use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckIdTokenAuthTimeClaimPresentDueToMaxAge method evaluate.
@Override
@PreEnvironment(required = { "id_token" })
public Environment evaluate(Environment env) {
JsonObject idToken = env.getObject("id_token").getAsJsonObject("claims");
if (!idToken.has(CLAIM_AUTH_TIME)) {
throw error("auth_time claim is missing from the id_token, but it is required for a authentication where the max_age parameter was used", args("id_token", idToken));
}
// no need to check type as ValidateIdToken did so
logSuccess("auth_time is present in the id_token, as required for a authentication where the max_age parameter was used", args("id_token", idToken));
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckIdTokenSidMatchesLogoutToken method evaluate.
@Override
@PreEnvironment(required = { "id_token", "logout_token" })
public Environment evaluate(Environment env) {
JsonObject idToken = env.getObject("id_token").getAsJsonObject("claims");
JsonObject logoutToken = env.getObject("logout_token").getAsJsonObject("claims");
String sidIdToken = env.getString("id_token", "claims.sid");
String sidLogoutToken = env.getString("logout_token", "claims.sid");
if (!sidIdToken.equals(sidLogoutToken)) {
throw error("The id_token and the logout_token contain different sid claims, but must contain the same sid.", args("id_token", idToken, "logout_token", logoutToken));
}
logSuccess("sid in the id_token matches that in the logout_token", args("id_token", idToken, "logout_token", logoutToken));
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CompareIdTokenClaims method evaluate.
@Override
@PreEnvironment(required = { "first_id_token", "second_id_token" })
public Environment evaluate(Environment env) {
JsonObject firstIdToken = env.getObject("first_id_token").getAsJsonObject("claims");
JsonObject secondIdToken = env.getObject("second_id_token").getAsJsonObject("claims");
JsonObject valuesForLog = new JsonObject();
ensureClaimsExistAndAreEqual(firstIdToken, secondIdToken, "iss", valuesForLog);
ensureClaimsExistAndAreEqual(firstIdToken, secondIdToken, "sub", valuesForLog);
checkIssuedAt(firstIdToken, secondIdToken, valuesForLog);
checkAud(firstIdToken, secondIdToken, valuesForLog);
checkAuthTime(firstIdToken, secondIdToken, valuesForLog);
checkAzp(firstIdToken, secondIdToken, valuesForLog);
logSuccess("Validated id token claims successfully", valuesForLog);
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class ConvertAuthorizationEndpointRequestToRequestObject method evaluate.
@Override
@PreEnvironment(required = "authorization_endpoint_request")
@PostEnvironment(required = "request_object_claims")
public Environment evaluate(Environment env) {
JsonObject authorizationEndpointRequest = env.getObject("authorization_endpoint_request");
JsonObject requestObjectClaims = authorizationEndpointRequest.deepCopy();
env.putObject("request_object_claims", requestObjectClaims);
logSuccess("Created request object claims", args("request_object_claims", requestObjectClaims));
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckLogoutTokenNoNonce method evaluate.
@Override
@PreEnvironment(required = "logout_token")
public Environment evaluate(Environment env) {
JsonElement nonce = env.getElementFromObject("logout_token", "claims.nonce");
if (nonce != null) {
throw error("Logout token has a nonce, which it must not.");
}
logSuccess("No nonce in logout token.");
return env;
}
Aggregations