Example 6 with TokenEntity
use of io.jans.as.server.model.ldap.TokenEntity in project jans by JanssenProject.
the class AuthenticationFilter method processDPoP.
private void processDPoP(HttpServletRequest servletRequest, HttpServletResponse servletResponse, FilterChain filterChain) {
boolean validDPoPProof = false;
boolean authorized = false;
String errorReason = null;
try {
String dpopStr = servletRequest.getHeader(TokenRequestParam.DPOP);
Jwt dpop = Jwt.parseOrThrow(dpopStr);
GrantType grantType = GrantType.fromString(servletRequest.getParameter("grant_type"));
validateDpopHeader(dpop);
validateDpopPayload(dpop);
JSONWebKey jwk = JSONWebKey.fromJSONObject(dpop.getHeader().getJwk());
String dpopJwkThumbprint = jwk.getJwkThumbprint();
validDPoPProof = validateDpopSignature(dpop, jwk, dpopJwkThumbprint);
if (grantType == GrantType.AUTHORIZATION_CODE) {
final String code = servletRequest.getParameter("code");
final AuthorizationCodeGrant authorizationCodeGrant = authorizationGrantList.getAuthorizationCodeGrant(code);
identity.logout();
identity.getCredentials().setUsername(authorizationCodeGrant.getClient().getClientId());
identity.getCredentials().setPassword(null);
authorized = authenticator.authenticateClient(servletRequest, true);
filterChain.doFilter(servletRequest, servletResponse);
} else if (grantType == GrantType.REFRESH_TOKEN) {
final String refreshTokenCode = servletRequest.getParameter("refresh_token");
TokenEntity tokenEntity;
if (!isTrue(appConfiguration.getPersistRefreshTokenInLdap())) {
tokenEntity = (TokenEntity) cacheService.get(TokenHashUtil.hash(refreshTokenCode));
} else {
tokenEntity = grantService.getGrantByCode(refreshTokenCode);
}
if (!dpopJwkThumbprint.equals(tokenEntity.getDpop())) {
throw new InvalidJwtException("Invalid DPoP Proof Header. The jwk header is not valid.");
}
AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByRefreshToken(tokenEntity.getClientId(), refreshTokenCode);
identity.logout();
identity.getCredentials().setUsername(authorizationGrant.getClient().getClientId());
identity.getCredentials().setPassword(null);
authorized = authenticator.authenticateClient(servletRequest, true);
filterChain.doFilter(servletRequest, servletResponse);
}
} catch (Exception ex) {
log.info("Invalid DPoP.", ex);
errorReason = ex.getMessage();
}
if (!validDPoPProof) {
sendBadRequestError(servletResponse, errorReason);
}
if (!authorized) {
sendError(servletResponse);
}
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
AuthorizationCodeGrant(io.jans.as.server.model.common.AuthorizationCodeGrant)
Jwt(io.jans.as.model.jwt.Jwt)
TokenEntity(io.jans.as.server.model.ldap.TokenEntity)
GrantType(io.jans.as.model.common.GrantType)
AuthorizationGrant(io.jans.as.server.model.common.AuthorizationGrant)
ServletException(javax.servlet.ServletException)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
Example 7 with TokenEntity
use of io.jans.as.server.model.ldap.TokenEntity in project jans by JanssenProject.
the class AuthorizationGrant method asToken.
public TokenEntity asToken(IdToken token) {
final TokenEntity result = asTokenEntity(token);
result.setTokenTypeEnum(TokenType.ID_TOKEN);
return result;
}
Also used :
TokenEntity(io.jans.as.server.model.ldap.TokenEntity)
Example 8 with TokenEntity
use of io.jans.as.server.model.ldap.TokenEntity in project jans by JanssenProject.
the class AuthorizationGrant method createIdToken.
