updated signing request object in OIDC client by pulling out construction of JWT to its own method.
parent
76c91ea79f
commit
685734ce35
|
@ -87,39 +87,7 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
|
||||||
|
|
||||||
if(StringUtils.isNotBlank(request.getParameter("token"))) {
|
if(StringUtils.isNotBlank(request.getParameter("token"))) {
|
||||||
|
|
||||||
Jwt jwt = new Jwt();
|
Jwt jwt = createAndSignRequestJwt(request, serverConfiguration);
|
||||||
JwtHeader header = jwt.getHeader();
|
|
||||||
JwtClaims claims = jwt.getClaims();
|
|
||||||
|
|
||||||
//set parameters to JwtHeader
|
|
||||||
header.setAlgorithm(JwsAlgorithm.getByName(SIGNING_ALGORITHM).toString());
|
|
||||||
|
|
||||||
//set parameters to JwtClaims
|
|
||||||
claims.setClaim("response_type", "token");
|
|
||||||
claims.setClaim("client_id", serverConfiguration.getClientId());
|
|
||||||
claims.setClaim("scope", scope);
|
|
||||||
claims.setClaim("redirect_uri", AbstractOIDCAuthenticationFilter.buildRedirectURI(request, null));
|
|
||||||
claims.setClaim("nonce", NONCE_SIGNATURE_COOKIE_NAME);
|
|
||||||
|
|
||||||
if(header.getAlgorithm().equals("RS256") || header.getAlgorithm().equals("RS384") || header.getAlgorithm().equals("RS512")) {
|
|
||||||
RsaSigner jwtSigner = new RsaSigner();
|
|
||||||
try {
|
|
||||||
jwt = jwtSigner.sign(jwt);
|
|
||||||
} catch (NoSuchAlgorithmException e) {
|
|
||||||
// TODO Auto-generated catch block
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
} else if(header.getAlgorithm().equals("HS256") || header.getAlgorithm().equals("HS384") || header.getAlgorithm().equals("HS512")) {
|
|
||||||
HmacSigner jwtSigner = new HmacSigner();
|
|
||||||
try {
|
|
||||||
jwt = jwtSigner.sign(jwt);
|
|
||||||
} catch (NoSuchAlgorithmException e) {
|
|
||||||
// TODO Auto-generated catch block
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
throw new IllegalArgumentException(header.getAlgorithm() + " is not a valid signing algorithm.");
|
|
||||||
}
|
|
||||||
|
|
||||||
Map<String, String> urlVariables = new HashMap<String, String>();
|
Map<String, String> urlVariables = new HashMap<String, String>();
|
||||||
|
|
||||||
|
@ -133,5 +101,43 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Jwt createAndSignRequestJwt(HttpServletRequest request, OIDCServerConfiguration serverConfiguration) {
|
||||||
|
Jwt jwt = new Jwt();
|
||||||
|
JwtHeader header = jwt.getHeader();
|
||||||
|
JwtClaims claims = jwt.getClaims();
|
||||||
|
|
||||||
|
//set parameters to JwtHeader
|
||||||
|
header.setAlgorithm(JwsAlgorithm.getByName(SIGNING_ALGORITHM).toString());
|
||||||
|
|
||||||
|
//set parameters to JwtClaims
|
||||||
|
claims.setClaim("response_type", "token");
|
||||||
|
claims.setClaim("client_id", serverConfiguration.getClientId());
|
||||||
|
claims.setClaim("scope", scope);
|
||||||
|
claims.setClaim("redirect_uri", AbstractOIDCAuthenticationFilter.buildRedirectURI(request, null));
|
||||||
|
claims.setClaim("nonce", NONCE_SIGNATURE_COOKIE_NAME);
|
||||||
|
|
||||||
|
if(header.getAlgorithm().equals("RS256") || header.getAlgorithm().equals("RS384") || header.getAlgorithm().equals("RS512")) {
|
||||||
|
RsaSigner jwtSigner = new RsaSigner();
|
||||||
|
try {
|
||||||
|
jwt = jwtSigner.sign(jwt);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
// TODO Auto-generated catch block
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
} else if(header.getAlgorithm().equals("HS256") || header.getAlgorithm().equals("HS384") || header.getAlgorithm().equals("HS512")) {
|
||||||
|
HmacSigner jwtSigner = new HmacSigner();
|
||||||
|
try {
|
||||||
|
jwt = jwtSigner.sign(jwt);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
// TODO Auto-generated catch block
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
throw new IllegalArgumentException(header.getAlgorithm() + " is not a valid signing algorithm.");
|
||||||
|
}
|
||||||
|
|
||||||
|
return jwt;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue