cloudfoundry · strehle · Jan 19, 2021 · Dec 5, 2020 · Dec 8, 2020 · Jan 12, 2021
diff --git a/dependencies.gradle b/dependencies.gradle
@@ -14,7 +14,7 @@ versions.bouncyCastleVersion = "1.67"
 versions.hamcrestVersion = "2.2"
 versions.springBootVersion = "2.4.2"
 versions.springSecurityJwtVersion = "1.1.1.RELEASE"
-versions.springSecurityOAuthVersion = "2.4.0.RELEASE"
+versions.springSecurityOAuthVersion = "2.5.0.RELEASE"
 versions.springSecuritySamlVersion = "1.0.10.RELEASE"
 versions.springVersion = "5.3.3"
 versions.xmlBind = "2.3.0.1"

diff --git a/...er/src/test/java/org/cloudfoundry/identity/uaa/login/util/RandomValueStringGenerator.java b/...er/src/test/java/org/cloudfoundry/identity/uaa/login/util/RandomValueStringGenerator.java
@@ -0,0 +1,77 @@
+package org.cloudfoundry.identity.uaa.login.util;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+/**
+ * Utility that generates a random-value ASCII string.
+ *
+ * @author Ryan Heaton
+ * @author Dave Syer
+ */
+public class RandomValueStringGenerator {
+
+  private static final char[] DEFAULT_CODEC = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+      .toCharArray();
+
+  private Random random = new SecureRandom();
+
+  private int length;
+
+  /**
+   * Create a generator with the default length (6).
+   */
+  public RandomValueStringGenerator() {
+    this(6);
+  }
+
+  /**
+   * Create a generator of random strings of the length provided
+   *
+   * @param length the length of the strings generated
+   */
+  public RandomValueStringGenerator(int length) {
+    this.length = length;
+  }
+
+  public String generate() {
+    byte[] verifierBytes = new byte[length];
+    random.nextBytes(verifierBytes);
+    return getAuthorizationCodeString(verifierBytes);
+  }
+
+  /**
+   * Convert these random bytes to a verifier string. The length of the byte array can be
+   * {@link #setLength(int) configured}. The default implementation mods the bytes to fit into the
+   * ASCII letters 1-9, A-Z, a-z .
+   *
+   * @param verifierBytes The bytes.
+   * @return The string.
+   */
+  protected String getAuthorizationCodeString(byte[] verifierBytes) {
+    char[] chars = new char[verifierBytes.length];
+    for (int i = 0; i < verifierBytes.length; i++) {
+      chars[i] = DEFAULT_CODEC[((verifierBytes[i] & 0xFF) % DEFAULT_CODEC.length)];
+    }
+    return new String(chars);
+  }
+
+  /**
+   * The random value generator used to create token secrets.
+   *
+   * @param random The random value generator used to create token secrets.
+   */
+  public void setRandom(Random random) {
+    this.random = random;
+  }
+
+  /**
+   * The length of string to generate.
+   *
+   * @param length the length to set
+   */
+  public void setLength(int length) {
+    this.length = length;
+  }
+
+}
diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/GeneralMfaProviderValidatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/GeneralMfaProviderValidatorTest.java
@@ -1,12 +1,12 @@
 package org.cloudfoundry.identity.uaa.mfa;
 
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.mfa.exception.InvalidMfaProviderException;
 import org.cloudfoundry.identity.uaa.zone.IdentityZone;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 
 import static org.junit.Assert.assertEquals;
 

diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java
@@ -1,14 +1,14 @@
 package org.cloudfoundry.identity.uaa.mfa;
 
 import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.mfa.exception.MfaAlreadyExistsException;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.jdbc.core.JdbcTemplate;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 
 import java.util.List;
 

diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaCheckerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaCheckerTests.java
@@ -1,6 +1,7 @@
 package org.cloudfoundry.identity.uaa.mfa;
 
 import com.google.common.collect.Lists;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.zone.IdentityZone;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning;
 import org.cloudfoundry.identity.uaa.zone.MfaConfig;
@@ -12,7 +13,6 @@
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.ArgumentsProvider;
 import org.junit.jupiter.params.provider.ArgumentsSource;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 
 import java.util.Arrays;
 import java.util.stream.Stream;

diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaProviderEndpointsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaProviderEndpointsTest.java
@@ -1,5 +1,6 @@
 package org.cloudfoundry.identity.uaa.mfa;
 
