supportedScopes = null;
@Override
- protected void longFormat(Identifiable identifiable) {
+ protected void longFormat(BaseClient identifiable, ClientApproval clientApproval) {
OA2Client client = (OA2Client) identifiable;
say("Client name=" + (client.getName() == null ? "(no name)" : client.getName()));
sayi("identifier=" + client.getIdentifier());
@@ -68,50 +69,41 @@ protected void longFormat(Identifiable identifiable) {
sayi("sign ID tokens?=" + client.isSignTokens());
sayi("issuer=" + client.getIssuer());
sayi("is public?=" + client.isPublicClient());
- if (getClientApprovalStore() != null) {
- ClientApproval clientApproval = null;
- try {
- clientApproval = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
+ if (clientApproval == null) {
+ // if it is missing, then create on and mark it pending.
+ clientApproval = (ClientApproval) getClientApprovalStore().create();
+ clientApproval.setIdentifier(client.getIdentifier()); // or it won't associate it with the client...
+ clientApproval.setStatus(ClientApproval.Status.PENDING);
+ clientApproval.setApproved(false);
+ getClientApprovalStore().save(clientApproval);
+ // sayi("no approval record exists.");
- } catch (Throwable t) {
- // do nothing. If there is no approval record, this is equivalent to saying it is not approved.
- }
- if (clientApproval == null) {
- // if it is missing, then create on and mark it pending.
- clientApproval = (ClientApproval) getClientApprovalStore().create();
- clientApproval.setIdentifier(client.getIdentifier()); // or it won't associate it with the client...
- clientApproval.setStatus(ClientApproval.Status.PENDING);
- clientApproval.setApproved(false);
- getClientApprovalStore().save(clientApproval);
- // sayi("no approval record exists.");
-
- }
+ }
- if (clientApproval.isApproved() && clientApproval.getStatus() != APPROVED) {
- clientApproval.setStatus(APPROVED);
- }
- switch (clientApproval.getStatus()) {
- case APPROVED:
- String approver = "(unknown)";
- if (clientApproval.getApprover() != null) {
- approver = clientApproval.getApprover();
- }
- sayi("status=approved by " + approver);
- break;
- case NONE:
- sayi("status=none");
- break;
- case PENDING:
- sayi("status=pending");
- break;
- case DENIED:
- sayi("status=approval denied");
- break;
- case REVOKED:
- sayi("status=revoked");
+ if (clientApproval.isApproved() && clientApproval.getStatus() != APPROVED) {
+ clientApproval.setStatus(APPROVED);
+ }
+ switch (clientApproval.getStatus()) {
+ case APPROVED:
+ String approver = "(unknown)";
+ if (clientApproval.getApprover() != null) {
+ approver = clientApproval.getApprover();
+ }
+ sayi("status=approved by " + approver);
+ break;
+ case NONE:
+ sayi("status=none");
+ break;
+ case PENDING:
+ sayi("status=pending");
+ break;
+ case DENIED:
+ sayi("status=approval denied");
+ break;
+ case REVOKED:
+ sayi("status=revoked");
- }
- } //end of approvals.
+ }
if (client.getSecret() == null) {
sayi("client secret: (none)");
@@ -299,12 +291,12 @@ public void extraUpdates(Identifiable identifiable) {
currentLDAPs = LDAPConfigurationUtil.toJSON(client.getLdaps());
}
JSONArray newLDAPS = (JSONArray) inputJSON(currentLDAPs, "ldap configuration", true);
- if (newLDAPS != null ) {
+ if (newLDAPS != null) {
client.setLdaps(LDAPConfigurationUtil.fromJSON(newLDAPS));
}
JSONObject newConfig = (JSONObject) inputJSON(client.getConfig(), "client configuration");
- if (newConfig != null ) {
+ if (newConfig != null) {
client.setConfig(newConfig);
}
}
@@ -372,6 +364,13 @@ protected JSON inputJSON(JSON oldJSON, String componentName, boolean isArray) {
return null;
}
+ @Override
+ protected void showDeserializeHelp() {
+ super.showDeserializeHelp();
+ say("NOTE that for clients, the assumption is that you are supplying the hashed secret, not the actual secret.");
+ say("If you need to create a hash of a secret, invoke the create_hash method on the secret");
+ }
+
public OA2ClientCommands(MyLoggingFacade logger, Store store) {
super(logger, store);
}
diff --git a/oa4mp-server-admin-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oauth2/tools/OA2PermissionCommands.java b/oa4mp-server-admin-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oauth2/tools/OA2PermissionCommands.java
index 0431a4584..0dd1617e7 100644
--- a/oa4mp-server-admin-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oauth2/tools/OA2PermissionCommands.java
+++ b/oa4mp-server-admin-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oauth2/tools/OA2PermissionCommands.java
@@ -1,18 +1,19 @@
package edu.uiuc.ncsa.myproxy.oauth2.tools;
+import edu.uiuc.ncsa.myproxy.oa4mp.server.StoreCommands2;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.PermissionsStore;
import edu.uiuc.ncsa.security.core.Identifiable;
import edu.uiuc.ncsa.security.core.Store;
import edu.uiuc.ncsa.security.core.util.BasicIdentifier;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
-import edu.uiuc.ncsa.security.util.cli.StoreCommands;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
/**
* Created by Jeff Gaynor
* on 4/7/17 at 3:11 PM
*/
-public class OA2PermissionCommands extends StoreCommands {
+public class OA2PermissionCommands extends StoreCommands2 {
public OA2PermissionCommands(MyLoggingFacade logger, String defaultIndent, Store store) {
super(logger, defaultIndent, store);
}
@@ -96,4 +97,10 @@ protected void longFormat(Identifiable identifiable) {
sayi("can create?=" + p.isCreate());
}
+
+ @Override
+ protected MapConverter getConverter() {
+ return ((PermissionsStore)getStore()).getConverter();
+ }
+
}
diff --git a/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/ClientApprovalStoreCommands.java b/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/ClientApprovalStoreCommands.java
index 2832ce69d..0008fcae5 100644
--- a/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/ClientApprovalStoreCommands.java
+++ b/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/ClientApprovalStoreCommands.java
@@ -4,14 +4,15 @@
import edu.uiuc.ncsa.security.core.Store;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval;
+import edu.uiuc.ncsa.security.delegation.server.storage.ClientApprovalStore;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
import edu.uiuc.ncsa.security.util.cli.InputLine;
-import edu.uiuc.ncsa.security.util.cli.StoreCommands;
/**
*
Created by Jeff Gaynor
* on 5/22/13 at 1:51 PM
*/
-public class ClientApprovalStoreCommands extends StoreCommands {
+public class ClientApprovalStoreCommands extends StoreCommands2 {
@Override
public void extraUpdates(Identifiable identifiable) {
}
@@ -152,4 +153,10 @@ public void approve(ClientApproval ca) {
sayi("approval was not saved.");
info("Approval cancelled for id=" + ca.getIdentifierString());
}
+
+
+ @Override
+ protected MapConverter getConverter() {
+ return ((ClientApprovalStore) getStore()).getConverter();
+ }
}
diff --git a/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/ClientStoreCommands.java b/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/ClientStoreCommands.java
index b02b908fa..2717031f0 100644
--- a/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/ClientStoreCommands.java
+++ b/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/ClientStoreCommands.java
@@ -20,7 +20,7 @@
*
Created by Jeff Gaynor
* on 5/21/13 at 4:21 PM
*/
-public class ClientStoreCommands extends BaseClientStoreCommands{
+public class ClientStoreCommands extends BaseClientStoreCommands {
public ClientStoreCommands(MyLoggingFacade logger, String defaultIndent, Store clientStore, ClientApprovalStore clientApprovalStore) {
super(logger, defaultIndent, clientStore, clientApprovalStore);
}
@@ -37,8 +37,6 @@ public String getName() {
}
-
-
@Override
protected void longFormat(Identifiable identifiable) {
super.longFormat(identifiable);
@@ -159,6 +157,4 @@ protected void getPublicKeyFile(Client client) {
}
-
-
}
diff --git a/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/StoreCommands2.java b/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/StoreCommands2.java
new file mode 100644
index 000000000..83b19109c
--- /dev/null
+++ b/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/StoreCommands2.java
@@ -0,0 +1,111 @@
+package edu.uiuc.ncsa.myproxy.oa4mp.server;
+
+import edu.uiuc.ncsa.security.core.Identifiable;
+import edu.uiuc.ncsa.security.core.Store;
+import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
+import edu.uiuc.ncsa.security.storage.XMLMap;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
+import edu.uiuc.ncsa.security.util.cli.InputLine;
+import edu.uiuc.ncsa.security.util.cli.StoreCommands;
+
+import java.io.*;
+
+/**
+ * This class exists because we cannot quite get the dependencies right otherwise. Mostly it is to have access
+ * to converters for de/serialization.
+ *
Created by Jeff Gaynor
+ * on 7/2/18 at 10:06 AM
+ */
+public abstract class StoreCommands2 extends StoreCommands {
+ public StoreCommands2(MyLoggingFacade logger, String defaultIndent, Store store) {
+ super(logger, defaultIndent, store);
+ }
+
+ public StoreCommands2(MyLoggingFacade logger, Store store) {
+ super(logger, store);
+ }
+
+ /**
+ * Get the {@link MapConverter} for the store.
+ *
+ * @return
+ */
+ protected abstract MapConverter getConverter();
+
+ @Override
+ public void deserialize(InputLine inputLine) {
+ if (showHelp(inputLine)) {
+ showDeserializeHelp();
+ return;
+ }
+ InputStream is;
+ boolean isNew = inputLine.hasArg("-new");
+ if (inputLine.hasArg("-file")) {
+ try {
+ is = new FileInputStream(inputLine.getArg(1 + inputLine.indexOf("-file")));
+ XMLMap map = new XMLMap();
+ map.fromXML(is);
+ is.close();
+ Identifiable x = getConverter().fromMap(map);
+ if (isNew) {
+ if (getStore().containsKey(x.getIdentifier())) {
+ say("Error! The object with identifier \"" + x.getIdentifierString() + "\" already exists and you specified the item was new. Aborting.");
+ return;
+ }
+ } else {
+ if(x.getIdentifier() == null){
+ //handles the case where this is new and needs an identifier created. Only way to get
+ // a new unused identifier reliably is to have the store create a new entry then we update that.
+ Identifiable c = getStore().create();
+ x.setIdentifier(c.getIdentifier());
+ say("Created identifier \"" + c.getIdentifierString() + "\".");
+ }
+ // second case, overwrite whatever.
+ getStore().save(x);
+ }
+ say("done!");
+ } catch (Throwable e) {
+ say("warning, could not find file at path " + inputLine.getArg(inputLine.indexOf("-file")));
+ }
+ } else {
+ say("Missing file argument. Cannot deserialize.");
+ return;
+ }
+
+ }
+
+ @Override
+ public void serialize(InputLine inputLine) {
+ if (showHelp(inputLine)) {
+ showSerializeHelp();
+ return;
+ }
+ Identifiable x = findItem(inputLine);
+ if (x == null) {
+ say("Object not found");
+ return;
+ }
+ XMLMap c = new XMLMap();
+ getConverter().toMap(x, c);
+ OutputStream os = System.out;
+ boolean hasFile = false;
+ if (inputLine.hasArg("-file")) {
+ try {
+ os = new FileOutputStream(inputLine.getArg(1 + inputLine.indexOf("-file")));
+ hasFile = true;
+ } catch (FileNotFoundException e) {
+ say("warning, could not find file at path " + inputLine.getArg(inputLine.indexOf("-file")));
+ }
+ }
+ try {
+ c.toXML(os);
+ if (hasFile) {
+ os.flush();
+ os.close();
+ }
+ say("done!");
+ } catch (IOException e) {
+ say("Error serializing object.");
+ }
+ }
+}
diff --git a/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/testing/BaseClientStoreCommands.java b/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/testing/BaseClientStoreCommands.java
index 7758ca1df..0c186adf5 100644
--- a/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/testing/BaseClientStoreCommands.java
+++ b/oa4mp-server-admin/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/testing/BaseClientStoreCommands.java
@@ -2,24 +2,31 @@
import edu.uiuc.ncsa.myproxy.oa4mp.server.ClientApprovalStoreCommands;
import edu.uiuc.ncsa.myproxy.oa4mp.server.ClientSorter;
+import edu.uiuc.ncsa.myproxy.oa4mp.server.StoreCommands2;
import edu.uiuc.ncsa.security.core.Identifiable;
import edu.uiuc.ncsa.security.core.Identifier;
import edu.uiuc.ncsa.security.core.Store;
import edu.uiuc.ncsa.security.core.util.BasicIdentifier;
import edu.uiuc.ncsa.security.core.util.Iso8601;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
+import edu.uiuc.ncsa.security.delegation.server.storage.BaseClientStore;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApprovalStore;
import edu.uiuc.ncsa.security.delegation.storage.BaseClient;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
import edu.uiuc.ncsa.security.util.cli.InputLine;
-import edu.uiuc.ncsa.security.util.cli.StoreCommands;
+import org.apache.commons.codec.digest.DigestUtils;
+
+import java.io.FileReader;
+import java.util.HashMap;
+import java.util.List;
/**
* Commands for a base client store. This is the super class to several variations of clients.
*
Created by Jeff Gaynor
* on 12/8/16 at 1:03 PM
*/
-public abstract class BaseClientStoreCommands extends StoreCommands {
+public abstract class BaseClientStoreCommands extends StoreCommands2 {
public BaseClientStoreCommands(MyLoggingFacade logger, String defaultIndent, Store clientStore, ClientApprovalStore clientApprovalStore) {
super(logger, defaultIndent, clientStore);
this.clientApprovalStore = clientApprovalStore;
@@ -42,14 +49,80 @@ public void setClientApprovalStore(ClientApprovalStore clientApprovalStore) {
this.clientApprovalStore = clientApprovalStore;
}
+ protected void showCreateHashHelp() {
+ say("create_hash string | -file path");
+ say("This will create a hash of the given string which is suitable for storing in the database.");
+ say("If you specify a file, the entire content will be hashed.");
+ say("Note that if there are emebedded blanks, you should enclose the entire argument in double quotes");
+ say("E.g. \n\ncreate_hash my pass word");
+ say("would just has \"word\", and to get the whole string you should enter" );
+ say("create_hash \"my pass word\"");
+ }
- ClientApprovalStore clientApprovalStore;
+ public void create_hash(InputLine inputLine) {
+ if (showHelp(inputLine)) {
+ showCreateHashHelp();
+ return;
+ }
+
+ String secret = null;
+ if (inputLine.hasArg("-file")) {
+ try {
+ FileReader fis = new FileReader(inputLine.getArg(1 + inputLine.indexOf("-file")));
+ StringBuffer sb = new StringBuffer();
+ int i;
+ while ((i = fis.read()) != -1) {
+ sb.append((char) i);
+ }
+ fis.close();
+ secret = sb.toString();
+ } catch (Throwable t) {
+ say("Error: could not read file: " + t.getMessage());
+ return;
+ }
+ } else {
+ secret = inputLine.getLastArg();
+ }
+ say("creating hash of " + secret);
+ say(DigestUtils.sha1Hex(secret));
+ }
@Override
- protected String format(Identifiable identifiable) {
- BaseClient client = (BaseClient) identifiable;
+ protected List listAll(boolean useLongFormat, String otherFlags) {
+ loadAllEntries();
+
+ if (allEntries.isEmpty()) {
+ say("(no entries found)");
+ return allEntries;
+ }
+ List approvals = getClientApprovalStore().getAll();
+ HashMap approvalMap = new HashMap<>();
+ for (ClientApproval a : approvals) {
+ approvalMap.put(a.getIdentifier(), a);
+ }
+
+ int i = 0;
+ getSortable().setState(otherFlags);
+ allEntries = getSortable().sort(allEntries);
+ for (Identifiable x : allEntries) {
+ ClientApproval tempA = approvalMap.get(x.getIdentifier());
+ if (tempA == null) {
+ tempA = new ClientApproval(x.getIdentifier());
+ tempA.setStatus(ClientApproval.Status.NONE);
+ }
+ if (useLongFormat) {
+ longFormat((BaseClient) x, tempA);
+ } else {
+ say((i++) + ". " + format((BaseClient) x, tempA));
+ }
+ }
+ return allEntries;
+ }
+
+ ClientApprovalStore clientApprovalStore;
+
+ protected String format(BaseClient client, ClientApproval ca) {
String rc = null;
- ClientApproval ca = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
if (ca == null) {
rc = "(?) " + client.getIdentifier() + " ";
} else {
@@ -63,29 +136,32 @@ protected String format(Identifiable identifiable) {
rc = rc + "(" + name + ")";
rc = rc + " created on " + Iso8601.date2String(client.getCreationTS());
return rc;
+
}
@Override
- protected void longFormat(Identifiable identifiable) {
+ protected String format(Identifiable identifiable) {
BaseClient client = (BaseClient) identifiable;
+ ClientApproval ca = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
+ return format(client, ca);
+ }
+
+ protected void longFormat(BaseClient client, ClientApproval clientApproval) {
say("Client name=" + (client.getName() == null ? "(no name)" : client.getName()));
sayi("identifier=" + client.getIdentifier());
sayi("email=" + client.getEmail());
sayi("creation timestamp=" + client.getCreationTS());
- if (getClientApprovalStore() != null) {
- ClientApproval clientApproval = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
- if (clientApproval == null) {
- sayi("no approval record exists.");
- } else {
- if (clientApproval.isApproved()) {
- String approver = "(unknown)";
- if (clientApproval.getApprover() != null) {
- approver = clientApproval.getApprover();
- }
- sayi("approved by " + approver);
- } else {
- sayi("not approved");
+ if (clientApproval == null) {
+ sayi("no approval record exists.");
+ } else {
+ if (clientApproval.isApproved()) {
+ String approver = "(unknown)";
+ if (clientApproval.getApprover() != null) {
+ approver = clientApproval.getApprover();
}
+ sayi("approved by " + approver);
+ } else {
+ sayi("not approved");
}
}
@@ -96,6 +172,19 @@ protected void longFormat(Identifiable identifiable) {
sayi("public key:");
say(client.getSecret());
}
+
+ }
+
+
+ @Override
+ protected void longFormat(Identifiable identifiable) {
+ BaseClient client = (BaseClient) identifiable;
+ ClientApproval clientApproval = null;
+ if (getClientApprovalStore() != null) {
+ clientApproval = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
+ }
+ longFormat(client, clientApproval);
+
}
@@ -177,4 +266,9 @@ public void rm(InputLine inputLine) {
super.rm(inputLine);
}
+
+ @Override
+ protected MapConverter getConverter() {
+ return ((BaseClientStore) getStore()).getConverter();
+ }
}
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientFS.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientFS.java
index 42306f8d3..5b1341986 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientFS.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientFS.java
@@ -20,10 +20,6 @@ public AdminClientFS(File storeDirectory, File indexDirectory, IdentifiableProvi
}
- @Override
- public AdminClientConverter getACConverter() {
- return (AdminClientConverter)this.converter;
- }
@Override
public IdentifiableProvider getACProvider() {
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientMemoryStore.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientMemoryStore.java
index 670c82d38..7a28ed5d4 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientMemoryStore.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientMemoryStore.java
@@ -2,6 +2,7 @@
import edu.uiuc.ncsa.security.core.IdentifiableProvider;
import edu.uiuc.ncsa.security.storage.MemoryStore;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
/**
* Created by Jeff Gaynor
@@ -17,7 +18,7 @@ public AdminClientMemoryStore(IdentifiableProvider identifiableProvider) {
public AdminClientConverter acConverter = null;
@Override
- public AdminClientConverter getACConverter() {
+ public MapConverter getConverter() {
return acConverter;
}
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientSQLStore.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientSQLStore.java
index acdce4520..06e037111 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientSQLStore.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/adminClient/AdminClientSQLStore.java
@@ -21,10 +21,6 @@ public AdminClientSQLStore(ConnectionPool connectionPool, Table table, Provider<
super(connectionPool, table, identifiableProvider, converter);
}
- @Override
- public AdminClientConverter getACConverter() {
- return (AdminClientConverter) this.converter;
- }
@Override
public IdentifiableProvider getACProvider() {
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/permissions/MemoryPermissionStore.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/permissions/MemoryPermissionStore.java
index ae1cc4f29..8544a5810 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/permissions/MemoryPermissionStore.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/permissions/MemoryPermissionStore.java
@@ -3,6 +3,7 @@
import edu.uiuc.ncsa.security.core.IdentifiableProvider;
import edu.uiuc.ncsa.security.core.Identifier;
import edu.uiuc.ncsa.security.storage.MemoryStore;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
import java.util.HashMap;
import java.util.LinkedList;
@@ -204,4 +205,10 @@ public V remove(Object key) {
}
return super.remove(key);
}
+
+ @Override
+ public MapConverter getConverter() {
+ PermissionKeys key = new PermissionKeys();
+ return new PermissionConverter<>(key, identifiableProvider);
+ }
}
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/permissions/PermissionsStore.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/permissions/PermissionsStore.java
index cd86a8df5..ae6623505 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/permissions/PermissionsStore.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/admin/permissions/PermissionsStore.java
@@ -2,6 +2,7 @@
import edu.uiuc.ncsa.security.core.Identifier;
import edu.uiuc.ncsa.security.core.Store;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
import java.util.List;
@@ -40,4 +41,6 @@ public interface PermissionsStore extends Store {
* @return
*/
public boolean hasEntry(Identifier adminID, Identifier clientID);
+
+ public MapConverter getConverter();
}
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/servlet/AbstractConfigurationLoader.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/servlet/AbstractConfigurationLoader.java
index 6c15ee40e..2e45caf39 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/servlet/AbstractConfigurationLoader.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/servlet/AbstractConfigurationLoader.java
@@ -13,6 +13,7 @@
import edu.uiuc.ncsa.myproxy.oa4mp.server.storage.filestore.DSFSClientApprovalStoreProvider;
import edu.uiuc.ncsa.myproxy.oa4mp.server.storage.sql.provider.DSSQLClientApprovalStoreProvider;
import edu.uiuc.ncsa.myproxy.oa4mp.server.util.AbstractCLIApprover;
+import edu.uiuc.ncsa.myproxy.oa4mp.server.util.ClientApprovalMemoryStore;
import edu.uiuc.ncsa.myproxy.oa4mp.server.util.ClientApproverConverter;
import edu.uiuc.ncsa.security.core.configuration.Configurations;
import edu.uiuc.ncsa.security.core.configuration.provider.CfgEvent;
@@ -22,7 +23,6 @@
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApprovalStore;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientStore;
-import edu.uiuc.ncsa.security.delegation.server.storage.impl.ClientApprovalMemoryStore;
import edu.uiuc.ncsa.security.delegation.storage.Client;
import edu.uiuc.ncsa.security.delegation.storage.TransactionStore;
import edu.uiuc.ncsa.security.delegation.storage.impl.TransactionMemoryStore;
@@ -259,7 +259,7 @@ protected MultiDSClientApprovalStoreProvider getCASP() {
if (casp == null) {
casp = new MultiDSClientApprovalStoreProvider(cn, isDefaultStoreDisabled(), loggerProvider.get());
final ClientApprovalProvider caProvider = new ClientApprovalProvider();
- ClientApproverConverter cp = new ClientApproverConverter(caProvider);
+ final ClientApproverConverter cp = new ClientApproverConverter(caProvider);
casp.addListener(new DSFSClientApprovalStoreProvider(cn, cp));
casp.addListener(new DSSQLClientApprovalStoreProvider(cn, getMySQLConnectionPoolProvider(), OA4MPConfigTags.MYSQL_STORE, cp));
casp.addListener(new DSSQLClientApprovalStoreProvider(cn, getMariaDBConnectionPoolProvider(), OA4MPConfigTags.MARIADB_STORE, cp));
@@ -278,7 +278,7 @@ public Object componentFound(CfgEvent configurationEvent) {
@Override
public ClientApprovalStore get() {
- return new ClientApprovalMemoryStore(caProvider);
+ return new ClientApprovalMemoryStore(caProvider, cp);
}
});
}
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/MultiDSClientApprovalStoreProvider.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/MultiDSClientApprovalStoreProvider.java
index e32fdfc96..292ed09dd 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/MultiDSClientApprovalStoreProvider.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/MultiDSClientApprovalStoreProvider.java
@@ -1,11 +1,12 @@
package edu.uiuc.ncsa.myproxy.oa4mp.server.storage;
import edu.uiuc.ncsa.myproxy.oa4mp.server.ClientApprovalProvider;
+import edu.uiuc.ncsa.myproxy.oa4mp.server.util.ClientApprovalMemoryStore;
+import edu.uiuc.ncsa.myproxy.oa4mp.server.util.ClientApproverConverter;
import edu.uiuc.ncsa.security.core.configuration.provider.MultiTypeProvider;
import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApprovalStore;
-import edu.uiuc.ncsa.security.delegation.server.storage.impl.ClientApprovalMemoryStore;
import org.apache.commons.configuration.tree.ConfigurationNode;
/**
@@ -28,7 +29,9 @@ public MultiDSClientApprovalStoreProvider(ConfigurationNode config,
@Override
public ClientApprovalStore getDefaultStore() {
logger.info("using default in-memory client approval store.");
- return new ClientApprovalMemoryStore(new ClientApprovalProvider());
+ ClientApprovalProvider caProvider = new ClientApprovalProvider();
+ ClientApproverConverter cap = new ClientApproverConverter(caProvider);
+ return new ClientApprovalMemoryStore(caProvider, cap);
}
}
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/filestore/DSFSClientStore.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/filestore/DSFSClientStore.java
index 91ea85ec2..ac39db322 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/filestore/DSFSClientStore.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/filestore/DSFSClientStore.java
@@ -4,7 +4,6 @@
import edu.uiuc.ncsa.security.core.util.IdentifiableProviderImpl;
import edu.uiuc.ncsa.security.delegation.server.storage.impl.FSClientStore;
import edu.uiuc.ncsa.security.delegation.storage.Client;
-import edu.uiuc.ncsa.security.delegation.storage.impl.BaseClientConverter;
import edu.uiuc.ncsa.security.storage.data.MapConverter;
import java.io.File;
@@ -27,10 +26,6 @@ public DSFSClientStore(File storeDirectory,
super(storeDirectory, indexDirectory, idp, cp);
}
- @Override
- public BaseClientConverter getACConverter() {
- return (BaseClientConverter) converter;
- }
@Override
public IdentifiableProvider getACProvider() {
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/filestore/DSFSClientStoreProvider.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/filestore/DSFSClientStoreProvider.java
index cecc29e84..20a700daf 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/filestore/DSFSClientStoreProvider.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/filestore/DSFSClientStoreProvider.java
@@ -37,14 +37,6 @@ protected DSFSClientStore produce(File dataPath, File indexPath) {
} else {
System.err.println("Store contains " + store.size() + " entries.");
}
- /* System.err.println("printing identifiers...");
-
- for (Identifier x : store.keySet()) {
- System.err.println(x);
- System.err.println(store.get(x));
- }
- System.err.println("done!");*/
-
return store;
}
}
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/sql/SQLClientStore.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/sql/SQLClientStore.java
index 91e186e5b..79c451766 100644
--- a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/sql/SQLClientStore.java
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/storage/sql/SQLClientStore.java
@@ -3,7 +3,6 @@
import edu.uiuc.ncsa.security.core.IdentifiableProvider;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientStore;
import edu.uiuc.ncsa.security.delegation.storage.Client;
-import edu.uiuc.ncsa.security.delegation.storage.impl.BaseClientConverter;
import edu.uiuc.ncsa.security.storage.data.MapConverter;
import edu.uiuc.ncsa.security.storage.sql.ConnectionPool;
import edu.uiuc.ncsa.security.storage.sql.SQLStore;
@@ -28,11 +27,6 @@ public SQLClientStore(ConnectionPool connectionPool,
super(connectionPool, table, idp, converter);
}
- @Override
- public BaseClientConverter getACConverter() {
- return (BaseClientConverter) converter;
- }
-
@Override
public IdentifiableProvider getACProvider() {
return (IdentifiableProvider) identifiableProvider;
diff --git a/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/util/ClientApprovalMemoryStore.java b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/util/ClientApprovalMemoryStore.java
new file mode 100644
index 000000000..2c3fbbfe0
--- /dev/null
+++ b/oa4mp-server-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/server/util/ClientApprovalMemoryStore.java
@@ -0,0 +1,58 @@
+package edu.uiuc.ncsa.myproxy.oa4mp.server.util;
+
+import edu.uiuc.ncsa.security.core.Identifier;
+import edu.uiuc.ncsa.security.core.util.IdentifiableProviderImpl;
+import edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval;
+import edu.uiuc.ncsa.security.delegation.server.storage.ClientApprovalStore;
+import edu.uiuc.ncsa.security.storage.MemoryStore;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
+
+/**
+ * Created by Jeff Gaynor
+ * on 7/2/18 at 2:01 PM
+ */
+public class ClientApprovalMemoryStore extends MemoryStore implements ClientApprovalStore {
+
+ MapConverter converter;
+
+ public ClientApprovalMemoryStore(IdentifiableProviderImpl vIdentifiableProvider, ClientApproverConverter converter) {
+ super(vIdentifiableProvider);
+ this.converter = converter;
+ }
+
+ @Override
+ public boolean isApproved(Identifier identifier) {
+ ClientApproval ca = get(identifier);
+ if (ca == null) {
+ return false;
+ }
+ return get(identifier).isApproved();
+ }
+
+ @Override
+ public int getUnapprovedCount() {
+ int count = 0;
+ for (Identifier key : keySet()) {
+ if (isApproved(key)) {
+ count++;
+ }
+ }
+ return count;
+ }
+
+ @Override
+ public int getPendingCount() {
+ int count = 0;
+ for (Identifier key : keySet()) {
+ ClientApproval approval = get(key);
+ if (approval.getStatus() == ClientApproval.Status.PENDING)
+ count++;
+ }
+ return count;
+ }
+
+ @Override
+ public MapConverter getConverter() {
+ return converter;
+ }
+}
diff --git a/oa4mp-server-loader-oauth1/pom.xml b/oa4mp-server-loader-oauth1/pom.xml
index fba9263a9..a18ec89d1 100644
--- a/oa4mp-server-loader-oauth1/pom.xml
+++ b/oa4mp-server-loader-oauth1/pom.xml
@@ -71,17 +71,18 @@
mysql
mysql-connector-java
- 5.1.38
+ 8.0.11
- postgresql
+ org.postgresql
postgresql
- 9.1-901-1.jdbc4
+ 42.2.2.jre7
+ provided
org.mariadb.jdbc
mariadb-java-client
- 1.4.0
+ 2.2.5
provided
diff --git a/oa4mp-server-loader-oauth2/pom.xml b/oa4mp-server-loader-oauth2/pom.xml
index 5af59e0f4..41e4b1b69 100644
--- a/oa4mp-server-loader-oauth2/pom.xml
+++ b/oa4mp-server-loader-oauth2/pom.xml
@@ -70,17 +70,18 @@
mysql
mysql-connector-java
- 5.1.38
+ 8.0.11
- postgresql
+ org.postgresql
postgresql
- 9.1-901-1.jdbc4
+ 42.2.2.jre7
+ provided
org.mariadb.jdbc
mariadb-java-client
- 1.4.0
+ 2.2.5
provided
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/BasicClaimsSourceImpl.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/BasicClaimsSourceImpl.java
index eaad672db..778104542 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/BasicClaimsSourceImpl.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/BasicClaimsSourceImpl.java
@@ -3,6 +3,7 @@
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.flows.FlowStates;
+import edu.uiuc.ncsa.security.core.util.DebugUtil;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.oauth_2_0.UserInfo;
import edu.uiuc.ncsa.security.oauth_2_0.server.UnsupportedScopeException;
@@ -117,8 +118,10 @@ public JSONObject process(JSONObject claims, HttpServletRequest request, Service
realProcessing(claims, request, t);
if (hasConfiguration() && getConfiguration().getPostProcessing() != null) {
OA2FunctorFactory ff = new OA2FunctorFactory(claims);
+ DebugUtil.dbg(this, "claims before post-processing=" + claims);
postProcessor = ff.createLogicBlock(getConfiguration().getPostProcessing());
postProcessor.execute();
+ DebugUtil.dbg(this, "claims after post-processing=" + claims);
FlowStates f = t.getFlowStates();
f.updateValues(postProcessor.getFunctorMap());
t.setFlowStates(f);
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/ClaimsProcessor.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/ClaimsProcessor.java
index eaacf25ba..92f540c65 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/ClaimsProcessor.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/ClaimsProcessor.java
@@ -1,6 +1,7 @@
package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims;
import edu.uiuc.ncsa.security.servlet.ServletDebugUtil;
+import edu.uiuc.ncsa.security.util.functor.FunctorTypeImpl;
import edu.uiuc.ncsa.security.util.functor.LogicBlock;
import edu.uiuc.ncsa.security.util.functor.LogicBlocks;
import net.sf.json.JSONArray;
@@ -59,9 +60,11 @@ protected LogicBlocks createLogicBlocks(JSONObject configu
JSONArray jsonArray = new JSONArray();
jsonArray.add(config);
- ServletDebugUtil.dbg(this, "created JSON array:\n\n" + jsonArray.toString(2));
+ JSONObject j = new JSONObject();
+ j.put(FunctorTypeImpl.OR.getValue(), jsonArray);
+ ServletDebugUtil.dbg(this, "created logic blocks:\n\n" + j.toString(2));
- return functorFactory.createLogicBlock(jsonArray);
+ return functorFactory.createLogicBlock(j);
}
protected boolean executed = false;
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/LDAPClaimsSource.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/LDAPClaimsSource.java
index bd9d5a961..fcb2c904e 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/LDAPClaimsSource.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/LDAPClaimsSource.java
@@ -97,7 +97,9 @@ public String getSearchName(JSONObject claims, HttpServletRequest request, Servi
return transaction.getUsername();
}
if (!claims.containsKey(getCfg().getSearchNameKey()) || claims.get(getCfg().getSearchNameKey()) == null) {
- throw new IllegalStateException("Error: no recognized search name key was found. Requested was \"" + getCfg().getSearchNameKey() + "\"");
+ String message = "Error: no recognized search name key was found. Requested was \"" + getCfg().getSearchNameKey() + "\"";
+ getMyLogger().warn(message);
+ throw new IllegalStateException(message);
}
String searchName = (String) claims.get(getCfg().getSearchNameKey());
DebugUtil.dbg(this, "returning search name=" + searchName);
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/OA2ClaimsUtil.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/OA2ClaimsUtil.java
index 133160873..f6c97c88e 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/OA2ClaimsUtil.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/OA2ClaimsUtil.java
@@ -270,10 +270,15 @@ public JSONObject createSpecialClaims() throws Throwable {
* @throws Throwable
*/
public void doPostProcessing() throws Throwable {
+ DebugUtil.dbg(this, ".doPostProcessing: has post-processing?" + getCC().hasPostProcessing());
if (getCC().hasPostProcessing()) {
+ DebugUtil.dbg(this, ".doPostProcessing: has post-processing?" + getCC().getPostProcessing());
+
OA2ClientConfigurationFactory ff = new OA2ClientConfigurationFactory(getFF());
ff.setupPostProcessing(getCC(), getOA2Client().getConfig());
getCC().executePostProcessing();
+ DebugUtil.dbg(this, ".doPostProcessing: executed post-processing, functor map=" + getCC().getPostProcessing().getFunctorMap());
+
}
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/loader/COInitializer.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/loader/COInitializer.java
index 339241c01..341798e83 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/loader/COInitializer.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/loader/COInitializer.java
@@ -32,7 +32,7 @@ public void init() throws ServletException {
try {
SATFactory.setAdminClientConverter(AdminClientStoreProviders.getAdminClientConverter());
- SATFactory.setClientConverter((ClientConverter) cose.getClientStore().getACConverter());
+ SATFactory.setClientConverter((ClientConverter) cose.getClientStore().getConverter());
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/AbstractDDServer.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/AbstractDDServer.java
index 45ca5782d..83251aaa1 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/AbstractDDServer.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/AbstractDDServer.java
@@ -46,15 +46,15 @@ public Response process(Request request) {
protected OA2Client subset(OA2Client client, List attributes) {
ColumnMap map = new ColumnMap();
- cose.getClientStore().getACConverter().toMap(client, map);
+ cose.getClientStore().getConverter().toMap(client, map);
ColumnMap reducedMap = new ColumnMap();
for (String key : attributes) {
reducedMap.put(key, map.get(key));
}
// Have to always include the identifier.
