001/*******************************************************************************
002 * Copyright 2017 The MIT Internet Trust Consortium
003 *
004 * Portions copyright 2011-2013 The MITRE Corporation
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 *******************************************************************************/
018/**
019 *
020 */
021package org.mitre.oauth2.model;
022
023import java.util.Date;
024import java.util.HashMap;
025import java.util.HashSet;
026import java.util.Map;
027import java.util.Set;
028
029import javax.persistence.Basic;
030import javax.persistence.CollectionTable;
031import javax.persistence.Column;
032import javax.persistence.Convert;
033import javax.persistence.ElementCollection;
034import javax.persistence.Entity;
035import javax.persistence.EnumType;
036import javax.persistence.Enumerated;
037import javax.persistence.FetchType;
038import javax.persistence.GeneratedValue;
039import javax.persistence.GenerationType;
040import javax.persistence.Id;
041import javax.persistence.JoinColumn;
042import javax.persistence.NamedQueries;
043import javax.persistence.NamedQuery;
044import javax.persistence.PrePersist;
045import javax.persistence.PreUpdate;
046import javax.persistence.Table;
047import javax.persistence.Temporal;
048import javax.persistence.TemporalType;
049import javax.persistence.Transient;
050
051import org.mitre.oauth2.model.convert.JWEAlgorithmStringConverter;
052import org.mitre.oauth2.model.convert.JWEEncryptionMethodStringConverter;
053import org.mitre.oauth2.model.convert.JWKSetStringConverter;
054import org.mitre.oauth2.model.convert.JWSAlgorithmStringConverter;
055import org.mitre.oauth2.model.convert.JWTStringConverter;
056import org.mitre.oauth2.model.convert.PKCEAlgorithmStringConverter;
057import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
058import org.springframework.security.core.GrantedAuthority;
059import org.springframework.security.oauth2.provider.ClientDetails;
060
061import com.nimbusds.jose.EncryptionMethod;
062import com.nimbusds.jose.JWEAlgorithm;
063import com.nimbusds.jose.JWSAlgorithm;
064import com.nimbusds.jose.jwk.JWKSet;
065import com.nimbusds.jwt.JWT;
066
067/**
068 * @author jricher
069 *
070 */
071@Entity
072@Table(name = "client_details")
073@NamedQueries({
074        @NamedQuery(name = ClientDetailsEntity.QUERY_ALL, query = "SELECT c FROM ClientDetailsEntity c"),
075        @NamedQuery(name = ClientDetailsEntity.QUERY_BY_CLIENT_ID, query = "select c from ClientDetailsEntity c where c.clientId = :" + ClientDetailsEntity.PARAM_CLIENT_ID)
076})
077public class ClientDetailsEntity implements ClientDetails {
078
079        public static final String QUERY_BY_CLIENT_ID = "ClientDetailsEntity.getByClientId";
080        public static final String QUERY_ALL = "ClientDetailsEntity.findAll";
081
082        public static final String PARAM_CLIENT_ID = "clientId";
083
084        private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600;
085
086        private static final long serialVersionUID = -1617727085733786296L;
087
088        private Long id;
089
090        /** Fields from the OAuth2 Dynamic Registration Specification */
091        private String clientId = null; // client_id
092        private String clientSecret = null; // client_secret
093        private Set<String> redirectUris = new HashSet<>(); // redirect_uris
094        private String clientName; // client_name
095        private String clientUri; // client_uri
096        private String logoUri; // logo_uri
097        private Set<String> contacts; // contacts
098        private String tosUri; // tos_uri
099        private AuthMethod tokenEndpointAuthMethod = AuthMethod.SECRET_BASIC; // token_endpoint_auth_method
100        private Set<String> scope = new HashSet<>(); // scope
101        private Set<String> grantTypes = new HashSet<>(); // grant_types
102        private Set<String> responseTypes = new HashSet<>(); // response_types
103        private String policyUri;
104        private String jwksUri; // URI pointer to keys
105        private JWKSet jwks; // public key stored by value
106        private String softwareId;
107        private String softwareVersion;
108
109        /** Fields from OIDC Client Registration Specification **/
110        private AppType applicationType; // application_type
111        private String sectorIdentifierUri; // sector_identifier_uri
112        private SubjectType subjectType; // subject_type
113
114        private JWSAlgorithm requestObjectSigningAlg = null; // request_object_signing_alg
115
116        private JWSAlgorithm userInfoSignedResponseAlg = null; // user_info_signed_response_alg
117        private JWEAlgorithm userInfoEncryptedResponseAlg = null; // user_info_encrypted_response_alg
118        private EncryptionMethod userInfoEncryptedResponseEnc = null; // user_info_encrypted_response_enc
119
120        private JWSAlgorithm idTokenSignedResponseAlg = null; // id_token_signed_response_alg
121        private JWEAlgorithm idTokenEncryptedResponseAlg = null; // id_token_encrypted_response_alg
122        private EncryptionMethod idTokenEncryptedResponseEnc = null; // id_token_encrypted_response_enc
123
124        private JWSAlgorithm tokenEndpointAuthSigningAlg = null; // token_endpoint_auth_signing_alg
125
126        private Integer defaultMaxAge; // default_max_age
127        private Boolean requireAuthTime; // require_auth_time
128        private Set<String> defaultACRvalues; // default_acr_values
129
130        private String initiateLoginUri; // initiate_login_uri
131        private Set<String> postLogoutRedirectUris; // post_logout_redirect_uris
132
133        private Set<String> requestUris; // request_uris
134
135        /** Fields to support the ClientDetails interface **/
136        private Set<GrantedAuthority> authorities = new HashSet<>();
137        private Integer accessTokenValiditySeconds = 0; // in seconds
138        private Integer refreshTokenValiditySeconds = 0; // in seconds
139        private Set<String> resourceIds = new HashSet<>();
140        private Map<String, Object> additionalInformation = new HashMap<>();
141
142        /** Our own fields **/
143        private String clientDescription = ""; // human-readable description
144        private boolean reuseRefreshToken = true; // do we let someone reuse a refresh token?
145        private boolean dynamicallyRegistered = false; // was this client dynamically registered?
146        private boolean allowIntrospection = false; // do we let this client call the introspection endpoint?
147        private Integer idTokenValiditySeconds; //timeout for id tokens
148        private Date createdAt; // time the client was created
149        private boolean clearAccessTokensOnRefresh = true; // do we clear access tokens on refresh?
150        private Integer deviceCodeValiditySeconds; // timeout for device codes
151
152        /** fields for UMA */
153        private Set<String> claimsRedirectUris;
154
155        /** Software statement **/
156        private JWT softwareStatement;
157
158        /** PKCE **/
159        private PKCEAlgorithm codeChallengeMethod;
160
161        public enum AuthMethod {
162                SECRET_POST("client_secret_post"),
163                SECRET_BASIC("client_secret_basic"),
164                SECRET_JWT("client_secret_jwt"),
165                PRIVATE_KEY("private_key_jwt"),
166                NONE("none");
167
168                private final String value;
169
170                // map to aid reverse lookup
171                private static final Map<String, AuthMethod> lookup = new HashMap<>();
172                static {
173                        for (AuthMethod a : AuthMethod.values()) {
174                                lookup.put(a.getValue(), a);
175                        }
176                }
177
178                AuthMethod(String value) {
179                        this.value = value;
180                }
181
182                public String getValue() {
183                        return value;
184                }
185
186                public static AuthMethod getByValue(String value) {
187                        return lookup.get(value);
188                }
189        }
190
191        public enum AppType {
192                WEB("web"), NATIVE("native");
193
194                private final String value;
195
196                // map to aid reverse lookup
197                private static final Map<String, AppType> lookup = new HashMap<>();
198                static {
199                        for (AppType a : AppType.values()) {
200                                lookup.put(a.getValue(), a);
201                        }
202                }
203
204                AppType(String value) {
205                        this.value = value;
206                }
207
208                public String getValue() {
209                        return value;
210                }
211
212                public static AppType getByValue(String value) {
213                        return lookup.get(value);
214                }
215        }
216
217        public enum SubjectType {
218                PAIRWISE("pairwise"), PUBLIC("public");
219
220                private final String value;
221
222                // map to aid reverse lookup
223                private static final Map<String, SubjectType> lookup = new HashMap<>();
224                static {
225                        for (SubjectType u : SubjectType.values()) {
226                                lookup.put(u.getValue(), u);
227                        }
228                }
229
230                SubjectType(String value) {
231                        this.value = value;
232                }
233
234                public String getValue() {
235                        return value;
236                }
237
238                public static SubjectType getByValue(String value) {
239                        return lookup.get(value);
240                }
241        }
242
243        /**
244         * Create a blank ClientDetailsEntity
245         */
246        public ClientDetailsEntity() {
247
248        }
249
250        @PrePersist
251        @PreUpdate
252        private void prePersist() {
253                // make sure that ID tokens always time out, default to 5 minutes
254                if (getIdTokenValiditySeconds() == null) {
255                        setIdTokenValiditySeconds(DEFAULT_ID_TOKEN_VALIDITY_SECONDS);
256                }
257        }
258
259        /**
260         * @return the id
261         */
262        @Id
263        @GeneratedValue(strategy = GenerationType.IDENTITY)
264        @Column(name = "id")
265        public Long getId() {
266                return id;
267        }
268
269        /**
270         *
271         * @param id the id to set
272         */
273        public void setId(Long id) {
274                this.id = id;
275        }
276
277        /**
278         * @return the clientDescription
279         */
280        @Basic
281        @Column(name="client_description")
282        public String getClientDescription() {
283                return clientDescription;
284        }
285
286        /**
287         * @param clientDescription Human-readable long description of the client (optional)
288         */
289        public void setClientDescription(String clientDescription) {
290                this.clientDescription = clientDescription;
291        }
292
293        /**
294         * @return the allowRefresh
295         */
296        @Transient
297        public boolean isAllowRefresh() {
298                if (grantTypes != null) {
299                        return getAuthorizedGrantTypes().contains("refresh_token");
300                } else {
301                        return false; // if there are no grants, we can't be refreshing them, can we?
302                }
303        }
304
305        @Basic
306        @Column(name="reuse_refresh_tokens")
307        public boolean isReuseRefreshToken() {
308                return reuseRefreshToken;
309        }
310
311        public void setReuseRefreshToken(boolean reuseRefreshToken) {
312                this.reuseRefreshToken = reuseRefreshToken;
313        }
314
315        /**
316         * Number of seconds ID token is valid for. MUST be a positive integer, can not be null.
317         *
318         * @return the idTokenValiditySeconds
319         */
320        @Basic
321        @Column(name="id_token_validity_seconds")
322        public Integer getIdTokenValiditySeconds() {
323                return idTokenValiditySeconds;
324        }
325
326        /**
327         * @param idTokenValiditySeconds the idTokenValiditySeconds to set
328         */
329        public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) {
330                this.idTokenValiditySeconds = idTokenValiditySeconds;
331        }
332
333        /**
334         * @return the dynamicallyRegistered
335         */
336        @Basic
337        @Column(name="dynamically_registered")
338        public boolean isDynamicallyRegistered() {
339                return dynamicallyRegistered;
340        }
341
342        /**
343         * @param dynamicallyRegistered the dynamicallyRegistered to set
344         */
345        public void setDynamicallyRegistered(boolean dynamicallyRegistered) {
346                this.dynamicallyRegistered = dynamicallyRegistered;
347        }
348
349
350
351
352
353        /**
354         * @return the allowIntrospection
355         */
356        @Basic
357        @Column(name="allow_introspection")
358        public boolean isAllowIntrospection() {
359                return allowIntrospection;
360        }
361
362        /**
363         * @param allowIntrospection the allowIntrospection to set
364         */
365        public void setAllowIntrospection(boolean allowIntrospection) {
366                this.allowIntrospection = allowIntrospection;
367        }
368
369        /**
370         *
371         */
372        @Override
373        @Transient
374        public boolean isSecretRequired() {
375                if (getTokenEndpointAuthMethod() != null &&
376                                (getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_BASIC) ||
377                                                getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST) ||
378                                                getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT))) {
379                        return true;
380                } else {
381                        return false;
382                }
383
384        }
385
386        /**
387         * If the scope list is not null or empty, then this client has been scoped.
