Search in sources :

Example 1 with JwtReconstruction

use of org.forgerock.json.jose.common.JwtReconstruction in project OpenAM by OpenRock.

the class EncryptedJwtDeviceSerialisation method stringToDeviceProfile.

@Override
public JsonValue stringToDeviceProfile(final String value) {
    final EncryptedJwt jwt = new JwtReconstruction().reconstructJwt(value, EncryptedJwt.class);
    jwt.decrypt(keyPair.getPrivate());
    return claimsToJson(jwt.getClaimsSet());
}
Also used : JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction) EncryptedJwt(org.forgerock.json.jose.jwe.EncryptedJwt)

Example 2 with JwtReconstruction

use of org.forgerock.json.jose.common.JwtReconstruction in project OpenAM by OpenRock.

the class OpenIDConnectEndSession method endSession.

/**
     * Ends an OpenId Connect session.
     *
     * @param idToken The OpenId Token.
     * @throws BadRequestException If the request is malformed.
     * @throws ServerException If any internal server error occurs.
     */
public void endSession(String idToken) throws BadRequestException, ServerException {
    if (idToken == null || idToken.isEmpty()) {
        logger.warn("No id_token_hint parameter supplied to the endSession endpoint");
        throw new BadRequestException("The endSession endpoint requires an id_token_hint parameter");
    }
    JwtReconstruction jwtReconstruction = new JwtReconstruction();
    SignedJwt jwt = jwtReconstruction.reconstructJwt(idToken, SignedJwt.class);
    JwtClaimsSet claims = jwt.getClaimsSet();
    String opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.OPS);
    if (opsId == null) {
        opsId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.LEGACY_OPS);
    }
    openIDConnectProvider.destroySession(opsId);
}
Also used : JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction) BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException) SignedJwt(org.forgerock.json.jose.jws.SignedJwt)

Example 3 with JwtReconstruction

use of org.forgerock.json.jose.common.JwtReconstruction in project OpenAM by OpenRock.

the class EndSession method validateRedirect.

private void validateRedirect(OAuth2Request request, String idToken, String redirectUri) throws InvalidClientException, RedirectUriMismatchException, RelativeRedirectUriException, NotFoundException {
    SignedJwt jwt = new JwtReconstruction().reconstructJwt(idToken, SignedJwt.class);
    JwtClaimsSet claims = jwt.getClaimsSet();
    String clientId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.AZP);
    ClientRegistration client = clientRegistrationStore.get(clientId, request);
    URI requestedUri = URI.create(redirectUri);
    if (!requestedUri.isAbsolute()) {
        throw new RelativeRedirectUriException();
    }
    if (!client.getPostLogoutRedirectUris().contains(requestedUri)) {
        throw new RedirectUriMismatchException();
    }
}
Also used : RelativeRedirectUriException(org.forgerock.oauth2.core.exceptions.RelativeRedirectUriException) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction) ClientRegistration(org.forgerock.oauth2.core.ClientRegistration) RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) URI(java.net.URI)

Example 4 with JwtReconstruction

use of org.forgerock.json.jose.common.JwtReconstruction in project OpenAM by OpenRock.

the class CheckSessionImpl method getIDToken.

private SignedJwt getIDToken(HttpServletRequest request) {
    URI referer = null;
    try {
        referer = new URI(request.getHeader("Referer"));
    } catch (Exception e) {
        logger.error("No id_token supplied to the checkSesison endpoint", e);
        return null;
    }
    Map<String, String> map = null;
    if (referer != null && referer.getQuery() != null && !referer.getQuery().isEmpty()) {
        String query = referer.getQuery();
        String[] params = query.split("&");
        map = new HashMap<String, String>();
        for (String param : params) {
            int split = param.indexOf('=');
            String name = param.substring(0, split);
            String value = param.substring(split + 1, param.length());
            map.put(name, value);
        }
    }
    if (map != null && map.containsKey(ID_TOKEN)) {
        String id_token = map.get(ID_TOKEN);
        JwtReconstruction jwtReconstruction = new JwtReconstruction();
        return jwtReconstruction.reconstructJwt(id_token, SignedJwt.class);
    }
    return null;
}
Also used : JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction) URI(java.net.URI) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)

Aggregations

JwtReconstruction (org.forgerock.json.jose.common.JwtReconstruction)4 URI (java.net.URI)2 SignedJwt (org.forgerock.json.jose.jws.SignedJwt)2 JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)2 EncryptedJwt (org.forgerock.json.jose.jwe.EncryptedJwt)1 ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)1 BadRequestException (org.forgerock.oauth2.core.exceptions.BadRequestException)1 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)1 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)1 RedirectUriMismatchException (org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)1 RelativeRedirectUriException (org.forgerock.oauth2.core.exceptions.RelativeRedirectUriException)1 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)1