- reducedMap.put(cose.getClientStore().getACConverter().getKeys().identifier(), client.getIdentifierString());
- OA2Client x = (OA2Client) cose.getClientStore().getACConverter().fromMap(reducedMap, null);
+ reducedMap.put(cose.getClientStore().getConverter().getKeys().identifier(), client.getIdentifierString());
+ OA2Client x = (OA2Client) cose.getClientStore().getConverter().fromMap(reducedMap, null);
return x;
}
@@ -62,15 +62,15 @@ protected OA2Client subset(OA2Client client, List attributes) {
protected AdminClient subset(AdminClient client, List attributes) {
ColumnMap map = new ColumnMap();
- cose.getAdminClientStore().getACConverter().toMap(client, map);
+ cose.getAdminClientStore().getConverter().toMap(client, map);
ColumnMap reducedMap = new ColumnMap();
for (String key : attributes) {
reducedMap.put(key, map.get(key));
}
// Have to always include the identifier.
- reducedMap.put(cose.getClientStore().getACConverter().getKeys().identifier(), client.getIdentifierString());
- AdminClient x = (AdminClient) cose.getAdminClientStore().getACConverter().fromMap(reducedMap, null);
+ reducedMap.put(cose.getClientStore().getConverter().getKeys().identifier(), client.getIdentifierString());
+ AdminClient x = (AdminClient) cose.getAdminClientStore().getConverter().fromMap(reducedMap, null);
return x;
}
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/ResponseSerializer.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/ResponseSerializer.java
index f479e9f5d..df8dc9f50 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/ResponseSerializer.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/ResponseSerializer.java
@@ -14,8 +14,10 @@
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.ListClientResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.PermissionResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2Client;
+import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2ClientConverter;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2ClientKeys;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient;
+import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClientConverter;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClientKeys;
import edu.uiuc.ncsa.security.core.exceptions.NotImplementedException;
import edu.uiuc.ncsa.security.delegation.services.Response;
@@ -110,14 +112,15 @@ protected void serialize(ClientResponse response, HttpServletResponse servletRes
protected void serialize(AttributeGetClientResponse response, HttpServletResponse servletResponse) throws IOException {
PrintWriter pw = servletResponse.getWriter();
+ OA2ClientConverter clientConverter = (OA2ClientConverter)cose.getClientStore().getConverter();
JSONObject json = new JSONObject();
json.put("status", 0);
- OA2ClientKeys keys = (OA2ClientKeys) cose.getClientStore().getACConverter().getKeys();
+ OA2ClientKeys keys = (OA2ClientKeys) clientConverter.getKeys();
List allKeys = keys.allKeys();
allKeys.remove(keys.secret());
- OA2Client newClient = (OA2Client) cose.getClientStore().getACConverter().subset(response.getClient(), response.getAttributes());
+ OA2Client newClient = (OA2Client) clientConverter.subset(response.getClient(), response.getAttributes());
JSONObject jsonClient = new JSONObject();
- cose.getClientStore().getACConverter().toJSON(newClient, jsonClient);
+ clientConverter.toJSON(newClient, jsonClient);
json.put("content", jsonClient);
//return json;
@@ -128,13 +131,14 @@ protected void serialize(AttributeGetClientResponse response, HttpServletRespons
protected void serialize(AttributeGetAdminClientResponse response, HttpServletResponse servletResponse) throws IOException {
PrintWriter pw = servletResponse.getWriter();
JSONObject json = new JSONObject();
+ AdminClientConverter adminClientConverter = (AdminClientConverter)cose.getAdminClientStore().getConverter();
json.put("status", 0);
- AdminClientKeys keys = (AdminClientKeys) cose.getAdminClientStore().getACConverter().getKeys();
+ AdminClientKeys keys = (AdminClientKeys) adminClientConverter.getKeys();
List allKeys = keys.allKeys();
allKeys.remove(keys.secret());
- AdminClient newClient = (AdminClient) cose.getAdminClientStore().getACConverter().subset(response.getAdminClient(), response.getAttributes());
+ AdminClient newClient = (AdminClient) adminClientConverter.subset(response.getAdminClient(), response.getAttributes());
JSONObject jsonClient = new JSONObject();
- cose.getAdminClientStore().getACConverter().toJSON(newClient, jsonClient);
+ adminClientConverter.toJSON(newClient, jsonClient);
json.put("content", jsonClient);
//return json;
@@ -223,12 +227,14 @@ private void serializeClient(OA2Client client, HttpServletResponse servletRespon
private JSONObject clientToJSON(OA2Client client) {
JSONObject json = new JSONObject();
json.put("status", 0);
- OA2ClientKeys keys = (OA2ClientKeys) cose.getClientStore().getACConverter().getKeys();
+ OA2ClientConverter clientConverter = (OA2ClientConverter)cose.getClientStore().getConverter();
+
+ OA2ClientKeys keys = (OA2ClientKeys) clientConverter.getKeys();
List allKeys = keys.allKeys();
allKeys.remove(keys.secret());
- OA2Client newClient = (OA2Client) cose.getClientStore().getACConverter().subset(client, allKeys);
+ OA2Client newClient = (OA2Client) clientConverter.subset(client, allKeys);
JSONObject jsonClient = new JSONObject();
- cose.getClientStore().getACConverter().toJSON(newClient, jsonClient);
+ clientConverter.toJSON(newClient, jsonClient);
json.put("content", jsonClient);
return json;
}
@@ -236,12 +242,13 @@ private JSONObject clientToJSON(OA2Client client) {
private JSONObject acToJSON(AdminClient client) {
JSONObject json = new JSONObject();
json.put("status", 0);
- AdminClientKeys keys = (AdminClientKeys) cose.getAdminClientStore().getACConverter().getKeys();
+ AdminClientConverter adminClientConverter = (AdminClientConverter)cose.getAdminClientStore().getConverter();
+ AdminClientKeys keys = (AdminClientKeys) adminClientConverter.getKeys();
List allKeys = keys.allKeys();
allKeys.remove(keys.secret());
- AdminClient newClient = (AdminClient) cose.getAdminClientStore().getACConverter().subset(client, allKeys);
+ AdminClient newClient = (AdminClient) adminClientConverter.subset(client, allKeys);
JSONObject jsonClient = new JSONObject();
- cose.getAdminClientStore().getACConverter().toJSON(newClient, jsonClient);
+ adminClientConverter.toJSON(newClient, jsonClient);
json.put("content", jsonClient);
return json;
}
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/attributes/AttributeServer.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/attributes/AttributeServer.java
index 4d164e10b..be8195422 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/attributes/AttributeServer.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/attributes/AttributeServer.java
@@ -51,11 +51,11 @@ protected AttributeGetAdminClientResponse getAdminClientAttributes(AttributeGetR
}
protected OA2ClientConverter getClientConverter() {
- return (OA2ClientConverter) cose.getClientStore().getACConverter();
+ return (OA2ClientConverter) cose.getClientStore().getConverter();
}
protected AdminClientConverter getACConverter() {
- return (AdminClientConverter) cose.getAdminClientStore().getACConverter();
+ return (AdminClientConverter) cose.getAdminClientStore().getConverter();
}
public Response set(AttributeSetClientRequest request) {
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/client/ClientServer.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/client/ClientServer.java
index 187246af8..a191d796c 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/client/ClientServer.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/util/client/ClientServer.java
@@ -80,7 +80,7 @@ public CreateResponse create(CreateRequest request) {
//requires and admin client and hashmap
ColumnMap values = new ColumnMap();
values.putAll(request.getAttributes());
- OA2ClientKeys keys = (OA2ClientKeys) getClientStore().getACConverter().getKeys();
+ OA2ClientKeys keys = (OA2ClientKeys) getClientStore().getConverter().getKeys();
OA2Client client = (OA2Client) getClientStore().create();
values.put(keys.identifier(), client.getIdentifier());
values.put(keys.creationTS(), client.getCreationTS());
@@ -98,7 +98,7 @@ public CreateResponse create(CreateRequest request) {
values.put(keys.secret(), hash);
- getClientStore().getACConverter().fromMap(values, client);
+ getClientStore().getConverter().fromMap(values, client);
getClientStore().save(client);
// client.setIdentifier(clientID); // since this gets scrubbed by the previous method.
// response requires new client and its actual secret
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/loader/OA2ConfigurationLoader.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/loader/OA2ConfigurationLoader.java
index 465936449..5e7a291bc 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/loader/OA2ConfigurationLoader.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/loader/OA2ConfigurationLoader.java
@@ -22,6 +22,7 @@
import edu.uiuc.ncsa.myproxy.oa4mp.server.storage.filestore.DSFSClientApprovalStoreProvider;
import edu.uiuc.ncsa.myproxy.oa4mp.server.storage.filestore.DSFSClientStoreProvider;
import edu.uiuc.ncsa.myproxy.oa4mp.server.storage.sql.provider.DSSQLClientApprovalStoreProvider;
+import edu.uiuc.ncsa.myproxy.oa4mp.server.util.ClientApprovalMemoryStore;
import edu.uiuc.ncsa.myproxy.oa4mp.server.util.ClientApproverConverter;
import edu.uiuc.ncsa.security.core.IdentifiableProvider;
import edu.uiuc.ncsa.security.core.Identifier;
@@ -37,7 +38,6 @@
import edu.uiuc.ncsa.security.delegation.server.issuers.PAIssuer;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientApprovalStore;
import edu.uiuc.ncsa.security.delegation.server.storage.ClientStore;
-import edu.uiuc.ncsa.security.delegation.server.storage.impl.ClientApprovalMemoryStore;
import edu.uiuc.ncsa.security.delegation.storage.Client;
import edu.uiuc.ncsa.security.delegation.storage.ClientApprovalKeys;
import edu.uiuc.ncsa.security.delegation.storage.TransactionStore;
@@ -250,7 +250,7 @@ protected MultiDSClientApprovalStoreProvider getCASP() {
final ClientApprovalProvider caProvider = new ClientApprovalProvider();
ClientApprovalKeys caKeys = new ClientApprovalKeys();
caKeys.identifier("client_id");
- ClientApproverConverter cp = new ClientApproverConverter(caKeys, caProvider);
+ final ClientApproverConverter cp = new ClientApproverConverter(caKeys, caProvider);
casp.addListener(new DSFSClientApprovalStoreProvider(cn, cp));
casp.addListener(new DSSQLClientApprovalStoreProvider(cn, getMySQLConnectionPoolProvider(), OA4MPConfigTags.MYSQL_STORE, cp));
casp.addListener(new DSSQLClientApprovalStoreProvider(cn, getMariaDBConnectionPoolProvider(), OA4MPConfigTags.MARIADB_STORE, cp));
@@ -268,7 +268,7 @@ public Object componentFound(CfgEvent configurationEvent) {
@Override
public ClientApprovalStore get() {
- return new ClientApprovalMemoryStore(caProvider);
+ return new ClientApprovalMemoryStore(caProvider,cp);
}
});
}
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/loader/OA2ServletInitializer.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/loader/OA2ServletInitializer.java
index f51dd2fbd..c37ac7867 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/loader/OA2ServletInitializer.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/loader/OA2ServletInitializer.java
@@ -67,7 +67,7 @@ public void init() throws ServletException {
}
try {
SATFactory.setAdminClientConverter(AdminClientStoreProviders.getAdminClientConverter());
- SATFactory.setClientConverter((ClientConverter) oa2SE.getClientStore().getACConverter());
+ SATFactory.setClientConverter((ClientConverter) oa2SE.getClientStore().getConverter());
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ATServlet.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ATServlet.java
index ba0e5c254..43611d0f0 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ATServlet.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/OA2ATServlet.java
@@ -205,7 +205,7 @@ protected IssuerTransactionState doAT(HttpServletRequest request, HttpServletRes
// Since this bit of information could be extremely useful if a service decides
// eto start issuing refresh tokens after
// clients have been registered, it should be logged.
