Example 6 with FederationEntity
use of it.spid.cie.oidc.model.FederationEntity in project spid-cie-oidc-java by italia.
the class RelyingPartyHandler method prepareOnboardingData.
private WellKnownData prepareOnboardingData(String sub, boolean jsonMode) throws OIDCException {
// TODO: JWSAlgorithm via defualt?
String confJwk = options.getJwk();
if (Validator.isNullOrEmpty(confJwk)) {
// TODO: Type has to be defined by configuration?
RSAKey jwk = JWTHelper.createRSAKey(JWSAlgorithm.RS256, KeyUse.SIGNATURE);
JSONObject json = new JSONObject(jwk.toString());
return WellKnownData.of(WellKnownData.STEP_ONLY_JWKS, json.toString());
}
RSAKey jwk = JWTHelper.parseRSAKey(confJwk);
logger.info("Configured jwk\n" + jwk.toJSONString());
JSONArray jsonArray = new JSONArray().put(new JSONObject(jwk.toPublicJWK().toJSONObject()));
logger.info("Configured public jwk\n" + jsonArray.toString(2));
JWKSet jwkSet = new JWKSet(jwk);
JSONObject rpJson = new JSONObject();
rpJson.put("jwks", JWTHelper.getJWKSetAsJSONObject(jwkSet, false));
rpJson.put("application_type", options.getApplicationType());
rpJson.put("client_name", options.getApplicationName());
rpJson.put("client_id", sub);
rpJson.put("client_registration_types", JSONUtil.asJSONArray("automatic"));
rpJson.put("contacts", options.getContacts());
rpJson.put("grant_types", RelyingPartyOptions.SUPPORTED_GRANT_TYPES);
rpJson.put("response_types", RelyingPartyOptions.SUPPORTED_RESPONSE_TYPES);
rpJson.put("redirect_uris", options.getRedirectUris());
JSONObject metadataJson = new JSONObject();
metadataJson.put(OIDCConstants.OPENID_RELYING_PARTY, rpJson);
long iat = LocalDateTime.now().toEpochSecond(ZoneOffset.UTC);
JSONObject json = new JSONObject();
json.put("exp", iat + (GlobalOptions.DEFAULT_EXPIRING_MINUTES * 60));
json.put("iat", iat);
json.put("iss", sub);
json.put("sub", sub);
json.put("jwks", JWTHelper.getJWKSetAsJSONObject(jwkSet, true));
json.put("metadata", metadataJson);
json.put("authority_hints", JSONUtil.asJSONArray(options.getDefaultTrustAnchor()));
int step = WellKnownData.STEP_INTERMEDIATE;
if (!Validator.isNullOrEmpty(options.getTrustMarks())) {
JSONArray tm = new JSONArray(options.getTrustMarks());
json.put("trust_marks", tm);
// With the trust marks I've all the elements to store this RelyingParty into
// FederationEntity table
step = WellKnownData.STEP_COMPLETE;
FederationEntity entity = new FederationEntity();
entity.setSubject(json.getString("sub"));
entity.setDefaultExpireMinutes(options.getDefaultExpiringMinutes());
entity.setDefaultSignatureAlg(JWSAlgorithm.RS256.toString());
entity.setAuthorityHints(json.getJSONArray("authority_hints").toString());
entity.setJwks(JWTHelper.getJWKSetAsJSONArray(jwkSet, true, false).toString());
entity.setTrustMarks(json.getJSONArray("trust_marks").toString());
entity.setTrustMarksIssuers("{}");
entity.setMetadata(json.getJSONObject("metadata").toString());
entity.setActive(true);
entity.setConstraints("{}");
entity.setEntityType(OIDCConstants.OPENID_RELYING_PARTY);
persistence.storeFederationEntity(entity);
}
if (jsonMode) {
return WellKnownData.of(step, json.toString());
}
String jws = jwtHelper.createJWS(json, jwkSet);
return WellKnownData.of(step, jws);
}
Also used :
FederationEntity(it.spid.cie.oidc.model.FederationEntity)
RSAKey(com.nimbusds.jose.jwk.RSAKey)
JSONObject(org.json.JSONObject)
JWKSet(com.nimbusds.jose.jwk.JWKSet)
JSONArray(org.json.JSONArray)
Aggregations
FederationEntity (it.spid.cie.oidc.model.FederationEntity)6
JWKSet (com.nimbusds.jose.jwk.JWKSet)4
OIDCException (it.spid.cie.oidc.exception.OIDCException)4
JSONObject (org.json.JSONObject)4
RelyingPartyException (it.spid.cie.oidc.exception.RelyingPartyException)3
SchemaException (it.spid.cie.oidc.exception.SchemaException)3
TrustChainException (it.spid.cie.oidc.exception.TrustChainException)3
AuthnRequest (it.spid.cie.oidc.model.AuthnRequest)3
AuthnToken (it.spid.cie.oidc.model.AuthnToken)2
JSONArray (org.json.JSONArray)2
RSAKey (com.nimbusds.jose.jwk.RSAKey)1
TrustChain (it.spid.cie.oidc.model.TrustChain)1
TokenResponse (it.spid.cie.oidc.schemas.TokenResponse)1
