github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

assertion token granter moved to nimbus-jose

pull/306/merge
Justin Richer 2013-02-19 16:12:20 -05:00
parent 10ab55a7e2
commit 0f99e0e06d
1 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
View File

@ -4,28 +4,28 @@
package org.mitre.oauth2.token; package org.mitre.oauth2.token;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.Date; import java.util.Date;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.model.IdToken;
import org.mitre.openid.connect.model.IdTokenClaims;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
/** /**
* @author jricher * @author jricher
* *
@ -72,27 +72,46 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
// it's an ID token, process it accordingly // it's an ID token, process it accordingly
IdToken idToken = IdToken.parse(incomingTokenValue); // TODO: make this use the idtoken class
JWT idToken;
try {
idToken = JWTParser.parse(incomingTokenValue);
} catch (ParseException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
return null;
}
OAuth2AccessTokenEntity accessToken = tokenServices.getAccessTokenForIdToken(incomingToken); OAuth2AccessTokenEntity accessToken = tokenServices.getAccessTokenForIdToken(incomingToken);
if (accessToken != null) { if (accessToken != null) {
//OAuth2AccessTokenEntity newIdToken = tokenServices.get //OAuth2AccessTokenEntity newIdToken = tokenServices.get
IdToken newIdToken = new IdToken();
OAuth2AccessTokenEntity newIdTokenEntity = new OAuth2AccessTokenEntity(); OAuth2AccessTokenEntity newIdTokenEntity = new OAuth2AccessTokenEntity();
IdTokenClaims claims = newIdToken.getClaims(); // FIXME: we shouldn't have to roundtrip this through JSON to get it to copy all existing claims
claims.loadFromClaimSet(idToken.getClaims()); // copy over all existing claims JWTClaimsSet claims;
try {
claims = JWTClaimsSet.parse(idToken.getJWTClaimsSet().toJSONObject());
} catch (ParseException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
return null;
}
// update expiration and issued-at claims // update expiration and issued-at claims
if (client.getIdTokenValiditySeconds() != null) { if (client.getIdTokenValiditySeconds() != null) {
Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L)); Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L));
claims.setExpiration(expiration); // FIXME: Nimbus-JOSE Date fields
claims.setExpirationTimeClaim(expiration.getTime());
newIdTokenEntity.setExpiration(expiration); newIdTokenEntity.setExpiration(expiration);
} }
claims.setIssuedAt(new Date()); // FIXME: Nimbus-JOSE Date fields
claims.setIssuedAtClaim(new Date().getTime());
SignedJWT newIdToken = new SignedJWT((JWSHeader) idToken.getHeader(), claims);
try { try {
jwtService.signJwt(newIdToken); jwtService.signJwt(newIdToken);
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {