Search in sources :

Example 21 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class GetDiscoveryOperation method execute.

public IOpResponse execute(GetDiscoveryParams params) {
    OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath());
    GetDiscoveryResponse response = new GetDiscoveryResponse();
    try {
        BeanUtils.copyProperties(response, discoveryResponse);
        return response;
    } catch (IllegalAccessException | InvocationTargetException e) {
        LOG.error("Error in creating op discovery configuration response ", e);
    }
    throw new HttpException(ErrorResponseCode.FAILED_TO_GET_DISCOVERY);
}
Also used : GetDiscoveryResponse(io.jans.ca.common.response.GetDiscoveryResponse) OpenIdConfigurationResponse(io.jans.as.client.OpenIdConfigurationResponse) HttpException(io.jans.ca.server.HttpException) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Example 22 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class CheckIdTokenOperation method execute.

@Override
public IOpResponse execute(CheckIdTokenParams params) {
    try {
        OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId());
        final Rp rp = getRp();
        final String idToken = params.getIdToken();
        final Jwt jwt = Jwt.parse(idToken);
        final Validator validator = new Validator.Builder().discoveryResponse(discoveryResponse).idToken(jwt).keyService(getKeyService()).opClientFactory(getOpClientFactory()).rpServerConfiguration(getConfigurationService().getConfiguration()).rp(rp).build();
        // validate at_hash in id_token
        validator.validateAccessToken(params.getAccessToken(), atHashCheckRequired(rp.getResponseTypes()));
        // validate c_hash in id_token
        validator.validateAuthorizationCode(params.getCode());
        // validate s_hash in id_token
        validator.validateState(params.getState());
        final CheckIdTokenResponse opResponse = new CheckIdTokenResponse();
        opResponse.setActive(validator.isIdTokenValid(params.getNonce()));
        opResponse.setIssuedAt(Utils.date(jwt.getClaims().getClaimAsDate(JwtClaimName.ISSUED_AT)));
        opResponse.setExpiresAt(Utils.date(jwt.getClaims().getClaimAsDate(JwtClaimName.EXPIRATION_TIME)));
        opResponse.setClaims(jwt.getClaims().toMap());
        return opResponse;
    } catch (HttpException e) {
        throw e;
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
    }
    throw HttpException.internalError();
}
Also used : Jwt(io.jans.as.model.jwt.Jwt) OpenIdConfigurationResponse(io.jans.as.client.OpenIdConfigurationResponse) HttpException(io.jans.ca.server.HttpException) CheckIdTokenResponse(io.jans.ca.common.response.CheckIdTokenResponse) Rp(io.jans.ca.server.service.Rp) HttpException(io.jans.ca.server.HttpException)

Example 23 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class ValidatorTest method tokenWithSingleAudArrayAndNoAzp_shouldBeValid.

@Test
public void tokenWithSingleAudArrayAndNoAzp_shouldBeValid() throws InvalidJwtException {
    // "aud": ["6b578a9b-7513-477a-9a7f-1343b487caf8"],
    final Jwt idToken = Jwt.parse("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMnI1clZ2STdpMWxfcnNXZUV4bGRuUSIsImF1ZCI6WyI2YjU3OGE5Yi03NTEzLTQ3N2EtOWE3Zi0xMzQzYjQ4N2NhZjgiXSwic3ViIjoicy1fWmlyVnQ3Tk9EZG5XREFVR3JqVDJxVVp3SzZjWFRoYjlxVjk5di10ZyIsImF1dGhfdGltZSI6MTU2ODE4NTMyNywiaXNzIjoiaHR0cHM6Ly9kdW1teS1pc3N1ZXIub3JnIiwiZXhwIjoxOTY4MTg4OTMwLCJpYXQiOjE1NjgxODUzMzAsIm5vbmNlIjoiN3I0NnV0NmVtdTlnaTExZ244MDQ0dW02NDAiLCJveE9wZW5JRENvbm5lY3RWZXJzaW9uIjoib3BlbmlkY29ubmVjdC0xLjAifQ.cP6DGPkYYnzDTHrH04F4Q48cPqH2T4R4RjGJmLr5QGA1pUYOOxvLj8Ak0EqmzV_83Zy0wgvyzFCv0xdi06BguUgnM4u6LL8V0hLzrdHIwJHvz5L5Gqbvs5Vg61CpP409lo0sHUN08zfN_WU3EWXK6JlSvFtE59jWSJWBF5pmLX4");
    String clientId = "6b578a9b-7513-477a-9a7f-1343b487caf8";
    try {
        Validator.validateAudience(idToken, clientId);
    } catch (Exception e) {
        assertFalse(e instanceof HttpException);
    }
}
Also used : Jwt(io.jans.as.model.jwt.Jwt) HttpException(io.jans.ca.server.HttpException) HttpException(io.jans.ca.server.HttpException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) Test(org.testng.annotations.Test)

Example 24 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class ValidatorTest method tokenWithSingleAudStringAndNoAzp_shouldBeValid.

@Test
public void tokenWithSingleAudStringAndNoAzp_shouldBeValid() throws InvalidJwtException {
    // "aud": "6b578a9b-7513-477a-9a7f-1343b487caf8",
    final Jwt idToken = Jwt.parse("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMnI1clZ2STdpMWxfcnNXZUV4bGRuUSIsImF1ZCI6IjZiNTc4YTliLTc1MTMtNDc3YS05YTdmLTEzNDNiNDg3Y2FmOCIsInN1YiI6InMtX1ppclZ0N05PRGRuV0RBVUdyalQycVVad0s2Y1hUaGI5cVY5OXYtdGciLCJhdXRoX3RpbWUiOjE1NjgxODUzMjcsImlzcyI6Imh0dHBzOi8vZHVtbXktaXNzdWVyLm9yZyIsImV4cCI6MTk2ODE4ODkzMCwiaWF0IjoxNTY4MTg1MzMwLCJub25jZSI6IjdyNDZ1dDZlbXU5Z2kxMWduODA0NHVtNjQwIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.PqnRiAhXqdeTbW1_JdRl6rLDMn36ists9Eq1n_2vOKYjGs_VxxkcdQfCt93KfC3WqEObhjlKDzwp6YUXi_7Wqta58ftUz0FU2jB7np3mq5m8lY_hKVhoZJMvxzMbCkiH-8jwtq9MZKEw3qyrwQEHQ0l21tograWD80gRedaQuD4");
    String clientId = "6b578a9b-7513-477a-9a7f-1343b487caf8";
    try {
        Validator.validateAudience(idToken, clientId);
    } catch (Exception e) {
        assertFalse(e instanceof HttpException);
    }
}
Also used : Jwt(io.jans.as.model.jwt.Jwt) HttpException(io.jans.ca.server.HttpException) HttpException(io.jans.ca.server.HttpException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) Test(org.testng.annotations.Test)

Example 25 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class ValidatorTest method tokenWithNAzpNotClientId_shouldNotValid.

@Test
public void tokenWithNAzpNotClientId_shouldNotValid() throws InvalidJwtException {
    // "aud": ["6b578a9b-7513-477a-9a7f-134-3b487caf8","another_aud"],
    // "azp":"Not_equal_to_client_id"
    final Jwt idToken = Jwt.parse("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMnI1clZ2STdpMWxfcnNXZUV4bGRuUSIsImF1ZCI6WyI2YjU3OGE5Yi03NTEzLTQ3N2EtOWE3Zi0xMzQzYjQ4N2NhZjgiLCJhbm90aGVyX2F1ZCJdLCJhenAiOiJOb3RfZXF1YWxfdG9fY2xpZW50X2lkIiwic3ViIjoicy1fWmlyVnQ3Tk9EZG5XREFVR3JqVDJxVVp3SzZjWFRoYjlxVjk5di10ZyIsImF1dGhfdGltZSI6MTU2ODE4NTMyNywiaXNzIjoiaHR0cHM6Ly9kdW1teS1pc3N1ZXIub3JnIiwiZXhwIjoxOTY4MTg4OTMwLCJpYXQiOjE1NjgxODUzMzAsIm5vbmNlIjoiN3I0NnV0NmVtdTlnaTExZ244MDQ0dW02NDAiLCJveE9wZW5JRENvbm5lY3RWZXJzaW9uIjoib3BlbmlkY29ubmVjdC0xLjAifQ.Tnw-jF4p7VHgIE2_wcuP7WxRqtGFw2pmKltIri63hznYikYFC4frUZcJ44OKCt_tki2ZJY6EDhM1o9cPEz-_Vt-gsavfyDc711xlgNaPOBjGasdPvx5iilPLIogy4BXB4T3ROgqQpLQZf-00AQBBsrpZX5I2VJtLcyJL6_l3bKw");
    String clientId = "6b578a9b-7513-477a-9a7f-1343b487caf8";
    try {
        Validator.validateAudience(idToken, clientId);
        assertTrue(false);
    } catch (Exception e) {
        if (e instanceof HttpException) {
            HttpException httpException = (HttpException) e;
            assertTrue(httpException.getCode().getCode().equals("invalid_id_token_bad_authorized_party"));
        }
    }
}
Also used : Jwt(io.jans.as.model.jwt.Jwt) HttpException(io.jans.ca.server.HttpException) HttpException(io.jans.ca.server.HttpException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) Test(org.testng.annotations.Test)

Aggregations

HttpException (io.jans.ca.server.HttpException)34 Jwt (io.jans.as.model.jwt.Jwt)10 Rp (io.jans.ca.server.service.Rp)9 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)8 OpenIdConfigurationResponse (io.jans.as.client.OpenIdConfigurationResponse)6 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)6 Test (org.testng.annotations.Test)6 RegisterResponse (io.jans.as.client.RegisterResponse)5 RegisterClient (io.jans.as.client.RegisterClient)4 RegisterRequest (io.jans.as.client.RegisterRequest)4 AuthenticationMethod (io.jans.as.model.common.AuthenticationMethod)4 UmaMetadata (io.jans.as.model.uma.UmaMetadata)4 IOException (java.io.IOException)4 TokenClient (io.jans.as.client.TokenClient)3 TokenResponse (io.jans.as.client.TokenResponse)3 GrantType (io.jans.as.model.common.GrantType)3 SubjectType (io.jans.as.model.common.SubjectType)3 BlockEncryptionAlgorithm (io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)3 KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)3 Strings (com.google.common.base.Strings)2