Examples with SignatureVerifierContext org.keycloak.crypto.SignatureVerifierContext used on opensource projects

Search in sources :

Example 6 with SignatureVerifierContext

use of org.keycloak.crypto.SignatureVerifierContext in project keycloak by keycloak.

the class AuthenticationManager method expireUserSessionCookie.

public static boolean expireUserSessionCookie(KeycloakSession session, UserSessionModel userSession, RealmModel realm, UriInfo uriInfo, HttpHeaders headers, ClientConnection connection) {
    try {
        // check to see if any identity cookie is set with the same session and expire it if necessary
        Cookie cookie = CookieHelper.getCookie(headers.getCookies(), KEYCLOAK_IDENTITY_COOKIE);
        if (cookie == null)
            return true;
        String tokenString = cookie.getValue();
        TokenVerifier<AccessToken> verifier = TokenVerifier.create(tokenString, AccessToken.class).realmUrl(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())).checkActive(false).checkTokenType(false).withChecks(VALIDATE_IDENTITY_COOKIE);
        String kid = verifier.getHeader().getKeyId();
        String algorithm = verifier.getHeader().getAlgorithm().name();
        SignatureVerifierContext signatureVerifier = session.getProvider(SignatureProvider.class, algorithm).verifier(kid);
        verifier.verifierContext(signatureVerifier);
        AccessToken token = verifier.verify().getToken();
        UserSessionModel cookieSession = session.sessions().getUserSession(realm, token.getSessionState());
        if (cookieSession == null || !cookieSession.getId().equals(userSession.getId()))
            return true;
        expireIdentityCookie(realm, uriInfo, connection);
        return true;
    } catch (Exception e) {
        return false;
    }
}
Also used : NewCookie(javax.ws.rs.core.NewCookie) Cookie(javax.ws.rs.core.Cookie) CookieHelper.getCookie(org.keycloak.services.util.CookieHelper.getCookie) SignatureProvider(org.keycloak.crypto.SignatureProvider) UserSessionModel(org.keycloak.models.UserSessionModel) SignatureVerifierContext(org.keycloak.crypto.SignatureVerifierContext) AccessToken(org.keycloak.representations.AccessToken) ErrorResponseException(org.keycloak.services.ErrorResponseException) AuthenticationFlowException(org.keycloak.authentication.AuthenticationFlowException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) VerificationException(org.keycloak.common.VerificationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 7 with SignatureVerifierContext

use of org.keycloak.crypto.SignatureVerifierContext in project keycloak by keycloak.

the class AccessTokenIntrospectionProvider method verifyAccessToken.

protected AccessToken verifyAccessToken(String token) {
    AccessToken accessToken;
    try {
        TokenVerifier<AccessToken> verifier = TokenVerifier.create(token, AccessToken.class).realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
        SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
        verifier.verifierContext(verifierContext);
        accessToken = verifier.verify().getToken();
    } catch (VerificationException e) {
        logger.debugf("JWT check failed: %s", e.getMessage());
        return null;
    }
    RealmModel realm = this.session.getContext().getRealm();
    return tokenManager.checkTokenValidForIntrospection(session, realm, accessToken, false) ? accessToken : null;
}
Also used : RealmModel(org.keycloak.models.RealmModel) SignatureProvider(org.keycloak.crypto.SignatureProvider) SignatureVerifierContext(org.keycloak.crypto.SignatureVerifierContext) AccessToken(org.keycloak.representations.AccessToken) VerificationException(org.keycloak.common.VerificationException)

Aggregations

VerificationException (org.keycloak.common.VerificationException)7 SignatureProvider (org.keycloak.crypto.SignatureProvider)7 SignatureVerifierContext (org.keycloak.crypto.SignatureVerifierContext)7 AccessToken (org.keycloak.representations.AccessToken)5 ClientModel (org.keycloak.models.ClientModel)3 UserSessionModel (org.keycloak.models.UserSessionModel)3 POST (javax.ws.rs.POST)2 Response (javax.ws.rs.core.Response)2 TokenVerifier (org.keycloak.TokenVerifier)2 RealmModel (org.keycloak.models.RealmModel)2 UserModel (org.keycloak.models.UserModel)2 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 List (java.util.List)1 Consumes (javax.ws.rs.Consumes)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 Cookie (javax.ws.rs.core.Cookie)1 NewCookie (javax.ws.rs.core.NewCookie)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial