Search in sources :

Example 36 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class CheckIdTokenAuthTimeClaimPresentDueToMaxAge method evaluate.

@Override
@PreEnvironment(required = { "id_token" })
public Environment evaluate(Environment env) {
    JsonObject idToken = env.getObject("id_token").getAsJsonObject("claims");
    if (!idToken.has(CLAIM_AUTH_TIME)) {
        throw error("auth_time claim is missing from the id_token, but it is required for a authentication where the max_age parameter was used", args("id_token", idToken));
    }
    // no need to check type as ValidateIdToken did so
    logSuccess("auth_time is present in the id_token, as required for a authentication where the max_age parameter was used", args("id_token", idToken));
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 37 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class CheckIdTokenSidMatchesLogoutToken method evaluate.

@Override
@PreEnvironment(required = { "id_token", "logout_token" })
public Environment evaluate(Environment env) {
    JsonObject idToken = env.getObject("id_token").getAsJsonObject("claims");
    JsonObject logoutToken = env.getObject("logout_token").getAsJsonObject("claims");
    String sidIdToken = env.getString("id_token", "claims.sid");
    String sidLogoutToken = env.getString("logout_token", "claims.sid");
    if (!sidIdToken.equals(sidLogoutToken)) {
        throw error("The id_token and the logout_token contain different sid claims, but must contain the same sid.", args("id_token", idToken, "logout_token", logoutToken));
    }
    logSuccess("sid in the id_token matches that in the logout_token", args("id_token", idToken, "logout_token", logoutToken));
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 38 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class CompareIdTokenClaims method evaluate.

@Override
@PreEnvironment(required = { "first_id_token", "second_id_token" })
public Environment evaluate(Environment env) {
    JsonObject firstIdToken = env.getObject("first_id_token").getAsJsonObject("claims");
    JsonObject secondIdToken = env.getObject("second_id_token").getAsJsonObject("claims");
    JsonObject valuesForLog = new JsonObject();
    ensureClaimsExistAndAreEqual(firstIdToken, secondIdToken, "iss", valuesForLog);
    ensureClaimsExistAndAreEqual(firstIdToken, secondIdToken, "sub", valuesForLog);
    checkIssuedAt(firstIdToken, secondIdToken, valuesForLog);
    checkAud(firstIdToken, secondIdToken, valuesForLog);
    checkAuthTime(firstIdToken, secondIdToken, valuesForLog);
    checkAzp(firstIdToken, secondIdToken, valuesForLog);
    logSuccess("Validated id token claims successfully", valuesForLog);
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 39 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class ConvertAuthorizationEndpointRequestToRequestObject method evaluate.

@Override
@PreEnvironment(required = "authorization_endpoint_request")
@PostEnvironment(required = "request_object_claims")
public Environment evaluate(Environment env) {
    JsonObject authorizationEndpointRequest = env.getObject("authorization_endpoint_request");
    JsonObject requestObjectClaims = authorizationEndpointRequest.deepCopy();
    env.putObject("request_object_claims", requestObjectClaims);
    logSuccess("Created request object claims", args("request_object_claims", requestObjectClaims));
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 40 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class CheckLogoutTokenNoNonce method evaluate.

@Override
@PreEnvironment(required = "logout_token")
public Environment evaluate(Environment env) {
    JsonElement nonce = env.getElementFromObject("logout_token", "claims.nonce");
    if (nonce != null) {
        throw error("Logout token has a nonce, which it must not.");
    }
    logSuccess("No nonce in logout token.");
    return env;
}
Also used : JsonElement(com.google.gson.JsonElement) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Aggregations

PreEnvironment (net.openid.conformance.condition.PreEnvironment)591 JsonObject (com.google.gson.JsonObject)469 PostEnvironment (net.openid.conformance.condition.PostEnvironment)379 JsonElement (com.google.gson.JsonElement)143 JsonArray (com.google.gson.JsonArray)74 Instant (java.time.Instant)40 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29 IOException (java.io.IOException)25 CertificateException (java.security.cert.CertificateException)24 ParseException (java.text.ParseException)24 KeyManagementException (java.security.KeyManagementException)20 KeyStoreException (java.security.KeyStoreException)20 UnrecoverableKeyException (java.security.UnrecoverableKeyException)20 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)20 RestClientException (org.springframework.web.client.RestClientException)20 RestTemplate (org.springframework.web.client.RestTemplate)20 JsonPrimitive (com.google.gson.JsonPrimitive)18 Date (java.util.Date)17 JWK (com.nimbusds.jose.jwk.JWK)13 JOSEException (com.nimbusds.jose.JOSEException)11