diff --git a/catalog/core/catalog-core-directorymonitor/pom.xml b/catalog/core/catalog-core-directorymonitor/pom.xml
index d2b2b8ea2e36..89a81ea85a27 100644
--- a/catalog/core/catalog-core-directorymonitor/pom.xml
+++ b/catalog/core/catalog-core-directorymonitor/pom.xml
@@ -278,7 +278,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
test
diff --git a/catalog/plugin/catalog-plugin-oauth/pom.xml b/catalog/plugin/catalog-plugin-oauth/pom.xml
index bee1b91489a0..bbc9c22f3cd2 100644
--- a/catalog/plugin/catalog-plugin-oauth/pom.xml
+++ b/catalog/plugin/catalog-plugin-oauth/pom.xml
@@ -122,6 +122,7 @@
siv-mode
+ !jakarta.servlet.*,
org.codice.ddf.security.token.storage.api,
net.minidev.*;version="${json-smart.version}",
*
@@ -142,7 +143,7 @@
- 2.9_MB
+ 3.2_MB
diff --git a/catalog/rest/catalog-rest-endpoint/src/test/java/org/codice/ddf/endpoints/rest/it/RestEndpointIT.java b/catalog/rest/catalog-rest-endpoint/src/test/java/org/codice/ddf/endpoints/rest/it/RestEndpointIT.java
index d62637b50c2a..56d0f08a8fe5 100644
--- a/catalog/rest/catalog-rest-endpoint/src/test/java/org/codice/ddf/endpoints/rest/it/RestEndpointIT.java
+++ b/catalog/rest/catalog-rest-endpoint/src/test/java/org/codice/ddf/endpoints/rest/it/RestEndpointIT.java
@@ -203,7 +203,7 @@ protected ApplicationOptions getApplicationOptions(PortFinder portFinder) {
@Override
protected BundleOption getBundleOptions() {
return super.getBundleOptions()
- .add("org.bouncycastle", "bcprov-jdk15on")
+ .add("org.bouncycastle", "bcprov-jdk18on")
.add("ddf.catalog.transformer", "catalog-transformer-attribute")
.add("ddf.catalog.core", "catalog-core-attachment")
.add("ddf.catalog.rest", "catalog-rest-api")
diff --git a/catalog/spatial/csw/spatial-csw-source-common/pom.xml b/catalog/spatial/csw/spatial-csw-source-common/pom.xml
index 4fb3f0a6f2ed..cb74a3dcb408 100644
--- a/catalog/spatial/csw/spatial-csw-source-common/pom.xml
+++ b/catalog/spatial/csw/spatial-csw-source-common/pom.xml
@@ -192,7 +192,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
diff --git a/catalog/transformer/catalog-transformer-common/src/main/java/ddf/catalog/transformer/common/tika/MetacardCreator.java b/catalog/transformer/catalog-transformer-common/src/main/java/ddf/catalog/transformer/common/tika/MetacardCreator.java
index b61836ea076e..1b5a1a5c0698 100644
--- a/catalog/transformer/catalog-transformer-common/src/main/java/ddf/catalog/transformer/common/tika/MetacardCreator.java
+++ b/catalog/transformer/catalog-transformer-common/src/main/java/ddf/catalog/transformer/common/tika/MetacardCreator.java
@@ -169,7 +169,7 @@ public static Metacard createMetacard(
setAttribute(metacard, Contact.CREATOR_NAME, metadata.get(TikaCoreProperties.CREATOR));
- setMultipleAttributes(metacard, Topic.KEYWORD, metadata.getValues(DublinCore.SUBJECT));
+ setMultipleAttributes(metacard, Topic.KEYWORD, metadata.getValues(TikaCoreProperties.SUBJECT));
setAttribute(
metacard,
diff --git a/catalog/transformer/catalog-transformer-common/src/main/java/ddf/catalog/transformer/common/tika/handler/BodyAndMetadataContentHandler.java b/catalog/transformer/catalog-transformer-common/src/main/java/ddf/catalog/transformer/common/tika/handler/BodyAndMetadataContentHandler.java
index b857d394dc86..c92c293c1713 100644
--- a/catalog/transformer/catalog-transformer-common/src/main/java/ddf/catalog/transformer/common/tika/handler/BodyAndMetadataContentHandler.java
+++ b/catalog/transformer/catalog-transformer-common/src/main/java/ddf/catalog/transformer/common/tika/handler/BodyAndMetadataContentHandler.java
@@ -154,7 +154,7 @@ public String getMetadataText() {
}
private void handleException(SAXException se) throws SAXException {
- if (WriteLimitReachedException.isWriteLimitReached(se)) {
+ if (se instanceof WriteLimitReachedException) {
bodyWriteLimitReached = true;
} else {
throw se;
diff --git a/catalog/transformer/catalog-transformer-pdf/pom.xml b/catalog/transformer/catalog-transformer-pdf/pom.xml
index 4e9ac2277bf1..1b1f9c51af86 100644
--- a/catalog/transformer/catalog-transformer-pdf/pom.xml
+++ b/catalog/transformer/catalog-transformer-pdf/pom.xml
@@ -67,17 +67,17 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
org.bouncycastle
- bcmail-jdk15on
+ bcmail-jdk18on
${bouncy.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bouncy.version}
@@ -90,8 +90,7 @@
org.apache.tika
- tika-parsers
- pom
+ tika-parsers-standard-package
test
@@ -110,6 +109,8 @@
!com.ibm.icu.text,
!org.apache.pdfbox.debugger.*,
sun.java2d.cmm.kcms;resolution:=optional,
+ picocli;resolution:=optional,
+ sun.print;resolution:=optional,
*
diff --git a/catalog/transformer/catalog-transformer-pdf/src/main/java/ddf/catalog/transformer/input/pdf/GeoPdfParserImpl.java b/catalog/transformer/catalog-transformer-pdf/src/main/java/ddf/catalog/transformer/input/pdf/GeoPdfParserImpl.java
index 0822c28eac72..76ba8cebbd25 100644
--- a/catalog/transformer/catalog-transformer-pdf/src/main/java/ddf/catalog/transformer/input/pdf/GeoPdfParserImpl.java
+++ b/catalog/transformer/catalog-transformer-pdf/src/main/java/ddf/catalog/transformer/input/pdf/GeoPdfParserImpl.java
@@ -70,7 +70,6 @@ public class GeoPdfParserImpl implements GeoPdfParser {
*/
@Override
public String apply(PDDocument pdfDocument) throws IOException {
- ToDoubleVisitor toDoubleVisitor = new ToDoubleVisitor();
LinkedList polygons = new LinkedList<>();
for (PDPage pdPage : pdfDocument.getPages()) {
@@ -82,7 +81,7 @@ public String apply(PDDocument pdfDocument) throws IOException {
if (lgiDictObject instanceof COSArray) {
for (int i = 0; i < ((COSArray) lgiDictObject).size(); i++) {
COSDictionary lgidict =
- (COSDictionary) cosObject.getObjectFromPath(LGIDICT + "/[" + i + "]");
+ (COSDictionary) cosObject.getObjectFromPath(LGIDICT + "/\\[" + i + "\\]");
COSDictionary projectionArray = (COSDictionary) lgidict.getDictionaryObject(PROJECTION);
if (projectionArray != null) {
@@ -90,8 +89,8 @@ public String apply(PDDocument pdfDocument) throws IOException {
((COSString) projectionArray.getItem(PROJECTION_TYPE)).getString();
if (GEOGRAPHIC.equals(projectionType)) {
COSArray neatlineArray =
- (COSArray) cosObject.getObjectFromPath(LGIDICT + "/[" + i + "]/" + NEATLINE);
- getWktFromNeatLine(lgidict, neatlineArray, toDoubleVisitor).ifPresent(polygons::add);
+ (COSArray) cosObject.getObjectFromPath(LGIDICT + "/\\[" + i + "\\]/" + NEATLINE);
+ getWktFromNeatLine(lgidict, neatlineArray).ifPresent(polygons::add);
} else {
LOGGER.debug(
"Unsupported projection type {}. Map Frame will be skipped.", projectionType);
@@ -114,7 +113,7 @@ public String apply(PDDocument pdfDocument) throws IOException {
neatlineArray = generateNeatLineFromPDFDimensions(pdPage);
}
- getWktFromNeatLine(lgidict, neatlineArray, toDoubleVisitor).ifPresent(polygons::add);
+ getWktFromNeatLine(lgidict, neatlineArray).ifPresent(polygons::add);
} else {
LOGGER.debug(
"Unsupported projection type {}. Map Frame will be skipped.", projectionType);
@@ -184,22 +183,22 @@ private String point2dToWkt(Point2D point2D) {
*
* @param lgidict - The PDF's LGIDict object
* @param neatLineArray - The NeatLine array of points for the PDF
- * @param toDoubleVisitor - A visitor that converts PDF Strings / Ints / Longs into doubles.
* @return the generated WKT Lat/Lon set
* @throws IOException
*/
- private Optional getWktFromNeatLine(
- COSDictionary lgidict, COSArray neatLineArray, ICOSVisitor toDoubleVisitor)
+ private Optional getWktFromNeatLine(COSDictionary lgidict, COSArray neatLineArray)
throws IOException {
List neatline = new LinkedList<>();
List coordinateList = new LinkedList<>();
String firstCoordinate = null;
+ ToDoubleVisitor toDoubleVisitor = new ToDoubleVisitor();
double[] points = new double[CTM_SIZE];
for (int i = 0; i < CTM_SIZE; i++) {
- Object obj = lgidict.getObjectFromPath(CTM + "/[" + i + "]").accept(toDoubleVisitor);
- if (obj != null) {
- points[i] = (Double) obj;
+ lgidict.getObjectFromPath(CTM + "/\\[" + i + "\\]").accept(toDoubleVisitor);
+ Double value = toDoubleVisitor.getDouble();
+ if (value != null) {
+ points[i] = value;
} else {
return Optional.empty();
}
@@ -207,7 +206,8 @@ private Optional getWktFromNeatLine(
AffineTransform affineTransform = new AffineTransform(points);
for (int i = 0; i < neatLineArray.size(); i++) {
- neatline.add((Double) neatLineArray.get(i).accept(toDoubleVisitor));
+ neatLineArray.get(i).accept(toDoubleVisitor);
+ neatline.add(toDoubleVisitor.getDouble());
}
for (int i = 0; i < neatline.size(); i += 2) {
@@ -234,54 +234,64 @@ private Optional getWktFromNeatLine(
/** This visitor class converts parsable COS Objects into {@link Double}s */
private static class ToDoubleVisitor implements ICOSVisitor {
+ Double doubleValue = null;
+
+ public Double getDouble() {
+ return doubleValue;
+ }
+
@Override
- public Object visitFromArray(COSArray cosArray) throws IOException {
- return null;
+ public void visitFromArray(COSArray cosArray) throws IOException {
+ doubleValue = null;
}
@Override
- public Object visitFromBoolean(COSBoolean cosBoolean) throws IOException {
- return null;
+ public void visitFromBoolean(COSBoolean cosBoolean) throws IOException {
+ doubleValue = null;
}
@Override
- public Object visitFromDictionary(COSDictionary cosDictionary) throws IOException {
- return null;
+ public void visitFromDictionary(COSDictionary cosDictionary) throws IOException {
+ doubleValue = null;
}
@Override
- public Object visitFromDocument(COSDocument cosDocument) throws IOException {
- return null;
+ public void visitFromDocument(COSDocument cosDocument) throws IOException {
+ doubleValue = null;
}
@Override
- public Object visitFromFloat(COSFloat cosFloat) throws IOException {
- return cosFloat.doubleValue();
+ public void visitFromFloat(COSFloat cosFloat) throws IOException {
+ doubleValue = ((Number) (cosFloat.floatValue())).doubleValue();
}
@Override
- public Object visitFromInt(COSInteger cosInteger) throws IOException {
- return (double) cosInteger.longValue();
+ public void visitFromInt(COSInteger cosInteger) throws IOException {
+ doubleValue = (double) cosInteger.longValue();
}
@Override
- public Object visitFromName(COSName cosName) throws IOException {
- return null;
+ public void visitFromName(COSName cosName) throws IOException {
+ doubleValue = null;
}
@Override
- public Object visitFromNull(COSNull cosNull) throws IOException {
- return null;
+ public void visitFromNull(COSNull cosNull) throws IOException {
+ doubleValue = null;
}
@Override
- public Object visitFromStream(COSStream cosStream) throws IOException {
- return null;
+ public void visitFromStream(COSStream cosStream) throws IOException {
+ doubleValue = null;
}
@Override
- public Object visitFromString(COSString cosString) throws IOException {
- return Double.valueOf(cosString.getString());
+ public void visitFromString(COSString cosString) throws IOException {
+ try {
+ doubleValue = Double.valueOf(cosString.getString());
+ } catch (NumberFormatException e) {
+ doubleValue = null;
+ }
}
}
}
diff --git a/catalog/transformer/catalog-transformer-pdf/src/main/java/ddf/catalog/transformer/input/pdf/PDDocumentGeneratorImpl.java b/catalog/transformer/catalog-transformer-pdf/src/main/java/ddf/catalog/transformer/input/pdf/PDDocumentGeneratorImpl.java
index 5f0b498d4b15..9c5ecfdc612f 100644
--- a/catalog/transformer/catalog-transformer-pdf/src/main/java/ddf/catalog/transformer/input/pdf/PDDocumentGeneratorImpl.java
+++ b/catalog/transformer/catalog-transformer-pdf/src/main/java/ddf/catalog/transformer/input/pdf/PDDocumentGeneratorImpl.java
@@ -15,11 +15,13 @@
import java.io.IOException;
import java.io.InputStream;
+import org.apache.pdfbox.Loader;
+import org.apache.pdfbox.io.RandomAccessReadBuffer;
import org.apache.pdfbox.pdmodel.PDDocument;
public class PDDocumentGeneratorImpl implements PDDocumentGenerator {
@Override
public PDDocument apply(InputStream inputStream) throws IOException {
- return PDDocument.load(inputStream);
+ return Loader.loadPDF(new RandomAccessReadBuffer(inputStream));
}
}
diff --git a/catalog/transformer/catalog-transformer-pptx/pom.xml b/catalog/transformer/catalog-transformer-pptx/pom.xml
index 949e5ce5d0ac..d68b114e1a8a 100644
--- a/catalog/transformer/catalog-transformer-pptx/pom.xml
+++ b/catalog/transformer/catalog-transformer-pptx/pom.xml
@@ -69,12 +69,12 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bouncy.version}
diff --git a/catalog/transformer/catalog-transformer-tika-input/pom.xml b/catalog/transformer/catalog-transformer-tika-input/pom.xml
index 755039b7b9c2..7d6a97d0b397 100644
--- a/catalog/transformer/catalog-transformer-tika-input/pom.xml
+++ b/catalog/transformer/catalog-transformer-tika-input/pom.xml
@@ -49,12 +49,6 @@
poi-scratchpad
${poi.version}
-
- org.apache.tika
- tika-parsers
- pom
- ${tika.version}
-
org.apache.tika
tika-parsers-standard-package
diff --git a/catalog/transformer/catalog-transformer-video-input/pom.xml b/catalog/transformer/catalog-transformer-video-input/pom.xml
index 7f80c96bfea7..d6b91d3d4dac 100644
--- a/catalog/transformer/catalog-transformer-video-input/pom.xml
+++ b/catalog/transformer/catalog-transformer-video-input/pom.xml
@@ -35,8 +35,7 @@
org.apache.tika
- tika-parsers
- pom
+ tika-parsers-standard-package
net.sf.saxon
diff --git a/distribution/kernel/pom.xml b/distribution/kernel/pom.xml
index eebf804ce7fd..ab536c093f27 100644
--- a/distribution/kernel/pom.xml
+++ b/distribution/kernel/pom.xml
@@ -116,21 +116,21 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
${setup.folder}/jdk9plus
bcprov-${bouncy.version}.jar
org.bouncycastle
- bcmail-jdk15on
+ bcmail-jdk18on
${bouncy.version}
${setup.folder}/jdk9plus
bcmail-${bouncy.version}.jar
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bouncy.version}
${setup.folder}/jdk9plus
bcpkix-${bouncy.version}.jar
diff --git a/features/security/src/main/feature/feature.xml b/features/security/src/main/feature/feature.xml
index 98e43e09e251..141f22cab6a1 100644
--- a/features/security/src/main/feature/feature.xml
+++ b/features/security/src/main/feature/feature.xml
@@ -23,16 +23,17 @@
mvn:ddf.features/branding/${project.version}/xml/features
mvn:ddf.features/camel-karaf/${project.version}/xml/features
-
wrap
pax-web-http-whiteboard
pax-web-jetty-websockets
scr
+ spring
- jackson
+ jackson
wss4j
cxf-ws-security
cxf-jaxrs
@@ -53,6 +54,7 @@
mvn:org.apache.shiro/shiro-core/${apache.shiro.version}
mvn:com.sun.mail/jakarta.mail/${jakarta.mail.version}
+ mvn:org.apache.commons/commons-text/${commons-text.version}
@@ -168,6 +193,11 @@
fontbox
${pdfbox.version}
+
+ org.apache.pdfbox
+ pdfbox-io
+ ${pdfbox.version}
+
de.rototor.pdfbox
graphics2d
diff --git a/features/utilities/src/main/feature/feature.xml b/features/utilities/src/main/feature/feature.xml
index 75992e9ae103..7f0e944dc30d 100644
--- a/features/utilities/src/main/feature/feature.xml
+++ b/features/utilities/src/main/feature/feature.xml
@@ -18,6 +18,7 @@
mvn:ddf.features/kernel/${project.version}/xml/features
mvn:org.apache.karaf.features/spring/${karaf.version}/xml/features
+ mvn:org.apache.karaf.features/specs/${karaf.version}/xml/features
@@ -86,6 +87,7 @@
common-system
slf4j
platform-util
+ mvn:commons-io/commons-io/${commons-io.version}
mvn:ddf.mime.core/mime-core-impl/${project.version}
mvn:ddf.mime.core/mime-core-configurableresolver/${project.version}
mvn:org.apache.tika/tika-core/${tika.version}
@@ -187,11 +189,34 @@
wrap
- jackson
+ jackson
+ spifly
+ mvn:commons-io/commons-io/${commons-io.version}
mvn:com.github.luben/zstd-jni/${zstd-jni.version}
- wrap:mvn:net.sf.jwordnet/jwnl/${jwnl.version}
mvn:org.apache.tika/tika-core/${tika.version}
- mvn:org.apache.tika/tika-bundle-standard/${tika.version}
+ wrap:mvn:org.apache.tika/tika-bundle-standard/${tika.version}$overwrite=merge&Import-Package=!org.junit,!org.junit.*,!junit.*,org.github.javaparser.resolution.*;resolution:=optional,org.apache.tika.*,org.slf4j,org.slf4j.event,org.slf4j.helpers,*;resolution:=optional
+ mvn:org.apache.tika/tika-parser-apple-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-audiovideo-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-cad-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-code-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-crypto-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-digest-commons/${tika.version}
+ mvn:org.apache.tika/tika-parser-font-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-html-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-image-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-jdbc-commons/${tika.version}
+ mvn:org.apache.tika/tika-parser-mail-commons/${tika.version}
+ mvn:org.apache.tika/tika-parser-mail-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-microsoft-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-miscoffice-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-news-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-ocr-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-pdf-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-pkg-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-text-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-xml-module/${tika.version}
+ mvn:org.apache.tika/tika-parser-xmp-commons/${tika.version}
+ mvn:org.apache.tika/tika-parser-zip-commons/${tika.version}
@@ -204,6 +229,7 @@
mvn:com.fasterxml.jackson.core/jackson-core/${jackson.version}
mvn:com.fasterxml.jackson.core/jackson-annotations/${jackson.version}
mvn:com.fasterxml.jackson.core/jackson-databind/${jackson.version}
+ mvn:com.fasterxml.jackson.datatype/jackson-datatype-jsr310/${jackson.version}
@@ -220,6 +246,7 @@
wrap:mvn:org.apache.xmlgraphics/xmlgraphics-commons/2.7
mvn:org.apache.pdfbox/pdfbox/${pdfbox.version}
mvn:org.apache.pdfbox/fontbox/${pdfbox.version}
+ mvn:org.apache.pdfbox/pdfbox-io/${pdfbox.version}
wrap:mvn:de.rototor.pdfbox/graphics2d/0.38
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.poi/${servicemix.bundles.poi.version}
diff --git a/libs/klv/pom.xml b/libs/klv/pom.xml
index 16d6770e2204..d71499c2c091 100644
--- a/libs/klv/pom.xml
+++ b/libs/klv/pom.xml
@@ -45,11 +45,6 @@
${commons-lang.version}
test
-
- org.apache.tika
- tika-parsers
- pom
-
org.apache.tika
tika-parsers-standard-package
diff --git a/platform/mime/tika/platform-mime-tika-resolver/pom.xml b/platform/mime/tika/platform-mime-tika-resolver/pom.xml
index 6d79e7b043e9..afd5be60d608 100644
--- a/platform/mime/tika/platform-mime-tika-resolver/pom.xml
+++ b/platform/mime/tika/platform-mime-tika-resolver/pom.xml
@@ -71,8 +71,7 @@
javax.xml.transform.dom,
javax.xml.transform.sax,
org.apache.commons.lang,
- org.apache.commons.io,
- org.apache.commons.io.input,
+ org.apache.commons.io.*,
org.slf4j,
org.slf4j.ext,
org.osgi.framework,
diff --git a/platform/osgi/platform-osgi-conditions/pom.xml b/platform/osgi/platform-osgi-conditions/pom.xml
index 00c778755497..e05e8fe629a0 100644
--- a/platform/osgi/platform-osgi-conditions/pom.xml
+++ b/platform/osgi/platform-osgi-conditions/pom.xml
@@ -39,7 +39,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
diff --git a/platform/osgi/platform-osgi-conditions/src/main/java/org/codice/ddf/condition/SignerCondition.java b/platform/osgi/platform-osgi-conditions/src/main/java/org/codice/ddf/condition/SignerCondition.java
index e9c15f08c86e..e5e0b93dbcb4 100644
--- a/platform/osgi/platform-osgi-conditions/src/main/java/org/codice/ddf/condition/SignerCondition.java
+++ b/platform/osgi/platform-osgi-conditions/src/main/java/org/codice/ddf/condition/SignerCondition.java
@@ -139,8 +139,8 @@ private String getIdentifyFromBytes(byte[] itemBytes) {
try (ASN1InputStream decoder = new ASN1InputStream(itemBytes)) {
ASN1Encodable encoded = decoder.readObject();
encoded = ((DERSequence) encoded).getObjectAt(1);
- encoded = ((DERTaggedObject) encoded).getObject();
- encoded = ((DERTaggedObject) encoded).getObject();
+ encoded = ((DERTaggedObject) encoded).getBaseObject();
+ encoded = ((DERTaggedObject) encoded).getBaseObject();
return ((DERUTF8String) encoded).getString();
} catch (IOException e) {
return "";
diff --git a/platform/security/certificate/security-certificate-generator/pom.xml b/platform/security/certificate/security-certificate-generator/pom.xml
index 698135267aef..1cfb4b270a6a 100644
--- a/platform/security/certificate/security-certificate-generator/pom.xml
+++ b/platform/security/certificate/security-certificate-generator/pom.xml
@@ -26,12 +26,12 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bouncy.version}
@@ -133,7 +133,7 @@
- 12.7_MB
+ 13.2_MB
diff --git a/platform/security/certificate/security-certificate-keystoreeditor/pom.xml b/platform/security/certificate/security-certificate-keystoreeditor/pom.xml
index b3bbc67b2cae..e3b21bdff146 100644
--- a/platform/security/certificate/security-certificate-keystoreeditor/pom.xml
+++ b/platform/security/certificate/security-certificate-keystoreeditor/pom.xml
@@ -37,12 +37,12 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bouncy.version}
diff --git a/platform/security/certificate/security-ocsp-checker/pom.xml b/platform/security/certificate/security-ocsp-checker/pom.xml
index f9c63d5395ac..0c938e40f663 100644
--- a/platform/security/certificate/security-ocsp-checker/pom.xml
+++ b/platform/security/certificate/security-ocsp-checker/pom.xml
@@ -56,7 +56,12 @@
org.bouncycastle
bcpkix-jdk15on
- ${bouncy.version}
+ 1.70
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ 1.70
org.slf4j
diff --git a/platform/security/claims/security-claims-ldap/pom.xml b/platform/security/claims/security-claims-ldap/pom.xml
index cb1c6c166e47..c38d6b28a5ed 100644
--- a/platform/security/claims/security-claims-ldap/pom.xml
+++ b/platform/security/claims/security-claims-ldap/pom.xml
@@ -56,7 +56,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
diff --git a/platform/security/core/security-core-impl/pom.xml b/platform/security/core/security-core-impl/pom.xml
index b8a643fc82c1..92a7dd80bb54 100644
--- a/platform/security/core/security-core-impl/pom.xml
+++ b/platform/security/core/security-core-impl/pom.xml
@@ -123,7 +123,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
@@ -171,7 +171,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
@@ -181,7 +181,7 @@
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bouncy.version}
diff --git a/platform/security/core/security-core-services/pom.xml b/platform/security/core/security-core-services/pom.xml
index c1ff768ac4e6..5f4747e66717 100644
--- a/platform/security/core/security-core-services/pom.xml
+++ b/platform/security/core/security-core-services/pom.xml
@@ -221,7 +221,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
diff --git a/platform/security/filter/security-filter-login/pom.xml b/platform/security/filter/security-filter-login/pom.xml
index a88b21b8f769..33e0394c67b3 100644
--- a/platform/security/filter/security-filter-login/pom.xml
+++ b/platform/security/filter/security-filter-login/pom.xml
@@ -90,12 +90,12 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bouncy.version}
diff --git a/platform/security/handler/security-handler-oauth/pom.xml b/platform/security/handler/security-handler-oauth/pom.xml
index 1b2f4194489c..a3451f249498 100644
--- a/platform/security/handler/security-handler-oauth/pom.xml
+++ b/platform/security/handler/security-handler-oauth/pom.xml
@@ -55,6 +55,11 @@
pac4j-core
${pac4j.version}
+
+ org.pac4j
+ pac4j-javaee
+ ${pac4j.version}
+
org.pac4j
pac4j-oidc
