Example 11 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class AuthenticationFilter method processDPoP.
private void processDPoP(HttpServletRequest servletRequest, HttpServletResponse servletResponse, FilterChain filterChain) {
boolean validDPoPProof = false;
boolean authorized = false;
String errorReason = null;
try {
String dpopStr = servletRequest.getHeader(TokenRequestParam.DPOP);
Jwt dpop = Jwt.parseOrThrow(dpopStr);
GrantType grantType = GrantType.fromString(servletRequest.getParameter("grant_type"));
validateDpopHeader(dpop);
validateDpopPayload(dpop);
JSONWebKey jwk = JSONWebKey.fromJSONObject(dpop.getHeader().getJwk());
String dpopJwkThumbprint = jwk.getJwkThumbprint();
validDPoPProof = validateDpopSignature(dpop, jwk, dpopJwkThumbprint);
if (grantType == GrantType.AUTHORIZATION_CODE) {
final String code = servletRequest.getParameter("code");
final AuthorizationCodeGrant authorizationCodeGrant = authorizationGrantList.getAuthorizationCodeGrant(code);
identity.logout();
identity.getCredentials().setUsername(authorizationCodeGrant.getClient().getClientId());
identity.getCredentials().setPassword(null);
authorized = authenticator.authenticateClient(servletRequest, true);
filterChain.doFilter(servletRequest, servletResponse);
} else if (grantType == GrantType.REFRESH_TOKEN) {
final String refreshTokenCode = servletRequest.getParameter("refresh_token");
TokenEntity tokenEntity;
if (!isTrue(appConfiguration.getPersistRefreshTokenInLdap())) {
tokenEntity = (TokenEntity) cacheService.get(TokenHashUtil.hash(refreshTokenCode));
} else {
tokenEntity = grantService.getGrantByCode(refreshTokenCode);
}
if (!dpopJwkThumbprint.equals(tokenEntity.getDpop())) {
throw new InvalidJwtException("Invalid DPoP Proof Header. The jwk header is not valid.");
}
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByRefreshToken(tokenEntity.getClientId(), refreshTokenCode);
identity.logout();
identity.getCredentials().setUsername(authorizationGrant.getClient().getClientId());
identity.getCredentials().setPassword(null);
authorized = authenticator.authenticateClient(servletRequest, true);
filterChain.doFilter(servletRequest, servletResponse);
}
} catch (Exception ex) {
log.info("Invalid DPoP.", ex);
errorReason = ex.getMessage();
}
if (!validDPoPProof) {
sendBadRequestError(servletResponse, errorReason);
}
if (!authorized) {
sendError(servletResponse);
}
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
AuthorizationCodeGrant(io.jans.as.server.model.common.AuthorizationCodeGrant)
Jwt(io.jans.as.model.jwt.Jwt)
TokenEntity(io.jans.as.server.model.ldap.TokenEntity)
GrantType(io.jans.as.model.common.GrantType)
AuthorizationGrant(io.jans.as.server.model.common.AuthorizationGrant)
ServletException(javax.servlet.ServletException)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
Example 12 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class MTLSService method processMTLS.
