
2 | * Bootstrap v2.3.2
3 | *
4 | * Copyright 2013 Twitter, Inc
5 | * Licensed under the Apache License v2.0
6 | * http://www.apache.org/licenses/LICENSE-2.0
7 | *
8 | * Designed and built with all the love in the world by @mdo and @fat.
9 | */
10 |
11 | // Core variables and mixins
12 | @import "variables.less"; // Modify this for custom colors, font-sizes, etc
13 | @import "mixins.less";
14 |
15 | // CSS Reset
16 | @import "reset.less";
17 |
18 | // Grid system and page structure
19 | @import "scaffolding.less";
20 | @import "grid.less";
21 | @import "layouts.less";
22 |
23 | // Base CSS
24 | @import "type.less";
25 | @import "code.less";
26 | @import "forms.less";
27 | @import "tables.less";
28 |
29 | // Components: common
30 | @import "sprites.less";
31 | @import "dropdowns.less";
32 | @import "wells.less";
33 | @import "component-animations.less";
34 | @import "close.less";
35 |
36 | // Components: Buttons & Alerts
37 | @import "buttons.less";
38 | @import "button-groups.less";
39 | @import "alerts.less"; // Note: alerts share common CSS with buttons and thus have styles in buttons.less
40 |
41 | // Components: Nav
42 | @import "navs.less";
43 | @import "navbar.less";
44 | @import "breadcrumbs.less";
45 | @import "pagination.less";
46 | @import "pager.less";
47 |
48 | // Components: Popovers
49 | @import "modals.less";
50 | @import "tooltip.less";
51 | @import "popovers.less";
52 |
53 | // Components: Misc
54 | @import "thumbnails.less";
55 | @import "media.less";
56 | @import "labels-badges.less";
57 | @import "progress-bars.less";
58 | @import "accordion.less";
59 | @import "carousel.less";
60 | @import "hero-unit.less";
61 |
62 | // Utility classes
63 | @import "utilities.less"; // Has to be last to override when necessary
64 |
--------------------------------------------------------------------------------
/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.client.service;
22 |
23 | import org.mitre.oauth2.model.RegisteredClient;
24 |
25 | /**
26 | * @author jricher
27 | *
28 | */
29 | public interface RegisteredClientService {
30 |
31 | /**
32 | * Get a remembered client (if one exists) to talk to the given issuer. This
33 | * client likely doesn't have its full configuration information but contains
34 | * the information needed to fetch it.
35 | * @param issuer
36 | * @return
37 | */
38 | RegisteredClient getByIssuer(String issuer);
39 |
40 | /**
41 | * Save this client's information for talking to the given issuer. This will
42 | * save only enough information to fetch the client's full configuration from
43 | * the server.
44 | * @param client
45 | */
46 | void save(String issuer, RegisteredClient client);
47 |
48 | }
49 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/PKCEAlgorithmStringConverter.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.model.convert;
18 |
19 | import javax.persistence.AttributeConverter;
20 | import javax.persistence.Converter;
21 |
22 | import org.mitre.oauth2.model.PKCEAlgorithm;
23 |
24 | /**
25 | * @author jricher
26 | *
27 | */
28 | @Converter
29 | public class PKCEAlgorithmStringConverter implements AttributeConverter {
30 |
31 | @Override
32 | public String convertToDatabaseColumn(PKCEAlgorithm attribute) {
33 | if (attribute != null) {
34 | return attribute.getName();
35 | } else {
36 | return null;
37 | }
38 | }
39 |
40 | /* (non-Javadoc)
41 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object)
42 | */
43 | @Override
44 | public PKCEAlgorithm convertToEntityAttribute(String dbData) {
45 | if (dbData != null) {
46 | return PKCEAlgorithm.parse(dbData);
47 | } else {
48 | return null;
49 | }
50 | }
51 |
52 | }
53 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/service/StatsService.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | /**
19 | *
20 | */
21 | package org.mitre.openid.connect.service;
22 |
23 | import java.util.Map;
24 |
25 | import org.mitre.openid.connect.model.ClientStat;
26 |
27 | /**
28 | * @author jricher
29 | *
30 | */
31 | public interface StatsService {
32 |
33 | /**
34 | * Calculate summary statistics
35 | * approvalCount: total approved sites
36 | * userCount: unique users
37 | * clientCount: unique clients
38 | *
39 | * @return
40 | */
41 | public Map getSummaryStats();
42 |
43 | /**
44 | * Calculate the usage count for a single client
45 | *
46 | * @param clientId the id of the client to search on
47 | * @return
48 | */
49 | public ClientStat getCountForClientId(String clientId);
50 |
51 | /**
52 | * Trigger the stats to be recalculated upon next update.
53 | */
54 | public void resetCache();
55 |
56 | }
57 |
--------------------------------------------------------------------------------
/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Portions copyright 2011-2013 The MITRE Corporation
5 | *
6 | * Licensed under the Apache License, Version 2.0 (the "License");
7 | * you may not use this file except in compliance with the License.
8 | * You may obtain a copy of the License at
9 | *
10 | * http://www.apache.org/licenses/LICENSE-2.0
11 | *
12 | * Unless required by applicable law or agreed to in writing, software
13 | * distributed under the License is distributed on an "AS IS" BASIS,
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | * See the License for the specific language governing permissions and
16 | * limitations under the License.
17 | *******************************************************************************/
18 | package org.mitre.openid.connect.repository.impl;
19 |
20 | import javax.persistence.EntityManager;
21 | import javax.persistence.PersistenceContext;
22 |
23 | import org.mitre.openid.connect.model.Address;
24 | import org.mitre.openid.connect.repository.AddressRepository;
25 | import org.springframework.stereotype.Repository;
26 | import org.springframework.transaction.annotation.Transactional;
27 |
28 | /**
29 | * JPA Address repository implementation
30 | *
31 | * @author Michael Joseph Walsh
32 | *
33 | */
34 | @Repository
35 | public class JpaAddressRepository implements AddressRepository {
36 |
37 | @PersistenceContext(unitName="defaultPersistenceUnit")
38 | private EntityManager manager;
39 |
40 | @Override
41 | @Transactional(value="defaultTransactionManager")
42 | public Address getById(Long id) {
43 | return manager.find(Address.class, id);
44 | }
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/uma-server-webapp/src/main/webapp/resources/js/locale/zh/uma.json:
--------------------------------------------------------------------------------
1 | {
2 | "admin": {
3 | "policies": "管理受保护资源的政策"
4 | },
5 | "policy" : {
6 | "resource-sets": "资源集",
7 | "edit-policies": "编辑政策",
8 | "new-policy": "新建政策",
9 | "edit-policy": "编辑政策",
10 | "loading-policies": "政策",
11 | "loading-policy": "政策",
12 | "loading-rs": "资源集",
13 | "rs-table": {
14 | "confirm": "确定要删除该资源?",
15 | "no-resource-sets": "尚未有已注册的资源集。您可在此授权服务器中注册一个。",
16 | "scopes": "范围",
17 | "shared-with": "共享给:",
18 | "shared-nobody": "不共享",
19 | "shared-nobody-tooltip": "此资源别人无法访问,请编辑政策使其与其他人共享。",
20 | "sharing": "共享政策"
21 | },
22 | "policy-table": {
23 | "new": "新建政策",
24 | "return": "返回到列表",
25 | "edit": "编辑政策",
26 | "confirm": "确定要删除该政策?",
27 | "delete": "删除",
28 | "no-policies": "此资源集尚未有政策:别人无法访问此资源集。",
29 | "required-claims": "必须的声明",
30 | "required-claims-info": "与您共享此资源的用户必须具备以下声明,才能访问该资源。",
31 | "remove": "移除",
32 | "issuers": "签发者",
33 | "claim": "声明项",
34 | "value": "值"
35 | },
36 | "policy-form": {
37 | "email-address": "email地址",
38 | "share-email": "连带email地址共享",
39 | "new": "新建政策",
40 | "edit": "编辑政策",
41 | "claim-name": "声明项名称",
42 | "friendly-claim-name": "声明的显示名",
43 | "claim-value": "声明的值",
44 | "value-type-text": "文本",
45 | "value-type-number": "数字",
46 | "clear-all": "清除全部声明",
47 | "clear-all-confirm": "您是否要从此政策中清除全部声明?"
48 | },
49 | "webfinger-error": "错误",
50 | "webfinger-error-description": "服务器无法找到__email__的身份提供者。",
51 | "advanced-error": "错误",
52 | "advanced-error-description": "保存高级声明时出错。您是否填写了全部必填项?"
53 | },
54 | "sidebar": {
55 | "personal": {
56 | "resource_policies": "管理受保护资源的政策"
57 | }
58 | }
59 | }
--------------------------------------------------------------------------------
/uma-server-webapp/src/main/webapp/resources/js/locale/zh_CN/uma.json:
--------------------------------------------------------------------------------
1 | {
2 | "admin": {
3 | "policies": "管理受保护资源的政策"
4 | },
5 | "policy" : {
6 | "resource-sets": "资源集",
7 | "edit-policies": "编辑政策",
8 | "new-policy": "新建政策",
9 | "edit-policy": "编辑政策",
10 | "loading-policies": "政策",
11 | "loading-policy": "政策",
12 | "loading-rs": "资源集",
13 | "rs-table": {
14 | "confirm": "确定要删除该资源?",
15 | "no-resource-sets": "尚未有已注册的资源集。您可在此授权服务器中注册一个。",
16 | "scopes": "范围",
17 | "shared-with": "共享给:",
18 | "shared-nobody": "不共享",
19 | "shared-nobody-tooltip": "此资源别人无法访问,请编辑政策使其与其他人共享。",
20 | "sharing": "共享政策"
21 | },
22 | "policy-table": {
23 | "new": "新建政策",
24 | "return": "返回到列表",
25 | "edit": "编辑政策",
26 | "confirm": "确定要删除该政策?",
27 | "delete": "删除",
28 | "no-policies": "此资源集尚未有政策:别人无法访问此资源集。",
29 | "required-claims": "必须的声明",
30 | "required-claims-info": "与您共享此资源的用户必须具备以下声明,才能访问该资源。",
31 | "remove": "移除",
32 | "issuers": "签发者",
33 | "claim": "声明项",
34 | "value": "值"
35 | },
36 | "policy-form": {
37 | "email-address": "email地址",
38 | "share-email": "连带email地址共享",
39 | "new": "新建政策",
40 | "edit": "编辑政策",
41 | "claim-name": "声明项名称",
42 | "friendly-claim-name": "声明的显示名",
43 | "claim-value": "声明的值",
44 | "value-type-text": "文本",
45 | "value-type-number": "数字",
46 | "clear-all": "清除全部声明",
47 | "clear-all-confirm": "您是否要从此政策中清除全部声明?"
48 | },
49 | "webfinger-error": "错误",
50 | "webfinger-error-description": "服务器无法找到__email__的身份提供者。",
51 | "advanced-error": "错误",
52 | "advanced-error-description": "保存高级声明时出错。您是否填写了全部必填项?"
