Example 46 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class UpdateClientAuthenticationAssertionClaimsWithISSAud method evaluate.
@Override
@PreEnvironment(required = "client_assertion_claims")
@PostEnvironment(required = "client_assertion_claims")
public Environment evaluate(Environment env) {
JsonObject claims = env.getObject("client_assertion_claims").getAsJsonObject();
updateAudience(claims, env);
logSuccess("Updated audience in client assertion claims", claims);
env.putObject("client_assertion_claims", claims);
return env;
}
Also used :
JsonObject(com.google.gson.JsonObject)
PostEnvironment(net.openid.conformance.condition.PostEnvironment)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 47 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class ValidateAuthenticationRequestId method evaluate.
@Override
@PreEnvironment(required = "backchannel_authentication_endpoint_response")
public Environment evaluate(Environment env) {
JsonObject backchannelResponse = env.getObject("backchannel_authentication_endpoint_response");
if (backchannelResponse == null || !backchannelResponse.isJsonObject()) {
throw error("Backchannel Authentication Endpoint did not return a JSON object");
}
JsonElement authReqIdElement = backchannelResponse.get("auth_req_id");
if (authReqIdElement == null) {
throw error("auth_req_id in backchannel authentication endpoint can not be null.");
}
String authReqId = OIDFJSON.getString(authReqIdElement);
if (Strings.isNullOrEmpty(authReqId)) {
throw error("auth_req_id in backchannel authentication endpoint can not be empty.");
}
Matcher matcher = Pattern.compile("[A-Za-z0-9\\-_\\.]+").matcher(authReqId);
if (!matcher.matches()) {
throw error("auth_req_id contains characters other than A-Z, a-z, 0-9, '_', '-' and '.'.", args("auth_req_id", authReqId));
}
logSuccess("auth_req_id passed all validation checks");
return env;
}
Also used :
Matcher(java.util.regex.Matcher)
JsonElement(com.google.gson.JsonElement)
JsonObject(com.google.gson.JsonObject)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 48 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class ValidateIdTokenSignature method evaluate.
@Override
@PreEnvironment(required = { "id_token", "server_jwks" })
public Environment evaluate(Environment env) {
String idToken = env.getString("id_token", "value");
// to validate the signature
JsonObject serverJwks = env.getObject("server_jwks");
verifyJwsSignature(idToken, serverJwks, "id_token");
return env;
}
Also used :
JsonObject(com.google.gson.JsonObject)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 49 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class ValidateIdTokenSignatureUsingKid method evaluate.
@Override
@PreEnvironment(required = { "id_token", "server_jwks" })
public Environment evaluate(Environment env) {
String idToken = env.getString("id_token", "value");
// to validate the signature
JsonObject serverJwks = env.getObject("server_jwks");
verifyJwsSignature(idToken, serverJwks, "id_token");
return env;
}
Also used :
JsonObject(com.google.gson.JsonObject)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 50 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class ValidateIdTokenStandardClaims method evaluate.
@Override
@PreEnvironment(required = "id_token")
public Environment evaluate(Environment env) {
JsonObject idTokenClaims = env.getElementFromObject("id_token", "claims").getAsJsonObject().deepCopy();
List<String> idTokenNonIdentityClaims = List.of(// as per https://openid.net/specs/openid-connect-core-1_0.html#IDToken
"iss", // "sub" - leave sub in, it's present in userinfo too
"aud", "exp", "iat", "auth_time", "nonce", "acr", "amr", "azp", // as per https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken
"c_hash", "at_hash", // from FAPI standard
"s_hash");
for (String e : idTokenNonIdentityClaims) {
// remove the claims that are specific to the id_token, so we're left with just claims from
// https://openid.net/specs/openid-connect-core-1_0.html#Claims
// (these id_token claims are mostly checked in other conditions, ValidateIdToken
// and the various validations of the hashes)
idTokenClaims.remove(e);
}
if (new ObjectValidator(null, STANDARD_CLAIMS).isValid(idTokenClaims)) {
logSuccess("id_token claims are valid");
} else {
throw error("id_token claims are not valid", idTokenClaims);
}
return env;
}
Also used :
JsonObject(com.google.gson.JsonObject)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Aggregations
PreEnvironment (net.openid.conformance.condition.PreEnvironment)591
JsonObject (com.google.gson.JsonObject)469
PostEnvironment (net.openid.conformance.condition.PostEnvironment)379
JsonElement (com.google.gson.JsonElement)143
JsonArray (com.google.gson.JsonArray)74
Instant (java.time.Instant)40
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29
IOException (java.io.IOException)25
CertificateException (java.security.cert.CertificateException)24
ParseException (java.text.ParseException)24
KeyManagementException (java.security.KeyManagementException)20
KeyStoreException (java.security.KeyStoreException)20
UnrecoverableKeyException (java.security.UnrecoverableKeyException)20
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)20
RestClientException (org.springframework.web.client.RestClientException)20
RestTemplate (org.springframework.web.client.RestTemplate)20
JsonPrimitive (com.google.gson.JsonPrimitive)18
Date (java.util.Date)17
JWK (com.nimbusds.jose.jwk.JWK)13
JOSEException (com.nimbusds.jose.JOSEException)11
