SEC-1729: Revert "SEC-1711: Support verifying that attribute exchange parameters were signed" since it is superseded by SEC-1729
This reverts commit 68ba11ba7b
.
This commit is contained in:
parent
73fb1764b8
commit
a6b0c265db
|
@ -39,7 +39,6 @@ import org.openid4java.message.ax.AxMessage;
|
||||||
import org.openid4java.message.ax.FetchRequest;
|
import org.openid4java.message.ax.FetchRequest;
|
||||||
import org.openid4java.message.ax.FetchResponse;
|
import org.openid4java.message.ax.FetchResponse;
|
||||||
import org.springframework.beans.factory.DisposableBean;
|
import org.springframework.beans.factory.DisposableBean;
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
|
|
||||||
|
@ -49,7 +48,7 @@ import org.springframework.util.StringUtils;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public class OpenID4JavaConsumer implements OpenIDConsumer, DisposableBean, InitializingBean {
|
public class OpenID4JavaConsumer implements OpenIDConsumer, DisposableBean {
|
||||||
private static final String DISCOVERY_INFO_KEY = DiscoveryInformation.class.getName();
|
private static final String DISCOVERY_INFO_KEY = DiscoveryInformation.class.getName();
|
||||||
private static final String ATTRIBUTE_LIST_KEY = "SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST";
|
private static final String ATTRIBUTE_LIST_KEY = "SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST";
|
||||||
|
|
||||||
|
@ -60,7 +59,6 @@ public class OpenID4JavaConsumer implements OpenIDConsumer, DisposableBean, Init
|
||||||
private final ConsumerManager consumerManager;
|
private final ConsumerManager consumerManager;
|
||||||
private final AxFetchListFactory attributesToFetchFactory;
|
private final AxFetchListFactory attributesToFetchFactory;
|
||||||
private boolean skipShutdownConnectionManager;
|
private boolean skipShutdownConnectionManager;
|
||||||
private boolean skipSignedAxMessageRegistration;
|
|
||||||
|
|
||||||
//~ Constructors ===================================================================================================
|
//~ Constructors ===================================================================================================
|
||||||
|
|
||||||
|
@ -244,22 +242,6 @@ public class OpenID4JavaConsumer implements OpenIDConsumer, DisposableBean, Init
|
||||||
this.skipShutdownConnectionManager = skipShutdownConnectionManager;
|
this.skipShutdownConnectionManager = skipShutdownConnectionManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* If <code>false</code> {@link SignedAxMessageExtensionFactory} is
|
|
||||||
* registered with openid4java library in {@link #afterPropertiesSet()}. The
|
|
||||||
* effect is that all attributes from attribute exchange are guaranteed to
|
|
||||||
* be signed. If the value is <code>true</code>, then
|
|
||||||
* {@link SignedAxMessageExtensionFactory} is not registered. The default
|
|
||||||
* value is <code>false</code>.
|
|
||||||
*
|
|
||||||
* @param skipAxMessageRegistration
|
|
||||||
* the new value to determine if
|
|
||||||
* {@link SignedAxMessageExtensionFactory} is registered or not.
|
|
||||||
*/
|
|
||||||
public void setSkipSignedAxMessageRegistration(boolean skipAxMessageRegistration) {
|
|
||||||
this.skipSignedAxMessageRegistration = skipAxMessageRegistration;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void destroy() throws Exception {
|
public void destroy() throws Exception {
|
||||||
if(!skipShutdownConnectionManager) {
|
if(!skipShutdownConnectionManager) {
|
||||||
MultiThreadedHttpConnectionManager.shutdownAll();
|
MultiThreadedHttpConnectionManager.shutdownAll();
|
||||||
|
@ -268,12 +250,4 @@ public class OpenID4JavaConsumer implements OpenIDConsumer, DisposableBean, Init
|
||||||
+ "Note this could cause memory leaks if the resources are not cleaned up else where.");
|
+ "Note this could cause memory leaks if the resources are not cleaned up else where.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void afterPropertiesSet() throws Exception {
|
|
||||||
if(!skipSignedAxMessageRegistration) {
|
|
||||||
Message.addExtensionFactory(SignedAxMessageExtensionFactory.class);
|
|
||||||
}else {
|
|
||||||
logger.debug("Skipping SignedAxMessageExtensionFactory. Attributes from attribute exchange are not guaranteed to be signed.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,118 +0,0 @@
|
||||||
/* Copyright 2011 to the original author or authors.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.springframework.security.openid;
|
|
||||||
|
|
||||||
import org.openid4java.message.MessageException;
|
|
||||||
import org.openid4java.message.MessageExtension;
|
|
||||||
import org.openid4java.message.MessageExtensionFactory;
|
|
||||||
import org.openid4java.message.ParameterList;
|
|
||||||
import org.openid4java.message.ax.AxMessage;
|
|
||||||
import org.openid4java.message.ax.FetchRequest;
|
|
||||||
import org.openid4java.message.ax.FetchResponse;
|
|
||||||
import org.openid4java.message.ax.StoreRequest;
|
|
||||||
import org.openid4java.message.ax.StoreResponse;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* <p>
|
|
||||||
* An extension to the openid4java library which when registered with the Message class will guarantee that attribute
|
|
||||||
* exchange attributes are signed.