- info("Refresh tokens are disabled for client " + client.getIdentifierString() + ", but enabled on the server. No refresh token will be madeg.");
+ info("Refresh tokens are disabled for client " + client.getIdentifierString() + ", but enabled on the server. No refresh token will be made.");
}
if (client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/state/OA2ClientConfigurationFactory.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/state/OA2ClientConfigurationFactory.java
index 22e8daca3..eda7d3b6f 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/state/OA2ClientConfigurationFactory.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/state/OA2ClientConfigurationFactory.java
@@ -152,18 +152,18 @@ protected ClaimSource setupClaimSource(String alias, String configName, JSONObje
}
public void setupPreProcessing(V cc, JSONObject json) {
- JSONArray array = OA2ClientConfigurationUtil.getClaimsPreProcessing(json);
+ JSONObject jsonObject = OA2ClientConfigurationUtil.getClaimsPreProcessing(json);
LogicBlocks preProcessing;
- preProcessing = functorFactory.createLogicBlock(array);
+ preProcessing = functorFactory.createLogicBlock(jsonObject);
cc.setPreProcessing(preProcessing);
}
public void setupPostProcessing(V cc, JSONObject json) {
- JSONArray array = OA2ClientConfigurationUtil.getClaimsPostProcessing(json);
+ JSONObject jsonObject = OA2ClientConfigurationUtil.getClaimsPostProcessing(json);
LogicBlocks postProcessing;
- postProcessing = functorFactory.createLogicBlock(array);
+ postProcessing = functorFactory.createLogicBlock(jsonObject);
cc.setPostProcessing(postProcessing);
}
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/state/OA2ClientConfigurationUtil.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/state/OA2ClientConfigurationUtil.java
index e2e2422de..b468b91f5 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/state/OA2ClientConfigurationUtil.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/state/OA2ClientConfigurationUtil.java
@@ -1,11 +1,14 @@
package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.state;
+import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.OA2FunctorFactory;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.flows.jSetClaimSource;
+import edu.uiuc.ncsa.security.core.util.DebugUtil;
import edu.uiuc.ncsa.security.oauth_2_0.server.config.ClientConfigurationUtil;
import edu.uiuc.ncsa.security.servlet.ServletDebugUtil;
-import edu.uiuc.ncsa.security.util.functor.JFunctorFactory;
+import edu.uiuc.ncsa.security.util.functor.FunctorTypeImpl;
import edu.uiuc.ncsa.security.util.functor.LogicBlock;
import edu.uiuc.ncsa.security.util.functor.LogicBlocks;
+import net.sf.json.JSON;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
@@ -128,7 +131,29 @@ protected static JSONArray getClaimsThingy(JSONObject config, String key) {
return new JSONArray();
}
- protected static void setClaimsThingy(JSONObject config, String key, JSONArray thingy) {
+ protected static JSONObject getClaimsProcessor(JSONObject config, String key) {
+ DebugUtil.dbg(OA2ClientConfigurationUtil.class, ".getClaimsProcessor: key=" + key);
+ if (!config.containsKey(CLAIMS_KEY)) {
+ DebugUtil.dbg(OA2ClientConfigurationUtil.class, ".getClaimsProcessor: NO CLAIMS");
+ return new JSONObject();
+ }
+ JSONObject claims = config.getJSONObject(CLAIMS_KEY);
+ Object obj = claims.get(key);
+ DebugUtil.dbg(OA2ClientConfigurationUtil.class, ".getClaimsProcessor: raw claims=" + obj);
+
+ if (obj instanceof JSONArray) {
+ JSONObject j = new JSONObject();
+ j.put(FunctorTypeImpl.OR.getValue(), obj);
+ return j;
+ }
+ if (obj instanceof JSONObject) {
+ return (JSONObject) obj;
+ }
+ return new JSONObject();
+ }
+
+
+ protected static void setClaimsThingy(JSONObject config, String key, JSON thingy) {
JSONObject claims;
if (config.containsKey(CLAIMS_KEY)) {
claims = config.getJSONObject(CLAIMS_KEY);
@@ -175,20 +200,20 @@ public static void setClaimSourcesConfigurations(JSONObject config, JSONArray so
setClaimsThingy(config, CLAIM_SOURCE_CONFIG_KEY, sourceConfigs);
}
- public static JSONArray getClaimsPostProcessing(JSONObject config) {
- return getClaimsThingy(config, CLAIM_POST_PROCESSING_KEY);
+ public static JSONObject getClaimsPostProcessing(JSONObject config) {
+ return getClaimsProcessor(config, CLAIM_POST_PROCESSING_KEY);
}
- public static void setClaimsPostProcessing(JSONObject config, JSONArray processing) {
+ public static void setClaimsPostProcessing(JSONObject config, JSONObject processing) {
setClaimsThingy(config, CLAIM_POST_PROCESSING_KEY, processing);
}
- public static JSONArray getClaimsPreProcessing(JSONObject config) {
- return getClaimsThingy(config, CLAIM_PRE_PROCESSING_KEY);
+ public static JSONObject getClaimsPreProcessing(JSONObject config) {
+ return getClaimsProcessor(config, CLAIM_PRE_PROCESSING_KEY);
}
- public static void setClaimsPreProcessing(JSONObject config, JSONArray processing) {
+ public static void setClaimsPreProcessing(JSONObject config, JSONObject processing) {
setClaimsThingy(config, CLAIM_PRE_PROCESSING_KEY, processing);
}
@@ -213,7 +238,7 @@ public static JSONObject convertToNewConfiguration(JSONObject oldLDAP, JSONObjec
boolean containsOldLDAP = false;
- if (content.containsKey(CONFIGURATION_NAME_KEY)) {
+ if (content.containsKey(CONFIGURATION_NAME_KEY) && !content.getString(CONFIGURATION_NAME_KEY).isEmpty()) {
String oldLDAPName = content.getString(CONFIGURATION_NAME_KEY);
// the old LDAP config contains a name, so we check if it is in the current list of thse
@@ -269,18 +294,33 @@ public static JSONObject convertToNewConfiguration(JSONObject oldLDAP, JSONObjec
protected static void createDefaultPreProcessor(JSONObject config, String newName) {
JSONArray array = new JSONArray();
- JFunctorFactory ff = new JFunctorFactory();
+ JSONObject emptyClaims = new JSONObject();
+ OA2FunctorFactory ff = new OA2FunctorFactory(emptyClaims); // need the factory, but there are no claims at this point.
jSetClaimSource jSetClaimSource = new jSetClaimSource();
jSetClaimSource.addArg(OA2ClientConfigurationFactory.LDAP_DEFAULT);
jSetClaimSource.addArg(newName);
array.add(jSetClaimSource.toJSON());
- LogicBlocks defaultLBs = ff.createLogicBlock(array);
+ JSONObject j = new JSONObject();
+ j.put(FunctorTypeImpl.OR.getValue(), array);
+ LogicBlocks defaultLBs = ff.createLogicBlock(j);
+ setClaimsPreProcessing(config, defaultLBs.toJSON());
+
// there should be one and we need it.
- LogicBlock lb = defaultLBs.get(0);
- JSONArray runtime = getRuntime(config);
+ /* LogicBlock lb = defaultLBs.get(0);
JSONObject ifBlock = JSONObject.fromObject(lb.toString());
- runtime.add(ifBlock);
- setClaimsPreProcessing(config, runtime);
+
+ if(hasRuntime(config)){
+
+ }else{
+ JSONObject runtime = new JSONObject();
+ runtime.put(FunctorTypeImpl.OR.getValue(), )
+
+ }
+ JSONArray runtimeArray = getRuntimeArg(config);
+
+ runtimeArray.add(ifBlock);
+ runtime.
+ setClaimsPreProcessing(config, runtime);*/
}
public static boolean isSaved(JSONObject config) {
diff --git a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/storage/OA2ClientMemoryStore.java b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/storage/OA2ClientMemoryStore.java
index f365f38d1..4d885faee 100644
--- a/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/storage/OA2ClientMemoryStore.java
+++ b/oa4mp-server-loader-oauth2/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/storage/OA2ClientMemoryStore.java
@@ -4,18 +4,20 @@
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2ClientConverter;
import edu.uiuc.ncsa.security.core.IdentifiableProvider;
import edu.uiuc.ncsa.security.delegation.server.storage.impl.ClientMemoryStore;
-import edu.uiuc.ncsa.security.delegation.storage.impl.BaseClientConverter;
+import edu.uiuc.ncsa.security.storage.data.MapConverter;
/**
* Created by Jeff Gaynor
* on 12/2/16 at 2:09 PM
*/
public class OA2ClientMemoryStore extends ClientMemoryStore {
+
public OA2ClientMemoryStore(IdentifiableProvider vIdentifiableProvider) {
super(vIdentifiableProvider);
}
+
@Override
- public BaseClientConverter getACConverter() {
+ public MapConverter getConverter() {
return new OA2ClientConverter(this.identifiableProvider);
}
}
diff --git a/oa4mp-server-oauth1/buildNumber.properties b/oa4mp-server-oauth1/buildNumber.properties
index 4cbefa55d..8aaa170fa 100644
--- a/oa4mp-server-oauth1/buildNumber.properties
+++ b/oa4mp-server-oauth1/buildNumber.properties
@@ -1,3 +1,3 @@
#maven.buildNumber.plugin properties file
-#Mon Jun 18 11:49:10 CDT 2018
-buildNumber\\d*=1520
+#Tue Jul 03 12:22:38 CDT 2018
+buildNumber\\d*=1674
diff --git a/oa4mp-server-oauth1/pom.xml b/oa4mp-server-oauth1/pom.xml
index 877efc338..1ca331405 100644
--- a/oa4mp-server-oauth1/pom.xml
+++ b/oa4mp-server-oauth1/pom.xml
@@ -84,19 +84,18 @@
mysql
mysql-connector-java
- 5.1.38
+ 8.0.11
- postgresql
+ org.postgresql
postgresql
- 9.1-901-1.jdbc4
+ 42.2.2.jre7
org.mariadb.jdbc
mariadb-java-client
- 1.4.0
- provided
+ 2.2.5
diff --git a/oa4mp-server-oauth2/buildNumber.properties b/oa4mp-server-oauth2/buildNumber.properties
index cc59e05bc..8ea3f7fe7 100644
--- a/oa4mp-server-oauth2/buildNumber.properties
+++ b/oa4mp-server-oauth2/buildNumber.properties
@@ -1,3 +1,3 @@
#maven.buildNumber.plugin properties file
-#Mon Jun 18 11:49:14 CDT 2018
-buildNumber\\d*=1556
+#Tue Jul 03 12:22:43 CDT 2018
+buildNumber\\d*=1696
diff --git a/oa4mp-server-oauth2/pom.xml b/oa4mp-server-oauth2/pom.xml
index a9bdc0e26..4807b6d08 100644
--- a/oa4mp-server-oauth2/pom.xml
+++ b/oa4mp-server-oauth2/pom.xml
@@ -96,18 +96,17 @@
mysql
mysql-connector-java
- 5.1.38
+ 8.0.11
- postgresql
+ org.postgresql
postgresql
- 9.1-901-1.jdbc4
+ 42.2.2.jre7
org.mariadb.jdbc
mariadb-java-client
- 1.4.0
- provided
+ 2.2.5
diff --git a/oa4mp-server-test-oauth2/buildNumber.properties b/oa4mp-server-test-oauth2/buildNumber.properties
index 4f97af0a0..d1fc7f655 100644
--- a/oa4mp-server-test-oauth2/buildNumber.properties
+++ b/oa4mp-server-test-oauth2/buildNumber.properties
@@ -1,3 +1,3 @@
#maven.buildNumber.plugin properties file
-#Mon Jun 18 11:49:31 CDT 2018
-buildNumber\\d*=838
+#Tue Jul 03 12:23:00 CDT 2018
+buildNumber\\d*=967
diff --git a/oa4mp-server-test-oauth2/pom.xml b/oa4mp-server-test-oauth2/pom.xml
index 6865ad428..79e3f0f25 100644
--- a/oa4mp-server-test-oauth2/pom.xml
+++ b/oa4mp-server-test-oauth2/pom.xml
@@ -96,17 +96,17 @@
mysql
mysql-connector-java
- 5.1.38
+ 8.0.11
- postgresql
+ org.postgresql
postgresql
- 9.1-901-1.jdbc4
+ 42.2.2.jre7
org.mariadb.jdbc
mariadb-java-client
- 1.4.0
+ 2.2.5
provided
diff --git a/oa4mp-server-test-oauth2/src/test/java/test/AttributeServerTest.java b/oa4mp-server-test-oauth2/src/test/java/test/AttributeServerTest.java
index d1b747a9b..b913cdb0e 100644
--- a/oa4mp-server-test-oauth2/src/test/java/test/AttributeServerTest.java
+++ b/oa4mp-server-test-oauth2/src/test/java/test/AttributeServerTest.java
@@ -3,6 +3,7 @@
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.RequestFactory;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.attributes.*;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2Client;
+import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2ClientConverter;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2ClientKeys;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionGet;
import edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionRemove;
@@ -47,7 +48,7 @@ public void testAttributeServerGet(CMTestStoreProvider tp2) throws Exception {
assert reducedClient.getName().equals(cc.client.getName());
JSONObject json = new JSONObject();
- tp2.getClientStore().getACConverter().toJSON(r.getClient(), json);
+ ((OA2ClientConverter)tp2.getClientStore().getConverter()).toJSON((OA2Client) r.getClient(), json);
System.out.println(json);
}
diff --git a/oa4mp-server-test-oauth2/src/test/java/test/ClientConfigurationTest.java b/oa4mp-server-test-oauth2/src/test/java/test/ClientConfigurationTest.java
index 3477311cd..21fbf7432 100644
--- a/oa4mp-server-test-oauth2/src/test/java/test/ClientConfigurationTest.java
+++ b/oa4mp-server-test-oauth2/src/test/java/test/ClientConfigurationTest.java
@@ -13,6 +13,7 @@
import edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration;
import edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfigurationUtil;
import edu.uiuc.ncsa.security.util.TestBase;
+import edu.uiuc.ncsa.security.util.functor.FunctorTypeImpl;
import edu.uiuc.ncsa.security.util.functor.LogicBlock;
import edu.uiuc.ncsa.security.util.functor.logic.jContains;
import net.sf.json.JSONArray;
@@ -49,7 +50,7 @@ protected JSONObject createConfiguration(String customClaim,
JSONArray claimSources = setupSources();
// Add some claim processing logic
- JSONArray claimProcessing = setupProcessing(oldAudience, newAudience);
+ JSONObject claimProcessing = setupProcessing(oldAudience, newAudience);
// Add in the configurations for claims
JSONArray claimConfigs = new JSONArray();
@@ -61,7 +62,7 @@ protected JSONObject createConfiguration(String customClaim,
ldap.setName("LDAP2");
System.out.println(LDAPConfigurationUtil.toJSON(ldap));
claimConfigs.add(LDAPConfigurationUtil.toJSON(ldap));
- JSONArray logic = setupRuntime(customClaim);
+ JSONObject logic = setupRuntime(customClaim);
// add the parts to the configuration
setClaimSources(cfg, claimSources);
@@ -103,7 +104,7 @@ protected Map createClaims() {
return OA2FunctorTests.createClaims();
}
- protected JSONArray setupProcessing(String oldAud, String newAud) {
+ protected JSONObject setupProcessing(String oldAud, String newAud) {
JSONArray array = new JSONArray();
Map claims = createClaims();
claims.put(AUDIENCE, oldAud);
@@ -125,7 +126,9 @@ protected JSONArray setupProcessing(String oldAud, String newAud) {
ifBlock.put("$then", thenArray);
array.add(ifBlock);
- return array;
+ JSONObject j = new JSONObject();
+ j.put(FunctorTypeImpl.OR.getValue(), array);
+ return j;
}
/*
@@ -133,7 +136,7 @@ protected JSONArray setupProcessing(String oldAud, String newAud) {
In this way claims may be created before processing. This facility effectively allows for setting and
using variables.
