Example 1 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class PreAuthActionsHandler method verifyAdminRequest.
protected JWSInput verifyAdminRequest() throws Exception {
if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) {
log.warn("SSL is required for adapter admin action");
facade.getResponse().sendError(403, "ssl required");
return null;
}
String token = StreamUtil.readString(facade.getRequest().getInputStream());
if (token == null) {
log.warn("admin request failed, no token");
facade.getResponse().sendError(403, "no token");
return null;
}
try {
// Check just signature. Other things checked in validateAction
TokenVerifier tokenVerifier = AdapterTokenVerifier.createVerifier(token, deployment, false, JsonWebToken.class);
tokenVerifier.verify();
return new JWSInput(token);
} catch (VerificationException ignore) {
log.warn("admin request failed, unable to verify token: " + ignore.getMessage());
if (log.isDebugEnabled()) {
log.debug(ignore.getMessage(), ignore);
}
facade.getResponse().sendError(403, "token failed verification");
return null;
}
}
Also used :
TokenVerifier(org.keycloak.TokenVerifier)
AdapterTokenVerifier(org.keycloak.adapters.rotation.AdapterTokenVerifier)
VerificationException(org.keycloak.common.VerificationException)
JWSInput(org.keycloak.jose.jws.JWSInput)
Example 2 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class PreAuthActionsHandler method handleTestAvailable.
protected void handleTestAvailable() {
if (log.isTraceEnabled()) {
log.trace("K_TEST_AVAILABLE sent");
}
try {
JWSInput token = verifyAdminRequest();
if (token == null) {
return;
}
TestAvailabilityAction action = JsonSerialization.readValue(token.getContent(), TestAvailabilityAction.class);
validateAction(action);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
JWSInput(org.keycloak.jose.jws.JWSInput)
TestAvailabilityAction(org.keycloak.representations.adapters.action.TestAvailabilityAction)
VerificationException(org.keycloak.common.VerificationException)
Example 3 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class PreAuthActionsHandler method handlePushNotBefore.
protected void handlePushNotBefore() {
if (log.isTraceEnabled()) {
log.trace("K_PUSH_NOT_BEFORE sent");
}
try {
JWSInput token = verifyAdminRequest();
if (token == null) {
return;
}
PushNotBeforeAction action = JsonSerialization.readValue(token.getContent(), PushNotBeforeAction.class);
if (!validateAction(action))
return;
deployment.updateNotBefore(action.getNotBefore());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
JWSInput(org.keycloak.jose.jws.JWSInput)
PushNotBeforeAction(org.keycloak.representations.adapters.action.PushNotBeforeAction)
VerificationException(org.keycloak.common.VerificationException)
Example 4 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class TokenCallable method call.
@Override
public String call() {
if (tokenResponse == null) {
tokenResponse = obtainTokens();
}
try {
String rawAccessToken = tokenResponse.getToken();
AccessToken accessToken = JsonSerialization.readValue(new JWSInput(rawAccessToken).getContent(), AccessToken.class);
if (accessToken.isActive() && this.isTokenTimeToLiveSufficient(accessToken)) {
return rawAccessToken;
} else {
log.debug("Access token is expired.");
}
} catch (Exception cause) {
clearTokens();
throw new RuntimeException("Failed to parse access token", cause);
}
tokenResponse = tryRefreshToken();
return tokenResponse.getToken();
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
JWSInput(org.keycloak.jose.jws.JWSInput)
Example 5 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class AbstractShowTokensServlet method renderTokens.
protected String renderTokens(HttpServletRequest req) throws ServletException, IOException {
RefreshableKeycloakSecurityContext ctx = (RefreshableKeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName());
String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(ctx.getToken());
RefreshToken refreshToken;
try {
refreshToken = new JWSInput(ctx.getRefreshToken()).readJsonContent(RefreshToken.class);
} catch (JWSInputException e) {
throw new IOException(e);
}
String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken);
return new StringBuilder("<span id=\"accessToken\">" + accessTokenPretty + "</span>").append("<span id=\"refreshToken\">" + refreshTokenPretty + "</span>").append("<span id=\"accessTokenString\">" + ctx.getTokenString() + "</span>").append("<span id=\"refreshTokenString\">" + ctx.getRefreshToken() + "</span>").toString();
}
Also used :
RefreshToken(org.keycloak.representations.RefreshToken)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
JWSInputException(org.keycloak.jose.jws.JWSInputException)
JWSInput(org.keycloak.jose.jws.JWSInput)
IOException(java.io.IOException)
Aggregations
JWSInput (org.keycloak.jose.jws.JWSInput)62
AccessToken (org.keycloak.representations.AccessToken)29
OAuthClient (org.keycloak.testsuite.util.OAuthClient)20
JWSInputException (org.keycloak.jose.jws.JWSInputException)16
Test (org.junit.Test)15
JWSHeader (org.keycloak.jose.jws.JWSHeader)11
Response (javax.ws.rs.core.Response)10
RefreshToken (org.keycloak.representations.RefreshToken)10
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)9
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)8
IOException (java.io.IOException)7
VerificationException (org.keycloak.common.VerificationException)7
JsonWebToken (org.keycloak.representations.JsonWebToken)7
JsonNode (com.fasterxml.jackson.databind.JsonNode)5
PublicKey (java.security.PublicKey)5
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)5
Client (javax.ws.rs.client.Client)4
IDToken (org.keycloak.representations.IDToken)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
List (java.util.List)3