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent;
 import org.cloudfoundry.identity.uaa.mfa.exception.MfaAlreadyExistsException;
 import org.cloudfoundry.identity.uaa.mfa.exception.MfaProviderUpdateIsNotAllowed;
@@ -12,7 +13,6 @@
 import org.mockito.Mockito;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 
 import java.util.Collections;
 import java.util.List;

diff --git a/.../test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java b/.../test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java
@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import org.cloudfoundry.identity.uaa.DefaultTestContext;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
 import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
 import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType;
@@ -23,7 +24,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 import org.springframework.test.web.servlet.MockMvc;

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java
@@ -2,6 +2,7 @@
 
 import org.apache.commons.lang3.RandomStringUtils;
 import org.cloudfoundry.identity.uaa.DefaultTestContext;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.account.EmailAccountCreationService;
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
 import org.cloudfoundry.identity.uaa.codestore.JdbcExpiringCodeStore;
@@ -33,7 +34,6 @@
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.test.web.servlet.MockMvc;

diff --git a/...st/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerMockMvcTest.java b/...st/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerMockMvcTest.java
@@ -3,6 +3,7 @@
 import org.cloudfoundry.identity.uaa.DefaultTestContext;
 import org.cloudfoundry.identity.uaa.account.UserAccountStatus;
 import org.cloudfoundry.identity.uaa.constants.OriginKeys;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.mfa.MfaProvider;
 import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils;
 import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
@@ -26,7 +27,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TotpMfaEndpointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TotpMfaEndpointMockMvcTests.java
@@ -4,6 +4,7 @@
 import org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent;
 import org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationFailureEvent;
 import org.cloudfoundry.identity.uaa.authentication.event.MfaAuthenticationSuccessEvent;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.mfa.JdbcUserGoogleMfaCredentialsProvisioning;
 import org.cloudfoundry.identity.uaa.mfa.MfaProvider;
 import org.cloudfoundry.identity.uaa.mfa.UserGoogleMfaCredentials;
@@ -26,7 +27,6 @@
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultActions;

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/util/RandomValueStringGenerator.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/util/RandomValueStringGenerator.java
@@ -0,0 +1,80 @@
+package org.cloudfoundry.identity.uaa.login.util;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+/**
+ * Utility that generates a random-value ASCII string.
+ *
+ * <p>
+ * @deprecated See the <a href="https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide">OAuth 2.0 Migration Guide</a> for Spring Security 5.
+ *
+ * @author Ryan Heaton
+ * @author Dave Syer
+ */
+public class RandomValueStringGenerator {
+
+  private static final char[] DEFAULT_CODEC = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+      .toCharArray();
+
+  private Random random = new SecureRandom();
+
+  private int length;
+
+  /**
+   * Create a generator with the default length (6).
+   */
+  public RandomValueStringGenerator() {
+    this(6);
+  }
+
+  /**
+   * Create a generator of random strings of the length provided
+   *
+   * @param length the length of the strings generated
+   */
+  public RandomValueStringGenerator(int length) {
+    this.length = length;
+  }
+
+  public String generate() {
+    byte[] verifierBytes = new byte[length];
+    random.nextBytes(verifierBytes);
+    return getAuthorizationCodeString(verifierBytes);
+  }
+
+  /**
+   * Convert these random bytes to a verifier string. The length of the byte array can be
+   * {@link #setLength(int) configured}. The default implementation mods the bytes to fit into the
+   * ASCII letters 1-9, A-Z, a-z .
+   *
+   * @param verifierBytes The bytes.
+   * @return The string.
+   */
+  protected String getAuthorizationCodeString(byte[] verifierBytes) {
+    char[] chars = new char[verifierBytes.length];
+    for (int i = 0; i < verifierBytes.length; i++) {
+      chars[i] = DEFAULT_CODEC[((verifierBytes[i] & 0xFF) % DEFAULT_CODEC.length)];
+    }
+    return new String(chars);
+  }
+
+  /**
+   * The random value generator used to create token secrets.
+   *
+   * @param random The random value generator used to create token secrets.
+   */
+  public void setRandom(Random random) {
+    this.random = random;
+  }
+
+  /**
+   * The length of string to generate.
+   *
+   * @param length the length to set
+   */
+  public void setLength(int length) {
+    this.length = length;
+  }
+
+}
diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/AbstractLdapMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/AbstractLdapMockMvcTest.java
@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.google.common.collect.Sets;
 import org.cloudfoundry.identity.uaa.DefaultTestContext;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.audit.AuditEventType;
 import org.cloudfoundry.identity.uaa.audit.LoggingAuditService;
 import org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent;
@@ -53,7 +54,6 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.test.annotation.DirtiesContext;