public boolean processMTLS(HttpServletRequest httpRequest, HttpServletResponse httpResponse, FilterChain filterChain, Client client) throws Exception {
log.debug("Trying to authenticate client {} via {} ...", client.getClientId(), client.getAuthenticationMethod());
final String clientCertAsPem = httpRequest.getHeader("X-ClientCert");
if (StringUtils.isBlank(clientCertAsPem)) {
log.debug("Client certificate is missed in `X-ClientCert` header, client_id: {}.", client.getClientId());
return false;
}
X509Certificate cert = CertUtils.x509CertificateFromPem(clientCertAsPem);
if (cert == null) {
log.debug("Failed to parse client certificate, client_id: {}.", client.getClientId());
return false;
}
final String cn = CertUtils.getCN(cert);
final String hashedCn = HashUtil.getHash(cn, SignatureAlgorithm.HS512);
if ((StringUtils.isBlank(cn) || StringUtils.isBlank(hashedCn)) || (!cn.equals(client.getClientId()) && !hashedCn.equals(HashUtil.getHash(client.getClientId(), SignatureAlgorithm.HS512)))) {
if (log.isTraceEnabled())
log.trace("Client certificate CN does not match clientId. Invoke registration script's isCertValidForClient, CN: {}, clientId: {}, hashedCn: {}", cn, client.getClientId(), hashedCn);
DynamicClientRegistrationContext context = new DynamicClientRegistrationContext(httpRequest, new JSONObject(), null, client);
boolean result = externalDynamicClientRegistrationService.isCertValidForClient(cert, context);
if (!result) {
log.error("Reject request. isCertValidForClient returned false.");
throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity(errorResponseFactory.getErrorAsJson(TokenErrorResponseType.INVALID_CLIENT, httpRequest.getParameter("state"), "")).build());
}
}
if (client.getAuthenticationMethod() == AuthenticationMethod.TLS_CLIENT_AUTH) {
log.debug("Authenticating with tls_client_auth ...");
final String subjectDn = client.getAttributes().getTlsClientAuthSubjectDn();
if (StringUtils.isBlank(subjectDn)) {
log.debug("SubjectDN is not set for client {} which is required to authenticate it via `tls_client_auth`.", client.getClientId());
return false;
}
// we check only `subjectDn`, the PKI certificate validation is performed by apache/httpd
if (CertUtils.equalsRdn(subjectDn, cert.getSubjectDN().getName())) {
log.debug("Client {} authenticated via `tls_client_auth`.", client.getClientId());
authenticatedSuccessfully(client, httpRequest);
filterChain.doFilter(httpRequest, httpResponse);
return true;
}
log.debug("Client's subject dn: {}, cert subject dn: {}", subjectDn, cert.getSubjectDN().getName());
}
if (client.getAuthenticationMethod() == AuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH) {
// disable it
log.debug("Authenticating with self_signed_tls_client_auth ...");
final PublicKey publicKey = cert.getPublicKey();
final byte[] encodedKey = publicKey.getEncoded();
JSONObject jsonWebKeys = Strings.isNullOrEmpty(client.getJwks()) ? JwtUtil.getJSONWebKeys(client.getJwksUri()) : new JSONObject(client.getJwks());
if (jsonWebKeys == null) {
log.debug("Unable to load json web keys for client: {}, jwks_uri: {}, jks: {}", client.getClientId(), client.getJwksUri(), client.getJwks());
return false;
}
final JSONWebKeySet keySet = JSONWebKeySet.fromJSONObject(jsonWebKeys);
for (JSONWebKey key : keySet.getKeys()) {
if (ArrayUtils.isEquals(encodedKey, cryptoProvider.getPublicKey(key.getKid(), jsonWebKeys, null).getEncoded())) {
log.debug("Client {} authenticated via `self_signed_tls_client_auth`, matched kid: {}.", client.getClientId(), key.getKid());
authenticatedSuccessfully(client, httpRequest);
filterChain.doFilter(httpRequest, httpResponse);
return true;
}
}
}
log.debug("MTLS authentication failed.");
return false;
}
Also used :
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
JSONObject(org.json.JSONObject)
WebApplicationException(javax.ws.rs.WebApplicationException)
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
PublicKey(java.security.PublicKey)
X509Certificate(java.security.cert.X509Certificate)
DynamicClientRegistrationContext(io.jans.as.server.service.external.context.DynamicClientRegistrationContext)
Example 13 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class ServerCryptoProvider method getKeyId.
