Search in sources :

Example 21 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class FAPI1AdvancedValidateRequestObjectNBFClaim method evaluate.

@Override
@PreEnvironment(required = { "authorization_request_object", "client" })
public Environment evaluate(Environment env) {
    // to check timestamps
    Instant now = Instant.now();
    Long nbf = env.getLong("authorization_request_object", "claims.nbf");
    if (nbf == null) {
        throw error("Missing nbf claim in request object");
    }
    Instant nbfInstant = Instant.ofEpochSecond(nbf);
    if (nbfInstant.isBefore(now.minusMillis(SIXTY_MINUTES))) {
        throw error("nbf claim is more than 60 minutes in the past", args("nbf", nbfInstant, "now", now));
    }
    logSuccess("nbf claim is valid", args("nbf", nbfInstant, "now", now));
    return env;
}
Also used : Instant(java.time.Instant) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 22 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class FAPIBrazilAddBrazilSpecificSettingsToServerConfiguration method evaluate.

@Override
@PreEnvironment(required = { "server" })
@PostEnvironment(required = { "server" })
public Environment evaluate(Environment env) {
    JsonObject server = env.getObject("server");
    {
        JsonArray algValues = new JsonArray();
        algValues.add("RSA-OAEP");
        server.add("request_object_encryption_alg_values_supported", algValues);
    }
    {
        JsonArray encValues = new JsonArray();
        encValues.add("A256GCM");
        server.add("request_object_encryption_enc_values_supported", encValues);
    }
    {
        JsonArray claimsSupported = new JsonArray();
        claimsSupported.add("cpf");
        claimsSupported.add("cnpj");
        claimsSupported.add("acr");
        server.add("claims_supported", claimsSupported);
    }
    {
        JsonArray acrValuesSupported = new JsonArray();
        acrValuesSupported.add("urn:brasil:openbanking:loa2");
        acrValuesSupported.add("urn:brasil:openbanking:loa3");
        server.add("acr_values_supported", acrValuesSupported);
    }
    {
        JsonArray idTokenSigAlgs = new JsonArray();
        idTokenSigAlgs.add("PS256");
        server.add("id_token_signing_alg_values_supported", idTokenSigAlgs);
    }
    {
        JsonArray algs = new JsonArray();
        algs.add("PS256");
        server.add("request_object_signing_alg_values_supported", algs);
    }
    {
        JsonArray scopes = new JsonArray();
        scopes.add("openid");
        scopes.add("phone");
        scopes.add("profile");
        scopes.add("email");
        scopes.add("address");
        scopes.add("offline_access");
        scopes.add("consents");
        scopes.add("resources");
        scopes.add("payments");
        server.add("scopes_supported", scopes);
    }
    log("Added open banking Brazil specific server settings", args("server", server));
    return env;
}
Also used : JsonArray(com.google.gson.JsonArray) JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 23 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class OIDCCSignIdToken method evaluate.

@Override
@PreEnvironment(required = { "id_token_claims", "server_jwks", "client" }, strings = { "signing_algorithm" })
@PostEnvironment(strings = "id_token", required = { "all_issued_id_tokens" })
public Environment evaluate(Environment env) {
    JsonObject claims = env.getObject("id_token_claims");
    JsonObject jwks = env.getObject("server_jwks");
    String signingAlg = env.getString("client", "id_token_signed_response_alg");
    if (signingAlg == null || signingAlg.isEmpty()) {
        // use the default
        signingAlg = env.getString("signing_algorithm");
    }
    JsonObject client = env.getObject("client");
    if ("none".equals(signingAlg)) {
        String signed = signWithAlgNone(claims.toString());
        logSuccessByJWTType(env, null, null, null, signed, null);
    } else {
        JWK selectedKey = selectOrCreateKey(jwks, signingAlg, client);
        signJWTUsingKey(env, claims, selectedKey, signingAlg);
    }
    // keep track of all issued id_tokens to be used for logout
    String idToken = env.getString("id_token");
    if (!env.containsObject("all_issued_id_tokens")) {
        JsonObject allIdTokens = new JsonObject();
        env.putObject("all_issued_id_tokens", allIdTokens);
    }
    JsonObject allIdTokens = env.getObject("all_issued_id_tokens");
    // because you can't add JsonArrays to env
    allIdTokens.addProperty(idToken, "1");
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) JWK(com.nimbusds.jose.jwk.JWK) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 24 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class OIDCCValidateRequestObjectExp method evaluate.

@Override
@PreEnvironment(required = "authorization_request_object")
public Environment evaluate(Environment env) {
    Instant now = Instant.now();
    Long exp = env.getLong("authorization_request_object", "claims.exp");
    if (now.minusMillis(timeSkewMillis).isAfter(Instant.ofEpochSecond(exp))) {
        throw error("Request object expired", args("exp", new Date(exp * 1000L), "now", now));
    }
    logSuccess("Request object contains a valid exp claim, expiry time", args("exp", new Date(exp * 1000L)));
    return env;
}
Also used : Instant(java.time.Instant) Date(java.util.Date) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 25 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class RemoveAtHashFromIdToken method evaluate.

@Override
@PreEnvironment(required = "id_token_claims")
@PostEnvironment(required = "id_token_claims")
public Environment evaluate(Environment env) {
    JsonObject claims = env.getObject("id_token_claims");
    claims.addProperty("at_hash", ((String) null));
    env.putObject("id_token_claims", claims);
    logSuccess("Removed at_hash value from ID token claims", args("id_token_claims", claims));
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Aggregations

PreEnvironment (net.openid.conformance.condition.PreEnvironment)591 JsonObject (com.google.gson.JsonObject)469 PostEnvironment (net.openid.conformance.condition.PostEnvironment)379 JsonElement (com.google.gson.JsonElement)143 JsonArray (com.google.gson.JsonArray)74 Instant (java.time.Instant)40 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29 IOException (java.io.IOException)25 CertificateException (java.security.cert.CertificateException)24 ParseException (java.text.ParseException)24 KeyManagementException (java.security.KeyManagementException)20 KeyStoreException (java.security.KeyStoreException)20 UnrecoverableKeyException (java.security.UnrecoverableKeyException)20 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)20 RestClientException (org.springframework.web.client.RestClientException)20 RestTemplate (org.springframework.web.client.RestTemplate)20 JsonPrimitive (com.google.gson.JsonPrimitive)18 Date (java.util.Date)17 JWK (com.nimbusds.jose.jwk.JWK)13 JOSEException (com.nimbusds.jose.JOSEException)11