Examples with ClientAuthenticationVerifier - com.nimbusds.oauth2.sdk.auth.verifier.ClientAuthenticationVerifier

Example 1 with ClientAuthenticationVerifier

use of com.nimbusds.oauth2.sdk.auth.verifier.ClientAuthenticationVerifier in project di-authentication-api by alphagov.

the class TokenService method validatePrivateKeyJWT.

public Optional<ErrorObject> validatePrivateKeyJWT(String requestString, String publicKey, String tokenUrl, String clientID) {
    PrivateKeyJWT privateKeyJWT;
    try {
        privateKeyJWT = PrivateKeyJWT.parse(requestString);
    } catch (ParseException e) {
        LOG.warn("Could not parse Private Key JWT");
        return Optional.of(OAuth2Error.INVALID_CLIENT);
    }
    if (hasPrivateKeyJwtExpired(privateKeyJWT.getClientAssertion())) {
        LOG.warn("PrivateKeyJWT has expired");
        return Optional.of(OAuth2Error.INVALID_GRANT);
    }
    if (Objects.isNull(privateKeyJWT.getClientID()) || !privateKeyJWT.getClientID().toString().equals(clientID)) {
        LOG.warn("Invalid ClientID in PrivateKeyJWT");
        return Optional.of(OAuth2Error.INVALID_CLIENT);
    }
    ClientAuthenticationVerifier<?> authenticationVerifier = new ClientAuthenticationVerifier<>(generateClientCredentialsSelector(publicKey), Collections.singleton(new Audience(tokenUrl)));
    try {
        authenticationVerifier.verify(privateKeyJWT, null, null);
    } catch (InvalidClientException | JOSEException e) {
        LOG.warn("Unable to Verify Signature of Private Key JWT", e);
        return Optional.of(OAuth2Error.INVALID_CLIENT);
    }
    return Optional.empty();
}

Also used : ClientAuthenticationVerifier(com.nimbusds.oauth2.sdk.auth.verifier.ClientAuthenticationVerifier) Audience(com.nimbusds.oauth2.sdk.id.Audience) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) InvalidClientException(com.nimbusds.oauth2.sdk.auth.verifier.InvalidClientException) ParseException(com.nimbusds.oauth2.sdk.ParseException) JOSEException(com.nimbusds.jose.JOSEException)

Aggregations

JOSEException (com.nimbusds.jose.JOSEException)1 ParseException (com.nimbusds.oauth2.sdk.ParseException)1 PrivateKeyJWT (com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)1 ClientAuthenticationVerifier (com.nimbusds.oauth2.sdk.auth.verifier.ClientAuthenticationVerifier)1 InvalidClientException (com.nimbusds.oauth2.sdk.auth.verifier.InvalidClientException)1 Audience (com.nimbusds.oauth2.sdk.id.Audience)1