@Override
public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use) throws CryptoProviderException {
try {
if (algorithm == null || AlgorithmFamily.HMAC.equals(algorithm.getFamily())) {
return null;
}
final AppConfiguration appConfiguration = configurationFactory.getAppConfiguration();
if (appConfiguration.getKeySignWithSameKeyButDiffAlg()) {
// open banking: same key with different algorithms
LOG.trace("Getting key by use: " + use);
for (JSONWebKey key : jsonWebKeySet.getKeys()) {
if (use != null && use == key.getUse()) {
LOG.trace("Found " + key.getKid() + ", use: " + use);
return key.getKid();
}
}
}
final String staticKid = appConfiguration.getStaticKid();
if (StringUtils.isNotBlank(staticKid)) {
LOG.trace("Use staticKid: " + staticKid);
return staticKid;
}
final String kid = cryptoProvider.getKeyId(jsonWebKeySet, algorithm, use);
if (!cryptoProvider.getKeys().contains(kid) && configurationFactory.reloadConfFromLdap()) {
return cryptoProvider.getKeyId(jsonWebKeySet, algorithm, use);
}
return kid;
} catch (CryptoProviderException e) {
LOG.trace("Try to re-load configuration due to keystore exception (it can be rotated).");
if (configurationFactory.reloadConfFromLdap()) {
return cryptoProvider.getKeyId(jsonWebKeySet, algorithm, use);
}
}
return null;
}
Also used :
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
AppConfiguration(io.jans.as.model.configuration.AppConfiguration)
CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)
Example 14 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class AccountsServlet method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param servletRequest servlet request
* @param httpResponse servlet response
*/
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse httpResponse) {
log.info("Starting processRequest method of get Account Servlet***********************************************************************");
String authFromReq = null;
String xfapiinteractionid = null;
String tempaccess_token = null;
httpResponse.setCharacterEncoding("UTF-8");
httpResponse.setContentType(Constants.CONTENT_TYPE_APPLICATION_JSON_UTF_8);
try (PrintWriter out = httpResponse.getWriter()) {
xfapiinteractionid = servletRequest.getHeader("x-fapi-interaction-id");
tempaccess_token = servletRequest.getParameter("access_token");
if (xfapiinteractionid != null) {
httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
} else {
xfapiinteractionid = UUID.randomUUID().toString();
httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
}
if ((tempaccess_token != null) && (xfapiinteractionid != null)) {
if (tempaccess_token.startsWith("Bearer")) {
httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "Bearer token in query is disallowed");
log.info("FAPI ACcount: Authorization Bearer Token is not allowed in query*********************************************");
// throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.ACCESS_DENIED, "FAPI: access_token in query is disallowed.");
} else {
httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "token in query is disallowed");
log.info("FAPI: Authorization token is non-Bearer is not allowed in query*********************************************");
}
}
String clientCertAsPem = servletRequest.getHeader("X-ClientCert");
if (clientCertAsPem != null) {
log.info("FAPI Account: clientCertAsPem found*****************************************" + clientCertAsPem);
} else
log.info("FAPI Account: Nooooooooo clientCertAsPem *****************************************");
authFromReq = servletRequest.getHeader("Authorization");
String clientDn = null;
Client cl = null;
clientDn = tokenService.getClientDn(authFromReq);
X509Certificate cert = CertUtils.x509CertificateFromPem(clientCertAsPem);
AuthorizationGrant authorizationGrant = tokenService.getBearerAuthorizationGrant(authFromReq);
if (authorizationGrant == null || cert == null) {
sendError(httpResponse, authorizationGrant == null ? "Unable to find authorization grant." : "Failed to parse client certificate.");
return;
}
PublicKey publicKey = cert.getPublicKey();
byte[] encodedKey = publicKey.getEncoded();
if (clientDn != null) {
log.info("FAPI Account: ClientDn from Authoirization(tokenService) *********************************************" + clientDn);
cl = clientService.getClientByDn(clientDn);
JSONObject jsonWebKeys = new JSONObject(cl.getJwks());
if (jsonWebKeys == null) {
log.debug("FAPI Account:********************Unable to load json web keys for client: {}, jwks_uri: {}, jks: {}", cl.getClientId(), cl.getJwksUri(), cl.getJwks());
}
int matchctr = 0;
final JSONWebKeySet keySet = JSONWebKeySet.fromJSONObject(jsonWebKeys);
try {
for (JSONWebKey key : keySet.getKeys()) {
if (ArrayUtils.isEquals(encodedKey, cryptoProvider.getPublicKey(key.getKid(), jsonWebKeys, null).getEncoded())) {
matchctr += 1;
log.debug("FAPI Account: ********************************Client {} authenticated via `self_signed_tls_client_auth`, matched kid: {}.", cl.getClientId(), key.getKid());
}
}
if (matchctr == 0) {
log.error("FAPI Account: Client certificate does not match clientId. clientId: " + cl.getClientId() + "*********************************************");
httpResponse.setStatus(401, "The resource owner or authorization server denied the request");
return;
// throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity(errorResponseFactory.getErrorAsJson(TokenErrorResponseType.INVALID_CLIENT, servletRequest.getParameter("state"), "")).build());
}
} catch (Exception e) {
log.info("FAPI Account: Exception while keymatching****************************************************************");
}
} else
log.info("FAPI Account: ClientDn from Authoirization(tokenService) is NULL*********************************************");
JSONObject jsonObj = new JSONObject();
JSONArray accounts = new JSONArray();
jsonObj.put("Links", new JSONObject().put("self", "/open-banking/v3.1/aisp/accounts"));
jsonObj.put("Meta", new JSONObject().put("TotalPages", 1));
accounts.put(getAccount("Account1", "GBP", "352413", "05 May 2021", "08 Jun 2021", "CurrentAccount", "Enabled", "Personal"));
accounts.put(getAccount("Account2", "GBP", "4736325", "25 Mar 2021", "23 Apr 2021", "CurrentAccount", "Enabled", "Personal"));
jsonObj.put("Data", new JSONObject().put("Account", accounts));
out.print(jsonObj.toString());
httpResponse.setStatus(200, "OK");
out.flush();
log.info("Finished processRequest method of get Account Servlet ***********************************************************************");
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
Also used :
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
PublicKey(java.security.PublicKey)
JSONArray(org.json.JSONArray)
X509Certificate(java.security.cert.X509Certificate)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
JSONObject(org.json.JSONObject)
Client(io.jans.as.common.model.registration.Client)
AuthorizationGrant(io.jans.as.server.model.common.AuthorizationGrant)
PrintWriter(java.io.PrintWriter)
Example 15 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class FapiOpenIdConfiguration method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
*
* @param servletRequest servlet request
* @param httpResponse servlet response
*/
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse httpResponse) {
// addedforfapi
String authFromReq = null;
String xfapiinteractionid = null;
String tempaccess_token = null;
httpResponse.setContentType("application/json");
try (PrintWriter out = httpResponse.getWriter()) {
xfapiinteractionid = servletRequest.getHeader("x-fapi-interaction-id");
tempaccess_token = servletRequest.getParameter("access_token");
if ((tempaccess_token != null) && (xfapiinteractionid != null)) {
if (tempaccess_token.startsWith("Bearer")) {
log.info("FAPI: Authorization Bearer Token from qeury ********************************************* {}", tempaccess_token);
log.info("FAPI: Bearler Token is not allowed.**********************************************************************.");
httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "Bearer token in query is disallowed");
} else
httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "token in query is disallowed");
log.info("FAPI: Authorization token is non-Bearer is not allowed in query*********************************************");
}
String clientCertAsPem = servletRequest.getHeader("X-ClientCert");
if (clientCertAsPem != null) {
log.info("FAPI: clientCertAsPem found*****************************************");
log.info("FAPI: clientCertAsPem found*****************************************" + clientCertAsPem);
