use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class ExtractJWKsFromStaticClientConfiguration method evaluate.
@Override
@PreEnvironment(required = "client")
@PostEnvironment(required = { "client_jwks", "client_public_jwks" })
public Environment evaluate(Environment env) {
// bump the client's internal JWK up to the root
JsonElement jwks = env.getElementFromObject("client", "jwks");
extractJwks(env, jwks);
return env;
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class FAPIBrazilSignPaymentInitiationRequest method evaluate.
@Override
@PreEnvironment(required = { "resource_request_entity_claims", "client" })
@PostEnvironment(strings = "resource_request_entity")
public Environment evaluate(Environment env) {
JsonObject claims = env.getObject("resource_request_entity_claims");
JsonObject jwks = (JsonObject) env.getElementFromObject("client", "org_jwks");
// typ explicitly required in Brazil spec
return signJWT(env, claims, jwks, true);
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class ExtractMTLSCertificatesFromConfiguration method evaluate.
@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = "mutual_tls_authentication")
public Environment evaluate(Environment env) {
// mutual_tls_authentication
String certString = env.getString("config", "mtls.cert");
String keyString = env.getString("config", "mtls.key");
String caString = env.getString("config", "mtls.ca");
if (Strings.isNullOrEmpty(certString) || Strings.isNullOrEmpty(keyString)) {
throw error("Couldn't find TLS client certificate or key for MTLS");
}
if (Strings.isNullOrEmpty(caString)) {
// Not an error; we just won't send a CA chain
log("No certificate authority found for MTLS");
}
try {
certString = PEMFormatter.stripPEM(certString);
keyString = PEMFormatter.stripPEM(keyString);
if (caString != null) {
caString = PEMFormatter.stripPEM(caString);
}
} catch (IllegalArgumentException e) {
throw error("Couldn't decode certificate, key, or CA chain from Base64", e, args("cert", certString, "key", keyString, "ca", Strings.emptyToNull(caString)));
}
JsonObject mtls = new JsonObject();
mtls.addProperty("cert", certString);
mtls.addProperty("key", keyString);
if (caString != null) {
mtls.addProperty("ca", caString);
}
env.putObject("mutual_tls_authentication", mtls);
logSuccess("Mutual TLS authentication credentials loaded", mtls);
return env;
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class ExtractRtHash method evaluate.
@Override
@PreEnvironment(required = "id_token")
@PostEnvironment(required = "rt_hash")
public Environment evaluate(Environment env) {
String hashName = "rt_hash";
env.removeObject(hashName);
if (!env.containsObject("id_token")) {
throw error("Couldn't find parsed ID token");
}
String hash = env.getString("id_token", "claims.urn:openid:params:jwt:claim:rt_hash");
if (hash == null) {
throw error("Couldn't find urn:openid:params:jwt:claim:rt_hash claim in the ID token");
}
String alg = env.getString("id_token", "header.alg");
if (alg == null) {
throw error("Couldn't find algorithm in ID token header");
}
JsonObject outData = new JsonObject();
outData.addProperty(hashName, hash);
outData.addProperty("alg", alg);
env.putObject(hashName, outData);
logSuccess("Extracted " + hashName + " from ID Token", outData);
return env;
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class ExtractSignedUserInfoFromUserInfoEndpointResponse method evaluate.
@Override
@PreEnvironment(strings = USERINFO_ENDPOINT_RESPONSE)
@PostEnvironment(required = { "userinfo", "userinfo_object" })
public Environment evaluate(Environment env) {
// Remove any old token
env.removeObject("userinfo");
String userInfoJws = env.getString(USERINFO_ENDPOINT_RESPONSE);
try {
JsonObject jwtAsJsonObject = JWTUtil.jwtStringToJsonObjectForEnvironment(userInfoJws);
// save the parsed token
env.putObject("userinfo_object", jwtAsJsonObject);
// deepcopy to avoid modifying userinfo_object
var userinfo = jwtAsJsonObject.getAsJsonObject("claims").deepCopy();
// this list doesn't contain 'sub' as sub is also a standard claim in userinfo
List<String> jwtClaims = ImmutableList.of("iss", "aud", "exp", "nbf", "iat", "jti");
// the JWT standard claims aren't part of the userinfo response (apart from 'sub'), so remove them
for (String claim : jwtClaims) {
userinfo.remove(claim);
}
env.putObject("userinfo", userinfo);
logSuccess("Found and parsed the userinfo from " + USERINFO_ENDPOINT_RESPONSE, jwtAsJsonObject);
return env;
} catch (ParseException e) {
throw error("Couldn't parse the " + USERINFO_ENDPOINT_RESPONSE + " as a JWT", e, args(USERINFO_ENDPOINT_RESPONSE, userInfoJws));
}
}
Aggregations