Example 36 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckIdTokenAuthTimeClaimPresentDueToMaxAge method evaluate.
@Override
@PreEnvironment(required = { "id_token" })
public Environment evaluate(Environment env) {
JsonObject idToken = env.getObject("id_token").getAsJsonObject("claims");
if (!idToken.has(CLAIM_AUTH_TIME)) {
throw error("auth_time claim is missing from the id_token, but it is required for a authentication where the max_age parameter was used", args("id_token", idToken));
}
// no need to check type as ValidateIdToken did so
logSuccess("auth_time is present in the id_token, as required for a authentication where the max_age parameter was used", args("id_token", idToken));
return env;
}
Also used :
JsonObject(com.google.gson.JsonObject)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 37 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckIdTokenSidMatchesLogoutToken method evaluate.
@Override
@PreEnvironment(required = { "id_token", "logout_token" })
public Environment evaluate(Environment env) {
JsonObject idToken = env.getObject("id_token").getAsJsonObject("claims");
JsonObject logoutToken = env.getObject("logout_token").getAsJsonObject("claims");
String sidIdToken = env.getString("id_token", "claims.sid");
String sidLogoutToken = env.getString("logout_token", "claims.sid");
if (!sidIdToken.equals(sidLogoutToken)) {
throw error("The id_token and the logout_token contain different sid claims, but must contain the same sid.", args("id_token", idToken, "logout_token", logoutToken));
}
logSuccess("sid in the id_token matches that in the logout_token", args("id_token", idToken, "logout_token", logoutToken));
return env;
}
Also used :
JsonObject(com.google.gson.JsonObject)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 38 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CompareIdTokenClaims method evaluate.
@Override
@PreEnvironment(required = { "first_id_token", "second_id_token" })
public Environment evaluate(Environment env) {
JsonObject firstIdToken = env.getObject("first_id_token").getAsJsonObject("claims");
JsonObject secondIdToken = env.getObject("second_id_token").getAsJsonObject("claims");
JsonObject valuesForLog = new JsonObject();
ensureClaimsExistAndAreEqual(firstIdToken, secondIdToken, "iss", valuesForLog);
ensureClaimsExistAndAreEqual(firstIdToken, secondIdToken, "sub", valuesForLog);
checkIssuedAt(firstIdToken, secondIdToken, valuesForLog);
checkAud(firstIdToken, secondIdToken, valuesForLog);
checkAuthTime(firstIdToken, secondIdToken, valuesForLog);
checkAzp(firstIdToken, secondIdToken, valuesForLog);
logSuccess("Validated id token claims successfully", valuesForLog);
return env;
}
Also used :
JsonObject(com.google.gson.JsonObject)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 39 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class ConvertAuthorizationEndpointRequestToRequestObject method evaluate.
@Override
@PreEnvironment(required = "authorization_endpoint_request")
@PostEnvironment(required = "request_object_claims")
public Environment evaluate(Environment env) {
JsonObject authorizationEndpointRequest = env.getObject("authorization_endpoint_request");
JsonObject requestObjectClaims = authorizationEndpointRequest.deepCopy();
env.putObject("request_object_claims", requestObjectClaims);
logSuccess("Created request object claims", args("request_object_claims", requestObjectClaims));
return env;
}
Also used :
JsonObject(com.google.gson.JsonObject)
PostEnvironment(net.openid.conformance.condition.PostEnvironment)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 40 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckLogoutTokenNoNonce method evaluate.
@Override
@PreEnvironment(required = "logout_token")
public Environment evaluate(Environment env) {
JsonElement nonce = env.getElementFromObject("logout_token", "claims.nonce");
if (nonce != null) {
throw error("Logout token has a nonce, which it must not.");
}
logSuccess("No nonce in logout token.");
return env;
}
Also used :
JsonElement(com.google.gson.JsonElement)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Aggregations
PreEnvironment (net.openid.conformance.condition.PreEnvironment)591
JsonObject (com.google.gson.JsonObject)469
PostEnvironment (net.openid.conformance.condition.PostEnvironment)379
JsonElement (com.google.gson.JsonElement)143
JsonArray (com.google.gson.JsonArray)74
Instant (java.time.Instant)40
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29
IOException (java.io.IOException)25
CertificateException (java.security.cert.CertificateException)24
ParseException (java.text.ParseException)24
KeyManagementException (java.security.KeyManagementException)20
KeyStoreException (java.security.KeyStoreException)20
UnrecoverableKeyException (java.security.UnrecoverableKeyException)20
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)20
RestClientException (org.springframework.web.client.RestClientException)20
RestTemplate (org.springframework.web.client.RestTemplate)20
JsonPrimitive (com.google.gson.JsonPrimitive)18
Date (java.util.Date)17
JWK (com.nimbusds.jose.jwk.JWK)13
JOSEException (com.nimbusds.jose.JOSEException)11
