Search in sources :

Example 76 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class ExtractJWKsFromStaticClientConfiguration method evaluate.

@Override
@PreEnvironment(required = "client")
@PostEnvironment(required = { "client_jwks", "client_public_jwks" })
public Environment evaluate(Environment env) {
    // bump the client's internal JWK up to the root
    JsonElement jwks = env.getElementFromObject("client", "jwks");
    extractJwks(env, jwks);
    return env;
}
Also used : JsonElement(com.google.gson.JsonElement) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 77 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class FAPIBrazilSignPaymentInitiationRequest method evaluate.

@Override
@PreEnvironment(required = { "resource_request_entity_claims", "client" })
@PostEnvironment(strings = "resource_request_entity")
public Environment evaluate(Environment env) {
    JsonObject claims = env.getObject("resource_request_entity_claims");
    JsonObject jwks = (JsonObject) env.getElementFromObject("client", "org_jwks");
    // typ explicitly required in Brazil spec
    return signJWT(env, claims, jwks, true);
}
Also used : JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 78 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class ExtractMTLSCertificatesFromConfiguration method evaluate.

@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = "mutual_tls_authentication")
public Environment evaluate(Environment env) {
    // mutual_tls_authentication
    String certString = env.getString("config", "mtls.cert");
    String keyString = env.getString("config", "mtls.key");
    String caString = env.getString("config", "mtls.ca");
    if (Strings.isNullOrEmpty(certString) || Strings.isNullOrEmpty(keyString)) {
        throw error("Couldn't find TLS client certificate or key for MTLS");
    }
    if (Strings.isNullOrEmpty(caString)) {
        // Not an error; we just won't send a CA chain
        log("No certificate authority found for MTLS");
    }
    try {
        certString = PEMFormatter.stripPEM(certString);
        keyString = PEMFormatter.stripPEM(keyString);
        if (caString != null) {
            caString = PEMFormatter.stripPEM(caString);
        }
    } catch (IllegalArgumentException e) {
        throw error("Couldn't decode certificate, key, or CA chain from Base64", e, args("cert", certString, "key", keyString, "ca", Strings.emptyToNull(caString)));
    }
    JsonObject mtls = new JsonObject();
    mtls.addProperty("cert", certString);
    mtls.addProperty("key", keyString);
    if (caString != null) {
        mtls.addProperty("ca", caString);
    }
    env.putObject("mutual_tls_authentication", mtls);
    logSuccess("Mutual TLS authentication credentials loaded", mtls);
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 79 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class ExtractRtHash method evaluate.

@Override
@PreEnvironment(required = "id_token")
@PostEnvironment(required = "rt_hash")
public Environment evaluate(Environment env) {
    String hashName = "rt_hash";
    env.removeObject(hashName);
    if (!env.containsObject("id_token")) {
        throw error("Couldn't find parsed ID token");
    }
    String hash = env.getString("id_token", "claims.urn:openid:params:jwt:claim:rt_hash");
    if (hash == null) {
        throw error("Couldn't find urn:openid:params:jwt:claim:rt_hash claim in the ID token");
    }
    String alg = env.getString("id_token", "header.alg");
    if (alg == null) {
        throw error("Couldn't find algorithm in ID token header");
    }
    JsonObject outData = new JsonObject();
    outData.addProperty(hashName, hash);
    outData.addProperty("alg", alg);
    env.putObject(hashName, outData);
    logSuccess("Extracted " + hashName + " from ID Token", outData);
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 80 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class ExtractSignedUserInfoFromUserInfoEndpointResponse method evaluate.

@Override
@PreEnvironment(strings = USERINFO_ENDPOINT_RESPONSE)
@PostEnvironment(required = { "userinfo", "userinfo_object" })
public Environment evaluate(Environment env) {
    // Remove any old token
    env.removeObject("userinfo");
    String userInfoJws = env.getString(USERINFO_ENDPOINT_RESPONSE);
    try {
        JsonObject jwtAsJsonObject = JWTUtil.jwtStringToJsonObjectForEnvironment(userInfoJws);
        // save the parsed token
        env.putObject("userinfo_object", jwtAsJsonObject);
        // deepcopy to avoid modifying userinfo_object
        var userinfo = jwtAsJsonObject.getAsJsonObject("claims").deepCopy();
        // this list doesn't contain 'sub' as sub is also a standard claim in userinfo
        List<String> jwtClaims = ImmutableList.of("iss", "aud", "exp", "nbf", "iat", "jti");
        // the JWT standard claims aren't part of the userinfo response (apart from 'sub'), so remove them
        for (String claim : jwtClaims) {
            userinfo.remove(claim);
        }
        env.putObject("userinfo", userinfo);
        logSuccess("Found and parsed the userinfo from " + USERINFO_ENDPOINT_RESPONSE, jwtAsJsonObject);
        return env;
    } catch (ParseException e) {
        throw error("Couldn't parse the " + USERINFO_ENDPOINT_RESPONSE + " as a JWT", e, args(USERINFO_ENDPOINT_RESPONSE, userInfoJws));
    }
}
Also used : JsonObject(com.google.gson.JsonObject) ParseException(java.text.ParseException) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Aggregations

PostEnvironment (net.openid.conformance.condition.PostEnvironment)399 PreEnvironment (net.openid.conformance.condition.PreEnvironment)379 JsonObject (com.google.gson.JsonObject)372 JsonElement (com.google.gson.JsonElement)61 JsonArray (com.google.gson.JsonArray)49 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)22 Instant (java.time.Instant)21 ParseException (java.text.ParseException)17 CertificateException (java.security.cert.CertificateException)16 IOException (java.io.IOException)15 KeyManagementException (java.security.KeyManagementException)15 KeyStoreException (java.security.KeyStoreException)15 UnrecoverableKeyException (java.security.UnrecoverableKeyException)15 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)15 RestClientException (org.springframework.web.client.RestClientException)15 RestTemplate (org.springframework.web.client.RestTemplate)15 JOSEException (com.nimbusds.jose.JOSEException)9 JWK (com.nimbusds.jose.jwk.JWK)9 RestClientResponseException (org.springframework.web.client.RestClientResponseException)9 JWKSet (com.nimbusds.jose.jwk.JWKSet)7