388         */
389        @Override
390        @Transient
391        public boolean isScoped() {
392                return getScope() != null && !getScope().isEmpty();
393        }
394
395        /**
396         * @return the clientId
397         */
398        @Basic
399        @Override
400        @Column(name="client_id")
401        public String getClientId() {
402                return clientId;
403        }
404
405        /**
406         * @param clientId The OAuth2 client_id, must be unique to this client
407         */
408        public void setClientId(String clientId) {
409                this.clientId = clientId;
410        }
411
412        /**
413         * @return the clientSecret
414         */
415        @Basic
416        @Override
417        @Column(name="client_secret")
418        public String getClientSecret() {
419                return clientSecret;
420        }
421
422        /**
423         * @param clientSecret the OAuth2 client_secret (optional)
424         */
425        public void setClientSecret(String clientSecret) {
426                this.clientSecret = clientSecret;
427        }
428
429        /**
430         * @return the scope
431         */
432        @ElementCollection(fetch = FetchType.EAGER)
433        @CollectionTable(
434                        name="client_scope",
435                        joinColumns=@JoinColumn(name="owner_id")
436                        )
437        @Override
438        @Column(name="scope")
439        public Set<String> getScope() {
440                return scope;
441        }
442
443        /**
444         * @param scope the set of scopes allowed to be issued to this client
445         */
446        public void setScope(Set<String> scope) {
447                this.scope = scope;
448        }
449
450        /**
451         * @return the authorizedGrantTypes
452         */
453        @ElementCollection(fetch = FetchType.EAGER)
454        @CollectionTable(
455                        name="client_grant_type",
456                        joinColumns=@JoinColumn(name="owner_id")
457                        )
458        @Column(name="grant_type")
459        public Set<String> getGrantTypes() {
460                return grantTypes;
461        }
462
463        /**
464         * @param authorizedGrantTypes the OAuth2 grant types that this client is allowed to use
465         */
466        public void setGrantTypes(Set<String> grantTypes) {
467                this.grantTypes = grantTypes;
468        }
469
470        /**
471         * passthrough for SECOAUTH api
472         */
473        @Override
474        @Transient
475        public Set<String> getAuthorizedGrantTypes() {
476                return getGrantTypes();
477        }
478
479        /**
480         * @return the authorities
481         */
482        @ElementCollection(fetch = FetchType.EAGER)
483        @CollectionTable(
484                        name="client_authority",
485                        joinColumns=@JoinColumn(name="owner_id")
486                        )
487        @Override
488        @Convert(converter = SimpleGrantedAuthorityStringConverter.class)
489        @Column(name="authority")
490        public Set<GrantedAuthority> getAuthorities() {
491                return authorities;
492        }
493
494        /**
495         * @param authorities the Spring Security authorities this client is given
496         */
497        public void setAuthorities(Set<GrantedAuthority> authorities) {
498                this.authorities = authorities;
499        }
500
501        @Override
502        @Basic
503        @Column(name="access_token_validity_seconds")
504        public Integer getAccessTokenValiditySeconds() {
505                return accessTokenValiditySeconds;
506        }
507
508        /**
509         * @param accessTokenTimeout the accessTokenTimeout to set
510         */
511        public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
512                this.accessTokenValiditySeconds = accessTokenValiditySeconds;
513        }
514
515        @Override
516        @Basic
517        @Column(name="refresh_token_validity_seconds")
518        public Integer getRefreshTokenValiditySeconds() {
519                return refreshTokenValiditySeconds;
520        }
521
522        /**
523         * @param refreshTokenTimeout Lifetime of refresh tokens, in seconds (optional - leave null for no timeout)
524         */
525        public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
526                this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
527        }
528
529        /**
530         * @return the registeredRedirectUri
531         */
532        @ElementCollection(fetch = FetchType.EAGER)
533        @CollectionTable(
534                        name="client_redirect_uri",
535                        joinColumns=@JoinColumn(name="owner_id")
536                        )
537        @Column(name="redirect_uri")
538        public Set<String> getRedirectUris() {
539                return redirectUris;
540        }
541
542        /**
543         * @param registeredRedirectUri the registeredRedirectUri to set
544         */
545        public void setRedirectUris(Set<String> redirectUris) {
546                this.redirectUris = redirectUris;
547        }
548
549        /**
550         * Pass-through method to fulfill the ClientDetails interface with a bad name
551         */
552        @Override
553        @Transient
554        public Set<String> getRegisteredRedirectUri() {
555                return getRedirectUris();
556        }
557
558        /**
559         * @return the resourceIds
560         */
561        @Override
562        @ElementCollection(fetch = FetchType.EAGER)
563        @CollectionTable(
564                        name="client_resource",
565                        joinColumns=@JoinColumn(name="owner_id")
566                        )
567        @Column(name="resource_id")
568        public Set<String> getResourceIds() {
569                return resourceIds;
570        }
571
572        /**
573         * @param resourceIds the resourceIds to set
574         */
575        public void setResourceIds(Set<String> resourceIds) {
576                this.resourceIds = resourceIds;
577        }
578
579
580        /**
581         * This library does not make use of this field, so it is not
582         * stored using our persistence layer.
583         *
584         * However, it's somehow required by SECOUATH.
585         *
586         * @return an empty map
587         */
588        @Override
589        @Transient
590        public Map<String, Object> getAdditionalInformation() {
591                return this.additionalInformation;
592        }
593
594
595
596
597        @Enumerated(EnumType.STRING)
598        @Column(name="application_type")
599        public AppType getApplicationType() {
600                return applicationType;
601        }
602
603        public void setApplicationType(AppType applicationType) {
604                this.applicationType = applicationType;
605        }
606
607        @Basic
608        @Column(name="client_name")
609        public String getClientName() {
610                return clientName;
611        }
612
613        public void setClientName(String clientName) {
614                this.clientName = clientName;
615        }
616
617        @Enumerated(EnumType.STRING)
618        @Column(name="token_endpoint_auth_method")
619        public AuthMethod getTokenEndpointAuthMethod() {
620                return tokenEndpointAuthMethod;
621        }
622
623        public void setTokenEndpointAuthMethod(AuthMethod tokenEndpointAuthMethod) {
624                this.tokenEndpointAuthMethod = tokenEndpointAuthMethod;
625        }
626
627        @Enumerated(EnumType.STRING)
628        @Column(name="subject_type")
629        public SubjectType getSubjectType() {
630                return subjectType;
631        }
632
633        public void setSubjectType(SubjectType subjectType) {
634                this.subjectType = subjectType;
635        }
636
637        @ElementCollection(fetch = FetchType.EAGER)
638        @CollectionTable(
639                        name="client_contact",
640                        joinColumns=@JoinColumn(name="owner_id")
641                        )
642        @Column(name="contact")
643        public Set<String> getContacts() {
644                return contacts;
645        }
646
647        public void setContacts(Set<String> contacts) {
648                this.contacts = contacts;
649        }
650
651        @Basic
652        @Column(name="logo_uri")
653        public String getLogoUri() {
654                return logoUri;
655        }
656
657        public void setLogoUri(String logoUri) {
658                this.logoUri = logoUri;
659        }
660
661        @Basic
662        @Column(name="policy_uri")
663        public String getPolicyUri() {
664                return policyUri;
665        }
666
667        public void setPolicyUri(String policyUri) {
668                this.policyUri = policyUri;
669        }
670
671        /**
672         * @return the clientUrl
673         */
674        @Basic
675        @Column(name="client_uri")
676        public String getClientUri() {
677                return clientUri;
678        }
679
680        /**
681         * @param clientUrl the clientUrl to set
682         */
683        public void setClientUri(String clientUri) {
684                this.clientUri = clientUri;
685        }
686
687        /**
688         * @return the tosUrl
689         */
690        @Basic
691        @Column(name="tos_uri")
692        public String getTosUri() {
693                return tosUri;
694        }
695
696        /**
697         * @param tosUrl the tosUrl to set
698         */
699        public void setTosUri(String tosUri) {
700                this.tosUri = tosUri;
701        }
702
703        @Basic
704        @Column(name="jwks_uri")
705        public String getJwksUri() {
706                return jwksUri;
707        }
708
709        public void setJwksUri(String jwksUri) {
710                this.jwksUri = jwksUri;
711        }
712
713        /**
714         * @return the jwks
715         */
716        @Basic
717        @Column(name="jwks")
718        @Convert(converter = JWKSetStringConverter.class)
719        public JWKSet getJwks() {
720                return jwks;
721        }
722
723        /**
724         * @param jwks the jwks to set
725         */
726        public void setJwks(JWKSet jwks) {
727                this.jwks = jwks;
728        }
729
730        @Basic
731        @Column(name="sector_identifier_uri")
732        public String getSectorIdentifierUri() {
733                return sectorIdentifierUri;
734        }
735
736        public void setSectorIdentifierUri(String sectorIdentifierUri) {
737                this.sectorIdentifierUri = sectorIdentifierUri;
738        }
739
740        @Basic
741        @Column(name = "request_object_signing_alg")
742        @Convert(converter = JWSAlgorithmStringConverter.class)
743        public JWSAlgorithm getRequestObjectSigningAlg() {
744                return requestObjectSigningAlg;
745        }
746
747        public void setRequestObjectSigningAlg(JWSAlgorithm requestObjectSigningAlg) {
748                this.requestObjectSigningAlg = requestObjectSigningAlg;
749        }
750
751        @Basic
752        @Column(name = "user_info_signed_response_alg")
753        @Convert(converter = JWSAlgorithmStringConverter.class)
754        public JWSAlgorithm getUserInfoSignedResponseAlg() {
755                return userInfoSignedResponseAlg;
756        }
757
758        public void setUserInfoSignedResponseAlg(JWSAlgorithm userInfoSignedResponseAlg) {
759                this.userInfoSignedResponseAlg = userInfoSignedResponseAlg;
760        }
761
762        @Basic
763        @Column(name = "user_info_encrypted_response_alg")
764        @Convert(converter = JWEAlgorithmStringConverter.class)
765        public JWEAlgorithm getUserInfoEncryptedResponseAlg() {
766                return userInfoEncryptedResponseAlg;
767        }
768
769        public void setUserInfoEncryptedResponseAlg(JWEAlgorithm userInfoEncryptedResponseAlg) {
770                this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
771        }
772
773        @Basic
774        @Column(name = "user_info_encrypted_response_enc")
775        @Convert(converter = JWEEncryptionMethodStringConverter.class)
776        public EncryptionMethod getUserInfoEncryptedResponseEnc() {
777                return userInfoEncryptedResponseEnc;
778        }
779
780        public void setUserInfoEncryptedResponseEnc(EncryptionMethod userInfoEncryptedResponseEnc) {
781                this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc;
782        }
783
784        @Basic
785        @Column(name="id_token_signed_response_alg")
786        @Convert(converter = JWSAlgorithmStringConverter.class)
787        public JWSAlgorithm getIdTokenSignedResponseAlg() {
788                return idTokenSignedResponseAlg;
789        }
790
791        public void setIdTokenSignedResponseAlg(JWSAlgorithm idTokenSignedResponseAlg) {
792                this.idTokenSignedResponseAlg = idTokenSignedResponseAlg;
793        }
794
795        @Basic
796        @Column(name = "id_token_encrypted_response_alg")
797        @Convert(converter = JWEAlgorithmStringConverter.class)
798        public JWEAlgorithm getIdTokenEncryptedResponseAlg() {
799                return idTokenEncryptedResponseAlg;
800        }
801
802        public void setIdTokenEncryptedResponseAlg(JWEAlgorithm idTokenEncryptedResponseAlg) {
803                this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg;
804        }
805
806        @Basic
807        @Column(name = "id_token_encrypted_response_enc")
808        @Convert(converter = JWEEncryptionMethodStringConverter.class)
809        public EncryptionMethod getIdTokenEncryptedResponseEnc() {
810                return idTokenEncryptedResponseEnc;
811        }
812
813        public void setIdTokenEncryptedResponseEnc(EncryptionMethod idTokenEncryptedResponseEnc) {
814                this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc;
815        }
816
817        @Basic
818        @Column(name="token_endpoint_auth_signing_alg")
819        @Convert(converter = JWSAlgorithmStringConverter.class)
820        public JWSAlgorithm getTokenEndpointAuthSigningAlg() {
821                return tokenEndpointAuthSigningAlg;
822        }
823
824        public void setTokenEndpointAuthSigningAlg(JWSAlgorithm tokenEndpointAuthSigningAlg) {
825                this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg;
826        }
827
828        @Basic
829        @Column(name="default_max_age")
830        public Integer getDefaultMaxAge() {
831                return defaultMaxAge;
832        }
833
834        public void setDefaultMaxAge(Integer defaultMaxAge) {
835                this.defaultMaxAge = defaultMaxAge;
836        }
837
838        @Basic
839        @Column(name="require_auth_time")
840        public Boolean getRequireAuthTime() {
841                return requireAuthTime;
842        }
843
844        public void setRequireAuthTime(Boolean requireAuthTime) {
845                this.requireAuthTime = requireAuthTime;
846        }
847
848        /**
849         * @return the responseTypes
850         */
851        @ElementCollection(fetch = FetchType.EAGER)
852        @CollectionTable(
853                        name="client_response_type",
854                        joinColumns=@JoinColumn(name="owner_id")
855                        )
856        @Column(name="response_type")
857        public Set<String> getResponseTypes() {
858                return responseTypes;
859        }
860
861        /**
862         * @param responseTypes the responseTypes to set
863         */
864        public void setResponseTypes(Set<String> responseTypes) {
865                this.responseTypes = responseTypes;
866        }
867
868        /**
869         * @return the defaultACRvalues
870         */
871        @ElementCollection(fetch = FetchType.EAGER)
872        @CollectionTable(
873                        name="client_default_acr_value",
874                        joinColumns=@JoinColumn(name="owner_id")
875                        )
876        @Column(name="default_acr_value")
877        public Set<String> getDefaultACRvalues() {
878                return defaultACRvalues;
879        }
880
881        /**
882         * @param defaultACRvalues the defaultACRvalues to set
883         */
884        public void setDefaultACRvalues(Set<String> defaultACRvalues) {
885                this.defaultACRvalues = defaultACRvalues;
886        }
887
888        /**
889         * @return the initiateLoginUri
890         */
891        @Basic
892        @Column(name="initiate_login_uri")
893        public String getInitiateLoginUri() {
894                return initiateLoginUri;
895        }
896
897        /**
898         * @param initiateLoginUri the initiateLoginUri to set
899         */
900        public void setInitiateLoginUri(String initiateLoginUri) {
901                this.initiateLoginUri = initiateLoginUri;
902        }
903
904        /**
905         * @return the postLogoutRedirectUri
906         */
907        @ElementCollection(fetch = FetchType.EAGER)
908        @CollectionTable(
909                        name="client_post_logout_redirect_uri",
910                        joinColumns=@JoinColumn(name="owner_id")
911                        )
912        @Column(name="post_logout_redirect_uri")
913        public Set<String> getPostLogoutRedirectUris() {
914                return postLogoutRedirectUris;
915        }
916
917        /**
918         * @param postLogoutRedirectUri the postLogoutRedirectUri to set
919         */
920        public void setPostLogoutRedirectUris(Set<String> postLogoutRedirectUri) {
921                this.postLogoutRedirectUris = postLogoutRedirectUri;
922        }
923
924        /**
925         * @return the requestUris
926         */
927        @ElementCollection(fetch = FetchType.EAGER)
928        @CollectionTable(
929                        name="client_request_uri",
930                        joinColumns=@JoinColumn(name="owner_id")
931                        )
932        @Column(name="request_uri")
933        public Set<String> getRequestUris() {
934                return requestUris;
935        }
936
937        /**
938         * @param requestUris the requestUris to set
939         */
940        public void setRequestUris(Set<String> requestUris) {
941                this.requestUris = requestUris;
942        }
943
944        /**
945         * @return the createdAt
946         */
947        @Temporal(TemporalType.TIMESTAMP)
948        @Column(name="created_at")
949        public Date getCreatedAt() {
950                return createdAt;
951        }
952
953        /**
954         * @param createdAt the createdAt to set
955         */
956        public void setCreatedAt(Date createdAt) {
957                this.createdAt = createdAt;
958        }
959
960        /**
961         * Our framework doesn't use this construct, we use WhitelistedSites and ApprovedSites instead.
962         */
963        @Override
964        public boolean isAutoApprove(String scope) {
965                return false;
966        }
967
968        /**
969         * @return the clearAccessTokensOnRefresh
970         */
971        @Basic
972        @Column(name = "clear_access_tokens_on_refresh")
973        public boolean isClearAccessTokensOnRefresh() {
974                return clearAccessTokensOnRefresh;
975        }
976
977        /**
978         * @param clearAccessTokensOnRefresh the clearAccessTokensOnRefresh to set
979         */
980        public void setClearAccessTokensOnRefresh(boolean clearAccessTokensOnRefresh) {
981                this.clearAccessTokensOnRefresh = clearAccessTokensOnRefresh;
982        }
983
984        /**
985         * @return the claimsRedirectUris
986         */
987        @ElementCollection(fetch = FetchType.EAGER)
988        @CollectionTable(
989                        name="client_claims_redirect_uri",
990                        joinColumns=@JoinColumn(name="owner_id")
991                        )
992        @Column(name="redirect_uri")
993        public Set<String> getClaimsRedirectUris() {
994                return claimsRedirectUris;
995        }
996
997        /**
998         * @param claimsRedirectUris the claimsRedirectUris to set
999         */
1000        public void setClaimsRedirectUris(Set<String> claimsRedirectUris) {
1001                this.claimsRedirectUris = claimsRedirectUris;
1002        }
1003
1004        /**
1005         * @return the softwareStatement
1006         */
1007        @Basic
1008        @Column(name = "software_statement")
1009        @Convert(converter = JWTStringConverter.class)
1010        public JWT getSoftwareStatement() {
1011                return softwareStatement;
1012        }
1013
1014        /**
1015         * @param softwareStatement the softwareStatement to set
1016         */
1017        public void setSoftwareStatement(JWT softwareStatement) {
1018                this.softwareStatement = softwareStatement;
1019        }
1020
1021        /**
1022         * @return the codeChallengeMethod
1023         */
1024        @Basic
1025        @Column(name = "code_challenge_method")
1026        @Convert(converter = PKCEAlgorithmStringConverter.class)
1027        public PKCEAlgorithm getCodeChallengeMethod() {
1028                return codeChallengeMethod;
1029        }
1030
1031        /**
1032         * @param codeChallengeMethod the codeChallengeMethod to set
1033         */
1034        public void setCodeChallengeMethod(PKCEAlgorithm codeChallengeMethod) {
1035                this.codeChallengeMethod = codeChallengeMethod;
1036        }
1037
1038        /**
1039         * @return the deviceCodeValiditySeconds
1040         */
1041        @Basic
1042        @Column(name="device_code_validity_seconds")
1043        public Integer getDeviceCodeValiditySeconds() {
1044                return deviceCodeValiditySeconds;
1045        }
1046
1047        /**
1048         * @param deviceCodeValiditySeconds the deviceCodeValiditySeconds to set
1049         */
1050        public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) {
1051                this.deviceCodeValiditySeconds = deviceCodeValiditySeconds;
1052        }
1053
1054        /**
1055         * @return the softwareId
1056         */
1057        @Basic
1058        @Column(name="software_id")
1059        public String getSoftwareId() {
1060                return softwareId;
1061        }
1062
1063        /**
1064         * @param softwareId the softwareId to set
1065         */
1066        public void setSoftwareId(String softwareId) {
1067                this.softwareId = softwareId;
1068        }
1069
1070        /**
1071         * @return the softwareVersion
1072         */
1073        @Basic
1074        @Column(name="software_version")
1075        public String getSoftwareVersion() {
1076                return softwareVersion;
1077        }
1078
1079        /**
1080         * @param softwareVersion the softwareVersion to set
1081         */
1082        public void setSoftwareVersion(String softwareVersion) {
1083                this.softwareVersion = softwareVersion;
1084        }
1085
1086}