unshadowed Jwe header, unshadowed IdTokenClaims, added smart copy constructor to ClaimSet
parent
61b828e182
commit
2b62042696
|
@ -425,7 +425,7 @@ public class AbstractOIDCAuthenticationFilter extends
|
||||||
|
|
||||||
// pull the user_id out as a claim on the id_token
|
// pull the user_id out as a claim on the id_token
|
||||||
|
|
||||||
String userId = idToken.getTokenClaims().getUserId();
|
String userId = idToken.getClaims().getUserId();
|
||||||
|
|
||||||
// construct an OpenIdConnectAuthenticationToken and return a Authentication object w/the userId and the idToken
|
// construct an OpenIdConnectAuthenticationToken and return a Authentication object w/the userId and the idToken
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ import java.util.List;
|
||||||
|
|
||||||
import org.apache.commons.codec.binary.Base64;
|
import org.apache.commons.codec.binary.Base64;
|
||||||
import org.mitre.jwt.model.Jwt;
|
import org.mitre.jwt.model.Jwt;
|
||||||
|
import org.mitre.jwt.model.JwtHeader;
|
||||||
|
|
||||||
import com.google.common.base.Splitter;
|
import com.google.common.base.Splitter;
|
||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
|
@ -20,22 +21,18 @@ import com.google.gson.JsonObject;
|
||||||
*/
|
*/
|
||||||
public class Jwe extends Jwt {
|
public class Jwe extends Jwt {
|
||||||
|
|
||||||
private JweHeader header;
|
|
||||||
|
|
||||||
private byte[] encryptedKey;
|
private byte[] encryptedKey;
|
||||||
|
|
||||||
private byte[] ciphertext;
|
private byte[] ciphertext;
|
||||||
|
|
||||||
public Jwe() {
|
public Jwe() {
|
||||||
super();
|
super();
|
||||||
this.header = new JweHeader();
|
|
||||||
this.encryptedKey = null;
|
this.encryptedKey = null;
|
||||||
this.ciphertext = null;
|
this.ciphertext = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Jwe(JweHeader header, byte[] encryptedKey, byte[] ciphertext, String integrityValue) {
|
public Jwe(JweHeader header, byte[] encryptedKey, byte[] ciphertext, String integrityValue) {
|
||||||
super(null, null, integrityValue);
|
super(header, null, integrityValue);
|
||||||
this.header = header;
|
|
||||||
this.encryptedKey = encryptedKey;
|
this.encryptedKey = encryptedKey;
|
||||||
this.ciphertext = ciphertext;
|
this.ciphertext = ciphertext;
|
||||||
}
|
}
|
||||||
|
@ -52,11 +49,18 @@ public class Jwe extends Jwt {
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public JweHeader getHeader() {
|
public JweHeader getHeader() {
|
||||||
return header;
|
return (JweHeader) super.getHeader();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setHeader(JweHeader header) {
|
/**
|
||||||
this.header = header;
|
* Set the header, wrapping it in a JweHeader if necessary
|
||||||
|
*/
|
||||||
|
public void setHeader(JwtHeader header) {
|
||||||
|
if (header instanceof JweHeader) {
|
||||||
|
super.setHeader(header);
|
||||||
|
} else {
|
||||||
|
super.setHeader(new JweHeader(header));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public byte[] getEncryptedKey() {
|
public byte[] getEncryptedKey() {
|
||||||
|
@ -77,12 +81,9 @@ public class Jwe extends Jwt {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getSignatureBase() {
|
public String getSignatureBase() {
|
||||||
byte[] c = ciphertext;
|
String h64 = new String(Base64.encodeBase64URLSafe(getHeader().toJsonString().getBytes()));
|
||||||
byte[] e = encryptedKey;
|
String e64 = new String(Base64.encodeBase64URLSafe(getEncryptedKey()));
|
||||||
|
String c64 = new String(Base64.encodeBase64URLSafe(getCiphertext()));
|
||||||
String h64 = new String(Base64.encodeBase64URLSafe(header.toJsonString().getBytes()));
|
|
||||||
String e64 = new String(Base64.encodeBase64URLSafe(e));
|
|
||||||
String c64 = new String(Base64.encodeBase64URLSafe(c));
|
|
||||||
|
|
||||||
return h64 + "." + e64 + "." + c64;
|
return h64 + "." + e64 + "." + c64;
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,6 +33,10 @@ public class JweHeader extends JwtHeader{
|
||||||
super(b64);
|
super(b64);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public JweHeader(JwtHeader jwtHeader) {
|
||||||
|
super(jwtHeader);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Load all claims from the given json object into this object
|
* Load all claims from the given json object into this object
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -55,6 +55,10 @@ public class ClaimSet {
|
||||||
loadFromBase64JsonObjectString(b64);
|
loadFromBase64JsonObjectString(b64);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ClaimSet(ClaimSet claimSet) {
|
||||||
|
loadFromClaimSet(claimSet);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get an extension claim
|
* Get an extension claim
|
||||||
*/
|
*/
|
||||||
|
@ -185,6 +189,9 @@ public class ClaimSet {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Load new claims from the given json object. Will replace any existing claims, but does not clear claim set.
|
* Load new claims from the given json object. Will replace any existing claims, but does not clear claim set.
|
||||||
|
*
|
||||||
|
* This function is intended to be overridden by subclasses for more exact data type and claim handling.
|
||||||
|
*
|
||||||
* @param json
|
* @param json
|
||||||
*/
|
*/
|
||||||
public void loadFromJsonObject(JsonObject json) {
|
public void loadFromJsonObject(JsonObject json) {
|
||||||
|
@ -217,6 +224,14 @@ public class ClaimSet {
|
||||||
jsonString = new String(b64decoded);
|
jsonString = new String(b64decoded);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void loadFromClaimSet(ClaimSet claimSet) {
|
||||||
|
|
||||||
|
loadFromJsonObject(getAsJsonObject()); // we push to a JSON object and back to let subclasses override this
|
||||||
|
|
||||||
|
jsonString = claimSet.toJsonString(); // preserve the string on input
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
public String toJsonString() {
|
public String toJsonString() {
|
||||||
if(jsonString == null) {
|
if(jsonString == null) {
|
||||||
jsonString = this.getAsJsonObject().toString();
|
jsonString = this.getAsJsonObject().toString();
|
||||||
|
|
|
@ -53,9 +53,9 @@ public class Jwt {
|
||||||
*/
|
*/
|
||||||
public Jwt(JwtHeader header, JwtClaims claims, String signature) {
|
public Jwt(JwtHeader header, JwtClaims claims, String signature) {
|
||||||
super();
|
super();
|
||||||
this.header = header;
|
setHeader(header);
|
||||||
this.claims = claims;
|
setClaims(claims);
|
||||||
this.signature = signature;
|
setSignature(signature);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -51,6 +51,10 @@ public class JwtClaims extends ClaimSet {
|
||||||
super(b64);
|
super(b64);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public JwtClaims(JwtClaims jwtClaims) {
|
||||||
|
super(jwtClaims);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void loadFromJsonObject(JsonObject json) {
|
public void loadFromJsonObject(JsonObject json) {
|
||||||
JsonObject pass = new JsonObject();
|
JsonObject pass = new JsonObject();
|
||||||
|
|
|
@ -47,6 +47,10 @@ public class JwtHeader extends ClaimSet {
|
||||||
super(b64);
|
super(b64);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public JwtHeader(JwtHeader jwtHeader) {
|
||||||
|
super(jwtHeader);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Load all claims from the given json object into this object
|
* Load all claims from the given json object into this object
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -80,15 +80,19 @@ public class IdToken extends Jwt {
|
||||||
* @return the tokenClaims
|
* @return the tokenClaims
|
||||||
*/
|
*/
|
||||||
@Transient
|
@Transient
|
||||||
public IdTokenClaims getTokenClaims() {
|
public IdTokenClaims getClaims() {
|
||||||
return (IdTokenClaims) super.getClaims();
|
return (IdTokenClaims) super.getClaims();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param tokenClaims the tokenClaims to set
|
* @param tokenClaims the tokenClaims to set
|
||||||
*/
|
*/
|
||||||
public void setTokenClaims(IdTokenClaims tokenClaims) {
|
public void setClaims(JwtClaims tokenClaims) {
|
||||||
super.setClaims(tokenClaims);
|
if (tokenClaims instanceof IdTokenClaims) {
|
||||||
|
super.setClaims(tokenClaims);
|
||||||
|
} else {
|
||||||
|
super.setClaims(new IdTokenClaims(tokenClaims));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -58,6 +58,10 @@ public class IdTokenClaims extends JwtClaims {
|
||||||
super(b64);
|
super(b64);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public IdTokenClaims(JwtClaims jwtClaims) {
|
||||||
|
super(jwtClaims);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the id
|
* @return the id
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in New Issue