diff --git a/...ava/org/cloudfoundry/identity/uaa/mock/mfa_provider/MfaProviderEndpointsMockMvcTests.java b/...ava/org/cloudfoundry/identity/uaa/mock/mfa_provider/MfaProviderEndpointsMockMvcTests.java
@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.cloudfoundry.identity.uaa.DefaultTestContext;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent;
 import org.cloudfoundry.identity.uaa.mfa.GoogleMfaProviderConfig;
 import org.cloudfoundry.identity.uaa.mfa.JdbcMfaProviderProvisioning;
@@ -20,7 +21,6 @@
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultActions;

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/AbstractTokenMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/AbstractTokenMockMvcTests.java
@@ -2,6 +2,7 @@
 
 import org.cloudfoundry.identity.uaa.DefaultTestContext;
 import org.cloudfoundry.identity.uaa.constants.OriginKeys;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.mfa.MfaProvider;
 import org.cloudfoundry.identity.uaa.mfa.UserGoogleMfaCredentials;
 import org.cloudfoundry.identity.uaa.mfa.UserGoogleMfaCredentialsProvisioning;
@@ -26,9 +27,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.jdbc.core.JdbcTemplate;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
-import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.util.StringUtils;
 import org.springframework.web.context.WebApplicationContext;

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java
@@ -9,6 +9,7 @@
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
 import org.cloudfoundry.identity.uaa.constants.OriginKeys;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils;
 import org.cloudfoundry.identity.uaa.mock.util.OAuthToken;
 import org.cloudfoundry.identity.uaa.oauth.DisableIdTokenResponseTypeFilter;
@@ -73,7 +74,6 @@
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java
@@ -28,6 +28,7 @@
 import org.cloudfoundry.identity.uaa.invitations.InvitationsRequest;
 import org.cloudfoundry.identity.uaa.invitations.InvitationsResponse;
 import org.cloudfoundry.identity.uaa.login.Prompt;
+import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.mfa.GoogleMfaProviderConfig;
 import org.cloudfoundry.identity.uaa.mfa.MfaProvider;
 import org.cloudfoundry.identity.uaa.mfa.MfaProviderProvisioning;
@@ -85,7 +86,6 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
-import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 import org.springframework.security.web.PortResolverImpl;
@@ -1437,7 +1437,7 @@ public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request)
         }
     }
 
-    public static class PredictableGenerator extends RandomValueStringGenerator {
+    public static class PredictableGenerator extends org.springframework.security.oauth2.common.util.RandomValueStringGenerator {
         public AtomicInteger counter = new AtomicInteger(1);
 
         @Override