diff --git a/platform/security/handler/security-handler-oauth/src/main/java/org/codice/ddf/security/handler/oauth/CustomOAuthCredentialsExtractor.java b/platform/security/handler/security-handler-oauth/src/main/java/org/codice/ddf/security/handler/oauth/CustomOAuthCredentialsExtractor.java
index e16e1bf42fb2..2b1fd5d161ab 100644
--- a/platform/security/handler/security-handler-oauth/src/main/java/org/codice/ddf/security/handler/oauth/CustomOAuthCredentialsExtractor.java
+++ b/platform/security/handler/security-handler-oauth/src/main/java/org/codice/ddf/security/handler/oauth/CustomOAuthCredentialsExtractor.java
@@ -17,7 +17,6 @@
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
-import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import org.pac4j.core.context.WebContext;
@@ -33,27 +32,24 @@ public class CustomOAuthCredentialsExtractor {
public OidcCredentials getOauthCredentialsAsOidcCredentials(final WebContext context) {
OidcCredentials credentials = new OidcCredentials();
- try {
- final String codeParam =
- context.getRequestParameter(OAuth20Configuration.OAUTH_CODE).orElse(null);
- if (codeParam != null) {
- credentials.setCode(
- new AuthorizationCode(URLDecoder.decode(codeParam, StandardCharsets.UTF_8.name())));
- } else {
- LOGGER.debug("No OAuth2 code found on request.");
- }
+ final String codeParam =
+ context.getRequestParameter(OAuth20Configuration.OAUTH_CODE).orElse(null);
+ if (codeParam != null) {
+ credentials.setCode(
+ new AuthorizationCode(URLDecoder.decode(codeParam, StandardCharsets.UTF_8)).getValue());
+ } else {
+ LOGGER.debug("No OAuth2 code found on request.");
+ }
- final String accessTokenParam = context.getRequestParameter("access_token").orElse(null);
- final String accessTokenHeader = getAccessTokenFromHeader(context);
- final String accessToken = accessTokenParam != null ? accessTokenParam : accessTokenHeader;
- if (isNotBlank(accessToken)) {
- credentials.setAccessToken(
- new BearerAccessToken(URLDecoder.decode(accessToken, StandardCharsets.UTF_8.name())));
- } else {
- LOGGER.debug("No OAuth2 access token found on request.");
- }
- } catch (UnsupportedEncodingException e) {
- LOGGER.debug("Error decoding the authorization code/access token from url parameters.", e);
+ final String accessTokenParam = context.getRequestParameter("access_token").orElse(null);
+ final String accessTokenHeader = getAccessTokenFromHeader(context);
+ final String accessToken = accessTokenParam != null ? accessTokenParam : accessTokenHeader;
+ if (isNotBlank(accessToken)) {
+ credentials.setAccessToken(
+ new BearerAccessToken(URLDecoder.decode(accessToken, StandardCharsets.UTF_8))
+ .toJSONObject());
+ } else {
+ LOGGER.debug("No OAuth2 access token found on request.");
}
return credentials;
diff --git a/platform/security/handler/security-handler-oauth/src/main/java/org/codice/ddf/security/handler/oauth/OAuthHandler.java b/platform/security/handler/security-handler-oauth/src/main/java/org/codice/ddf/security/handler/oauth/OAuthHandler.java
index 18da03a73bea..ce206cfd5513 100644
--- a/platform/security/handler/security-handler-oauth/src/main/java/org/codice/ddf/security/handler/oauth/OAuthHandler.java
+++ b/platform/security/handler/security-handler-oauth/src/main/java/org/codice/ddf/security/handler/oauth/OAuthHandler.java
@@ -25,7 +25,7 @@
import org.codice.ddf.security.handler.api.AuthenticationHandler;
import org.codice.ddf.security.handler.api.HandlerResult;
import org.codice.ddf.security.handler.api.HandlerResult.Status;
-import org.pac4j.core.context.JEEContext;
+import org.pac4j.jee.context.JEEContext;
import org.pac4j.oauth.exception.OAuthCredentialsException;
import org.pac4j.oidc.credentials.OidcCredentials;
import org.slf4j.Logger;
diff --git a/platform/security/handler/security-handler-oauth/src/test/java/org/codice/ddf/security/handler/oauth/CustomOAuthCredentialsExtractorTest.java b/platform/security/handler/security-handler-oauth/src/test/java/org/codice/ddf/security/handler/oauth/CustomOAuthCredentialsExtractorTest.java
index c9de2453cd31..a7266d7d0b3a 100644
--- a/platform/security/handler/security-handler-oauth/src/test/java/org/codice/ddf/security/handler/oauth/CustomOAuthCredentialsExtractorTest.java
+++ b/platform/security/handler/security-handler-oauth/src/test/java/org/codice/ddf/security/handler/oauth/CustomOAuthCredentialsExtractorTest.java
@@ -96,7 +96,7 @@ public void extractCodeParameterOnWebContext() {
credentials = extractor.getOauthCredentialsAsOidcCredentials(mockWebContext);
- assertThat(credentials.getCode().getValue(), is(authorizationCode));
+ assertThat(credentials.toAuthorizationCode().getValue(), is(authorizationCode));
assertNull(credentials.getAccessToken());
}
@@ -110,7 +110,7 @@ public void extractAccessTokenParameterOnWebContext() {
credentials = extractor.getOauthCredentialsAsOidcCredentials(mockWebContext);
assertNull(credentials.getCode());
- assertThat(credentials.getAccessToken().getValue(), is(accessToken.toString()));
+ assertThat(credentials.toAccessToken().getValue(), is(accessToken.toString()));
}
@Test
@@ -123,7 +123,7 @@ public void extractAccessTokenHeaderOnWebContext() {
credentials = extractor.getOauthCredentialsAsOidcCredentials(mockWebContext);
assertNull(credentials.getCode());
- assertThat(credentials.getAccessToken().getValue(), is(accessToken.toString()));
+ assertThat(credentials.toAccessToken().getValue(), is(accessToken.toString()));
}
@Test
@@ -136,8 +136,8 @@ public void extractEverythingOnWebContext() {
credentials = extractor.getOauthCredentialsAsOidcCredentials(mockWebContext);
- assertThat(credentials.getCode().getValue(), is(authorizationCode));
- assertThat(credentials.getAccessToken().getValue(), is(accessToken.toString()));
+ assertThat(credentials.toAuthorizationCode().getValue(), is(authorizationCode));
+ assertThat(credentials.toAccessToken().getValue(), is(accessToken.toString()));
}
@Test
diff --git a/platform/security/handler/security-handler-oauth/src/test/java/org/codice/ddf/security/handler/oauth/OAuthHandlerTest.java b/platform/security/handler/security-handler-oauth/src/test/java/org/codice/ddf/security/handler/oauth/OAuthHandlerTest.java
index 7496bbe2c243..33a481514781 100644
--- a/platform/security/handler/security-handler-oauth/src/test/java/org/codice/ddf/security/handler/oauth/OAuthHandlerTest.java
+++ b/platform/security/handler/security-handler-oauth/src/test/java/org/codice/ddf/security/handler/oauth/OAuthHandlerTest.java
@@ -132,7 +132,7 @@ public void getNormalizedTokenWithAccessTokenInHeader() throws Exception {
assertThat(result.getStatus(), is(Status.COMPLETED));
assertThat(result.getToken().getCredentials(), instanceOf(OidcCredentials.class));
assertThat(
- ((OidcCredentials) result.getToken().getCredentials()).getAccessToken().toString(),
+ ((OidcCredentials) result.getToken().getCredentials()).toAccessToken().getValue(),
is(accessTokenString));
}
@@ -145,7 +145,7 @@ public void getNormalizedTokenWithAccessTokenInQueryParameters() throws Exceptio
assertThat(result.getStatus(), is(Status.COMPLETED));
assertThat(result.getToken().getCredentials(), instanceOf(OidcCredentials.class));
assertThat(
- ((OidcCredentials) result.getToken().getCredentials()).getAccessToken().toString(),
+ ((OidcCredentials) result.getToken().getCredentials()).toAccessToken().getValue(),
is(accessTokenString));
}
}
diff --git a/platform/security/handler/security-handler-oidc/pom.xml b/platform/security/handler/security-handler-oidc/pom.xml
index 817968e8a2f2..082a44b4a636 100644
--- a/platform/security/handler/security-handler-oidc/pom.xml
+++ b/platform/security/handler/security-handler-oidc/pom.xml
@@ -54,6 +54,11 @@
pac4j-core
${pac4j.version}
+
+ org.pac4j
+ pac4j-javaee
+ ${pac4j.version}
+
org.pac4j
pac4j-oidc
diff --git a/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcCallbackEndpoint.java b/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcCallbackEndpoint.java
index daf0f2e80b48..0cb74dda9e5b 100644
--- a/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcCallbackEndpoint.java
+++ b/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcCallbackEndpoint.java
@@ -27,8 +27,8 @@
import org.apache.http.HttpStatus;
import org.apache.http.client.utils.URIBuilder;
import org.codice.ddf.configuration.SystemBaseUrl;
-import org.pac4j.core.context.JEEContext;
-import org.pac4j.core.context.session.JEESessionStore;
+import org.pac4j.jee.context.JEEContext;
+import org.pac4j.jee.context.session.JEESessionStoreFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -64,7 +64,7 @@ public Response logout(
JEEContext jeeContext = new JEEContext(request, response);
this.securityLogger.audit("Logging out");
- JEESessionStore.INSTANCE.destroySession(jeeContext);
+ JEESessionStoreFactory.INSTANCE.newSessionStore(null).destroySession(jeeContext);
String localLogout = SystemBaseUrl.EXTERNAL.constructUrl("/logout/local");
WebClient webClient = getWebClient(localLogout);
diff --git a/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcHandler.java b/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcHandler.java
index 97d63e064b90..4784a8bb17ba 100644
--- a/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcHandler.java
+++ b/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcHandler.java
@@ -28,16 +28,18 @@
import org.codice.ddf.security.handler.api.HandlerResult;
import org.codice.ddf.security.handler.api.HandlerResult.Status;
import org.codice.ddf.security.handler.api.OidcHandlerConfiguration;
-import org.pac4j.core.context.JEEContext;
-import org.pac4j.core.context.session.JEESessionStore;
+import org.pac4j.core.context.CallContext;
+import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.exception.http.RedirectionAction;
-import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver;
import org.pac4j.core.util.Pac4jConstants;
+import org.pac4j.jee.context.JEEContext;
+import org.pac4j.jee.context.session.JEESessionStoreFactory;
+import org.pac4j.jee.http.adapter.JEEHttpActionAdapter;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.credentials.OidcCredentials;
-import org.pac4j.oidc.credentials.extractor.OidcExtractor;
+import org.pac4j.oidc.credentials.extractor.OidcCredentialsExtractor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -195,16 +197,21 @@ private OidcCredentials getCredentialsFromRequest(OidcClient oidcClient, JEECont
}
oidcClient.setCallbackUrlResolver(new QueryParameterCallbackUrlResolver());
- OidcExtractor oidcExtractor = new OidcExtractor(oidcClient.getConfiguration(), oidcClient);
+ OidcCredentialsExtractor oidcExtractor =
+ new OidcCredentialsExtractor(oidcClient.getConfiguration(), oidcClient);
return (OidcCredentials)
- oidcExtractor.extract(jeeContext, JEESessionStore.INSTANCE).orElse(null);
+ oidcExtractor
+ .extract(
+ new CallContext(jeeContext, JEESessionStoreFactory.INSTANCE.newSessionStore(null)))
+ .orElse(null);
}
private HandlerResult redirectForCredentials(
OidcClient oidcClient, JEEContext jeeContext, String requestUrl) {
- JEESessionStore.INSTANCE.set(jeeContext, Pac4jConstants.REQUESTED_URL, requestUrl);
+ SessionStore sessionStore = JEESessionStoreFactory.INSTANCE.newSessionStore(null);
+ sessionStore.set(jeeContext, Pac4jConstants.REQUESTED_URL, requestUrl);
Optional redirectionAction =
- oidcClient.getRedirectionAction(jeeContext, JEESessionStore.INSTANCE);
+ oidcClient.getRedirectionAction(new CallContext(jeeContext, sessionStore));
if (!redirectionAction.isPresent()) {
LOGGER.debug("No redirect action found. Returning NO_ACTION instead");
return noActionResult;
diff --git a/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcHandlerConfigurationImpl.java b/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcHandlerConfigurationImpl.java
index 65b9be552313..9a6ffe51c3eb 100644
--- a/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcHandlerConfigurationImpl.java
+++ b/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcHandlerConfigurationImpl.java
@@ -18,7 +18,9 @@
import com.google.common.annotations.VisibleForTesting;
import com.nimbusds.oauth2.sdk.ResponseType;
+import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import java.util.Map;
+import org.apache.commons.lang.StringUtils;
import org.codice.ddf.configuration.SystemBaseUrl;
import org.codice.ddf.security.handler.api.OidcHandlerConfiguration;
import org.pac4j.core.exception.TechnicalException;
@@ -56,6 +58,7 @@ public class OidcHandlerConfigurationImpl implements OidcHandlerConfiguration {
public static final String LOGOUT_URI_KEY = "logoutUri";
public static final String CONNECT_TIMEOUT_KEY = "connectTimeout";
public static final String READ_TIMEOUT_KEY = "readTimeout";
+ public static final String CLIENT_AUTH_METHOD = "clientAuthMethod";
private String idpType;
private String clientId;
@@ -70,6 +73,7 @@ public class OidcHandlerConfigurationImpl implements OidcHandlerConfiguration {
private String logoutUri;
private int connectTimeout = DEFAULT_CONNECT_TIMEOUT;
private int readTimeout = DEFAULT_READ_TIMEOUT;
+ private String clientAuthMethod;
private OidcConfiguration oidcConfiguration;
@@ -92,6 +96,11 @@ public void setProperties(Map properties) {
logoutUri = (String) properties.getOrDefault(LOGOUT_URI_KEY, logoutUri);
connectTimeout = (int) properties.getOrDefault(CONNECT_TIMEOUT_KEY, connectTimeout);
readTimeout = (int) properties.getOrDefault(READ_TIMEOUT_KEY, readTimeout);
+ clientAuthMethod = (String) properties.getOrDefault(CLIENT_AUTH_METHOD, clientAuthMethod);
+
+ if (StringUtils.isBlank(clientAuthMethod)) {
+ clientAuthMethod = ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue();
+ }
// TODO - Remove if fragment response_mode is supported
if (IMPLICIT_FLOWS.contains(new ResponseType(responseType))) {
@@ -111,6 +120,7 @@ public void setProperties(Map properties) {
oidcConfiguration.setWithState(true);
oidcConfiguration.setConnectTimeout(connectTimeout);
oidcConfiguration.setReadTimeout(readTimeout);
+ oidcConfiguration.setClientAuthenticationMethodAsString(clientAuthMethod);
try {
testConnection();
diff --git a/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcLogoutActionProvider.java b/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcLogoutActionProvider.java
index a7f56f06dc30..d6cf4dbbbdd7 100644
--- a/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcLogoutActionProvider.java
+++ b/platform/security/handler/security-handler-oidc/src/main/java/org/codice/ddf/security/handler/oidc/OidcLogoutActionProvider.java
@@ -38,13 +38,12 @@
import org.apache.http.client.utils.URLEncodedUtils;
import org.codice.ddf.configuration.SystemBaseUrl;
import org.codice.ddf.security.handler.api.OidcHandlerConfiguration;
-import org.pac4j.core.context.JEEContext;
-import org.pac4j.core.context.WebContext;
-import org.pac4j.core.context.session.JEESessionStore;
-import org.pac4j.core.context.session.SessionStore;
+import org.pac4j.core.context.CallContext;
import org.pac4j.core.exception.http.RedirectionAction;
import org.pac4j.core.exception.http.WithLocationAction;
import org.pac4j.core.http.ajax.DefaultAjaxRequestResolver;
+import org.pac4j.jee.context.JEEContext;
+import org.pac4j.jee.context.session.JEESessionStoreFactory;
import org.pac4j.oidc.logout.OidcLogoutActionBuilder;
import org.pac4j.oidc.profile.OidcProfile;
import org.slf4j.Logger;
@@ -121,7 +120,7 @@ public Action getAction(T subjectMap) {
logoutActionBuilder.setAjaxRequestResolver(
new DefaultAjaxRequestResolver() {
@Override
- public boolean isAjax(WebContext context, SessionStore sessionStore) {
+ public boolean isAjax(final CallContext ctx) {
return false;
}
});
@@ -136,7 +135,10 @@ public boolean isAjax(WebContext context, SessionStore sessionStore) {
RedirectionAction logoutAction =
logoutActionBuilder
.getLogoutAction(
- jeeContext, JEESessionStore.INSTANCE, oidcProfile, urlBuilder.build().toString())
+ new CallContext(
+ jeeContext, JEESessionStoreFactory.INSTANCE.newSessionStore(null)),
+ oidcProfile,
+ urlBuilder.build().toString())
.orElse(null);
if (logoutAction instanceof WithLocationAction) {
diff --git a/platform/security/handler/security-handler-oidc/src/main/resources/OSGI-INF/blueprint/blueprint.xml b/platform/security/handler/security-handler-oidc/src/main/resources/OSGI-INF/blueprint/blueprint.xml
index 228e59390be1..22c4a8f85111 100644
--- a/platform/security/handler/security-handler-oidc/src/main/resources/OSGI-INF/blueprint/blueprint.xml
