Examples with JWSInputException - org.keycloak.jose.jws.JWSInputException

Example 16 with JWSInputException

use of org.keycloak.jose.jws.JWSInputException in project keycloak by keycloak.

the class SecureSigningAlgorithmForSignedJwtExecutor method executeOnEvent.

@Override
public void executeOnEvent(ClientPolicyContext context) throws ClientPolicyException {
    switch(context.getEvent()) {
        case TOKEN_REQUEST:
        case SERVICE_ACCOUNT_TOKEN_REQUEST:
        case TOKEN_REFRESH:
        case TOKEN_REVOKE:
        case TOKEN_INTROSPECT:
        case LOGOUT_REQUEST:
            boolean isRequireClientAssertion = Optional.ofNullable(configuration.isRequireClientAssertion()).orElse(Boolean.FALSE).booleanValue();
            HttpRequest req = session.getContext().getContextObject(HttpRequest.class);
            String clientAssertion = req.getDecodedFormParameters().getFirst(OAuth2Constants.CLIENT_ASSERTION);
            if (!isRequireClientAssertion && ObjectUtil.isBlank(clientAssertion)) {
                break;
            }
            JWSInput jws = null;
            try {
                jws = new JWSInput(clientAssertion);
            } catch (JWSInputException e) {
                throw new ClientPolicyException(OAuthErrorException.INVALID_REQUEST, "not allowed input format.");
            }
            verifySecureSigningAlgorithm(jws.getHeader().getAlgorithm().name());
            break;
        default:
            return;
    }
}

Also used : HttpRequest(org.jboss.resteasy.spi.HttpRequest) JWSInputException(org.keycloak.jose.jws.JWSInputException) JWSInput(org.keycloak.jose.jws.JWSInput) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Aggregations

JWSInput (org.keycloak.jose.jws.JWSInput)16 JWSInputException (org.keycloak.jose.jws.JWSInputException)16 AccessToken (org.keycloak.representations.AccessToken)8 IOException (java.io.IOException)3 RefreshToken (org.keycloak.representations.RefreshToken)3 JsonNode (com.fasterxml.jackson.databind.JsonNode)2 RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)2 VerificationException (org.keycloak.common.VerificationException)2 JsonWebToken (org.keycloak.representations.JsonWebToken)2 CorsErrorResponseException (org.keycloak.services.CorsErrorResponseException)2 AuthenticationManager (org.keycloak.services.managers.AuthenticationManager)2 X509Certificate (javax.security.cert.X509Certificate)1 BadRequestException (javax.ws.rs.BadRequestException)1 Consumes (javax.ws.rs.Consumes)1 NotAuthorizedException (javax.ws.rs.NotAuthorizedException)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 MediaType (javax.ws.rs.core.MediaType)1 Response (javax.ws.rs.core.Response)1