*/
- protected JSONArray setupRuntime(String myClaim) {
+ protected JSONObject setupRuntime(String myClaim) {
JSONArray array = new JSONArray();
JSONObject ifBlock = new JSONObject();
@@ -157,7 +160,9 @@ protected JSONArray setupRuntime(String myClaim) {
set.addArg(myClaim);
ifBlock.put("$then", thenArray);
array.add(ifBlock);
- return array;
+ JSONObject j = new JSONObject();
+ j.put(FunctorTypeImpl.OR.getValue(), array);
+ return j;
}
protected LDAPConfiguration getLDAP(){
diff --git a/oa4mp-server-test-oauth2/src/test/java/test/ClientManagerTest.java b/oa4mp-server-test-oauth2/src/test/java/test/ClientManagerTest.java
index 04b7c6c9e..2c9302b40 100644
--- a/oa4mp-server-test-oauth2/src/test/java/test/ClientManagerTest.java
+++ b/oa4mp-server-test-oauth2/src/test/java/test/ClientManagerTest.java
@@ -152,7 +152,11 @@ public void testOA2Client() throws Exception {
}
-
+ /**
+ * This checks that the test-created LDAP configuration can be serialzed to and from JSON. If this
+ * fails then other tests will fail but the reason might not be obvious.
+ * @throws Exception
+ */
@Test
public void testldapExample() throws Exception {
diff --git a/oa4mp-server-test-oauth2/src/test/java/test/DDServerTests.java b/oa4mp-server-test-oauth2/src/test/java/test/DDServerTests.java
index ee09cccf2..b26f1b825 100644
--- a/oa4mp-server-test-oauth2/src/test/java/test/DDServerTests.java
+++ b/oa4mp-server-test-oauth2/src/test/java/test/DDServerTests.java
@@ -95,7 +95,7 @@ protected CC setupClients(CMTestStoreProvider tp2) throws Exception {
}
protected AdminClientConverter getAdminClientConverter(CMTestStoreProvider tp2) throws Exception {
- BaseClientConverter bcc = tp2.getAdminClientStore().getACConverter();
+ BaseClientConverter bcc = (BaseClientConverter)tp2.getAdminClientStore().getConverter();
if (bcc instanceof AdminClientConverter) {
return (AdminClientConverter) bcc;
}
@@ -103,7 +103,7 @@ protected AdminClientConverter getAdminClientConverter(CMTestStoreProvider tp2)
return AdminClientStoreProviders.getAdminClientConverter();
}
protected OA2ClientConverter getClientConverter(CMTestStoreProvider tp2) throws Exception {
- BaseClientConverter bcc = tp2.getClientStore().getACConverter();
+ BaseClientConverter bcc = (BaseClientConverter)tp2.getClientStore().getConverter();
if (bcc instanceof OA2ClientConverter) {
return (OA2ClientConverter) bcc;
}
diff --git a/oa4mp-server-test-oauth2/src/test/java/test/OA2FunctorTests.java b/oa4mp-server-test-oauth2/src/test/java/test/OA2FunctorTests.java
index 95f10d99c..647dd175d 100644
--- a/oa4mp-server-test-oauth2/src/test/java/test/OA2FunctorTests.java
+++ b/oa4mp-server-test-oauth2/src/test/java/test/OA2FunctorTests.java
@@ -2,12 +2,13 @@
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.*;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.flows.jAccessToken;
+import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.state.OA2ClientConfiguration;
+import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.state.OA2ClientConfigurationFactory;
+import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.state.OA2ClientConfigurationUtil;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2Client;
import edu.uiuc.ncsa.security.core.util.BasicIdentifier;
import edu.uiuc.ncsa.security.util.JFunctorTest;
-import edu.uiuc.ncsa.security.util.functor.JFunctor;
-import edu.uiuc.ncsa.security.util.functor.LogicBlock;
-import edu.uiuc.ncsa.security.util.functor.LogicBlocks;
+import edu.uiuc.ncsa.security.util.functor.*;
import edu.uiuc.ncsa.security.util.functor.logic.*;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
@@ -42,7 +43,7 @@ public void testClaims() throws Exception {
jMatch jMatch1 = (jMatch) factory.fromJSON(jMatch.toJSON());
jMatch1.execute();
assert jMatch1.getBooleanResult();
- assert reTestIt(jMatch1,factory).getBooleanResult();
+ assert reTestIt(jMatch1, factory).getBooleanResult();
jContains jContains = new jContains();
jContains.addArg("${" + SUBJECT + "}"); //needle;
@@ -94,7 +95,7 @@ public void testExcludeClaims() throws Exception {
jExclude.addArg(ISSUER);
jExclude.addArg(SUBJECT);
jExclude.execute();
- jExclude x = (jExclude)reTestIt(jExclude, ff);
+ jExclude x = (jExclude) reTestIt(jExclude, ff);
claims = jExclude.getClaims();
assert !claims.containsKey(ISSUER);
@@ -121,7 +122,7 @@ public void testIsMemberOf() throws Exception {
jIsMemberOf.addArg(GROUP_NAME + "4");
jIsMemberOf.execute();
assert jIsMemberOf.getBooleanResult();
- assert reTestIt(jIsMemberOf,ff).getBooleanResult();
+ assert reTestIt(jIsMemberOf, ff).getBooleanResult();
// redo so it fails
jIsMemberOf = new jIsMemberOf(claims);
jIsMemberOf.addArg(GROUP_NAME + "0");
@@ -131,11 +132,10 @@ public void testIsMemberOf() throws Exception {
jIsMemberOf.execute();
assert !jIsMemberOf.getBooleanResult();
- assert !reTestIt(jIsMemberOf,ff).getBooleanResult();
+ assert !reTestIt(jIsMemberOf, ff).getBooleanResult();
}
-
@Test
public void testAccessToken() throws Exception {
Map claims = createClaims();
@@ -153,8 +153,8 @@ public void testAccessToken() throws Exception {
*/
public static String GROUP_NAME = "test-group-";
- protected static Map createClaims() {
- HashMap claims = new HashMap<>();
+ protected static JSONObject createClaims() {
+ JSONObject claims = new JSONObject();
claims.put(ISSUER, getRandomString());
claims.put(AUDIENCE, getRandomString());
claims.put(SUBJECT, getRandomString());
@@ -164,7 +164,8 @@ protected static Map createClaims() {
GroupElement ge = new GroupElement(GROUP_NAME + i);
groups.put(ge);
}
- claims.put(IS_MEMBER_OF, groups);
+ String rawGroups = groups.toJSON().toString();
+ claims.put(IS_MEMBER_OF, rawGroups);
return claims;
}
@@ -229,7 +230,7 @@ public void testNestedLB() throws Exception {
jThen1.addArg(jIf2);
jThen1.addArg(jIf3);
- LogicBlock lb = new LogicBlock(functorFactory,jIf1, jThen1, null);
+ LogicBlock lb = new LogicBlock(functorFactory, jIf1, jThen1, null);
}
@@ -292,8 +293,10 @@ public void testLBCreation2() throws Exception {
set.addArg(newAudience);
ifBlock.put("$then", set.toJSON());
array.add(ifBlock);
-
- LogicBlocks bloxx = functorFactory.createLogicBlock(array);
+ JSONObject j = new JSONObject();
+ j.put(FunctorTypeImpl.OR.getValue(), array);
+ LogicBlocks bloxx = functorFactory.createLogicBlock(j);
+ assert bloxx instanceof ORLogicBlocks;
assert bloxx.size() == 1;
bloxx.execute();
@@ -333,10 +336,13 @@ public void testLBClaimsIntegrity() throws Exception {
setCommands.add(set.toJSON());
ifBlock.put("$then", setCommands);
array.add(ifBlock);
-
- LogicBlocks bloxx = functorFactory.createLogicBlock(array);
+ JSONObject j = new JSONObject();
+ j.put(FunctorTypeImpl.XOR.getValue(), array);
+ LogicBlocks bloxx = functorFactory.createLogicBlock(j);
+ assert bloxx instanceof XORLogicBlocks;
assert bloxx.size() == 1;
bloxx.execute();
+ assert (boolean) bloxx.getResult();
assert claims.get(AUDIENCE).toString().equals(targetValue) : "Should have been \"" + targetValue + "\" and got \"" + claims.get("aud") + "\"";
}
@@ -367,8 +373,10 @@ public void testLBClaimsReplacement() throws Exception {
set.addArg("${" + AUDIENCE + "}--" + newAudience);
ifBlock.put("$then", set.toJSON());
array.add(ifBlock);
-
- LogicBlocks bloxx = functorFactory.createLogicBlock(array);
+ JSONObject j = new JSONObject();
+ j.put(FunctorTypeImpl.AND.getValue(), array);
+ LogicBlocks bloxx = functorFactory.createLogicBlock(j);
+ assert bloxx instanceof ANDLogicBlocks;
assert bloxx.size() == 1;
bloxx.execute();
@@ -404,7 +412,7 @@ public void testHasClaim() throws Exception {
hasClaim.addArg(IDP_CLAIM);
hasClaim.execute();
assert hasClaim.getBooleanResult();
- assert reTestIt(hasClaim,ff).getBooleanResult();
+ assert reTestIt(hasClaim, ff).getBooleanResult();
hasClaim.reset();
hasClaim.addArg("foo");
hasClaim.execute();
@@ -458,12 +466,12 @@ public void testGet() throws Exception {
jGet.execute();
// no args returns an empty string.