+++ b/platform/security/handler/security-handler-oidc/src/main/resources/OSGI-INF/blueprint/blueprint.xml
@@ -50,6 +50,7 @@
5000
+
diff --git a/platform/security/handler/security-handler-oidc/src/main/resources/OSGI-INF/metatype/metatype.xml b/platform/security/handler/security-handler-oidc/src/main/resources/OSGI-INF/metatype/metatype.xml
index 13752f75e62c..7a26019195fe 100644
--- a/platform/security/handler/security-handler-oidc/src/main/resources/OSGI-INF/metatype/metatype.xml
+++ b/platform/security/handler/security-handler-oidc/src/main/resources/OSGI-INF/metatype/metatype.xml
@@ -34,6 +34,12 @@
+
+
+
+
+
diff --git a/platform/security/handler/security-handler-oidc/src/test/java/org/codice/ddf/security/handler/oidc/OidcHandlerTest.java b/platform/security/handler/security-handler-oidc/src/test/java/org/codice/ddf/security/handler/oidc/OidcHandlerTest.java
index 153386c8ac6d..c8aa15ebdb33 100644
--- a/platform/security/handler/security-handler-oidc/src/test/java/org/codice/ddf/security/handler/oidc/OidcHandlerTest.java
+++ b/platform/security/handler/security-handler-oidc/src/test/java/org/codice/ddf/security/handler/oidc/OidcHandlerTest.java
@@ -25,6 +25,7 @@
import com.google.common.io.CharStreams;
import com.nimbusds.oauth2.sdk.id.State;
+import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
@@ -42,12 +43,13 @@
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
+import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContext;
-import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.exception.http.RedirectionAction;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
+import org.pac4j.oidc.metadata.OidcOpMetadataResolver;
@RunWith(MockitoJUnitRunner.Silent.class)
public class OidcHandlerTest {
@@ -62,6 +64,8 @@ public class OidcHandlerTest {
@Mock private OidcHandlerConfiguration mockConfiguration;
@Mock private OidcConfiguration mockOidcConfiguration;
+ @Mock private OidcOpMetadataResolver mockOpMetadataResolver;
+ @Mock private OIDCProviderMetadata mockProviderMetadata;
@Mock private OidcClient mockOidcClient;
@Mock private HttpServletRequest mockRequest;
@Mock private HttpServletResponse mockResponse;
@@ -101,7 +105,7 @@ public void setup() throws Exception {
// oidc client
when(mockOidcClient.computeFinalCallbackUrl(any(WebContext.class)))
.thenReturn("https://final.callback.url");
- when(mockOidcClient.getRedirectionAction(any(WebContext.class), any(SessionStore.class)))
+ when(mockOidcClient.getRedirectionAction(any(CallContext.class)))
.thenReturn(Optional.of(mockRedirectionAction));
when(mockOidcClient.getConfiguration()).thenReturn(mockOidcConfiguration);
@@ -109,6 +113,9 @@ public void setup() throws Exception {
when(mockConfiguration.getOidcConfiguration()).thenReturn(mockOidcConfiguration);
when(mockConfiguration.getOidcClient(anyString())).thenReturn(mockOidcClient);
+ when(mockOidcConfiguration.getOpMetadataResolver()).thenReturn(mockOpMetadataResolver);
+ when(mockOpMetadataResolver.load()).thenReturn(mockProviderMetadata);
+
// session
when(mockSession.getAttribute(mockOidcClient.getStateSessionAttributeName())).thenReturn(state);
@@ -170,8 +177,7 @@ public void getNormalizedTokenNoCredentialsOnRequest() throws Exception {
@Test
public void getNormalizedTokenNoCredentialsAndMissingRedirectAction() throws Exception {
- when(mockOidcClient.getRedirectionAction(any(WebContext.class), any(SessionStore.class)))
- .thenReturn(Optional.empty());
+ when(mockOidcClient.getRedirectionAction(any(CallContext.class))).thenReturn(Optional.empty());
result = handler.getNormalizedToken(mockRequest, mockResponse, null, false);
assertThat(result.getStatus(), is(Status.NO_ACTION));
@@ -204,7 +210,7 @@ public void getNormalizedTokenWithAccessTokenInQueryParameters() throws Exceptio
assertThat(result.getStatus(), is(Status.COMPLETED));
assertThat(result.getToken().getCredentials(), instanceOf(OidcCredentials.class));
assertThat(
- ((OidcCredentials) result.getToken().getCredentials()).getAccessToken().toString(),
+ ((OidcCredentials) result.getToken().getCredentials()).toAccessToken().toString(),
is(accessTokenString));
}
@@ -218,7 +224,7 @@ public void getNormalizedTokenWithIdTokenInQueryParameters() throws Exception {
assertThat(result.getStatus(), is(Status.COMPLETED));
assertThat(result.getToken().getCredentials(), instanceOf(OidcCredentials.class));
assertThat(
- ((OidcCredentials) result.getToken().getCredentials()).getIdToken().getParsedString(),
+ ((OidcCredentials) result.getToken().getCredentials()).toIdToken().getParsedString(),
is(idTokenString));
}
diff --git a/platform/security/handler/security-handler-oidc/src/test/java/org/codice/ddf/security/handler/oidc/OidcLogoutActionProviderTest.java b/platform/security/handler/security-handler-oidc/src/test/java/org/codice/ddf/security/handler/oidc/OidcLogoutActionProviderTest.java
index 9e33dd27652e..148f8a18c522 100644
--- a/platform/security/handler/security-handler-oidc/src/test/java/org/codice/ddf/security/handler/oidc/OidcLogoutActionProviderTest.java
+++ b/platform/security/handler/security-handler-oidc/src/test/java/org/codice/ddf/security/handler/oidc/OidcLogoutActionProviderTest.java
@@ -89,7 +89,7 @@ public void testGetAction() {
FoundAction foundAction = mock(FoundAction.class);
when(foundAction.getLocation()).thenReturn(actionUrl);
- when(oidcLogoutActionBuilder.getLogoutAction(any(), any(), any(), any()))
+ when(oidcLogoutActionBuilder.getLogoutAction(any(), any(), any()))
.thenReturn(Optional.of(foundAction));
Action action =
@@ -119,7 +119,7 @@ public void testGetActionUnencodedReferer() {
response));
ArgumentCaptor callbackUri = ArgumentCaptor.forClass(String.class);
- verify(oidcLogoutActionBuilder).getLogoutAction(any(), any(), any(), callbackUri.capture());
+ verify(oidcLogoutActionBuilder).getLogoutAction(any(), any(), callbackUri.capture());
assertThat(callbackUri.getValue(), containsString("prevurl=" + PREVIOUS_URL_ENCODED));
}
@@ -137,7 +137,7 @@ public void testGetActionEncodedReferer() {
response));
ArgumentCaptor callbackUri = ArgumentCaptor.forClass(String.class);
- verify(oidcLogoutActionBuilder).getLogoutAction(any(), any(), any(), callbackUri.capture());
+ verify(oidcLogoutActionBuilder).getLogoutAction(any(), any(), callbackUri.capture());
assertThat(callbackUri.getValue(), containsString("prevurl=" + PREVIOUS_URL_ENCODED));
}
diff --git a/platform/security/handler/security-handler-saml/pom.xml b/platform/security/handler/security-handler-saml/pom.xml
index 421ee73a7656..d0655260d5de 100644
--- a/platform/security/handler/security-handler-saml/pom.xml
+++ b/platform/security/handler/security-handler-saml/pom.xml
@@ -168,7 +168,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
diff --git a/platform/security/platform-security-core-api/pom.xml b/platform/security/platform-security-core-api/pom.xml
index d81112fcb800..dca4c5c95b9a 100644
--- a/platform/security/platform-security-core-api/pom.xml
+++ b/platform/security/platform-security-core-api/pom.xml
@@ -48,7 +48,7 @@
org.bouncycastle
- bcprov-jdk15on
+ bcprov-jdk18on
${bouncy.version}
diff --git a/platform/security/realm/security-realm-oidc/pom.xml b/platform/security/realm/security-realm-oidc/pom.xml
index 79c394ddd025..321217265d2c 100644
--- a/platform/security/realm/security-realm-oidc/pom.xml
+++ b/platform/security/realm/security-realm-oidc/pom.xml
@@ -126,6 +126,12 @@
${auth0.jwt.version}
test
+
+ org.mockito
+ mockito-inline
+ ${mockito.version}
+ test
+
diff --git a/platform/security/realm/security-realm-oidc/src/main/java/org/codice/ddf/security/oidc/realm/CustomOidcProfileCreator.java b/platform/security/realm/security-realm-oidc/src/main/java/org/codice/ddf/security/oidc/realm/CustomOidcProfileCreator.java
index 405d8b6b1881..cd8ca200ea9c 100644
--- a/platform/security/realm/security-realm-oidc/src/main/java/org/codice/ddf/security/oidc/realm/CustomOidcProfileCreator.java
+++ b/platform/security/realm/security-realm-oidc/src/main/java/org/codice/ddf/security/oidc/realm/CustomOidcProfileCreator.java
@@ -23,8 +23,7 @@
import java.util.Map;
import java.util.Optional;
import org.apache.shiro.authc.AuthenticationException;
-import org.pac4j.core.context.WebContext;
-import org.pac4j.core.context.session.SessionStore;
+import org.pac4j.core.context.CallContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.profile.ProfileHelper;
import org.pac4j.core.profile.UserProfile;
@@ -46,25 +45,28 @@ public CustomOidcProfileCreator(OidcConfiguration configuration, OidcClient clie
}
@Override
- public Optional create(
- Credentials cred, WebContext context, SessionStore sessionStore) {
+ public Optional create(CallContext callContext, Credentials cred) {
init();
OidcCredentials credentials = (OidcCredentials) cred;
final OidcProfile profile = (OidcProfile) getProfileDefinition().newProfile();
- final AccessToken accessToken = credentials.getAccessToken();
+ final AccessToken accessToken = credentials.toAccessToken();
if (accessToken != null && !accessToken.getValue().isEmpty()) {
profile.setAccessToken(accessToken);
}
- final RefreshToken refreshToken = credentials.getRefreshToken();
+ final RefreshToken refreshToken = credentials.toRefreshToken();
if (refreshToken != null && !refreshToken.getValue().isEmpty()) {
profile.setRefreshToken(refreshToken);
LOGGER.debug("Found refresh token");
}
- final JWT idToken = credentials.getIdToken();
- profile.setIdTokenString(idToken.getParsedString());
+ final JWT idToken = credentials.toIdToken();
+ if (idToken.getParsedString() != null) {
+ profile.setIdTokenString(idToken.getParsedString());
+ } else {
+ profile.setIdTokenString(idToken.serialize());
+ }
try {
JWTClaimsSet claimsSet = idToken.getJWTClaimsSet();
diff --git a/platform/security/realm/security-realm-oidc/src/main/java/org/codice/ddf/security/oidc/realm/OidcRealm.java b/platform/security/realm/security-realm-oidc/src/main/java/org/codice/ddf/security/oidc/realm/OidcRealm.java
index 19a4edb63991..d8a7f6e5f197 100644
--- a/platform/security/realm/security-realm-oidc/src/main/java/org/codice/ddf/security/oidc/realm/OidcRealm.java
+++ b/platform/security/realm/security-realm-oidc/src/main/java/org/codice/ddf/security/oidc/realm/OidcRealm.java
@@ -28,10 +28,11 @@
import org.codice.ddf.security.handler.OidcAuthenticationToken;
import org.codice.ddf.security.handler.api.OidcHandlerConfiguration;
import org.codice.ddf.security.oidc.resolver.OidcCredentialsResolver;
+import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContext;
-import org.pac4j.core.context.session.JEESessionStore;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.UserProfile;
+import org.pac4j.jee.context.session.JEESessionStoreFactory;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
@@ -87,13 +88,14 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
OidcAuthenticationToken oidcAuthenticationToken = (OidcAuthenticationToken) authenticationToken;
OidcCredentials credentials = (OidcCredentials) oidcAuthenticationToken.getCredentials();
OidcConfiguration oidcConfiguration = oidcHandlerConfiguration.getOidcConfiguration();
- OIDCProviderMetadata oidcProviderMetadata = oidcConfiguration.findProviderMetadata();
WebContext webContext = (WebContext) oidcAuthenticationToken.getContext();
OidcClient oidcClient = oidcHandlerConfiguration.getOidcClient(webContext.getFullRequestURL());
int connectTimeout = oidcHandlerConfiguration.getConnectTimeout();
int readTimeout = oidcHandlerConfiguration.getReadTimeout();
try {
+ OIDCProviderMetadata oidcProviderMetadata = oidcConfiguration.getOpMetadataResolver().load();
+
OidcCredentialsResolver oidcCredentialsResolver =
new OidcCredentialsResolver(
oidcConfiguration, oidcClient, oidcProviderMetadata, connectTimeout, readTimeout);
@@ -104,8 +106,8 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
}
// problem getting id token, invalidate credentials
- if (credentials.getIdToken() == null) {
- JEESessionStore.INSTANCE.destroySession(webContext);
+ if (credentials.toIdToken() == null) {
+ JEESessionStoreFactory.INSTANCE.newSessionStore(null).destroySession(webContext);
String msg =
String.format(
@@ -121,7 +123,9 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
OidcProfileCreator oidcProfileCreator =
new CustomOidcProfileCreator(oidcConfiguration, oidcClient);
Optional userProfile =
- oidcProfileCreator.create(credentials, webContext, JEESessionStore.INSTANCE);
+ oidcProfileCreator.create(
+ new CallContext(webContext, JEESessionStoreFactory.INSTANCE.newSessionStore(null)),
+ credentials);
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
simpleAuthenticationInfo.setCredentials(credentials);
diff --git a/platform/security/realm/security-realm-oidc/src/test/java/org/codice/ddf/security/oidc/realm/OidcRealmTest.java b/platform/security/realm/security-realm-oidc/src/test/java/org/codice/ddf/security/oidc/realm/OidcRealmTest.java
index 05e00ab7b4f1..d475620a2b88 100644
--- a/platform/security/realm/security-realm-oidc/src/test/java/org/codice/ddf/security/oidc/realm/OidcRealmTest.java
+++ b/platform/security/realm/security-realm-oidc/src/test/java/org/codice/ddf/security/oidc/realm/OidcRealmTest.java
@@ -40,7 +40,6 @@
import com.nimbusds.jose.util.ResourceRetriever;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.SignedJWT;
-import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
@@ -73,12 +72,13 @@
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
-import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.WebContext;
-import org.pac4j.core.context.session.JEESessionStore;
+import org.pac4j.jee.context.JEEContext;
+import org.pac4j.jee.context.session.JEESessionStoreFactory;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.credentials.OidcCredentials;
+import org.pac4j.oidc.metadata.OidcOpMetadataResolver;
@RunWith(MockitoJUnitRunner.class)
public class OidcRealmTest {
@@ -113,15 +113,18 @@ public void setup() throws Exception {
.keyID(UUID.randomUUID().toString())
.build();
- String jwk = "{\"keys\": [" + sigJwk.toPublicJWK().toJSONString() + "] }";
-
OIDCProviderMetadata oidcProviderMetadata = mock(OIDCProviderMetadata.class);
+
when(oidcProviderMetadata.getIDTokenJWSAlgs()).thenReturn(ImmutableList.of(JWSAlgorithm.RS256));
when(oidcProviderMetadata.getIssuer())
.thenReturn(new Issuer("http://localhost:8080/auth/realms/master"));
when(oidcProviderMetadata.getJWKSetURI())
.thenReturn(
new URI("http://localhost:8080/auth/realms/master/protocol/openid-connect/certs"));
+ OidcOpMetadataResolver metadataResolver = mock(OidcOpMetadataResolver.class);
+ when(metadataResolver.load()).thenReturn(oidcProviderMetadata);
+
+ String jwk = "{\"keys\": [" + sigJwk.toPublicJWK().toJSONString() + "] }";
ResourceRetriever resourceRetriever = mock(ResourceRetriever.class);
Resource resource = new Resource(jwk, APPLICATION_JSON);
@@ -132,8 +135,8 @@ public void setup() throws Exception {
when(configuration.getSecret()).thenReturn("secret");
when(configuration.isUseNonce()).thenReturn(true);
when(configuration.getResponseType()).thenReturn("code");
- when(configuration.findProviderMetadata()).thenReturn(oidcProviderMetadata);
when(configuration.findResourceRetriever()).thenReturn(resourceRetriever);
+ when(configuration.getOpMetadataResolver()).thenReturn(metadataResolver);
OidcHandlerConfiguration handlerConfiguration = mock(OidcHandlerConfiguration.class);
when(handlerConfiguration.getOidcConfiguration()).thenReturn(configuration);
@@ -145,14 +148,12 @@ public void setup() throws Exception {
JWT jwt = mock(JWT.class);
AccessToken accessToken = new BearerAccessToken(getAccessTokenBuilder().sign(validAlgorithm));
- AuthorizationCode authorizationCode = new AuthorizationCode();
WebContext webContext = getWebContext();
oidcCredentials = mock(OidcCredentials.class);
- when(oidcCredentials.getIdToken()).thenReturn(jwt);
- when(oidcCredentials.getIdToken()).thenReturn(jwt);
- when(oidcCredentials.getAccessToken()).thenReturn(accessToken);
- when(oidcCredentials.getCode()).thenReturn(authorizationCode);
+ when(oidcCredentials.toIdToken()).thenReturn(jwt);
+ when(oidcCredentials.toIdToken()).thenReturn(jwt);
+ when(oidcCredentials.toAccessToken()).thenReturn(accessToken);
authenticationToken = mock(OidcAuthenticationToken.class);
when(authenticationToken.getCredentials()).thenReturn(oidcCredentials);
@@ -188,7 +189,7 @@ public void testDoGetAuthenticationInfo() throws ParseException {
String idToken = getIdTokenBuilder().withClaim("nonce", "myNonce").sign(validAlgorithm);
JWT jwt = SignedJWT.parse(idToken);
- when(oidcCredentials.getIdToken()).thenReturn(jwt);
+ when(oidcCredentials.toIdToken()).thenReturn(jwt);
AuthenticationInfo authenticationInfo = realm.doGetAuthenticationInfo(authenticationToken);
assertNotNull(authenticationInfo.getCredentials());
@@ -199,7 +200,7 @@ public void testDoGetAuthenticationInfo() throws ParseException {
@Test
public void testDoGetAuthenticationInfoWithMissingInfo() throws ParseException {
JWT jwt = getIncompleteJwt();
- when(oidcCredentials.getIdToken()).thenReturn(jwt);
+ when(oidcCredentials.toIdToken()).thenReturn(jwt);
AuthenticationInfo authenticationInfo = realm.doGetAuthenticationInfo(authenticationToken);
assertNotNull(authenticationInfo.getCredentials());
@@ -212,7 +213,7 @@ public void testDoGetAuthenticationInfoWithMissingInfo() throws ParseException {
public void testDoGetAuthenticationInvalid() throws Exception {
String idToken = getIdTokenBuilder().withClaim("nonce", "myNonce").sign(invalidAlgorithm);
JWT jwt = SignedJWT.parse(idToken);
- when(oidcCredentials.getIdToken()).thenReturn(jwt);
+ when(oidcCredentials.toIdToken()).thenReturn(jwt);
realm.doGetAuthenticationInfo(authenticationToken);
}
@@ -268,7 +269,9 @@ private WebContext getWebContext() {
when(jeeContext.getNativeRequest()).thenReturn(request);
- JEESessionStore.INSTANCE.set(jeeContext, NONCE_SESSION_ATTRIBUTE, "myNonce");
+ JEESessionStoreFactory.INSTANCE
+ .newSessionStore(null)
+ .set(jeeContext, NONCE_SESSION_ATTRIBUTE, "myNonce");
return jeeContext;
}
diff --git a/platform/security/security-oidc-bundle/pom.xml b/platform/security/security-oidc-bundle/pom.xml
index fc89fe618755..546251d5ec8c 100644
--- a/platform/security/security-oidc-bundle/pom.xml
+++ b/platform/security/security-oidc-bundle/pom.xml
@@ -43,6 +43,11 @@
pac4j-jwt
${pac4j.version}
+
+ org.pac4j
+ pac4j-javaee
+ ${pac4j.version}
+
net.minidev
json-smart
@@ -83,6 +88,12 @@
javax.servlet-api
test
+
+ org.mockito
+ mockito-inline
+ ${mockito.version}
+ test
+
@@ -133,6 +144,8 @@
!org.opensaml.*,
!org.springframework.security.crypto.password,
!com.nimbusds.jose.shaded.json,
+ !org.reflections.*,
+ !javassist,
net.minidev.*;version="${json-smart.version}",
*
diff --git a/platform/security/security-oidc-bundle/src/main/java/org/codice/ddf/security/oidc/resolver/OidcCredentialsResolver.java b/platform/security/security-oidc-bundle/src/main/java/org/codice/ddf/security/oidc/resolver/OidcCredentialsResolver.java
index 1c017635e772..9205e477788f 100644
--- a/platform/security/security-oidc-bundle/src/main/java/org/codice/ddf/security/oidc/resolver/OidcCredentialsResolver.java
+++ b/platform/security/security-oidc-bundle/src/main/java/org/codice/ddf/security/oidc/resolver/OidcCredentialsResolver.java
@@ -24,7 +24,6 @@
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
-import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPRequest.Method;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
@@ -45,7 +44,6 @@
import java.util.List;
import org.codice.ddf.security.oidc.validator.OidcTokenValidator;
import org.codice.ddf.security.oidc.validator.OidcValidationException;
-import org.pac4j.core.context.HttpConstants;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.oidc.client.OidcClient;
@@ -83,8 +81,8 @@ public OidcCredentialsResolver(
3. access token
*/
public void resolveIdToken(OidcCredentials credentials, WebContext webContext) {
- final AccessToken initialAccessToken = credentials.getAccessToken();
- final JWT initialIdToken = credentials.getIdToken();
+ final AccessToken initialAccessToken = credentials.toAccessToken();
+ final JWT initialIdToken = credentials.toIdToken();
try {
OidcTokenValidator.validateAccessToken(
@@ -97,8 +95,8 @@ public void resolveIdToken(OidcCredentials credentials, WebContext webContext) {
throw new TechnicalException(e);
}
- final RefreshToken initialRefreshToken = credentials.getRefreshToken();
- final AuthorizationCode initialAuthorizationCode = credentials.getCode();
+ final RefreshToken initialRefreshToken = credentials.toRefreshToken();
+ final AuthorizationCode initialAuthorizationCode = credentials.toAuthorizationCode();
final List grantList = new ArrayList<>();
@@ -130,7 +128,6 @@ public void resolveIdToken(OidcCredentials credentials, WebContext webContext) {
// try to get id token using access token
if (credentials.getIdToken() == null && initialAccessToken != null) {
-
final UserInfoRequest userInfoRequest =
new UserInfoRequest(
metadata.getUserInfoEndpointURI(),
@@ -151,7 +148,7 @@ public void resolveIdToken(OidcCredentials credentials, WebContext webContext) {
}
OidcTokenValidator.validateUserInfoIdToken(idToken, resourceRetriever, metadata);
- credentials.setIdToken(idToken);
+ credentials.setIdToken(idToken.serialize());
} else {
throw new TechnicalException("Received a non-successful UserInfoResponse.");
}
@@ -179,9 +176,9 @@ private void trySendingGrantAndPopulatingCredentials(
accessToken, idToken, resourceRetriever, metadata, configuration);
}
- credentials.setAccessToken(accessToken);
- credentials.setIdToken(idToken);
- credentials.setRefreshToken(oidcTokens.getRefreshToken());
+ credentials.setAccessToken(accessToken.toJSONObject());
+ credentials.setIdToken(idToken.getParsedString());
+ credentials.setRefreshToken(oidcTokens.getRefreshToken().toJSONObject());
} catch (OidcValidationException e) {
throw new TechnicalException(e);
@@ -189,35 +186,12 @@ private void trySendingGrantAndPopulatingCredentials(
}
public OIDCTokens getOidcTokens(AuthorizationGrant grant) throws IOException, ParseException {
- return getOidcTokens(grant, metadata, getClientAuthentication(), connectTimeout, readTimeout);
+ return getOidcTokens(grant, connectTimeout, readTimeout);
}
- /**
- * @deprecated Please use {@link #getOidcTokens(AuthorizationGrant, OIDCProviderMetadata,
- * ClientAuthentication, int, int)}
- */
- public static OIDCTokens getOidcTokens(
- AuthorizationGrant grant,
- OIDCProviderMetadata metadata,
- ClientAuthentication clientAuthentication)
- throws IOException, ParseException {
- return getOidcTokens(
- grant,
- metadata,
- clientAuthentication,
- HttpConstants.DEFAULT_CONNECT_TIMEOUT,
- HttpConstants.DEFAULT_READ_TIMEOUT);
- }
-
- public static OIDCTokens getOidcTokens(
- AuthorizationGrant grant,
- OIDCProviderMetadata metadata,
- ClientAuthentication clientAuthentication,
- int connectTimeout,
- int readTimeout)
+ public OIDCTokens getOidcTokens(AuthorizationGrant grant, int connectTimeout, int readTimeout)
throws IOException, ParseException {
- final TokenRequest request =
- new TokenRequest(metadata.getTokenEndpointURI(), clientAuthentication, grant);
+ final TokenRequest request = createTokenRequest(grant);
HTTPRequest tokenHttpRequest = request.toHTTPRequest();
tokenHttpRequest.setConnectTimeout(connectTimeout);
tokenHttpRequest.setReadTimeout(readTimeout);
diff --git a/platform/security/security-oidc-bundle/src/main/java/org/codice/ddf/security/oidc/validator/OidcTokenValidator.java b/platform/security/security-oidc-bundle/src/main/java/org/codice/ddf/security/oidc/validator/OidcTokenValidator.java
index a8402bd40a19..63d935c7ddeb 100644
--- a/platform/security/security-oidc-bundle/src/main/java/org/codice/ddf/security/oidc/validator/OidcTokenValidator.java
+++ b/platform/security/security-oidc-bundle/src/main/java/org/codice/ddf/security/oidc/validator/OidcTokenValidator.java
@@ -43,10 +43,10 @@
import java.security.Key;
import java.util.List;
import java.util.ListIterator;
+import java.util.Map;
import java.util.Optional;
-import net.minidev.json.JSONObject;
import org.pac4j.core.context.WebContext;
-import org.pac4j.core.context.session.JEESessionStore;
+import org.pac4j.jee.context.session.JEESessionStoreFactory;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.oidc.profile.creator.TokenValidator;
@@ -93,13 +93,16 @@ public static IDTokenClaimsSet validateIdTokens(
Nonce nonce = null;
if (configuration.isUseNonce()) {
Optional