@Override
public IdToken createIdToken(String nonce, AuthorizationCode authorizationCode, AccessToken accessToken, RefreshToken refreshToken, String state, ExecutionContext executionContext) {
try {
executionContext.setScopes(getScopes());
executionContext.setClaimsAsString(getClaims());
executionContext.setNonce(nonce);
executionContext.setState(state);
final IdToken idToken = createIdTokenInternal(authorizationCode, accessToken, refreshToken, executionContext);
final AuthorizationGrant grant = executionContext.getGrant();
final String acrValues = grant.getAcrValues();
final String sessionDn = grant.getSessionDn();
if (idToken.getExpiresIn() > 0) {
final TokenEntity tokenEntity = asToken(idToken);
tokenEntity.setAuthMode(acrValues);
tokenEntity.setSessionDn(sessionDn);
persist(tokenEntity);
}
setAcrValues(acrValues);
setSessionDn(sessionDn);
statService.reportIdToken(getGrantType());
metricService.incCounter(MetricType.TOKEN_ID_TOKEN_COUNT);
return idToken;
} catch (Exception e) {
log.error(e.getMessage(), e);
return null;
}
}
Also used :
TokenEntity(io.jans.as.server.model.ldap.TokenEntity)
Example 9 with TokenEntity
use of io.jans.as.server.model.ldap.TokenEntity in project jans by JanssenProject.
the class AuthorizationGrant method asToken.
public TokenEntity asToken(AuthorizationCode authorizationCode) {
final TokenEntity result = asTokenEntity(authorizationCode);
result.setTokenTypeEnum(TokenType.AUTHORIZATION_CODE);
return result;
}
Also used :
TokenEntity(io.jans.as.server.model.ldap.TokenEntity)
Example 10 with TokenEntity
use of io.jans.as.server.model.ldap.TokenEntity in project jans by JanssenProject.
the class AuthorizationGrant method createAccessToken.
@Override
public AccessToken createAccessToken(ExecutionContext context) {
try {
final AccessToken accessToken = super.createAccessToken(context);
if (getClient().isAccessTokenAsJwt()) {
accessToken.setCode(createAccessTokenAsJwt(accessToken, context));
}
if (accessToken.getExpiresIn() < 0) {
log.trace("Failed to create access token with negative expiration time");
return null;
}
final TokenEntity tokenEntity = asToken(accessToken);
context.setAccessTokenEntity(tokenEntity);
boolean externalOk = externalUpdateTokenService.modifyAccessToken(accessToken, ExternalUpdateTokenContext.of(context));
if (!externalOk) {
log.trace("External script forbids access token creation.");
return null;
}
persist(tokenEntity);
statService.reportAccessToken(getGrantType());
metricService.incCounter(MetricType.TOKEN_ACCESS_TOKEN_COUNT);
if (log.isTraceEnabled())
log.trace("Created plain access token: {}", accessToken.getCode());
return accessToken;
} catch (Exception e) {
log.error(e.getMessage(), e);
return null;
}
}
Also used :
TokenEntity(io.jans.as.server.model.ldap.TokenEntity)
Aggregations
TokenEntity (io.jans.as.server.model.ldap.TokenEntity)14
User (io.jans.as.common.model.common.User)1
Client (io.jans.as.common.model.registration.Client)1
GrantType (io.jans.as.model.common.GrantType)1
InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)1
JSONWebKey (io.jans.as.model.jwk.JSONWebKey)1
Jwt (io.jans.as.model.jwt.Jwt)1
BaseComponentTest (io.jans.as.server.BaseComponentTest)1
AccessToken (io.jans.as.server.model.common.AccessToken)1
AuthorizationCodeGrant (io.jans.as.server.model.common.AuthorizationCodeGrant)1
AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)1
ClientCredentialsGrant (io.jans.as.server.model.common.ClientCredentialsGrant)1
ExecutionContext (io.jans.as.server.model.common.ExecutionContext)1
IOException (java.io.IOException)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
GregorianCalendar (java.util.GregorianCalendar)1
ServletException (javax.servlet.ServletException)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
Test (org.testng.annotations.Test)1
