From bc81bda63bd73cefb1472d1748c367306a0e7666 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Ordo=C3=B1ez=20Molina?=
 <61416964+RafaelOm@users.noreply.github.com>
Date: Mon, 18 Jul 2022 12:15:05 +0200
Subject: [PATCH 1/4] Add files via upload

---
 .../java/org/seedstack/oauth/OAuthConfig.java | 30 ++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/seedstack/oauth/OAuthConfig.java b/src/main/java/org/seedstack/oauth/OAuthConfig.java
index 2e3d2be..455b767 100644
--- a/src/main/java/org/seedstack/oauth/OAuthConfig.java
+++ b/src/main/java/org/seedstack/oauth/OAuthConfig.java
@@ -23,6 +23,7 @@
 public class OAuthConfig {
     @NotNull
     private ProviderConfig provider = new ProviderConfig();
+    private RetrieverConfig retriever = new RetrieverConfig();
     @NotNull
     private AlgorithmConfig algorithms = new AlgorithmConfig();
     private URI discoveryDocument;
@@ -223,7 +224,15 @@ public OAuthConfig setDiscloseUnauthorizedReason(boolean discloseUnauthorizedRea
         return this;
     }
 
-    @Config("provider")
+    public RetrieverConfig getRetriever() {
+		return retriever;
+	}
+
+	public void setRetriever(RetrieverConfig retriever) {
+		this.retriever = retriever;
+	}
+
+	@Config("provider")
     public static class ProviderConfig {
         private URI authorization;
         private URI token;
@@ -318,4 +327,23 @@ public AlgorithmConfig setPlainTokenAllowed(boolean plainTokenAllowed) {
             return this;
         }
     }
+    @Config("retriever")
+    public static class RetrieverConfig {
+        private String connectTimeout;
+        private String readTimeout;
+		public String getConnectTimeout() {
+			return connectTimeout;
+		}
+		public void setConnectTimeout(String connectTimeout) {
+			this.connectTimeout = connectTimeout;
+		}
+		public String getReadTimeout() {
+			return readTimeout;
+		}
+		public void setReadTimeout(String readTimeout) {
+			this.readTimeout = readTimeout;
+		}
+       
+
+    }
 }

From 514d1a3ba3ef595edbe5c512b5d6f3457ef0fc81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Ordo=C3=B1ez=20Molina?=
 <61416964+RafaelOm@users.noreply.github.com>
Date: Mon, 18 Jul 2022 12:16:08 +0200
Subject: [PATCH 2/4] Add files via upload

---
 .../oauth/internal/OAuthServiceImpl.java      | 33 +++++++++++++++----
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java b/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
index dc08474..c21e0bf 100644
--- a/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
+++ b/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
@@ -16,6 +16,7 @@
 import com.nimbusds.jose.proc.JWSKeySelector;
 import com.nimbusds.jose.proc.JWSVerificationKeySelector;
 import com.nimbusds.jose.proc.SecurityContext;
+import com.nimbusds.jose.util.DefaultResourceRetriever;
 import com.nimbusds.jwt.*;
 import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
 import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
@@ -178,14 +179,11 @@ private JWTClaimsSet validateJwtAccessToken(JWT accessToken, Algorithm algorithm
 
         // Signing key selector
         oauthProvider.getJwksEndpoint().ifPresent(jwksEndpoint -> {
-            try {
-                JWKSource<SecurityContext> keySource = new RemoteJWKSet<>(jwksEndpoint.toURL());
+                JWKSource<SecurityContext> keySource = getkeySource(jwksEndpoint);
                 JWSAlgorithm expectedAlg = JWSAlgorithm.parse(oauthConfig.algorithms().getAccessSigningAlgorithm());
                 JWSKeySelector<SecurityContext> keySelector = new JWSVerificationKeySelector<>(expectedAlg, keySource);
                 jwtProcessor.setJWSKeySelector(keySelector);
-            } catch (MalformedURLException e) {
-                throw new TokenValidationException("Invalid JWKS endpoint: " + e.getMessage());
-            }
+           
         });
 
         // Claims verification
@@ -219,6 +217,24 @@ private JWTClaimsSet validateJwtAccessToken(JWT accessToken, Algorithm algorithm
             throw new TokenValidationException("Unable to validate JWT access token: " + e.getMessage(), e);
         }
     }
+    
+    private JWKSource<SecurityContext> getkeySource(URI jwksEndpoint){
+    	try {
+    		JWKSource<SecurityContext> keySource = new RemoteJWKSet<>(jwksEndpoint.toURL());
+    		String connectTimeout =oauthConfig.getRetriever().getConnectTimeout();
+    		String readTimeOut=oauthConfig.getRetriever().getReadTimeout();
+    			if(connectTimeout!=null &&connectTimeout!="" &&
+    					readTimeOut!=null && readTimeOut!="") {
+    				DefaultResourceRetriever defaultResourceRetriever= 
+    	        			new DefaultResourceRetriever(Integer.parseInt(connectTimeout),
+    	        					Integer.parseInt(readTimeOut));
+    				keySource = new RemoteJWKSet<>(jwksEndpoint.toURL(),defaultResourceRetriever);
+    			}
+    			return keySource;
+			} catch (MalformedURLException e) {
+				 throw new TokenValidationException("Invalid JWKS endpoint: " + e.getMessage());
+			}
+    }
 
     private JWTClaimsSet validateOpaqueAccessToken(AccessToken accessToken) {
         AccessTokenValidator accessTokenValidator = accessTokenValidatorProvider.get();
@@ -313,8 +329,11 @@ Optional<UserInfo> fetchUserInfo(String accessToken) {
             if (userInfoResponse.indicatesSuccess()) {
                 return Optional.of(((UserInfoSuccessResponse) userInfoResponse).getUserInfo());
             } else {
-                LOGGER.warn("Unable to fetch user info: {}", OAuthUtils.buildGenericError(((ErrorResponse) userInfoResponse)).getDescription());
-                return Optional.empty();
+            	  throw new TokenValidationException("Unable to validate the access token (HTTP status " 
+            + userInfoResponse.toErrorResponse().getErrorObject().getHTTPStatusCode() + "): " +
+            			  userInfoResponse.toErrorResponse().getErrorObject().getDescription());
+                //LOGGER.warn("Unable to fetch user info: {}", OAuthUtils.buildGenericError(((ErrorResponse) userInfoResponse)).getDescription());
+               // return Optional.empty();
             }
         }
         return Optional.empty();

From 27df4c1a72db70d691180d024daf7a301e778219 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Ordo=C3=B1ez=20Molina?=
 <61416964+RafaelOm@users.noreply.github.com>
Date: Mon, 18 Jul 2022 12:20:16 +0200
Subject: [PATCH 3/4] Update OAuthServiceImpl.java

---
 .../java/org/seedstack/oauth/internal/OAuthServiceImpl.java     | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java b/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
index c21e0bf..6fef785 100644
--- a/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
+++ b/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
@@ -332,8 +332,6 @@ Optional<UserInfo> fetchUserInfo(String accessToken) {
             	  throw new TokenValidationException("Unable to validate the access token (HTTP status " 
             + userInfoResponse.toErrorResponse().getErrorObject().getHTTPStatusCode() + "): " +
             			  userInfoResponse.toErrorResponse().getErrorObject().getDescription());
-                //LOGGER.warn("Unable to fetch user info: {}", OAuthUtils.buildGenericError(((ErrorResponse) userInfoResponse)).getDescription());
-               // return Optional.empty();
             }
         }
         return Optional.empty();

From ed97a2b2087632dd3e7d916d54dc086839a5019b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Ordo=C3=B1ez?= <rafaelordonezmolina@gmail.com>
Date: Sun, 5 Mar 2023 17:17:18 +0100
Subject: [PATCH 4/4] FIX  ES_COMPARING_STRINGS_WITH_EQ

---
 .../java/org/seedstack/oauth/internal/OAuthServiceImpl.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java b/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
index 6fef785..9e99da4 100644
--- a/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
+++ b/src/main/java/org/seedstack/oauth/internal/OAuthServiceImpl.java
@@ -223,8 +223,8 @@ private JWKSource<SecurityContext> getkeySource(URI jwksEndpoint){
     		JWKSource<SecurityContext> keySource = new RemoteJWKSet<>(jwksEndpoint.toURL());
     		String connectTimeout =oauthConfig.getRetriever().getConnectTimeout();
     		String readTimeOut=oauthConfig.getRetriever().getReadTimeout();
-    			if(connectTimeout!=null &&connectTimeout!="" &&
-    					readTimeOut!=null && readTimeOut!="") {
+    			if(connectTimeout!=null && ! connectTimeout.equals("") &&
+    					readTimeOut!=null && ! readTimeOut.equals("")) {
     				DefaultResourceRetriever defaultResourceRetriever= 
     	        			new DefaultResourceRetriever(Integer.parseInt(connectTimeout),
     	        					Integer.parseInt(readTimeOut));