assert jGet.getStringResult().equals("");
- assert reTestIt(jGet,ff).getStringResult().equals("");
+ assert reTestIt(jGet, ff).getStringResult().equals("");
jGet.reset();
jGet.addArg(SUBJECT);
jGet.execute();
assert jGet.getStringResult().equals(claims.get(SUBJECT));
- assert reTestIt(jGet,ff).getStringResult().equals(claims.get(SUBJECT));
+ assert reTestIt(jGet, ff).getStringResult().equals(claims.get(SUBJECT));
}
@Test
@@ -503,7 +511,7 @@ public void testVoPersonTest() throws Exception {
if (idp = "http://google.com/accounts/o8/id") then return oidc+"@"+"accounts.google.com";
if (idp = "http://github.com/login/oauth/authorize") then return oidc+"@"+"github.com";
*/
- VOP_eppn();
+ VOP_eppn();
VOP_eptid();
VOP_orcid();
VOP_google();
@@ -517,30 +525,35 @@ protected void VOP_eppn() throws Exception {
assert claims.get(VOPersonKey).equals(EPPN);
}
+ @Test
+ public void testXORLBTest() throws Exception {
+
+ }
+
protected void VOP_eptid() throws Exception {
- Map claims = doLSSTTest("eptid", EPTID,NCSA_IDP);
+ Map claims = doLSSTTest("eptid", EPTID, NCSA_IDP);
assert claims.containsKey(VOPersonKey);
assert claims.get(VOPersonKey).equals(EPTID);
}
protected void VOP_orcid() throws Exception {
- Map claims = doLSSTTest("oidc", orcid,ORCID_IDP);
+ Map claims = doLSSTTest("oidc", orcid, ORCID_IDP);
assert claims.containsKey(VOPersonKey);
- assert claims.get(VOPersonKey).equals(orcid.replace("http://","https://"));
+ assert claims.get(VOPersonKey).equals(orcid.replace("http://", "https://"));
}
protected void VOP_github() throws Exception {
- Map claims = doLSSTTest("oidc", oidc,GITHUB_IDP);
+ Map claims = doLSSTTest("oidc", oidc, GITHUB_IDP);
assert claims.containsKey(VOPersonKey);
- assert claims.get(VOPersonKey).equals(oidc+"@github.com");
+ assert claims.get(VOPersonKey).equals(oidc + "@github.com");
}
protected void VOP_google() throws Exception {
- Map claims = doLSSTTest("oidc", oidc,GOOGLE_IDP);
+ Map claims = doLSSTTest("oidc", oidc, GOOGLE_IDP);
assert claims.containsKey(VOPersonKey);
- assert claims.get(VOPersonKey).equals(oidc+"@accounts.google.com");
+ assert claims.get(VOPersonKey).equals(oidc + "@accounts.google.com");
}
String oidc = "oidc-" + getRandomString();// type of oidc id from google, github
@@ -565,7 +578,17 @@ protected Map doLSSTTest(String key, String value, String idp) t
Map claims2 = createClaims();
claims2.put(key, value);
claims2.put("idp", idp);
+ jXOr jXOr = createXOR(claims2);
+ jXOr.execute();
+ if (key.equals("eppn")) {
+ // just print out one of them
+ System.out.println("\n=================\nVO person test conditional:");
+ System.out.println(jXOr.toJSON().toString(1));
+ }
+ return claims2;
+ }
+ protected jXOr createXOR(Map claims2) {
OA2FunctorFactory ff = new OA2FunctorFactory(claims2);
jXOr jXOr = new jXOr();
@@ -585,24 +608,261 @@ protected Map doLSSTTest(String key, String value, String idp) t
"{\"$equals\":[{\"$get\":[\"idp\"]},\"" + ORCID_IDP + "\"]}",
"{\"$set\":[\"" + VOPersonKey + "\",{\"$replace\":[{\"$get\":[\"oidc\"]},\"http://\",\"https://\"]}]}"));
- jXOr.execute();
- if(key.equals("eppn")) {
- // just print out one of them
- System.out.println("\n=================\nVO person test conditional:");
- System.out.println(jXOr.toJSON().toString(1));
- }
- return claims2;
+ return jXOr;
}
private LogicBlock createLB(OA2FunctorFactory ff, String rawIf, String rawThen) {
jIf eppnIf = new jIf();
- JFunctor eppnExists = ff.create(rawIf);
+ JFunctor eppnExists = ff.create(rawIf);
eppnIf.addArg(eppnExists);
- JFunctor setFromEPPN = ff.create(rawThen);
+ JFunctor setFromEPPN = ff.create(rawThen);
jThen eppnThen = new jThen();
eppnThen.addArg(setFromEPPN);
- return new LogicBlock(ff,eppnIf, eppnThen);
+ return new LogicBlock(ff, eppnIf, eppnThen);
+ }
+
+ String rawJSON2="{\n" +
+ " \"config\": \"LSST client configuration, created by JeffGaynor 6/19/2018\",\n" +
+ " \"claims\": {\n" +
+ " \"sourceConfig\": [\n" +
+ " {\n" +
+ " \"ldap\": {\n" +
+ " \"preProcessing\": [\n" +
+ " {\n" +
+ " \"$if\": [\n" +
+ " {\n" +
+ " \"$match\": [\n" +
+ " \"${idp}\",\n" +
+ " \"https://idp.ncsa.illinois.edu/idp/shibboleth\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"$then\": [\n" +
+ " {\n" +
+ " \"$set\": [\n" +
+ " \"foo\",\n" +
+ " {\n" +
+ " \"$drop\": [\n" +
+ " \"@ncsa.illinois.edu\",\n" +
+ " \"${eppn}\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"$else\": [{\"$get_claims\": [\"$false\"]}]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"postProcessing\": [\n" +
+ " {\n" +
+ " \"$if\": [\n" +
+ " {\n" +
+ " \"$match\": [\n" +
+ " \"${idp}\",\n" +
+ " \"https://idp.ncsa.illinois.edu/idp/shibboleth\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"$then\": [\n" +
+ " {\n" +
+ " \"$set\": [\n" +
+ " \"sub\",\n" +
+ " {\"$get\": [\"eppn\"]}\n" +
+ " ]\n" +
+ " },\n" +
+ " {\"$exclude\": [\"foo\"]}\n" +
+ " ]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"failOnError\": \"false\",\n" +
+ " \"address\": \"ldap.ncsa.illinois.edu\",\n" +
+ " \"port\": 636,\n" +
+ " \"enabled\": \"true\",\n" +
+ " \"authorizationType\": \"none\",\n" +
+ " \"searchName\": \"foo\",\n" +
+ " \"searchAttributes\": [\n" +
+ " {\n" +
+ " \"name\": \"mail\",\n" +
+ " \"returnAsList\": false,\n" +
+ " \"returnName\": \"email\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"uid\",\n" +
+ " \"returnAsList\": false,\n" +
+ " \"returnName\": \"uid\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"uidNumber\",\n" +
+ " \"returnAsList\": false,\n" +
+ " \"returnName\": \"uidNumber\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"cn\",\n" +
+ " \"returnAsList\": false,\n" +
+ " \"returnName\": \"name\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"memberOf\",\n" +
+ " \"isGroup\": true,\n" +
+ " \"returnAsList\": false,\n" +
+ " \"returnName\": \"isMemberOf\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"searchBase\": \"ou=People,dc=ncsa,dc=illinois,dc=edu\",\n" +
+ " \"contextName\": \"\",\n" +
+ " \"ssl\": {\n" +
+ " \"tlsVersion\": \"TLS\",\n" +
+ " \"useJavaTrustStore\": true\n" +
+ " },\n" +
+ " \"name\": \"3258ed63b62d1a78\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"preProcessing\": [\n" +
+ " {\n" +
+ " \"$if\": [\"$true\"],\n" +
+ " \"$then\": [\n" +
+ " {\n" +
+ " \"$set_claim_source\": [\n" +
+ " \"LDAP\",\n" +
+ " \"3258ed63b62d1a78\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"postProcessing\": {\n" +
+ " \"$or\": [\n" +
+ " {\n" +
+ " \"$if\": [{\"$hasClaim\": [\"eppn\"]}],\n" +
+ " \"$then\": [\n" +
+ " {\n" +
+ " \"$set\": [\n" +
+ " \"voPersonExternalID\",\n" +
+ " {\"$get\": [\"eppn\"]}\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " },\n" +
+ " {\n" +
+ " \"$if\": [{\"$hasClaim\": [\"eptid\"]}],\n" +
+ " \"$then\": [\n" +
+ " {\n" +
+ " \"$set\": [\n" +
+ " \"voPersonExternalID\",\n" +
+ " {\"$get\": [\"eptid\"]}\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " },\n" +
+ " {\n" +
+ " \"$if\": [\n" +
+ " {\n" +
+ " \"$equals\": [\n" +
+ " {\"$get\": [\"idp\"]},\n" +
+ " \"http://github.com/login/oauth/authorize\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"$then\": [\n" +
+ " {\n" +
+ " \"$set\": [\n" +
+ " \"voPersonExternalID\",\n" +
+ " {\n" +
+ " \"$concat\": [\n" +
+ " {\"$get\": [\"oidc\"]},\n" +
+ " \"@github.com\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " },\n" +
+ " {\n" +
+ " \"$if\": [\n" +
+ " {\n" +
+ " \"$equals\": [\n" +
+ " {\"$get\": [\"idp\"]},\n" +
+ " \"http://google.com/accounts/o8/id\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"$then\": [\n" +
+ " {\n" +
+ " \"$set\": [\n" +
+ " \"voPersonExternalID\",\n" +
+ " {\n" +
+ " \"$concat\": [\n" +
+ " {\"$get\": [\"oidc\"]},\n" +
+ " \"@accounts.google.com\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " },\n" +
+ " {\n" +
+ " \"$if\": [\n" +
+ " {\n" +
+ " \"$equals\": [\n" +
+ " {\"$get\": [\"idp\"]},\n" +
+ " \"http://orcid.org/oauth/authorize\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ],\n" +
+ " \"$then\": [\n" +
+ " {\n" +
+ " \"$set\": [\n" +
+ " \"voPersonExternalID\",\n" +
+ " {\n" +
+ " \"$replace\": [\n" +
+ " {\"$get\": [\"oidc\"]},\n" +
+ " \"http://\",\n" +
+ " \"https://\"\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " }\n" +
+ " ]\n" +
+ " }\n" +
+ " },\n" +
+ " \"isSaved\": false\n" +
+ "}\n";
+
+ @Test
+ public void testLBXOr() throws Throwable {
+ String rawJSON = "{\"config\":\"LSST client configuration, created by JeffGaynor 6/19/2018\",\"claims\":{\"sourceConfig\":[{\"ldap\":{\"preProcessing\":[{\"$if\":[{\"$match\":[\"${idp}\",\"https://idp.ncsa.illinois.edu/idp/shibboleth\"]}],\"$then\":[{\"$set\":[\"foo\",{\"$drop\":[\"@ncsa.illinois.edu\",\"${eppn}\"]}]}],\"$else\":[{\"$get_claims\":[\"$false\"]}]}],\"postProcessing\":[{\"$if\":[{\"$match\":[\"${idp}\",\"https://idp.ncsa.illinois.edu/idp/shibboleth\"]}],\"$then\":[{\"$set\":[\"sub\",{\"$get\":[\"eppn\"]}]},{\"$exclude\":[\"foo\"]}]}],\"failOnError\":\"false\",\"address\":\"ldap.ncsa.illinois.edu\",\"port\":636,\"enabled\":\"true\",\"authorizationType\":\"none\",\"searchName\":\"foo\",\"searchAttributes\":[{\"name\":\"mail\",\"returnAsList\":false,\"returnName\":\"email\"},{\"name\":\"uid\",\"returnAsList\":false,\"returnName\":\"uid\"},{\"name\":\"uidNumber\",\"returnAsList\":false,\"returnName\":\"uidNumber\"},{\"name\":\"cn\",\"returnAsList\":false,\"returnName\":\"name\"},{\"name\":\"memberOf\",\"isGroup\":true,\"returnAsList\":false,\"returnName\":\"isMemberOf\"}],\"searchBase\":\"ou=People,dc=ncsa,dc=illinois,dc=edu\",\"contextName\":\"\",\"ssl\":{\"tlsVersion\":\"TLS\",\"useJavaTrustStore\":true},\"name\":\"3258ed63b62d1a78\"}}],\"preProcessing\":[{\"$if\":[\"$true\"],\"$then\":[{\"$set_claim_source\":[\"LDAP\",\"3258ed63b62d1a78\"]}]}]}," +
+ "\"postProcessing\":{\"$or\":[{\"$if\":[{\"$hasClaim\":[\"eppn\"]}],\"$then\":[{\"$set\":[\"voPersonExternalID\",{\"$get\":[\"eppn\"]}]}]},{\"$if\":[{\"$hasClaim\":[\"eptid\"]}],\"$then\":[{\"$set\":[\"voPersonExternalID\",{\"$get\":[\"eptid\"]}]}]},{\"$if\":[{\"$equals\":[{\"$get\":[\"idp\"]},\"http://github.com/login/oauth/authorize\"]}],\"$then\":[{\"$set\":[\"voPersonExternalID\",{\"$concat\":[{\"$get\":[\"oidc\"]},\"@github.com\"]}]}]},{\"$if\":[{\"$equals\":[{\"$get\":[\"idp\"]},\"http://google.com/accounts/o8/id\"]}],\"$then\":[{\"$set\":[\"voPersonExternalID\",{\"$concat\":[{\"$get\":[\"oidc\"]},\"@accounts.google.com\"]}]}]},{\"$if\":[{\"$equals\":[{\"$get\":[\"idp\"]},\"http://orcid.org/oauth/authorize\"]}],\"$then\":[{\"$set\":[\"voPersonExternalID\",{\"$replace\":[{\"$get\":[\"oidc\"]},\"http://\",\"https://\"]}]}]}]}," +
+ "\"isSaved\":false}";
+
+ JSONObject cfg = JSONObject.fromObject(rawJSON2);
+ System.out.println(cfg.toString(0));
+ // make a fake transaction so this is testable in jUnit.
