From dfa37c368b34f0d8fcbdf237560708b8d64ec2d3 Mon Sep 17 00:00:00 2001
From: strehle <markus.strehle@sap.com>
Date: Thu, 6 Jul 2023 23:07:56 +0200
Subject: [PATCH] refactor

---
 .../uaa/oauth/token/ClaimConstants.java       |  2 +-
 ...tClientParametersAuthenticationFilter.java |  2 +-
 .../identity/uaa/oauth/UaaTokenServices.java  |  8 ++---
 .../oauth/openid/UserAuthenticationData.java  |  6 ++--
 ...EnhancedAuthorizationCodeTokenGranter.java |  2 +-
 .../uaa/util/UaaSecurityContextUtils.java     |  4 +--
 ...entParametersAuthenticationFilterTest.java | 29 ++++++++++++++++++-
 7 files changed, 40 insertions(+), 13 deletions(-)

diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/token/ClaimConstants.java b/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/token/ClaimConstants.java
index 98a7856dd8b..8f3a81adffa 100644
--- a/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/token/ClaimConstants.java
+++ b/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/token/ClaimConstants.java
@@ -55,5 +55,5 @@ public class ClaimConstants {
     public static final String AMR = "amr";
     public static final String ACR = "acr";
     public static final String PREVIOUS_LOGON_TIME = "previous_logon_time";
-    public static final String CLIENT_AUTHENTICATION = "client_auth";
+    public static final String CLIENT_AUTH_METHOD = "client_auth_method";
 }
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/AbstractClientParametersAuthenticationFilter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/AbstractClientParametersAuthenticationFilter.java
index 55985fd8fd1..c2a7de66538 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/AbstractClientParametersAuthenticationFilter.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/AbstractClientParametersAuthenticationFilter.java
@@ -134,7 +134,7 @@ private Authentication performClientAuthentication(HttpServletRequest req, Map<S
             if (auth.getDetails() instanceof  UaaAuthenticationDetails) {
                 UaaAuthenticationDetails clientDetails = (UaaAuthenticationDetails) auth.getDetails();
                 if (clientDetails.getAuthenticationMethod() != null) {
-                    authorizationRequest.setExtensions(Map.of(ClaimConstants.CLIENT_AUTHENTICATION, clientDetails.getAuthenticationMethod()));
+                    authorizationRequest.setExtensions(Map.of(ClaimConstants.CLIENT_AUTH_METHOD, clientDetails.getAuthenticationMethod()));
                 }
             }
             //must set this to true in order for
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServices.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServices.java
index 675eb95affe..ebb1a4a3136 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServices.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServices.java
@@ -103,7 +103,7 @@
 import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.AUTH_TIME;
 import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.AZP;
 import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CID;
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CLIENT_AUTHENTICATION;
+import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CLIENT_AUTH_METHOD;
 import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CLIENT_ID;
 import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.EMAIL;
 import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.EXPIRY_IN_SECONDS;
@@ -417,9 +417,9 @@ private CompositeToken createCompositeToken(String tokenId,
             info.put(ADDITIONAL_AZ_ATTR, additionalAuthorizationAttributes);
         }
 
-        String clientAuthentication = userAuthenticationData.client_auth;
+        String clientAuthentication = userAuthenticationData.clientAuth;
         if (clientAuthentication != null) {
-            addRootClaimEntry(additionalRootClaims, CLIENT_AUTHENTICATION, clientAuthentication);
+            addRootClaimEntry(additionalRootClaims, CLIENT_AUTH_METHOD, clientAuthentication);
         }
 
         String nonce = userAuthenticationData.nonce;
@@ -649,7 +649,7 @@ public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication)
                 userAttributesForIdToken,
                 nonce,
                 grantType,
-                ofNullable(oAuth2Request.getExtensions().get(CLIENT_AUTHENTICATION)).map(String.class::cast).orElse(null),
+                ofNullable(oAuth2Request.getExtensions().get(CLIENT_AUTH_METHOD)).map(String.class::cast).orElse(null),
                 tokenId);
 
         String refreshTokenValue = refreshToken != null ? refreshToken.getValue() : null;
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/UserAuthenticationData.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/UserAuthenticationData.java
index d8a138c267b..3fbf5c4ac55 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/UserAuthenticationData.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/UserAuthenticationData.java
@@ -14,7 +14,7 @@ public class UserAuthenticationData {
     public final Map<String, List<String>> userAttributes;
     public final String nonce;
     public final String grantType;
-    public final String client_auth;
+    public final String clientAuth;
     public final String jti;
 
     public UserAuthenticationData(Date authTime,
@@ -25,7 +25,7 @@ public UserAuthenticationData(Date authTime,
                                   Map<String, List<String>> userAttributes,
                                   String nonce,
                                   String grantType,
-                                  String client_auth,
+                                  String clientAuth,
                                   String jti) {
         this.authTime = authTime;
         this.authenticationMethods = authenticationMethods;
@@ -35,7 +35,7 @@ public UserAuthenticationData(Date authTime,
         this.userAttributes = userAttributes;
         this.nonce = nonce;
         this.grantType = grantType;
-        this.client_auth = client_auth;
+        this.clientAuth = clientAuth;
         this.jti = jti;
     }
 }
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranter.java
index 00bedbe54da..22dc40c2c4e 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranter.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranter.java
@@ -110,7 +110,7 @@ protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, Tok
 
         String clientAuthentication = UaaSecurityContextUtils.getClientAuthenticationMethod();
         if (clientAuthentication != null) {
-            finalStoredOAuth2Request.getExtensions().put(ClaimConstants.CLIENT_AUTHENTICATION, clientAuthentication);
+            finalStoredOAuth2Request.getExtensions().put(ClaimConstants.CLIENT_AUTH_METHOD, clientAuthentication);
         }
 
         return new OAuth2Authentication(finalStoredOAuth2Request, userAuth);
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaSecurityContextUtils.java b/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaSecurityContextUtils.java
index 6e52e3f335e..dfe5be3947d 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaSecurityContextUtils.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaSecurityContextUtils.java
@@ -7,7 +7,7 @@
 import java.io.Serializable;
 import java.util.Map;
 
-import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CLIENT_AUTHENTICATION;
+import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.CLIENT_AUTH_METHOD;
 
 public final class UaaSecurityContextUtils {
 
@@ -25,7 +25,7 @@ public static String getClientAuthenticationMethod() {
       return null;
     }
 
-    return (String) extensions.get(CLIENT_AUTHENTICATION);
+    return (String) extensions.get(CLIENT_AUTH_METHOD);
   }
 
 }
diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/ClientParametersAuthenticationFilterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/ClientParametersAuthenticationFilterTest.java
index f8f0296a960..dbf778bcc94 100644
--- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/ClientParametersAuthenticationFilterTest.java
+++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/ClientParametersAuthenticationFilterTest.java
@@ -19,6 +19,7 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.web.AuthenticationEntryPoint;
 
 import javax.servlet.ServletException;
@@ -27,6 +28,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 
@@ -56,4 +58,29 @@ public void doesNotContinueWithFilterChain_IfAuthenticationException() throws IO
         verifyNoMoreInteractions(chain);
     }
 
-}
\ No newline at end of file
+    @Test
+    public void testStoreClientAuthenticationMethod() throws IOException, ServletException {
+        ClientParametersAuthenticationFilter filter = new ClientParametersAuthenticationFilter();
+
+        AuthenticationEntryPoint authenticationEntryPoint = mock(AuthenticationEntryPoint.class);
+        filter.setAuthenticationEntryPoint(authenticationEntryPoint);
+        AuthenticationManager clientAuthenticationManager = mock(AuthenticationManager.class);
+        filter.setClientAuthenticationManager(clientAuthenticationManager);
+
+        Authentication authentication = mock(Authentication.class);
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        UaaAuthenticationDetails authenticationDetails = mock(UaaAuthenticationDetails.class);
+        when(clientAuthenticationManager.authenticate(Mockito.any())).thenReturn(authentication);
+        when(authentication.isAuthenticated()).thenReturn(true);
+        when(authentication.getDetails()).thenReturn(authenticationDetails);
+        when(authenticationDetails.getAuthenticationMethod()).thenReturn("none");
+
+        MockFilterChain chain = mock(MockFilterChain.class);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        filter.doFilter(request, response, chain);
+
+        verifyNoInteractions(authenticationEntryPoint);
+        verify(chain).doFilter(request, response);
+    }
+}