use of org.forgerock.json.jose.common.JwtReconstruction in project OpenAM by OpenRock.
the class EncryptedJwtDeviceSerialisation method stringToDeviceProfile.
@Override
public JsonValue stringToDeviceProfile(final String value) {
final EncryptedJwt jwt = new JwtReconstruction().reconstructJwt(value, EncryptedJwt.class);
jwt.decrypt(keyPair.getPrivate());
return claimsToJson(jwt.getClaimsSet());
}
use of org.forgerock.json.jose.common.JwtReconstruction in project OpenAM by OpenRock.
the class OpenIDConnectEndSession method endSession.
/**
* Ends an OpenId Connect session.
*
* @param idToken The OpenId Token.
* @throws BadRequestException If the request is malformed.
* @throws ServerException If any internal server error occurs.
*/
public void endSession(String idToken) throws BadRequestException, ServerException {
if (idToken == null || idToken.isEmpty()) {
logger.warn("No id_token_hint parameter supplied to the endSession endpoint");
throw new BadRequestException("The endSession endpoint requires an id_token_hint parameter");
}
JwtReconstruction jwtReconstruction = new JwtReconstruction();
SignedJwt jwt = jwtReconstruction.reconstructJwt(idToken, SignedJwt.class);
JwtClaimsSet claims = jwt.getClaimsSet();
String opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.OPS);
if (opsId == null) {
opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.LEGACY_OPS);
}
openIDConnectProvider.destroySession(opsId);
}
use of org.forgerock.json.jose.common.JwtReconstruction in project OpenAM by OpenRock.
the class EndSession method validateRedirect.
private void validateRedirect(OAuth2Request request, String idToken, String redirectUri) throws InvalidClientException, RedirectUriMismatchException, RelativeRedirectUriException, NotFoundException {
SignedJwt jwt = new JwtReconstruction().reconstructJwt(idToken, SignedJwt.class);
JwtClaimsSet claims = jwt.getClaimsSet();
String clientId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.AZP);
ClientRegistration client = clientRegistrationStore.get(clientId, request);
URI requestedUri = URI.create(redirectUri);
if (!requestedUri.isAbsolute()) {
throw new RelativeRedirectUriException();
}
if (!client.getPostLogoutRedirectUris().contains(requestedUri)) {
throw new RedirectUriMismatchException();
}
}
use of org.forgerock.json.jose.common.JwtReconstruction in project OpenAM by OpenRock.
the class CheckSessionImpl method getIDToken.
private SignedJwt getIDToken(HttpServletRequest request) {
URI referer = null;
try {
referer = new URI(request.getHeader("Referer"));
} catch (Exception e) {
logger.error("No id_token supplied to the checkSesison endpoint", e);
return null;
}
Map<String, String> map = null;
if (referer != null && referer.getQuery() != null && !referer.getQuery().isEmpty()) {
String query = referer.getQuery();
String[] params = query.split("&");
map = new HashMap<String, String>();
for (String param : params) {
int split = param.indexOf('=');
String name = param.substring(0, split);
String value = param.substring(split + 1, param.length());
map.put(name, value);
}
}
if (map != null && map.containsKey(ID_TOKEN)) {
String id_token = map.get(ID_TOKEN);
JwtReconstruction jwtReconstruction = new JwtReconstruction();
return jwtReconstruction.reconstructJwt(id_token, SignedJwt.class);
}
return null;
}
Aggregations