request object processor moved to nimbus-jose
Justin Richer
parent
0f99e0e06d
commit
c01e873019
|
|
@ -1,5 +1,6 @@
|
||||||
package org.mitre.openid.connect;
|
package org.mitre.openid.connect;
|
||||||
|
|
||||||
|
import java.text.ParseException;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
@ -7,10 +8,10 @@ import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import net.minidev.json.JSONObject;
|
||||||
|
|
||||||
import org.joda.time.DateTime;
|
import org.joda.time.DateTime;
|
||||||
import org.joda.time.Period;
|
import org.joda.time.Period;
|
||||||
import org.mitre.jwt.model.Jwt;
|
|
||||||
import org.mitre.jwt.model.JwtClaims;
|
|
||||||
import org.mitre.oauth2.exception.NonceReuseException;
|
import org.mitre.oauth2.exception.NonceReuseException;
|
||||||
import org.mitre.openid.connect.model.Nonce;
|
import org.mitre.openid.connect.model.Nonce;
|
||||||
import org.mitre.openid.connect.service.NonceService;
|
import org.mitre.openid.connect.service.NonceService;
|
||||||
|
|
@ -20,7 +21,6 @@ import org.springframework.beans.factory.InitializingBean;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.core.userdetails.User;
|
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
|
||||||
import org.springframework.security.oauth2.common.util.OAuth2Utils;
|
import org.springframework.security.oauth2.common.util.OAuth2Utils;
|
||||||
|
|
@ -32,6 +32,7 @@ import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import com.google.common.base.Strings;
|
import com.google.common.base.Strings;
|
||||||
|
import com.nimbusds.jose.JWSObject;
|
||||||
|
|
||||||
@Component("authorizationRequestManager")
|
@Component("authorizationRequestManager")
|
||||||
public class ConnectAuthorizationRequestManager implements AuthorizationRequestManager, InitializingBean {
|
public class ConnectAuthorizationRequestManager implements AuthorizationRequestManager, InitializingBean {
|
||||||
|
|
@ -148,12 +149,13 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
|
||||||
Map<String, String> parameters = new HashMap<String, String>(inputParams);
|
Map<String, String> parameters = new HashMap<String, String>(inputParams);
|
||||||
|
|
||||||
// parse the request object
|
// parse the request object
|
||||||
Jwt jwt = Jwt.parse(jwtString);
|
try {
|
||||||
JwtClaims claims = jwt.getClaims();
|
JWSObject jwsObject = JWSObject.parse(jwtString);
|
||||||
|
JSONObject claims = jwsObject.getPayload().toJSONObject();
|
||||||
|
|
||||||
// TODO: validate JWT signature
|
// TODO: validate JWT signature
|
||||||
|
|
||||||
String clientId = claims.getClaimAsString("client_id");
|
|
||||||
|
|
||||||
// TODO: check parameter consistency, move keys to constants
|
// TODO: check parameter consistency, move keys to constants
|
||||||
|
|
||||||
|
|
@ -170,56 +172,62 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
|
||||||
* we don't care
|
* we don't care
|
||||||
*/
|
*/
|
||||||
|
|
||||||
String responseTypes = claims.getClaimAsString("response_type");
|
// FIXME: all of these are doing raw JSON parsing and don't guarantee good behavior vis a vis strings
|
||||||
|
String responseTypes = (String) claims.get("response_type");
|
||||||
if (responseTypes != null) {
|
if (responseTypes != null) {
|
||||||
parameters.put("response_type", responseTypes);
|
parameters.put("response_type", responseTypes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String clientId = (String) claims.get("client_id");
|
||||||
if (clientId != null) {
|
if (clientId != null) {
|
||||||
parameters.put("client_id", clientId);
|
parameters.put("client_id", clientId);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (claims.getClaimAsString("redirect_uri") != null) {
|
if (claims.get("redirect_uri") != null) {
|
||||||
if (inputParams.containsKey("redirect_uri") == false) {
|
if (inputParams.containsKey("redirect_uri") == false) {
|
||||||
parameters.put("redirect_uri", claims.getClaimAsString("redirect_uri"));
|
parameters.put("redirect_uri", (String) claims.get("redirect_uri"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String state = claims.getClaimAsString("state");
|
String state = (String) claims.get("state");
|
||||||
if(state != null) {
|
if(state != null) {
|
||||||
if (inputParams.containsKey("state") == false) {
|
if (inputParams.containsKey("state") == false) {
|
||||||
parameters.put("state", state);
|
parameters.put("state", state);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String nonce = claims.getClaimAsString("nonce");
|
String nonce = (String) claims.get("nonce");
|
||||||
if(nonce != null) {
|
if(nonce != null) {
|
||||||
if (inputParams.containsKey("nonce") == false) {
|
if (inputParams.containsKey("nonce") == false) {
|
||||||
parameters.put("nonce", nonce);
|
parameters.put("nonce", nonce);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String display = claims.getClaimAsString("display");
|
String display = (String) claims.get("display");
|
||||||
if (display != null) {
|
if (display != null) {
|
||||||
if (inputParams.containsKey("display") == false) {
|
if (inputParams.containsKey("display") == false) {
|
||||||
parameters.put("display", display);
|
parameters.put("display", display);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String prompt = claims.getClaimAsString("prompt");
|
String prompt = (String) claims.get("prompt");
|
||||||
if (prompt != null) {
|
if (prompt != null) {
|
||||||
if (inputParams.containsKey("prompt") == false) {
|
if (inputParams.containsKey("prompt") == false) {
|
||||||
parameters.put("prompt", prompt);
|
parameters.put("prompt", prompt);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String scope = claims.getClaimAsString("scope");
|
String scope = (String) claims.get("scope");
|
||||||
if (scope != null) {
|
if (scope != null) {
|
||||||
if (inputParams.containsKey("scope") == false) {
|
if (inputParams.containsKey("scope") == false) {
|
||||||
parameters.put("scope", scope);
|
parameters.put("scope", scope);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
} catch (ParseException e) {
|
||||||
|
// TODO Auto-generated catch block
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
return parameters;
|
return parameters;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue