use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class GetDiscoveryOperation method execute.
public IOpResponse execute(GetDiscoveryParams params) {
OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath());
GetDiscoveryResponse response = new GetDiscoveryResponse();
try {
BeanUtils.copyProperties(response, discoveryResponse);
return response;
} catch (IllegalAccessException | InvocationTargetException e) {
LOG.error("Error in creating op discovery configuration response ", e);
}
throw new HttpException(ErrorResponseCode.FAILED_TO_GET_DISCOVERY);
}
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class CheckIdTokenOperation method execute.
@Override
public IOpResponse execute(CheckIdTokenParams params) {
try {
OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId());
final Rp rp = getRp();
final String idToken = params.getIdToken();
final Jwt jwt = Jwt.parse(idToken);
final Validator validator = new Validator.Builder().discoveryResponse(discoveryResponse).idToken(jwt).keyService(getKeyService()).opClientFactory(getOpClientFactory()).rpServerConfiguration(getConfigurationService().getConfiguration()).rp(rp).build();
// validate at_hash in id_token
validator.validateAccessToken(params.getAccessToken(), atHashCheckRequired(rp.getResponseTypes()));
// validate c_hash in id_token
validator.validateAuthorizationCode(params.getCode());
// validate s_hash in id_token
validator.validateState(params.getState());
final CheckIdTokenResponse opResponse = new CheckIdTokenResponse();
opResponse.setActive(validator.isIdTokenValid(params.getNonce()));
opResponse.setIssuedAt(Utils.date(jwt.getClaims().getClaimAsDate(JwtClaimName.ISSUED_AT)));
opResponse.setExpiresAt(Utils.date(jwt.getClaims().getClaimAsDate(JwtClaimName.EXPIRATION_TIME)));
opResponse.setClaims(jwt.getClaims().toMap());
return opResponse;
} catch (HttpException e) {
throw e;
} catch (Exception e) {
LOG.error(e.getMessage(), e);
}
throw HttpException.internalError();
}
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class ValidatorTest method tokenWithSingleAudArrayAndNoAzp_shouldBeValid.
@Test
public void tokenWithSingleAudArrayAndNoAzp_shouldBeValid() throws InvalidJwtException {
// "aud": ["6b578a9b-7513-477a-9a7f-1343b487caf8"],
final Jwt idToken = Jwt.parse("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMnI1clZ2STdpMWxfcnNXZUV4bGRuUSIsImF1ZCI6WyI2YjU3OGE5Yi03NTEzLTQ3N2EtOWE3Zi0xMzQzYjQ4N2NhZjgiXSwic3ViIjoicy1fWmlyVnQ3Tk9EZG5XREFVR3JqVDJxVVp3SzZjWFRoYjlxVjk5di10ZyIsImF1dGhfdGltZSI6MTU2ODE4NTMyNywiaXNzIjoiaHR0cHM6Ly9kdW1teS1pc3N1ZXIub3JnIiwiZXhwIjoxOTY4MTg4OTMwLCJpYXQiOjE1NjgxODUzMzAsIm5vbmNlIjoiN3I0NnV0NmVtdTlnaTExZ244MDQ0dW02NDAiLCJveE9wZW5JRENvbm5lY3RWZXJzaW9uIjoib3BlbmlkY29ubmVjdC0xLjAifQ.cP6DGPkYYnzDTHrH04F4Q48cPqH2T4R4RjGJmLr5QGA1pUYOOxvLj8Ak0EqmzV_83Zy0wgvyzFCv0xdi06BguUgnM4u6LL8V0hLzrdHIwJHvz5L5Gqbvs5Vg61CpP409lo0sHUN08zfN_WU3EWXK6JlSvFtE59jWSJWBF5pmLX4");
String clientId = "6b578a9b-7513-477a-9a7f-1343b487caf8";
try {
Validator.validateAudience(idToken, clientId);
} catch (Exception e) {
assertFalse(e instanceof HttpException);
}
}
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class ValidatorTest method tokenWithSingleAudStringAndNoAzp_shouldBeValid.
@Test
public void tokenWithSingleAudStringAndNoAzp_shouldBeValid() throws InvalidJwtException {
// "aud": "6b578a9b-7513-477a-9a7f-1343b487caf8",
final Jwt idToken = Jwt.parse("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMnI1clZ2STdpMWxfcnNXZUV4bGRuUSIsImF1ZCI6IjZiNTc4YTliLTc1MTMtNDc3YS05YTdmLTEzNDNiNDg3Y2FmOCIsInN1YiI6InMtX1ppclZ0N05PRGRuV0RBVUdyalQycVVad0s2Y1hUaGI5cVY5OXYtdGciLCJhdXRoX3RpbWUiOjE1NjgxODUzMjcsImlzcyI6Imh0dHBzOi8vZHVtbXktaXNzdWVyLm9yZyIsImV4cCI6MTk2ODE4ODkzMCwiaWF0IjoxNTY4MTg1MzMwLCJub25jZSI6IjdyNDZ1dDZlbXU5Z2kxMWduODA0NHVtNjQwIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.PqnRiAhXqdeTbW1_JdRl6rLDMn36ists9Eq1n_2vOKYjGs_VxxkcdQfCt93KfC3WqEObhjlKDzwp6YUXi_7Wqta58ftUz0FU2jB7np3mq5m8lY_hKVhoZJMvxzMbCkiH-8jwtq9MZKEw3qyrwQEHQ0l21tograWD80gRedaQuD4");
String clientId = "6b578a9b-7513-477a-9a7f-1343b487caf8";
try {
Validator.validateAudience(idToken, clientId);
} catch (Exception e) {
assertFalse(e instanceof HttpException);
}
}
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class ValidatorTest method tokenWithNAzpNotClientId_shouldNotValid.
@Test
public void tokenWithNAzpNotClientId_shouldNotValid() throws InvalidJwtException {
// "aud": ["6b578a9b-7513-477a-9a7f-134-3b487caf8","another_aud"],
// "azp":"Not_equal_to_client_id"
final Jwt idToken = Jwt.parse("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMnI1clZ2STdpMWxfcnNXZUV4bGRuUSIsImF1ZCI6WyI2YjU3OGE5Yi03NTEzLTQ3N2EtOWE3Zi0xMzQzYjQ4N2NhZjgiLCJhbm90aGVyX2F1ZCJdLCJhenAiOiJOb3RfZXF1YWxfdG9fY2xpZW50X2lkIiwic3ViIjoicy1fWmlyVnQ3Tk9EZG5XREFVR3JqVDJxVVp3SzZjWFRoYjlxVjk5di10ZyIsImF1dGhfdGltZSI6MTU2ODE4NTMyNywiaXNzIjoiaHR0cHM6Ly9kdW1teS1pc3N1ZXIub3JnIiwiZXhwIjoxOTY4MTg4OTMwLCJpYXQiOjE1NjgxODUzMzAsIm5vbmNlIjoiN3I0NnV0NmVtdTlnaTExZ244MDQ0dW02NDAiLCJveE9wZW5JRENvbm5lY3RWZXJzaW9uIjoib3BlbmlkY29ubmVjdC0xLjAifQ.Tnw-jF4p7VHgIE2_wcuP7WxRqtGFw2pmKltIri63hznYikYFC4frUZcJ44OKCt_tki2ZJY6EDhM1o9cPEz-_Vt-gsavfyDc711xlgNaPOBjGasdPvx5iilPLIogy4BXB4T3ROgqQpLQZf-00AQBBsrpZX5I2VJtLcyJL6_l3bKw");
String clientId = "6b578a9b-7513-477a-9a7f-1343b487caf8";
try {
Validator.validateAudience(idToken, clientId);
assertTrue(false);
} catch (Exception e) {
if (e instanceof HttpException) {
HttpException httpException = (HttpException) e;
assertTrue(httpException.getCode().getCode().equals("invalid_id_token_bad_authorized_party"));
}
}
}
Aggregations