Merge pull request #5 from nisiguti/fix-issue4

Update pom.xml.
personium · Apr 26, 2018 · db6b65f · db6b65f
2 parents b121048 + 27319ba
commit db6b65f
Show file tree

Hide file tree

Showing 6 changed files with 140 additions and 91 deletions.
diff --git a/checkstyle.header b/checkstyle.header
@@ -1,16 +1,16 @@
-/**
- * personium.io
- * Copyright 2014 FUJITSU LIMITED
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+/\*\*
+ \* personium.io
+ \* Copyright .*
+ \*
+ \* Licensed under the Apache License, Version 2.0 \(the "License"\);
+ \* you may not use this file except in compliance with the License.
+ \* You may obtain a copy of the License at
+ \*
+ \*     http://www.apache.org/licenses/LICENSE-2.0
+ \*
+ \* Unless required by applicable law or agreed to in writing, software
+ \* distributed under the License is distributed on an "AS IS" BASIS,
+ \* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ \* See the License for the specific language governing permissions and
+ \* limitations under the License.
+ \*/
diff --git a/personium-checkstyle.xml b/personium-checkstyle.xml
@@ -105,7 +105,7 @@
     <property name="format" value="　"/>
     <property name="message" value="Invalid character used."/>
   </module>
-  <module name="Header">
+  <module name="RegexpHeader">
     <property name="headerFile" value="${project_loc}/checkstyle.header"/>
     <property name="fileExtensions" value="java"/>
   </module>

diff --git a/pom.xml b/pom.xml
@@ -18,18 +18,18 @@
 		<java.version>1.8</java.version>
 		<java.source.version>1.8</java.source.version>
 		<java.target.version>1.8</java.target.version>
-		<slf4j.version>1.7.6</slf4j.version>
+		<slf4j.version>1.7.25</slf4j.version>
 	</properties>
 	<dependencies>
 		<dependency>
 			<groupId>io.personium</groupId>
 			<artifactId>personium-plugin-base</artifactId>
-			<version>1.0.3</version>
+			<version>1.0.4-SNAPSHOT</version>
 		</dependency>
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
-			<version>4.10</version>
+			<version>4.12</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
@@ -82,13 +82,38 @@
 		<plugins>
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.5.1</version>
+				<version>3.7.0</version>
 				<configuration>
 					<source>${java.version}</source>
 					<target>${java.version}</target>
 					<encoding>UTF-8</encoding>
 					<debug>true</debug>
 					<optimize>false</optimize>
+					<compilerArgs>
+						<arg>-Xlint:all</arg>
+					</compilerArgs>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-checkstyle-plugin</artifactId>
+				<version>3.0.0</version>
+				<configuration>
+					<encoding>UTF-8</encoding>
+					<configLocation>personium-checkstyle.xml</configLocation>
+					<propertiesLocation>checkstyle_maven.properties</propertiesLocation>
+					<includeTestSourceDirectory>true</includeTestSourceDirectory>
+					<consoleOutput>true</consoleOutput>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-pmd-plugin</artifactId>
+				<version>3.9.0</version>
+				<configuration>
+					<targetJdk>${java.version}</targetJdk>
+					<analysisCache>true</analysisCache>
+					<linkXRef>false</linkXRef>
 				</configuration>
 			</plugin>
 		</plugins>

diff --git a/src/main/java/io/personium/plugin/auth/oidc/GoogleIdToken.java b/src/main/java/io/personium/plugin/auth/oidc/GoogleIdToken.java
@@ -94,12 +94,12 @@ public GoogleIdToken(JSONObject json) {
      * @param idToken IDトークン
      *
      * @return googleIdToken GoogleIdToken
-     * @throws PluginException 
+     * @throws PluginException PluginException
      */
     public static GoogleIdToken parse(String idToken) throws PluginException {
-    	GoogleIdToken ret = new GoogleIdToken();
+        GoogleIdToken ret = new GoogleIdToken();
 
-    	String[] splitIdToken = idToken.split("\\.");
+        String[] splitIdToken = idToken.split("\\.");
         if (splitIdToken.length != SPLIT_TOKEN_NUM) {
             throw PluginException.Authn.OIDC_INVALID_ID_TOKEN.params("2 periods required");
         }
@@ -108,36 +108,34 @@ public static GoogleIdToken parse(String idToken) throws PluginException {
         ret.signature = splitIdToken[2];
 
         // TokenからJSONObjectを生成
-    	JSONObject header = null;
+        JSONObject header = null;
         JSONObject payload = null;
-		header = (JSONObject)AuthPluginUtils.tokenToJSON(ret.header);
-		payload = (JSONObject)AuthPluginUtils.tokenToJSON(ret.payload);
-    	ret.kid = (String) header.get(KID);
-    	ret.issuer = (String) payload.get(ISS);
-    	ret.email = (String) payload.get(EML);
-    	ret.audience = (String) payload.get(AUD);
-    	ret.exp = (Long) payload.get(EXP);
+        header = (JSONObject) AuthPluginUtils.tokenToJSON(ret.header);
+        payload = (JSONObject) AuthPluginUtils.tokenToJSON(ret.payload);
+        ret.kid = (String) header.get(KID);
+        ret.issuer = (String) payload.get(ISS);
+        ret.email = (String) payload.get(EML);
+        ret.audience = (String) payload.get(AUD);
+        ret.exp = (Long) payload.get(EXP);
 
         return ret;
     }
 
     /**
-     * Verification　signature.
-     *
-     * @param null
-     * @throws PluginException 
+     * Verification signature.
+     * @throws PluginException PluginException
      */
     public void verify() throws PluginException {
-    	// 有効期限
-    	isExpired(this.getExp());
+        // 有効期限
+        isExpired(this.getExp());
 
-    	RSAPublicKey rsaPubKey = this.getKey();
-    	try {
+        RSAPublicKey rsaPubKey = this.getKey();
+        try {
             Signature sig = Signature.getInstance(ALG);
             sig.initVerify(rsaPubKey);
             sig.update((this.getHeader() + "." + this.getPayload()).getBytes());
             boolean verified = sig.verify(PluginUtils.decodeBase64Url(this.getSignature()));
-            if (verified != true) {
+            if (!verified) {
                 // 署名検証結果、署名が不正であると認定
                 throw PluginException.Authn.OIDC_AUTHN_FAILED;
             }
@@ -164,31 +162,31 @@ public void verify() throws PluginException {
      * getJwksUri.
      * @param endpoint
      * @return
-     * @throws PluginException 
+     * @throws PluginException
      */
     private static String getJwksUri(String endpoint) throws PluginException {
-		return (String) PluginUtils.getHttpJSON(endpoint).get("jwks_uri");
+        return (String) PluginUtils.getHttpJSON(endpoint).get("jwks_uri");
     }
 
     /**
      * getKeys.
      * @param url String
      * @return JSONArray
-     * @throws PluginException 
+     * @throws PluginException
      */
     private static JSONArray getKeys() throws PluginException {
-		return (JSONArray) PluginUtils.getHttpJSON(getJwksUri(GOOGLE_DISCOV_DOC_URL)).get("keys");
+        return (JSONArray) PluginUtils.getHttpJSON(getJwksUri(GOOGLE_DISCOV_DOC_URL)).get("keys");
     }
 
     /**
      * 公開鍵情報から、IDTokenのkidにマッチする方で公開鍵を生成.
      *
      * @return RSAPublicKey 公開鍵
-     * @throws PluginException 
+     * @throws PluginException
      */
     private RSAPublicKey getKey() throws PluginException {
         JSONArray jsonAry;
-		jsonAry = getKeys();
+        jsonAry = getKeys();
         for (int i = 0; i < jsonAry.size(); i++) {
             JSONObject k = (JSONObject) jsonAry.get(i);
             String compKid = (String) k.get(KID);
@@ -216,13 +214,13 @@ private RSAPublicKey getKey() throws PluginException {
 
     /**
      * isExpired.
-     * @throws PluginException 
+     * @throws PluginException
      */
-    private	void isExpired(Long exp) throws PluginException {
-    	// exp で Token の有効期限が切れているか確認
-    	// Tokenに有効期限(exp)があるかnullチェック
+    private void isExpired(Long exp) throws PluginException {
+        // exp で Token の有効期限が切れているか確認
+        // Tokenに有効期限(exp)があるかnullチェック
         if (exp == null) {
-        	throw PluginException.Authn.OIDC_INVALID_ID_TOKEN.params("ID Token expiration time null.");
+            throw PluginException.Authn.OIDC_INVALID_ID_TOKEN.params("ID Token expiration time null.");
         }
 
         // expireしていないかチェック(60秒くらいは過ぎても良い)

diff --git a/src/main/java/io/personium/plugin/auth/oidc/GoogleIdTokenAuthPlugin.java b/src/main/java/io/personium/plugin/auth/oidc/GoogleIdTokenAuthPlugin.java
@@ -25,82 +25,88 @@
 import io.personium.plugin.base.auth.AuthConst;
 import io.personium.plugin.base.auth.AuthenticatedIdentity;
 
+/**
+ * GoogleIdTokenAuthPlugin.
+ */
 public class GoogleIdTokenAuthPlugin implements AuthPlugin {
     /** to String. **/
     public static final String PLUGIN_TOSTRING = "Google Open ID Connect Authentication";
 
     /** urn google grantType. **/
     public static final String PLUGIN_GRANT_TYPE = "urn:x-personium:oidc:google";
 
-	/**
-	 * toString.
-	 * @return String
-	 */
-	public String toString(){
+    /**
+     * toString.
+     * @return String
+     */
+    public String toString() {
         return PLUGIN_TOSTRING;
     }
 
     /**
-	 * getType.
-	 * @return String
-	 */
-	public String getType() {
-		return AuthConst.TYPE_AUTH;
-	}
-
-	/**
-	 * getGrantType.
-	 * @return String
-	 */
-	public String getGrantType() {
-		return PLUGIN_GRANT_TYPE;
-	}
+     * getType.
+     * @return String
+     */
+    public String getType() {
+        return AuthConst.TYPE_AUTH;
+    }
+
+    /**
+     * getGrantType.
+     * @return String
+     */
+    public String getGrantType() {
+        return PLUGIN_GRANT_TYPE;
+    }
 
     /**
      * Google URL
      */
+    /** Google URL scheme. */
     public static final String URL_HTTPS = "https://";
+    /** Google URL host. */
     public static final String URL_ISSUER = "accounts.google.com";
 
     /**
      * Type値 oidc:google.
      */
     public static final String OIDC_PROVIDER = "google";
 
-	/**
-	 * authenticate.
-	 * @return au AuthenticatedIdentity
-	 * @throws PluginException 
-	 */
-    public AuthenticatedIdentity authenticate(Map <String, String> body) throws PluginException {
-    	AuthenticatedIdentity ai = null;
-		if (body == null) {
-        	throw PluginException.Authn.REQUIRED_PARAM_MISSING.params("Body");
-		}
-
-		// verify idToken
-		String idToken = (String)body.get(AuthConst.KEY_TOKEN);
+    /**
+     * authenticate.
+     * @param body body
+     * @return au AuthenticatedIdentity
+     * @throws PluginException PluginException
+     */
+    public AuthenticatedIdentity authenticate(Map<String, String> body) throws PluginException {
+        AuthenticatedIdentity ai = null;
+        if (body == null) {
+            throw PluginException.Authn.REQUIRED_PARAM_MISSING.params("Body");
+        }
+
+        // verify idToken
+        String idToken = (String) body.get(AuthConst.KEY_TOKEN);
         if (idToken == null) {
             throw PluginException.Authn.REQUIRED_PARAM_MISSING.params("ID Token");
         }
-        
+
         GoogleIdToken ret = null;
         try {
             // id_tokenをパースする
             ret = GoogleIdToken.parse(idToken);
-        } catch(PluginException pe){
-        	throw PluginException.Authn.OIDC_INVALID_ID_TOKEN;
-//        	throw PluginException.Authn.OIDC_INVALID_ID_TOKEN.reason(pe);
+        } catch (PluginException pe) {
+            throw PluginException.Authn.OIDC_INVALID_ID_TOKEN;
+//            throw PluginException.Authn.OIDC_INVALID_ID_TOKEN.reason(pe);
         }
 
         // Tokenの検証   検証失敗時にはPluginExceptionが投げられる
-		ret.verify();
+        ret.verify();
 
         String issuer = ret.getIssuer();
         String aud  = ret.getAudience();
         String mail = ret.getEmail();
 
-    	// Token検証成功の後処理
+        // Token検証成功の後処理
         // Googleが認めたissuerであるかどうか
         if (!issuer.equals(URL_ISSUER) && !issuer.equals(URL_HTTPS + URL_ISSUER)) {
             PluginLog.OIDC.INVALID_ISSUER.params(issuer).writeLog();
@@ -110,7 +116,7 @@ public AuthenticatedIdentity authenticate(Map <String, String> body) throws Plug
         // Googleに登録したサービス/アプリのClientIDかを確認
         // DcConfigPropatiesに登録したClientIdに一致していればOK
         if (!OIDC.isProviderClientIdTrusted(OIDC_PROVIDER, aud)) {
-        	throw PluginException.Authn.OIDC_WRONG_AUDIENCE.params(aud);
+            throw PluginException.Authn.OIDC_WRONG_AUDIENCE.params(aud);
         }
 
         // 正常な場合、AuthenticatedIdentity を返却する。

diff --git a/src/main/java/io/personium/plugin/auth/oidc/package-info.java b/src/main/java/io/personium/plugin/auth/oidc/package-info.java
@@ -0,0 +1,20 @@
+/**
+ * personium.io
+ * Copyright 2017 FUJITSU LIMITED
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Classes for auth plugin.
+ */
+package io.personium.plugin.auth.oidc;