} else
log.info("FAPI: No clientCertAsPem *****************************************");
authFromReq = servletRequest.getHeader("Authorization");
String clientDn = null;
Client cl = null;
clientDn = tokenService.getClientDn(authFromReq);
String bearerToken = tokenService.getBearerToken(authFromReq);
X509Certificate cert = CertUtils.x509CertificateFromPem(clientCertAsPem);
AuthorizationGrant authorizationGrant = tokenService.getBearerAuthorizationGrant(authFromReq);
if (authorizationGrant == null) {
log.error("FAPI: Authorization grant is null.*********************************************");
httpResponse.sendError(httpResponse.SC_UNAUTHORIZED, "Authorization grant is null.");
}
if (cert == null) {
log.debug("Failed to parse client certificate, client_dn: {}.", clientDn);
return;
}
PublicKey publicKey = cert.getPublicKey();
byte[] encodedKey = publicKey.getEncoded();
if (clientDn != null) {
log.info("FAPI: ClientDn from Authoirization(tokenService) *********************************************" + clientDn);
cl = clientService.getClientByDn(clientDn);
String tempjwks = cl.getJwks();
if (tempjwks == null)
log.debug("********************FAPIRS JWKS not defined for the client");
else {
JSONObject jsonWebKeys = new JSONObject(tempjwks);
int matchctr = 0;
final JSONWebKeySet keySet = JSONWebKeySet.fromJSONObject(jsonWebKeys);
try {
for (JSONWebKey key : keySet.getKeys()) {
if (ArrayUtils.isEquals(encodedKey, cryptoProvider.getPublicKey(key.getKid(), jsonWebKeys, null).getEncoded())) {
matchctr += 1;
log.debug("********************************Client {} authenticated via `self_signed_tls_client_auth`, matched kid: {}.", cl.getClientId(), key.getKid());
}
}
if (matchctr == 0) {
log.error("Client certificate does not match clientId. clientId: " + cl.getClientId() + "*********************************************");
httpResponse.setStatus(401, "The resource owner or authorization server denied the request");
return;
}
} catch (Exception e) {
log.info("Exception while keymatching****************************************************************");
}
}
} else
log.info("FAPI: ClientDn from Authoirization(tokenService) is NULL*********************************************");
// original
JSONObject jsonObj = new JSONObject();
if (xfapiinteractionid != null) {
httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
log.info("x-fapi-interaction-id*************************=" + xfapiinteractionid);
} else {
xfapiinteractionid = "c770aef3-6784-41f7-8e0e-ff5f97bddb3a";
httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
log.info("x-fapi-interaction-id***********************=" + xfapiinteractionid);
}
jsonObj.put(ISSUER, appConfiguration.getIssuer());
jsonObj.put(AUTHORIZATION_ENDPOINT, appConfiguration.getAuthorizationEndpoint());
jsonObj.put(TOKEN_ENDPOINT, appConfiguration.getTokenEndpoint());
jsonObj.put(REVOCATION_ENDPOINT, appConfiguration.getTokenRevocationEndpoint());
jsonObj.put(SESSION_REVOCATION_ENDPOINT, endpointUrl("/revoke_session"));
jsonObj.put(USER_INFO_ENDPOINT, appConfiguration.getUserInfoEndpoint());
jsonObj.put(CLIENT_INFO_ENDPOINT, appConfiguration.getClientInfoEndpoint());
jsonObj.put(CHECK_SESSION_IFRAME, appConfiguration.getCheckSessionIFrame());
jsonObj.put(END_SESSION_ENDPOINT, appConfiguration.getEndSessionEndpoint());
jsonObj.put(JWKS_URI, appConfiguration.getJwksUri());
jsonObj.put(REGISTRATION_ENDPOINT, appConfiguration.getRegistrationEndpoint());
jsonObj.put(ID_GENERATION_ENDPOINT, appConfiguration.getIdGenerationEndpoint());
jsonObj.put(INTROSPECTION_ENDPOINT, appConfiguration.getIntrospectionEndpoint());
jsonObj.put(PAR_ENDPOINT, appConfiguration.getParEndpoint());
jsonObj.put(REQUIRE_PAR, appConfiguration.getRequirePar());
JSONArray responseTypesSupported = new JSONArray();
for (Set<ResponseType> responseTypes : appConfiguration.getResponseTypesSupported()) {
responseTypesSupported.put(implode(responseTypes, " "));
}
if (responseTypesSupported.length() > 0) {
jsonObj.put(RESPONSE_TYPES_SUPPORTED, responseTypesSupported);
}
JSONArray responseModesSupported = new JSONArray();
if (appConfiguration.getResponseModesSupported() != null) {
for (ResponseMode responseMode : appConfiguration.getResponseModesSupported()) {
responseModesSupported.put(responseMode);
}
}
if (responseModesSupported.length() > 0) {
jsonObj.put(RESPONSE_MODES_SUPPORTED, responseModesSupported);
}
JSONArray grantTypesSupported = new JSONArray();
for (GrantType grantType : appConfiguration.getGrantTypesSupported()) {
grantTypesSupported.put(grantType);
}
if (grantTypesSupported.length() > 0) {
jsonObj.put(GRANT_TYPES_SUPPORTED, grantTypesSupported);
}
JSONArray acrValuesSupported = new JSONArray();
for (String acr : externalAuthenticationService.getAcrValuesList()) {
acrValuesSupported.put(acr);
}
jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported);
jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping());
JSONArray subjectTypesSupported = new JSONArray();
for (String subjectType : appConfiguration.getSubjectTypesSupported()) {
subjectTypesSupported.put(subjectType);
}
if (subjectTypesSupported.length() > 0) {
jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported);
}
JSONArray userInfoSigningAlgValuesSupported = new JSONArray();
for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) {
userInfoSigningAlgValuesSupported.put(userInfoSigningAlg);
}
if (userInfoSigningAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported);
}
JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray();
for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) {
userInfoEncryptionAlgValuesSupported.put(userInfoEncryptionAlg);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray userInfoEncryptionEncValuesSupported = new JSONArray();
for (String userInfoEncryptionEnc : appConfiguration.getUserInfoEncryptionEncValuesSupported()) {
userInfoEncryptionEncValuesSupported.put(userInfoEncryptionEnc);
}
if (userInfoEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
}
JSONArray idTokenSigningAlgValuesSupported = new JSONArray();
for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) {
idTokenSigningAlgValuesSupported.put(idTokenSigningAlg);
}
if (idTokenSigningAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported);
}
JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray();
for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) {
idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg);
}
if (idTokenEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported);
}
JSONArray idTokenEncryptionEncValuesSupported = new JSONArray();
for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) {
idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc);
}
if (idTokenEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported);
}
JSONArray requestObjectSigningAlgValuesSupported = new JSONArray();
for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) {
requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg);
}
if (requestObjectSigningAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported);
}
JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray();
for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) {
requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg);
}
if (requestObjectEncryptionAlgValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported);
}
JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray();
for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) {
requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc);
}
if (requestObjectEncryptionEncValuesSupported.length() > 0) {
jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported);
}
JSONArray tokenEndpointAuthMethodsSupported = new JSONArray();
for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) {
tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod);
}
if (tokenEndpointAuthMethodsSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported);
}
JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray();
for (String tokenEndpointAuthSigningAlg : appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported()) {
tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg);
}
if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) {
jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, tokenEndpointAuthSigningAlgValuesSupported);
}
JSONArray displayValuesSupported = new JSONArray();
for (String display : appConfiguration.getDisplayValuesSupported()) {
displayValuesSupported.put(display);
}
if (displayValuesSupported.length() > 0) {
jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported);
}
JSONArray claimTypesSupported = new JSONArray();
for (String claimType : appConfiguration.getClaimTypesSupported()) {
claimTypesSupported.put(claimType);
}
if (claimTypesSupported.length() > 0) {
jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported);
}
jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation());
JSONArray idTokenTokenBindingCnfValuesSupported = new JSONArray();
for (String value : appConfiguration.getIdTokenTokenBindingCnfValuesSupported()) {
idTokenTokenBindingCnfValuesSupported.put(value);
}
jsonObj.put(ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED, idTokenTokenBindingCnfValuesSupported);
JSONArray claimsLocalesSupported = new JSONArray();
for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) {
claimsLocalesSupported.put(claimLocale);
}
if (claimsLocalesSupported.length() > 0) {
jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported);
}
JSONArray uiLocalesSupported = new JSONArray();
for (String uiLocale : appConfiguration.getUiLocalesSupported()) {
uiLocalesSupported.put(uiLocale);
}
if (uiLocalesSupported.length() > 0) {
jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported);
}
JSONArray scopesSupported = new JSONArray();
JSONArray claimsSupported = new JSONArray();
JSONArray scopeToClaimsMapping = createScopeToClaimsMapping(scopesSupported, claimsSupported);
if (scopesSupported.length() > 0) {
jsonObj.put(SCOPES_SUPPORTED, scopesSupported);
}
if (claimsSupported.length() > 0) {
jsonObj.put(CLAIMS_SUPPORTED, claimsSupported);
}
jsonObj.put(SCOPE_TO_CLAIMS_MAPPING, scopeToClaimsMapping);
jsonObj.put(CLAIMS_PARAMETER_SUPPORTED, appConfiguration.getClaimsParameterSupported());
jsonObj.put(REQUEST_PARAMETER_SUPPORTED, appConfiguration.getRequestParameterSupported());
jsonObj.put(REQUEST_URI_PARAMETER_SUPPORTED, appConfiguration.getRequestUriParameterSupported());
jsonObj.put(REQUIRE_REQUEST_URI_REGISTRATION, appConfiguration.getRequireRequestUriRegistration());
jsonObj.put(OP_POLICY_URI, appConfiguration.getOpPolicyUri());
jsonObj.put(OP_TOS_URI, appConfiguration.getOpTosUri());
jsonObj.put(TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, Boolean.TRUE);
jsonObj.put(BACKCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
jsonObj.put(BACKCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONTCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
jsonObj.put(FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED, appConfiguration.getFrontChannelLogoutSessionSupported());
cibaConfigurationService.processConfiguration(jsonObj);
out.println(ServerUtil.toPrettyJson(jsonObj).replace("\\/", "/"));
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
Also used :
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
PublicKey(java.security.PublicKey)
JSONArray(org.json.JSONArray)
GrantType(io.jans.as.model.common.GrantType)
X509Certificate(java.security.cert.X509Certificate)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
ResponseType(io.jans.as.model.common.ResponseType)
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
JSONObject(org.json.JSONObject)
ResponseMode(io.jans.as.model.common.ResponseMode)
Client(io.jans.as.common.model.registration.Client)
AuthorizationGrant(io.jans.as.server.model.common.AuthorizationGrant)
PrintWriter(java.io.PrintWriter)
Aggregations
JSONWebKey (io.jans.as.model.jwk.JSONWebKey)27
Test (org.testng.annotations.Test)12
BaseTest (io.jans.as.client.BaseTest)11
ResponseType (io.jans.as.model.common.ResponseType)10
Parameters (org.testng.annotations.Parameters)10
TokenResponse (io.jans.as.client.TokenResponse)9
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)9
DPoP (io.jans.as.model.jwt.DPoP)9
JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)6
JSONObject (org.json.JSONObject)6
RSAPublicKeyImpl (sun.security.rsa.RSAPublicKeyImpl)6
PublicKey (java.security.PublicKey)5
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)4
CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)4
JwkClient (io.jans.as.client.JwkClient)3
JwkResponse (io.jans.as.client.JwkResponse)3
WebKeysConfiguration (io.jans.as.model.config.WebKeysConfiguration)3
ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)3
Jwt (io.jans.as.model.jwt.Jwt)3
AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)3
