OAUTH-3147 Code style

d9686558 · Jasha Joachimsthal · 陈健 · 86e7c256 · d9686558 · d9686558
Commit d9686558 authored Dec 12, 2018 by Jasha Joachimsthal Committed by 陈健 Sep 17, 2019
5 changed files
--- a/src/main/java/com/onegini/oidc/LogoutController.java
+++ b/src/main/java/com/onegini/oidc/LogoutController.java
@@ -8,6 +8,7 @@ import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
@@ -15,7 +16,6 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
 import org.springframework.stereotype.Controller;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
-import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
 import org.springframework.web.util.UriComponentsBuilder;
@@ -28,25 +28,25 @@ import lombok.extern.slf4j.Slf4j;
 @Slf4j
 public class LogoutController {
  public static final String PAGE_LOGOUT = "/logout";
-  @SuppressWarnings("squid:S1075")
  private static final String PARAM_POST_LOGOUT_REDIRECT_URI = "post_logout_redirect_uri";
  private static final String PARAM_ID_TOKEN_HINT = "id_token_hint";
  private static final String PAGE_SIGNOUT_CALLBACK_OIDC = "/signout-callback-oidc";
  private static final String REDIRECT_TO_INDEX = "redirect:/";
+
  @Resource
  private OpenIdWellKnownConfiguration openIdWellKnownConfiguration;

  @GetMapping(PAGE_LOGOUT)
  private String logout(final HttpServletRequest request, final HttpServletResponse response, final Principal principal) {
-    // Save idToken before authentication is cleared
+    // Fetch UserInfo before authentication is cleared
    final UserInfo userInfo = getUserInfo(principal);

    endSessionInSpringSecurity(request, response);

-    if (userInfo != null && StringUtils.hasLength(userInfo.getIdToken())) {
+    if (userInfo != null && StringUtils.isNotBlank(userInfo.getIdToken())) {
      log.info("Has idToken {}", userInfo.getIdToken());
      final String endSessionEndpoint = openIdWellKnownConfiguration.getEndSessionEndpoint();
-      if (StringUtils.hasLength(endSessionEndpoint)) {
+      if (StringUtils.isNotBlank(endSessionEndpoint)) {
        return endOpenIdSession(userInfo, endSessionEndpoint);
      }
    }
@@ -70,10 +70,11 @@ public class LogoutController {

  private void endSessionInSpringSecurity(final HttpServletRequest request, final HttpServletResponse response) {
    final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-    if (auth != null) {
-      log.info("End user session in Spring Security");
-      new SecurityContextLogoutHandler().logout(request, response, auth);
+    if (auth == null) {
+      return;
    }
+    log.info("End user session in Spring Security");
+    new SecurityContextLogoutHandler().logout(request, response, auth);
  }

  private String endOpenIdSession(final UserInfo userInfo, final String endSessionEndpoint) {
@@ -81,6 +82,7 @@ public class LogoutController {

    final String postLogoutRedirectUri = ServletUriComponentsBuilder.fromCurrentContextPath().path(PAGE_SIGNOUT_CALLBACK_OIDC).build().toUriString();
    requestParameters.add(PARAM_POST_LOGOUT_REDIRECT_URI, postLogoutRedirectUri);
+
    // Token Server doesn't know how to decode the token id and it doesn't store encoded token id so passing that won't help to detect which session should be logged out.
    if (!userInfo.isEncryptionEnabled()) {
      requestParameters.add(PARAM_ID_TOKEN_HINT, userInfo.getIdToken());

--- a/src/main/java/com/onegini/oidc/encryption/JweDecrypterService.java
+++ b/src/main/java/com/onegini/oidc/encryption/JweDecrypterService.java
@@ -35,8 +35,7 @@ public class JweDecrypterService {
    try {
      jweObject.decrypt(decrypter);
      return jweObject.getPayload().toSignedJWT();
-    } catch (JOSEException e) {
-      log.error("Could not decrypt the JWT");
+    } catch (final JOSEException e) {
      throw new IllegalStateException("Could not decrypt the JWT", e);
    }
  }
@@ -50,12 +49,14 @@ public class JweDecrypterService {
  private JWK getRelevantKey(final JWEObject jweObject) {
    final JWKSet privateJWKS = jwkSetProvider.getPrivateJWKS(jweObject.getHeader().getAlgorithm());
    final JWK relevantKey = privateJWKS.getKeyByKeyId(jweObject.getHeader().getKeyID());
-    if (relevantKey != null) {
-      return relevantKey;
+
+    if (relevantKey == null) {
+      //The Server may have cached the JWKSet response and when this app was restarted, it generated new keys which would not match
+      log.debug("Could not match the keyId with any of the private keys provided.");
+      throw new IllegalArgumentException("JWK set does not contain a relevant JWK.");
    }
-    //The Server may have cached the JWKSet response and when this app was restarted, it generated new keys which would not match
-    log.error("Could not match the keyId with any of the private keys provided.");
-    throw new IllegalArgumentException("JWK set does not contain a relevant JWK.");
+
+    return relevantKey;
  }

  private JWEDecrypter getDecrypter(final JWK jwk) {
@@ -63,7 +64,8 @@ public class JweDecrypterService {
    try {
      if (KeyType.RSA.equals(keyType)) {
        return new RSADecrypter((RSAKey) jwk);
-      } else if (KeyType.EC.equals(keyType)) {
+      }
+      if (KeyType.EC.equals(keyType)) {
        return new ECDHDecrypter((ECKey) jwk);
      }
      throw new IllegalStateException(String.format("Unsupported KeyType (%s)", jwk.getKeyType()));