|
|
||||||
* </p>
|
|
||||||
* <p>
|
|
||||||
* <strong>WARNING</strong> The scope of this class must be public because it is required in order for
|
|
||||||
* it to be registered as MessageExtensionFactory. However, this class is meant for internal use only.
|
|
||||||
* </p>
|
|
||||||
*
|
|
||||||
* @since 3.1
|
|
||||||
* @author Rob Winch
|
|
||||||
*/
|
|
||||||
public final class SignedAxMessageExtensionFactory implements MessageExtensionFactory {
|
|
||||||
|
|
||||||
//~ Methods =======================================================================================================
|
|
||||||
|
|
||||||
public String getTypeUri() {
|
|
||||||
return AxMessage.OPENID_NS_AX;
|
|
||||||
}
|
|
||||||
|
|
||||||
public MessageExtension getExtension(ParameterList parameterList,
|
|
||||||
boolean isRequest) throws MessageException {
|
|
||||||
String axMode = parameterList.getParameterValue("mode");
|
|
||||||
|
|
||||||
if ("fetch_request".equals(axMode)) {
|
|
||||||
return new SignedFetchRequest(parameterList);
|
|
||||||
} else if ("fetch_response".equals(axMode)) {
|
|
||||||
return new SignedFetchResponse(parameterList);
|
|
||||||
} else if ("store_request".equals(axMode)) {
|
|
||||||
return new SignedStoreRequest(parameterList);
|
|
||||||
} else if ("store_response_success".equals(axMode) ||
|
|
||||||
"store_response_failure".equals(axMode)) {
|
|
||||||
return new SignedStoreResponse(parameterList);
|
|
||||||
}
|
|
||||||
throw new MessageException("Invalid value for attribute exchange mode: "
|
|
||||||
+ axMode);
|
|
||||||
}
|
|
||||||
|
|
||||||
//~ Inner Classes =================================================================================================
|
|
||||||
|
|
||||||
private static class SignedFetchRequest extends FetchRequest {
|
|
||||||
public SignedFetchRequest(ParameterList params) throws MessageException {
|
|
||||||
super(params);
|
|
||||||
if(!isValid()) {
|
|
||||||
throw new MessageException("Invalid parameters for a fetch request");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
public boolean signRequired() {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static class SignedFetchResponse extends FetchResponse {
|
|
||||||
public SignedFetchResponse(ParameterList params) throws MessageException {
|
|
||||||
super(params);
|
|
||||||
if(!isValid()) {
|
|
||||||
throw new MessageException("Invalid parameters for a fetch response");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
public boolean signRequired() {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static class SignedStoreRequest extends StoreRequest {
|
|
||||||
public SignedStoreRequest(ParameterList params) throws MessageException {
|
|
||||||
super(params);
|
|
||||||
if(!isValid()) {
|
|
||||||
throw new MessageException("Invalid parameters for a store request");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
public boolean signRequired() {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static class SignedStoreResponse extends StoreResponse {
|
|
||||||
public SignedStoreResponse(ParameterList params) throws MessageException {
|
|
||||||
super(params);
|
|
||||||
// validate the params
|
|
||||||
StoreResponse.createStoreResponse(params);
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
public boolean signRequired() {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -38,7 +38,7 @@ import org.powermock.modules.junit4.PowerMockRunner;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
*/
|
*/
|
||||||
@RunWith(PowerMockRunner.class)
|
@RunWith(PowerMockRunner.class)
|
||||||
@PrepareForTest({MultiThreadedHttpConnectionManager.class,Message.class})
|
@PrepareForTest(MultiThreadedHttpConnectionManager.class)
|
||||||
public class OpenID4JavaConsumerTests {
|
public class OpenID4JavaConsumerTests {
|
||||||
List<OpenIDAttribute> attributes = Arrays.asList(new OpenIDAttribute("a","b"), new OpenIDAttribute("b","b", Arrays.asList("c")));
|
List<OpenIDAttribute> attributes = Arrays.asList(new OpenIDAttribute("a","b"), new OpenIDAttribute("b","b", Arrays.asList("c")));
|
||||||
|
|
||||||
|
@ -210,26 +210,6 @@ public class OpenID4JavaConsumerTests {
|
||||||
new OpenID4JavaConsumer(attributes);
|
new OpenID4JavaConsumer(attributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void afterPropertiesSetRegister() throws Exception {
|
|
||||||
mockStatic(Message.class);
|
|
||||||
new OpenID4JavaConsumer().afterPropertiesSet();
|
|
||||||
|
|
||||||
verifyStatic();
|
|
||||||
Message.addExtensionFactory(SignedAxMessageExtensionFactory.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void afterPropertiesSetSkipRegister() throws Exception {
|
|
||||||
mockStatic(Message.class);
|
|
||||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer();
|
|
||||||
consumer.setSkipSignedAxMessageRegistration(true);
|
|
||||||
consumer.afterPropertiesSet();
|
|
||||||
|
|
||||||
verifyStatic(never());
|
|
||||||
Message.addExtensionFactory(SignedAxMessageExtensionFactory.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destroyInvokesShutdownAll() throws Exception {
|
public void destroyInvokesShutdownAll() throws Exception {
|
||||||
mockStatic(MultiThreadedHttpConnectionManager.class);
|
mockStatic(MultiThreadedHttpConnectionManager.class);
|
||||||
|
|
|
@ -1,139 +0,0 @@
|
||||||
/* Copyright 2011 to the original author or authors.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.springframework.security.openid;
|
|
||||||
|
|
||||||
import static junit.framework.Assert.assertEquals;
|
|
||||||
import static junit.framework.Assert.assertTrue;
|
|
||||||
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.openid4java.message.MessageException;
|
|
||||||
import org.openid4java.message.MessageExtension;
|
|
||||||
import org.openid4java.message.ParameterList;
|
|
||||||
import org.openid4java.message.ax.AxMessage;
|
|
||||||
|
|
||||||
public class SignedAxMessageExtensionFactoryTests {
|
|
||||||
private Map<String,String> params;
|
|
||||||
private SignedAxMessageExtensionFactory factory;
|
|
||||||
|
|
||||||
@Before
|
|
||||||
public void setUp() {
|
|
||||||
factory = new SignedAxMessageExtensionFactory();
|
|
||||||
params = new HashMap<String,String>();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void getTypeUri() {
|
|
||||||
assertEquals(AxMessage.OPENID_NS_AX, factory.getTypeUri());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void fetchRequestSigned() throws Exception {
|
|
||||||
params.put("mode", "fetch_request");
|
|
||||||
params.put("value.email","email@example.com");
|
|
||||||
params.put("type.email","http://axschema.org/contact/email");
|
|
||||||
params.put("required", "email");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), true);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected=MessageException.class)
|
|
||||||
public void fetchRequestInvalid() throws Exception {
|
|
||||||
params.put("mode", "fetch_request");
|
|
||||||
params.put("type.email","http://axschema.org/contact/email");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), true);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void fetchResponseSigned() throws Exception {
|
|
||||||
params.put("mode", "fetch_response");
|
|
||||||
params.put("value.email","email@example.com");
|
|
||||||
params.put("type.email","http://axschema.org/contact/email");
|
|
||||||
params.put("required", "email");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), false);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected=MessageException.class)
|
|
||||||
public void fetchResponseInvalid() throws Exception {
|
|
||||||
params.put("mode", "fetch_response");
|
|
||||||
params.put("type.email","http://axschema.org/contact/email");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), true);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void storeRequestSigned() throws Exception {
|
|
||||||
params.put("mode", "store_request");
|
|
||||||
params.put("value.email","email@example.com");
|
|
||||||
params.put("type.email","http://axschema.org/contact/email");
|
|
||||||
params.put("required", "email");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), true);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected=MessageException.class)
|
|
||||||
public void storeRequestInvalid() throws Exception {
|
|
||||||
params.put("mode", "store_request");
|
|
||||||
params.put("type.email","http://axschema.org/contact/email");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), true);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void storeResponseSuccessSigned() throws Exception {
|
|
||||||
params.put("mode", "store_response_success");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), false);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected=MessageException.class)
|
|
||||||
public void storeResponseSuccessInvalid() throws Exception {
|
|
||||||
params.put("mode", "store_response_success");
|
|
||||||
params.put("invalid","value");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), true);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void storeResponseFailureSigned() throws Exception {
|
|
||||||
params.put("mode", "store_response_failure");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), false);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected=MessageException.class)
|
|
||||||
public void storeResponseFailureInvalid() throws Exception {
|
|
||||||
params.put("mode", "store_response_failure");
|
|
||||||
params.put("value.email","email@example.com");
|
|
||||||
MessageExtension ext = factory.getExtension(new ParameterList(params), true);
|
|
||||||
assertTrue(ext.signRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected=MessageException.class)
|
|
||||||
public void nullMode() throws Exception {
|
|
||||||
factory.getExtension(new ParameterList(params), true);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected=MessageException.class)
|
|
||||||
public void invalidMode() throws Exception {
|
|
||||||
params.put("mode", "invalid");
|
|
||||||
factory.getExtension(new ParameterList(params), true);
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue