github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Validate HMAC-signed ID tokens

pull/627/head
Christopher Elkins 2014-06-13 14:59:15 -07:00 committed by Justin Richer
parent 5773fe195b
commit 1dc204f975
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
View File

@ -444,6 +444,16 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
// check the signature
JwtSigningAndValidationService jwtValidator = validationServices.getValidator(serverConfig.getJwksUri());
if (jwtValidator == null) {
JWSAlgorithm alg = idToken.getHeader().getAlgorithm();
if (alg.equals(JWSAlgorithm.HS256)
|| alg.equals(JWSAlgorithm.HS384)
|| alg.equals(JWSAlgorithm.HS512)) {
// generate one based on client secret
jwtValidator = symmetricCacheService.getSymmetricValidtor(clientConfig.getClient());
}
}
if (jwtValidator != null) {
if(!jwtValidator.validateSignature(idToken)) {
throw new AuthenticationServiceException("Signature validation failed");

2
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/SymmetricCacheService.java
View File

@ -98,7 +98,7 @@ public class SymmetricCacheService {
String id = "SYMMETRIC-KEY";
JWK jwk = new OctetSequenceKey(Base64URL.encode(key), Use.SIGNATURE, null, id, null, null, null);
JWK jwk = new OctetSequenceKey(new Base64URL(key), Use.SIGNATURE, null, id, null, null, null);
Map<String, JWK> keys = ImmutableMap.of(id, jwk);
JwtSigningAndValidationService service = new DefaultJwtSigningAndValidationService(keys);