53 | },
54 | "sidebar": {
55 | "personal": {
56 | "resource_policies": "管理受保护资源的政策"
57 | }
58 | }
59 | }
--------------------------------------------------------------------------------
/uma-server-webapp/src/main/webapp/resources/js/locale/zh_TW/uma.json:
--------------------------------------------------------------------------------
1 | {
2 | "admin": {
3 | "policies": "管理受保護資源的政策"
4 | },
5 | "policy" : {
6 | "resource-sets": "資源集",
7 | "edit-policies": "編輯政策",
8 | "new-policy": "新建政策",
9 | "edit-policy": "編輯政策",
10 | "loading-policies": "政策",
11 | "loading-policy": "政策",
12 | "loading-rs": "資源集",
13 | "rs-table": {
14 | "confirm": "確定要刪除該資源?",
15 | "no-resource-sets": "尚未有已注冊的資源集。您可在此授權伺服器中注冊一個。",
16 | "scopes": "范圍",
17 | "shared-with": "共享給:",
18 | "shared-nobody": "不共享",
19 | "shared-nobody-tooltip": "此資源別人無法訪問,請編輯政策使其與其他人共享。",
20 | "sharing": "共享政策"
21 | },
22 | "policy-table": {
23 | "new": "新建政策",
24 | "return": "返回到列表",
25 | "edit": "編輯政策",
26 | "confirm": "確定要刪除該政策?",
27 | "delete": "刪除",
28 | "no-policies": "此資源集尚未有政策:別人無法訪問此資源集。",
29 | "required-claims": "必須的聲明",
30 | "required-claims-info": "與您共享此資源的用戶必須具備以下聲明,才能訪問該資源。",
31 | "remove": "移除",
32 | "issuers": "簽發者",
33 | "claim": "聲明項",
34 | "value": "值"
35 | },
36 | "policy-form": {
37 | "email-address": "email地址",
38 | "share-email": "連帶email地址共享",
39 | "new": "新建政策",
40 | "edit": "編輯政策",
41 | "claim-name": "聲明項名稱",
42 | "friendly-claim-name": "聲明的顯示名",
43 | "claim-value": "聲明的值",
44 | "value-type-text": "文本",
45 | "value-type-number": "數字",
46 | "clear-all": "清除全部聲明",
47 | "clear-all-confirm": "您是否要從此政策中清除全部聲明?"
48 | },
49 | "webfinger-error": "錯誤",
50 | "webfinger-error-description": "伺服器無法找到__email__的身份提供者。",
51 | "advanced-error": "錯誤",
52 | "advanced-error-description": "保存高級聲明時出錯。您是否填寫了全部必填項?"
53 | },
54 | "sidebar": {
55 | "personal": {
56 | "resource_policies": "管理受保護資源的政策"
57 | }
58 | }
59 | }
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.oauth2.model;
18 |
19 | import com.nimbusds.jose.Algorithm;
20 | import com.nimbusds.jose.Requirement;
21 |
22 | /**
23 | * @author jricher
24 | *
25 | */
26 | public final class PKCEAlgorithm extends Algorithm {
27 |
28 | /**
29 | *
30 | */
31 | private static final long serialVersionUID = 7752852583210088925L;
32 |
33 | public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
34 |
35 | public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);
36 |
37 | public PKCEAlgorithm(String name, Requirement req) {
38 | super(name, req);
39 | }
40 |
41 | public PKCEAlgorithm(String name) {
42 | super(name, null);
43 | }
44 |
45 | public static PKCEAlgorithm parse(final String s) {
46 | if (s.equals(plain.getName())) {
47 | return plain;
48 | } else if (s.equals(S256.getName())) {
49 | return S256;
50 | } else {
51 | return new PKCEAlgorithm(s);
52 | }
53 | }
54 |
55 |
56 |
57 | }
58 |
--------------------------------------------------------------------------------
/openid-connect-common/src/main/java/org/mitre/openid/connect/model/CachedImage.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.openid.connect.model;
18 |
19 | /**
20 | * @author jricher
21 | *
22 | */
23 | public class CachedImage {
24 |
25 | private byte[] data;
26 | private String contentType;
27 | private long length;
28 |
29 | /**
30 | * @return the data
31 | */
32 | public byte[] getData() {
33 | return data;
34 | }
35 | /**
36 | * @param data the data to set
37 | */
38 | public void setData(byte[] data) {
39 | this.data = data;
40 | }
41 | /**
42 | * @return the contentType
43 | */
44 | public String getContentType() {
45 | return contentType;
46 | }
47 | /**
48 | * @param contentType the contentType to set
49 | */
50 | public void setContentType(String contentType) {
51 | this.contentType = contentType;
52 | }
53 | /**
54 | * @return the length
55 | */
56 | public long getLength() {
57 | return length;
58 | }
59 | /**
60 | * @param length the length to set
61 | */
62 | public void setLength(long length) {
63 | this.length = length;
64 | }
65 |
66 | }
67 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/less/responsive-utilities.less:
--------------------------------------------------------------------------------
1 | //
2 | // Responsive: Utility classes
3 | // --------------------------------------------------
4 |
5 |
6 | // IE10 Metro responsive
7 | // Required for Windows 8 Metro split-screen snapping with IE10
8 | // Source: http://timkadlec.com/2012/10/ie10-snap-mode-and-responsive-design/
9 | @-ms-viewport{
10 | width: device-width;
11 | }
12 |
13 | // Hide from screenreaders and browsers
14 | // Credit: HTML5 Boilerplate
15 | .hidden {
16 | display: none;
17 | visibility: hidden;
18 | }
19 |
20 | // Visibility utilities
21 |
22 | // For desktops
23 | .visible-phone { display: none !important; }
24 | .visible-tablet { display: none !important; }
25 | .hidden-phone { }
26 | .hidden-tablet { }
27 | .hidden-desktop { display: none !important; }
28 | .visible-desktop { display: inherit !important; }
29 |
30 | // Tablets & small desktops only
31 | @media (min-width: 768px) and (max-width: 979px) {
32 | // Hide everything else
33 | .hidden-desktop { display: inherit !important; }
34 | .visible-desktop { display: none !important ; }
35 | // Show
36 | .visible-tablet { display: inherit !important; }
37 | // Hide
38 | .hidden-tablet { display: none !important; }
39 | }
40 |
41 | // Phones only
42 | @media (max-width: 767px) {
43 | // Hide everything else
44 | .hidden-desktop { display: inherit !important; }
45 | .visible-desktop { display: none !important; }
46 | // Show
47 | .visible-phone { display: inherit !important; } // Use inherit to restore previous behavior
48 | // Hide
49 | .hidden-phone { display: none !important; }
50 | }
51 |
52 | // Print utilities
53 | .visible-print { display: none !important; }
54 | .hidden-print { }
55 |
56 | @media print {
57 | .visible-print { display: inherit !important; }
58 | .hidden-print { display: none !important; }
59 | }
60 |
--------------------------------------------------------------------------------
/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | * Copyright 2018 The MIT Internet Trust Consortium
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *******************************************************************************/
16 |
17 | package org.mitre.uma.util;
18 |
19 | import java.util.Collection;
20 |
21 | import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
22 | import org.mitre.openid.connect.model.UserInfo;
23 | import org.springframework.security.core.GrantedAuthority;
24 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
25 |
26 | import com.google.common.collect.Sets;
27 | import com.nimbusds.jwt.JWT;
28 |
29 | /**
30 | * Utility class to map all external logins to the ROLE_EXTERNAL_USER authority
31 | * to prevent them from accessing other parts of the server.
32 | *
33 | * @author jricher
34 | *
35 | */
36 | public class ExternalLoginAuthoritiesMapper implements OIDCAuthoritiesMapper {
37 |
38 | private static final GrantedAuthority ROLE_EXTERNAL_USER = new SimpleGrantedAuthority("ROLE_EXTERNAL_USER");
39 |
40 | @Override
41 | public Collection mapAuthorities(JWT idToken, UserInfo userInfo) {
42 | return Sets.newHashSet(ROLE_EXTERNAL_USER);
43 | }
44 |
45 | }
46 |
--------------------------------------------------------------------------------
/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/manage.jsp:
--------------------------------------------------------------------------------
1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
3 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
4 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
5 |
6 |
7 |
8 |
9 |
10 |
11 |