--- a/src/main/java/com/onegini/oidc/encryption/JweKeyGenerator.java
+++ b/src/main/java/com/onegini/oidc/encryption/JweKeyGenerator.java
@@ -27,23 +27,23 @@ import lombok.extern.slf4j.Slf4j;
 @Slf4j
 class JweKeyGenerator {

-  private static final int RSA_KEYSIZE = 2048;
+  private static final int RSA_KEY_SIZE = 2048;

  JWK generateKey(final JWEAlgorithm jweAlgorithm) {
    if (JWEAlgorithm.Family.RSA.contains(jweAlgorithm)) {
      return generateRSAKey(jweAlgorithm);
-    } else if (JWEAlgorithm.Family.ECDH_ES.contains(jweAlgorithm)) {
+    }
+    if (JWEAlgorithm.Family.ECDH_ES.contains(jweAlgorithm)) {
      return generateECKey(jweAlgorithm);
-    } else {
-      log.error("Unsupported Algorithm ({})", jweAlgorithm);
-      return null;
    }
+    log.error("Unsupported Algorithm ({})", jweAlgorithm);
+    return null;
  }

  private JWK generateRSAKey(final JWEAlgorithm jweAlgorithm) {
    try {
      final KeyPairGenerator gen = KeyPairGenerator.getInstance(RSA.getValue());
-      gen.initialize(RSA_KEYSIZE);
+      gen.initialize(RSA_KEY_SIZE);
      final KeyPair keyPair = gen.generateKeyPair();

      return new RSAKey.Builder((RSAPublicKey) keyPair.getPublic())

--- a/src/main/java/com/onegini/oidc/model/OpenIdWellKnownConfiguration.java
+++ b/src/main/java/com/onegini/oidc/model/OpenIdWellKnownConfiguration.java
@@ -3,12 +3,9 @@ package com.onegini.oidc.model;
 import java.util.Collection;

 import lombok.Data;
-import lombok.EqualsAndHashCode;
 import lombok.NoArgsConstructor;

-
 @Data
-@EqualsAndHashCode
 @NoArgsConstructor
 public class OpenIdWellKnownConfiguration {


--- a/src/main/java/com/onegini/oidc/security/OpenIdConnectAuthenticationFilter.java
+++ b/src/main/java/com/onegini/oidc/security/OpenIdConnectAuthenticationFilter.java
@@ -90,7 +90,7 @@ public class OpenIdConnectAuthenticationFilter extends AbstractAuthenticationPro
  }

  private TokenDetails getTokenDetails(final JWT jwt) {
-    JWTClaimsSet claimsSet;
+    final JWTClaimsSet claimsSet;
    try {
      //If we support only signed JWT or encrypted JWT we can include only adequate part of code
      if (jwt instanceof SignedJWT) {
@@ -112,7 +112,7 @@ public class OpenIdConnectAuthenticationFilter extends AbstractAuthenticationPro

  private UserInfo createUserInfo(final JWTClaimsSet jwtClaimsSet, final JWT jwt) {
    Object name = jwtClaimsSet.getClaim("name");
-    String idToken;
+    final String idToken;
    String encryptedIdToken = null;
    if (jwt instanceof EncryptedJWT) {
      final EncryptedJWT encryptedJWT = (EncryptedJWT) jwt;
@@ -130,9 +130,10 @@ public class OpenIdConnectAuthenticationFilter extends AbstractAuthenticationPro

  private void validateEncryptionConfigurationMatchesServer(final JWT jwt) {
    if (applicationProperties.isIdTokenEncryptionEnabled() && !(jwt instanceof EncryptedJWT)) {
-      throw new IllegalStateException("Server did not return an EncryptedJWT but encryption was enabled. Check your server side configuration");
-    } else if (!applicationProperties.isIdTokenEncryptionEnabled() && jwt instanceof EncryptedJWT) {
-      throw new IllegalStateException("Server returned an EncryptedJWT but encryption was not enabled. Check your server side configuration.");
+      throw new IllegalStateException("Server did not return an Encrypted JWT but encryption was enabled. Check your server side configuration");
+    }
+    if (!applicationProperties.isIdTokenEncryptionEnabled() && jwt instanceof EncryptedJWT) {
+      throw new IllegalStateException("Server returned an Encrypted JWT but encryption was not enabled. Check your server side configuration.");
    }
  }