Search in sources :

Example 1 with IdentityReference

use of io.gravitee.rest.api.idp.api.identity.IdentityReference in project gravitee-management-rest-api by gravitee-io.

the class ReferenceSerializer method deserialize.

public IdentityReference deserialize(String token) throws Exception {
    String sToken = new String(Base64.getDecoder().decode(token));
    // Parse the JWE string
    JWEObject jweObject = JWEObject.parse(sToken);
    // Decrypt with shared key
    jweObject.decrypt(new DirectDecrypter(secretKey.getEncoded()));
    // Extract payload
    SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
    // Check the HMAC
    signedJWT.verify(new MACVerifier(secretKey.getEncoded()));
    // Retrieve the JWT claims
    return new IdentityReference(signedJWT.getJWTClaimsSet().getIssuer(), signedJWT.getJWTClaimsSet().getSubject());
}
Also used : IdentityReference(io.gravitee.rest.api.idp.api.identity.IdentityReference) MACVerifier(com.nimbusds.jose.crypto.MACVerifier) DirectDecrypter(com.nimbusds.jose.crypto.DirectDecrypter) SignedJWT(com.nimbusds.jwt.SignedJWT)

Example 2 with IdentityReference

use of io.gravitee.rest.api.idp.api.identity.IdentityReference in project gravitee-management-rest-api by gravitee-io.

the class CompositeIdentityManager method lookup.

@Override
public Optional<User> lookup(final String reference) {
    LOGGER.debug("Looking for a user: reference[{}]", reference);
    try {
        IdentityReference identityReference = referenceSerializer.deserialize(reference);
        LOGGER.debug("Lookup identity information from reference: source[{}] id[{}]", identityReference.getSource(), identityReference.getReference());
        for (final IdentityLookup identityLookup : identityLookups) {
            if (identityLookup.canHandle(identityReference)) {
                final User user = identityLookup.retrieve(identityReference);
                if (user != null) {
                    return of(user);
                }
            }
        }
    } catch (final Exception ex) {
        LOGGER.error("Unable to extract IDP: token[" + reference + "]", ex);
    }
    return empty();
}
Also used : IdentityLookup(io.gravitee.rest.api.idp.api.identity.IdentityLookup) SearchableUser(io.gravitee.rest.api.idp.api.identity.SearchableUser) User(io.gravitee.rest.api.idp.api.identity.User) IdentityReference(io.gravitee.rest.api.idp.api.identity.IdentityReference)

Aggregations

IdentityReference (io.gravitee.rest.api.idp.api.identity.IdentityReference)2 DirectDecrypter (com.nimbusds.jose.crypto.DirectDecrypter)1 MACVerifier (com.nimbusds.jose.crypto.MACVerifier)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 IdentityLookup (io.gravitee.rest.api.idp.api.identity.IdentityLookup)1 SearchableUser (io.gravitee.rest.api.idp.api.identity.SearchableUser)1 User (io.gravitee.rest.api.idp.api.identity.User)1