use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class FAPI1AdvancedValidateRequestObjectNBFClaim method evaluate.
@Override
@PreEnvironment(required = { "authorization_request_object", "client" })
public Environment evaluate(Environment env) {
// to check timestamps
Instant now = Instant.now();
Long nbf = env.getLong("authorization_request_object", "claims.nbf");
if (nbf == null) {
throw error("Missing nbf claim in request object");
}
Instant nbfInstant = Instant.ofEpochSecond(nbf);
if (nbfInstant.isBefore(now.minusMillis(SIXTY_MINUTES))) {
throw error("nbf claim is more than 60 minutes in the past", args("nbf", nbfInstant, "now", now));
}
logSuccess("nbf claim is valid", args("nbf", nbfInstant, "now", now));
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class FAPIBrazilAddBrazilSpecificSettingsToServerConfiguration method evaluate.
@Override
@PreEnvironment(required = { "server" })
@PostEnvironment(required = { "server" })
public Environment evaluate(Environment env) {
JsonObject server = env.getObject("server");
{
JsonArray algValues = new JsonArray();
algValues.add("RSA-OAEP");
server.add("request_object_encryption_alg_values_supported", algValues);
}
{
JsonArray encValues = new JsonArray();
encValues.add("A256GCM");
server.add("request_object_encryption_enc_values_supported", encValues);
}
{
JsonArray claimsSupported = new JsonArray();
claimsSupported.add("cpf");
claimsSupported.add("cnpj");
claimsSupported.add("acr");
server.add("claims_supported", claimsSupported);
}
{
JsonArray acrValuesSupported = new JsonArray();
acrValuesSupported.add("urn:brasil:openbanking:loa2");
acrValuesSupported.add("urn:brasil:openbanking:loa3");
server.add("acr_values_supported", acrValuesSupported);
}
{
JsonArray idTokenSigAlgs = new JsonArray();
idTokenSigAlgs.add("PS256");
server.add("id_token_signing_alg_values_supported", idTokenSigAlgs);
}
{
JsonArray algs = new JsonArray();
algs.add("PS256");
server.add("request_object_signing_alg_values_supported", algs);
}
{
JsonArray scopes = new JsonArray();
scopes.add("openid");
scopes.add("phone");
scopes.add("profile");
scopes.add("email");
scopes.add("address");
scopes.add("offline_access");
scopes.add("consents");
scopes.add("resources");
scopes.add("payments");
server.add("scopes_supported", scopes);
}
log("Added open banking Brazil specific server settings", args("server", server));
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class OIDCCSignIdToken method evaluate.
@Override
@PreEnvironment(required = { "id_token_claims", "server_jwks", "client" }, strings = { "signing_algorithm" })
@PostEnvironment(strings = "id_token", required = { "all_issued_id_tokens" })
public Environment evaluate(Environment env) {
JsonObject claims = env.getObject("id_token_claims");
JsonObject jwks = env.getObject("server_jwks");
String signingAlg = env.getString("client", "id_token_signed_response_alg");
if (signingAlg == null || signingAlg.isEmpty()) {
// use the default
signingAlg = env.getString("signing_algorithm");
}
JsonObject client = env.getObject("client");
if ("none".equals(signingAlg)) {
String signed = signWithAlgNone(claims.toString());
logSuccessByJWTType(env, null, null, null, signed, null);
} else {
JWK selectedKey = selectOrCreateKey(jwks, signingAlg, client);
signJWTUsingKey(env, claims, selectedKey, signingAlg);
}
// keep track of all issued id_tokens to be used for logout
String idToken = env.getString("id_token");
if (!env.containsObject("all_issued_id_tokens")) {
JsonObject allIdTokens = new JsonObject();
env.putObject("all_issued_id_tokens", allIdTokens);
}
JsonObject allIdTokens = env.getObject("all_issued_id_tokens");
// because you can't add JsonArrays to env
allIdTokens.addProperty(idToken, "1");
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class OIDCCValidateRequestObjectExp method evaluate.
@Override
@PreEnvironment(required = "authorization_request_object")
public Environment evaluate(Environment env) {
Instant now = Instant.now();
Long exp = env.getLong("authorization_request_object", "claims.exp");
if (now.minusMillis(timeSkewMillis).isAfter(Instant.ofEpochSecond(exp))) {
throw error("Request object expired", args("exp", new Date(exp * 1000L), "now", now));
}
logSuccess("Request object contains a valid exp claim, expiry time", args("exp", new Date(exp * 1000L)));
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class RemoveAtHashFromIdToken method evaluate.
@Override
@PreEnvironment(required = "id_token_claims")
@PostEnvironment(required = "id_token_claims")
public Environment evaluate(Environment env) {
JsonObject claims = env.getObject("id_token_claims");
claims.addProperty("at_hash", ((String) null));
env.putObject("id_token_claims", claims);
logSuccess("Removed at_hash value from ID token claims", args("id_token_claims", claims));
return env;
}
Aggregations