+ JSONObject claims = createClaims();
+ // Put something in there so the test can work.
+ claims.put(IDP_CLAIM, "http://google.com/accounts/o8/id");
+ claims.put("oidc", getRandomString());
+
+ OA2FunctorFactory functorFactory = new OA2FunctorFactory(claims);
+ OA2ClientConfigurationFactory ff = new OA2ClientConfigurationFactory(functorFactory);
+ OA2ClientConfiguration clientConfiguration = ff.newInstance(cfg);
+ ff.createClaimSource(clientConfiguration, cfg);
+ System.out.println(clientConfiguration);
+
+ JSONObject postProcessing = OA2ClientConfigurationUtil.getClaimsPostProcessing(cfg);
+ //JSONObject postProcessing = cfg.getJSONObject("postProcessing");
+
+ //LDAPClaimsSource claimsSource = new LDAPClaimsSource(ldapConfiguration, null);
+ LogicBlocks postProcessor = functorFactory.createLogicBlock(postProcessing);
+ assert postProcessor instanceof ORLogicBlocks;
+ postProcessor.execute();
+ assert (boolean) postProcessor.getResult();
+ System.out.println("============= functor map from OR");
+ assert claims.containsKey(VOPersonKey);
+ System.out.println(VOPersonKey + "=" + claims.get(VOPersonKey));
}
}
diff --git a/oa4mp-server-test-oauth2/src/test/java/test/TestSuiteInitializer.java b/oa4mp-server-test-oauth2/src/test/java/test/TestSuiteInitializer.java
index 4a87b5069..599f6e169 100644
--- a/oa4mp-server-test-oauth2/src/test/java/test/TestSuiteInitializer.java
+++ b/oa4mp-server-test-oauth2/src/test/java/test/TestSuiteInitializer.java
@@ -83,7 +83,7 @@ public void init() {
try {
SATFactory.setAdminClientConverter(AdminClientStoreProviders.getAdminClientConverter());
- SATFactory.setClientConverter((ClientConverter) fsp.getClientStore().getACConverter());
+ SATFactory.setClientConverter((ClientConverter) fsp.getClientStore().getConverter());
} catch (Exception e) {
e.printStackTrace();
}
diff --git a/oa4mp-twofactor/buildNumber.properties b/oa4mp-twofactor/buildNumber.properties
index 8ec85b5b1..9b0e77769 100644
--- a/oa4mp-twofactor/buildNumber.properties
+++ b/oa4mp-twofactor/buildNumber.properties
@@ -1,3 +1,3 @@
#maven.buildNumber.plugin properties file
-#Mon Jun 18 11:49:29 CDT 2018
-buildNumber\\d*=941
+#Tue Jul 03 12:22:57 CDT 2018
+buildNumber\\d*=1035
diff --git a/oa4mp-webapp/pom.xml b/oa4mp-webapp/pom.xml
index b43aab946..98991e56f 100644
--- a/oa4mp-webapp/pom.xml
+++ b/oa4mp-webapp/pom.xml
@@ -16,19 +16,19 @@
mysql
mysql-connector-java
- 5.1.38
+ 8.0.11
provided
- postgresql
+ org.postgresql
postgresql
- 9.1-901-1.jdbc4
+ 42.2.2.jre7
provided
org.mariadb.jdbc
mariadb-java-client
- 1.4.0
+ 2.2.5
provided
diff --git a/oa4mp-website/src/site/resources/common/configuration/mariadb-store.xhtml b/oa4mp-website/src/site/resources/common/configuration/mariadb-store.xhtml
index d542dafe3..eb147e343 100644
--- a/oa4mp-website/src/site/resources/common/configuration/mariadb-store.xhtml
+++ b/oa4mp-website/src/site/resources/common/configuration/mariadb-store.xhtml
@@ -72,6 +72,15 @@
(none) |
An optional prefix for the table. |
+
+ | parameters |
+ N |
+ (none) |
+ An optional extra set of parameters to pass to the JDBC driver. This is of the form
+ key0=value0&key1=value1&key2=value2... Note that each key/value pair is separated with an ampersand.
+ Note that OA4MP does all connections using UTF8 so that parameter is always added.
+ |
+
| useSSL |
N |
diff --git a/oa4mp-website/src/site/resources/common/configuration/mysql-store.xhtml b/oa4mp-website/src/site/resources/common/configuration/mysql-store.xhtml
index d35ea53c9..63154f010 100644
--- a/oa4mp-website/src/site/resources/common/configuration/mysql-store.xhtml
+++ b/oa4mp-website/src/site/resources/common/configuration/mysql-store.xhtml
@@ -72,6 +72,15 @@
(none) |
An optional prefix for the table. |
+
+ | parameters |
+ N |
+ (none) |
+ An optional extra set of parameters to pass to the JDBC driver. This is of the form
+ key0=value0&key1=value1&key2=value2... Note that each key/value pair is separated with an ampersand.
+ Note that OA4MP does all connections using UTF8 so that parameter is always added.
+ |
+
| useSSL |
N |
@@ -103,7 +112,8 @@ read the comments since you may want to customize them to fit your installation.
password="bar"
schema="atmos"
database="climate"
- useSSL="true">
+ useSSL="true"
+ parameters="parameters="useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=America/Chicago"">
<transactions/>
</mysql>
<!-- other stuff -->
@@ -112,7 +122,9 @@ read the comments since you may want to customize them to fit your installation.
In this example, there is a mysql store for the transactions only which uses the given username and password to
-connect over SSL.
+connect over SSL. A set of parameters is passed in to fix a bug whereby the system timezone is incorrectly gotten
+from the operating system, so it must be specifically set for all connections. Note that in the configuration file that
+the ampersand is written out as &.
Example 2.
diff --git a/oa4mp-website/src/site/resources/common/configuration/postgres-store.xhtml b/oa4mp-website/src/site/resources/common/configuration/postgres-store.xhtml
index 4cd7349d4..d9e4ffbe1 100644
--- a/oa4mp-website/src/site/resources/common/configuration/postgres-store.xhtml
+++ b/oa4mp-website/src/site/resources/common/configuration/postgres-store.xhtml
@@ -79,6 +79,15 @@
(none) |
An optional prefix for the table. |
+
+ | parameters |
+ N |
+ (none) |
+ An optional extra set of parameters to pass to the JDBC driver. This is of the form
+ key0=value0&key1=value1&key2=value2... Note that each key/value pair is separated with an ampersand.
+ Note that OA4MP does all connections using UTF8 so that parameter is always added.
+ |
+
| useSSL |
N |
diff --git a/oa4mp-website/src/site/resources/server/dtd/server-dtd-service-tag.xhtml b/oa4mp-website/src/site/resources/server/dtd/server-dtd-service-tag.xhtml
index 56ade00c6..1525a6a0a 100644
--- a/oa4mp-website/src/site/resources/server/dtd/server-dtd-service-tag.xhtml
+++ b/oa4mp-website/src/site/resources/server/dtd/server-dtd-service-tag.xhtml
@@ -48,6 +48,25 @@
would be the external-facing address.
+
+ | pollingDirectory |
+ N |
+ N/A |
+ This enables polling for client approvals. The meaning of this is
+ that if there is a command line interface (CLI) which approves a client, a specific file is written
+ to this directory which will be read at intervals by the server, telling it that a new approval has been
+ written. This is because once a client configuration is loaded, it stays in memory. To disable this feature,
+ do not set this. Note that the CLI should use the same configuration as the server.
+ |
+
+
+ | pollingInterval |
+ N |
+ N/A |
+ How frequently the polling directory will be accessed for new approvals.
+ Note that this is ignored if polling is not enabled.
+ |
+
| debug |
N |
@@ -144,33 +163,33 @@
- | issuer |
- N |
- (none) |
- OAuth 2 specific.
- The global default for the issuer. That is to say, this will be returned in the claims to the
- client. Note that this may be overridden by an administrative client or the client itself.
- |
-
-
- | scheme |
- N |
- myproxy |
- This sets the scheme for all identifiers (such as client ids) that are
- created by the system. The format of an identifier is
- scheme:specificPart:...
- the default (as of version 4.0 still) is myproxy:oa4mp,2012:... After this is a hierarchical
- name for the component.
- |
-
-
- | schemeSpecificPart |
- N |
- oa4mp,2012 |
- This sets the scheme specific part for the identifiers. Note that if this is
- omitted then the default is used. If you wish to suppress this, set it equal to "".
- |
-
+ issuer |
+ N |
+ (none) |
+ OAuth 2 specific.
+ The global default for the issuer. That is to say, this will be returned in the claims to the
+ client. Note that this may be overridden by an administrative client or the client itself.
+ |
+
+
+ | scheme |
+ N |
+ myproxy |
+ This sets the scheme for all identifiers (such as client ids) that are
+ created by the system. The format of an identifier is
+ scheme:specificPart:...
+ the default (as of version 4.0 still) is myproxy:oa4mp,2012:... After this is a hierarchical
+ name for the component.
+ |
+
+
+ | schemeSpecificPart |
+ N |
+ oa4mp,2012 |
+ This sets the scheme specific part for the identifiers. Note that if this is
+ omitted then the default is used. If you wish to suppress this, set it equal to "".
+ |
+
The name can be anything. The name of the configuration to use may be
@@ -220,12 +239,13 @@
first one, the number of new client registration is limited to 25 unappproved ones and the client secret
is 300 bytes which translates into 400 characters when Base64 encoded. Also, there is some
network address translation going on, so that the address tag is explicitly given.
- This also specifies that the client identifiers are of the form
- cern:/client_id/...
- where the scheme has been set to "cern" but the scheme specific part (SPP) is to be omitted. Note that if the
- SPP were omitted, then the default would be used and the resulting id would be
-
- cern:oa4mp,2012:/client_id/....
+
+This also specifies that the client identifiers are of the form
+cern:/client_id/...
+where the scheme has been set to "cern" but the scheme specific part (SPP) is to be omitted. Note that if the
+ SPP were omitted, then the default would be used and the resulting id would be
+
+cern:oa4mp,2012:/client_id/....