Examples with InvalidJwtException - org.gluu.oxauth.model.exception.InvalidJwtException

Example 16 with InvalidJwtException

use of org.gluu.oxauth.model.exception.InvalidJwtException in project oxAuth by GluuFederation.

the class AuthorizeAction method getRequestedClaims.

public List<String> getRequestedClaims() {
    Set<String> result = new HashSet<String>();
    String requestJwt = request;
    if (StringUtils.isBlank(requestJwt) && StringUtils.isNotBlank(requestUri)) {
        try {
            URI reqUri = new URI(requestUri);
            String reqUriHash = reqUri.getFragment();
            String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
            javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
            try {
                Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
                clientRequest.close();
                int status = clientResponse.getStatus();
                if (status == 200) {
                    String entity = clientResponse.readEntity(String.class);
                    if (StringUtils.isBlank(reqUriHash)) {
                        requestJwt = entity;
                    } else {
                        String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(entity));
                        if (StringUtils.equals(reqUriHash, hash)) {
                            requestJwt = entity;
                        }
                    }
                }
            } finally {
                clientRequest.close();
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }
    if (StringUtils.isNotBlank(requestJwt)) {
        try {
            Client client = clientService.getClient(clientId);
            if (client != null) {
                JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, cryptoProvider, request, client);
                if (jwtAuthorizationRequest.getUserInfoMember() != null) {
                    for (Claim claim : jwtAuthorizationRequest.getUserInfoMember().getClaims()) {
                        result.add(claim.getName());
                    }
                }
                if (jwtAuthorizationRequest.getIdTokenMember() != null) {
                    for (Claim claim : jwtAuthorizationRequest.getIdTokenMember().getClaims()) {
                        result.add(claim.getName());
                    }
                }
            }
        } catch (EntryPersistenceException | InvalidJwtException e) {
            log.error(e.getMessage(), e);
        }
    }
    return new ArrayList<>(result);
}

Also used : InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) ArrayList(java.util.ArrayList) EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException) URI(java.net.URI) EntryPersistenceException(org.gluu.persist.exception.EntryPersistenceException) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AcrChangedException(org.gluu.oxauth.model.exception.AcrChangedException) InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) IOException(java.io.IOException) Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) JwtAuthorizationRequest(org.gluu.oxauth.model.authorize.JwtAuthorizationRequest) Client(org.gluu.oxauth.model.registration.Client) Claim(org.gluu.oxauth.model.authorize.Claim) HashSet(java.util.HashSet)

Example 17 with InvalidJwtException

use of org.gluu.oxauth.model.exception.InvalidJwtException in project oxAuth by GluuFederation.

the class EndSessionRestWebServiceImpl method validateIdTokenHint.

private Jwt validateIdTokenHint(String idTokenHint, String postLogoutRedirectUri) {
    if (appConfiguration.getForceIdTokenHintPrecense() && StringUtils.isBlank(idTokenHint)) {
        // must be present for logout tests #1279
        final String reason = "id_token_hint is not set";
        log.trace(reason);
        throw new WebApplicationException(createErrorResponse(postLogoutRedirectUri, EndSessionErrorResponseType.INVALID_REQUEST, reason));
    }
    final AuthorizationGrant tokenHintGrant = getTokenHintGrant(idTokenHint);
    if (appConfiguration.getForceIdTokenHintPrecense() && tokenHintGrant == null) {
        // must be present for logout tests #1279
        final String reason = "id_token_hint is not set";
        log.trace(reason);
        throw new WebApplicationException(createErrorResponse(postLogoutRedirectUri, EndSessionErrorResponseType.INVALID_REQUEST, reason));
    }
    // id_token_hint is not required but if it is present then we must validate it #831
    if (StringUtils.isNotBlank(idTokenHint)) {
        if (tokenHintGrant == null) {
            final String reason = "id_token_hint is not valid. Logout is rejected. id_token_hint can be skipped or otherwise valid value must be provided.";
            throw new WebApplicationException(createErrorResponse(postLogoutRedirectUri, EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION, reason));
        }
        try {
            return Jwt.parse(idTokenHint);
        } catch (InvalidJwtException e) {
            log.error("Unable to parse id_token_hint as JWT.", e);
            throw new WebApplicationException(createErrorResponse(postLogoutRedirectUri, EndSessionErrorResponseType.INVALID_GRANT_AND_SESSION, "Unable to parse id_token_hint as JWT."));
        }
    }
    return null;
}

Also used : InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) WebApplicationException(javax.ws.rs.WebApplicationException) AuthorizationGrant(org.gluu.oxauth.model.common.AuthorizationGrant)

Example 18 with InvalidJwtException

use of org.gluu.oxauth.model.exception.InvalidJwtException in project oxAuth by GluuFederation.

the class UserInfoRestWebServiceEmbeddedTest method requestUserInfoHS512Step3.

@Parameters({ "userInfoPath" })
@Test(dependsOnMethods = "requestUserInfoHS512Step2")
public void requestUserInfoHS512Step3(final String userInfoPath) throws Exception {
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + userInfoPath).request();
    request.header("Authorization", "Bearer " + accessToken7);
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    UserInfoRequest userInfoRequest = new UserInfoRequest(null);
    Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(userInfoRequest.getParameters())));
    String entity = response.readEntity(String.class);
    showResponse("requestUserInfoHS512Step3", response, entity);
    assertEquals(response.getStatus(), 200, "Unexpected response code.");
    assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
    assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
    assertNotNull(entity, "Unexpected result: " + entity);
    try {
        Jwt jwt = Jwt.parse(entity);
        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME));
        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL));
        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.PICTURE));
    } catch (InvalidJwtException e) {
        e.printStackTrace();
        fail(e.getMessage() + "\nResponse was: " + entity);
    } catch (Exception e) {
        e.printStackTrace();
        fail(e.getMessage());
    }
}

Also used : Response(javax.ws.rs.core.Response) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) Jwt(org.gluu.oxauth.model.jwt.Jwt) ResteasyClientBuilder(org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) URISyntaxException(java.net.URISyntaxException) JSONException(org.json.JSONException) InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 19 with InvalidJwtException

use of org.gluu.oxauth.model.exception.InvalidJwtException in project oxAuth by GluuFederation.

the class UserInfoRestWebServiceEmbeddedTest method requestUserInfoHS256Step3.

@Parameters({ "userInfoPath" })
@Test(dependsOnMethods = "requestUserInfoHS256Step2")
public void requestUserInfoHS256Step3(final String userInfoPath) throws Exception {
    Builder request = ResteasyClientBuilder.newClient().target(url.toString() + userInfoPath).request();
    request.header("Authorization", "Bearer " + accessToken5);
    request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED);
    UserInfoRequest userInfoRequest = new UserInfoRequest(null);
    Response response = request.post(Entity.form(new MultivaluedHashMap<String, String>(userInfoRequest.getParameters())));
    String entity = response.readEntity(String.class);
    showResponse("requestUserInfoHS256Step3", response, entity);
    assertEquals(response.getStatus(), 200, "Unexpected response code.");
    assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
    assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
    assertNotNull(entity, "Unexpected result: " + entity);
    try {
        Jwt jwt = Jwt.parse(entity);
        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME));
        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL));
        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.PICTURE));
    } catch (InvalidJwtException e) {
        e.printStackTrace();
        fail(e.getMessage() + "\nResponse was: " + entity);
    } catch (Exception e) {
        e.printStackTrace();
        fail(e.getMessage());
    }
}

Aggregations

InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)19 Jwt (org.gluu.oxauth.model.jwt.Jwt)10 JSONException (org.json.JSONException)8 Response (javax.ws.rs.core.Response)6 JSONObject (org.json.JSONObject)5 UnsupportedEncodingException (java.io.UnsupportedEncodingException)4 URISyntaxException (java.net.URISyntaxException)4 WebApplicationException (javax.ws.rs.WebApplicationException)4 Builder (javax.ws.rs.client.Invocation.Builder)4 BaseTest (org.gluu.oxauth.BaseTest)4 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)4 Parameters (org.testng.annotations.Parameters)4 Test (org.testng.annotations.Test)4 IOException (java.io.IOException)3 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)3 TokenClient (org.gluu.oxauth.client.TokenClient)3 TokenResponse (org.gluu.oxauth.client.TokenResponse)3 UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)3 SignatureAlgorithm (org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)3 Client (org.gluu.oxauth.model.registration.Client)3