Examples with AuthnToken it.spid.cie.oidc.model.AuthnToken used on opensource projects

Example 1 with AuthnToken

use of it.spid.cie.oidc.model.AuthnToken in project spid-cie-oidc-java by italia.

the class RelyingPartyHandler method doPerformLogout.

protected String doPerformLogout(String userKey, RelyingPartyLogoutCallback callback) throws Exception {
    if (Validator.isNullOrEmpty(userKey)) {
        throw new RelyingPartyException.Generic("UserKey null or empty");
    }
    List<AuthnToken> authnTokens = persistence.findAuthnTokens(userKey);
    if (authnTokens.isEmpty()) {
        return options.getLogoutRedirectURL();
    }
    AuthnToken authnToken = ListUtil.getLast(authnTokens);
    AuthnRequest authnRequest = persistence.fetchAuthnRequest(authnToken.getAuthnRequestId());
    if (authnRequest == null) {
        throw new RelyingPartyException.Generic("No AuthnRequest with id " + authnToken.getAuthnRequestId());
    }
    JSONObject providerConfiguration = new JSONObject(authnRequest.getProviderConfiguration());
    String revocationUrl = providerConfiguration.optString("revocation_endpoint");
    if (callback != null) {
        callback.logout(userKey, authnRequest, authnToken);
    }
    if (Validator.isNullOrEmpty(revocationUrl)) {
        logger.warn("{} doesn't expose the token revocation endpoint.", authnRequest.getProviderId());
        return options.getLogoutRedirectURL();
    }
    FederationEntity entityConf = persistence.fetchFederationEntity(authnRequest.getClientId(), true);
    JWKSet jwkSet = JWTHelper.getJWKSetFromJSON(entityConf.getJwks());
    authnToken.setRevoked(LocalDateTime.now());
    authnToken = persistence.storeOIDCAuthnToken(authnToken);
    try {
        oauth2Helper.sendRevocationRequest(authnToken.getAccessToken(), authnRequest.getClientId(), revocationUrl, entityConf);
    } catch (Exception e) {
        logger.error("Token revocation failed: {}", e.getMessage());
    }
    // Revoke older user's authnToken. Evaluate better
    authnTokens = persistence.findAuthnTokens(userKey);
    for (AuthnToken oldToken : authnTokens) {
        oldToken.setRevoked(authnToken.getRevoked());
        persistence.storeOIDCAuthnToken(oldToken);
    }
    return options.getLogoutRedirectURL();
}

Example 2 with AuthnToken

use of it.spid.cie.oidc.model.AuthnToken in project spid-cie-oidc-java by italia.

the class SpidController method logout.

@GetMapping("/logout")
public RedirectView logout(@RequestParam Map<String, String> params, final HttpServletRequest request, HttpServletResponse response) throws Exception {
    String userKey = GetterUtil.getString(request.getSession().getAttribute("USER"));
    String redirectURL = relyingPartyWrapper.performLogout(userKey, new RelyingPartyLogoutCallback() {

        @Override
        public void logout(String userKey, AuthnRequest authnRequest, AuthnToken authnToken) {
            request.getSession().removeAttribute("USER");
            request.getSession().removeAttribute("USER_INFO");
        }
    });
    if (!Validator.isNullOrEmpty(redirectURL)) {
        return new RedirectView(redirectURL);
    }
    return new RedirectView("landing");
}

Example 3 with AuthnToken

use of it.spid.cie.oidc.model.AuthnToken in project spid-cie-oidc-java by italia.

the class RelyingPartyHandler method doGetUserInfo.

protected JSONObject doGetUserInfo(String state, String code) throws OIDCException {
    if (Validator.isNullOrEmpty(code) || Validator.isNullOrEmpty(state)) {
        throw new SchemaException.Validation("Authn response object validation failed");
    }
    List<AuthnRequest> authnRequests = persistence.findAuthnRequests(state);
    if (authnRequests.isEmpty()) {
        throw new RelyingPartyException.Generic("No AuthnRequest");
    }
    AuthnRequest authnRequest = ListUtil.getLast(authnRequests);
    AuthnToken authnToken = new AuthnToken().setAuthnRequestId(authnRequest.getStorageId()).setCode(code);
    authnToken = persistence.storeOIDCAuthnToken(authnToken);
    // Get clientId configuration. In this situation "clientId" refers this
    // RelyingParty
    FederationEntity entityConf = persistence.fetchFederationEntity(authnRequest.getClientId(), true);
    if (entityConf == null) {
        throw new RelyingPartyException.Generic("RelyingParty %s not found", authnRequest.getClientId());
    } else if (!Objects.equals(options.getClientId(), authnRequest.getClientId())) {
        throw new RelyingPartyException.Generic("Invalid RelyingParty %s", authnRequest.getClientId());
    }
    JSONObject authnData = new JSONObject(authnRequest.getData());
    JSONObject providerConfiguration = new JSONObject(authnRequest.getProviderConfiguration());
    JSONObject jsonTokenResponse = oauth2Helper.performAccessTokenRequest(authnData.optString("redirect_uri"), state, code, authnRequest.getProviderId(), entityConf, providerConfiguration.optString("token_endpoint"), authnData.optString("code_verifier"));
    TokenResponse tokenResponse = TokenResponse.of(jsonTokenResponse);
    if (logger.isDebugEnabled()) {
        logger.debug("TokenResponse=" + tokenResponse.toString());
    }
    JWKSet providerJwks = JWTHelper.getJWKSetFromJSON(providerConfiguration.optJSONObject("jwks"));
    try {
        jwtHelper.verifyJWS(tokenResponse.getAccessToken(), providerJwks);
    } catch (Exception e) {
        throw new RelyingPartyException.Authentication("Authentication token validation error.");
    }
    try {
        jwtHelper.verifyJWS(tokenResponse.getIdToken(), providerJwks);
    } catch (Exception e) {
        throw new RelyingPartyException.Authentication("ID token validation error.");
    }
    // Update AuthenticationToken
    authnToken.setAccessToken(tokenResponse.getAccessToken());
    authnToken.setIdToken(tokenResponse.getIdToken());
    authnToken.setTokenType(tokenResponse.getTokenType());
    authnToken.setScope(jsonTokenResponse.optString("scope"));
    authnToken.setExpiresIn(tokenResponse.getExpiresIn());
    authnToken = persistence.storeOIDCAuthnToken(authnToken);
    JWKSet entityJwks = JWTHelper.getJWKSetFromJSON(entityConf.getJwks());
    JSONObject userInfo = oidcHelper.getUserInfo(state, tokenResponse.getAccessToken(), providerConfiguration, true, entityJwks);
    // TODO: userKey from options
    authnToken.setUserKey(userInfo.optString("https://attributes.spid.gov.it/email"));
    authnToken = persistence.storeOIDCAuthnToken(authnToken);
    return userInfo;
}

Example 4 with AuthnToken

use of it.spid.cie.oidc.model.AuthnToken in project spid-cie-oidc-java by italia.

the class AuthnTokenModel method toAuthnToken.

public AuthnToken toAuthnToken() {
    AuthnToken target = new AuthnToken();
    target.setStorageId(getStorageId());
    target.setCreateDate(getCreated());
    target.setModifiedDate(getModified());
    target.setAccessToken(getAccessToken());
    target.setAuthnRequestId(String.valueOf(getAuthzRequestId()));
    target.setCode(getCode());
    target.setExpiresIn(getExpiresIn());
    target.setIdToken(getIdToken());
    target.setRefreshToken(getRefreshToken());
    target.setRevoked(getRevoked());
    target.setScope(getScope());
    target.setTokenType(getTokenType());
    target.setUserKey(getUserKey());
    return target;
}