github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added in service layer for JWT signers, started to put in some exceptions

pull/59/head
Justin Richer 2012-01-31 17:00:48 -05:00
parent eb1da16d24
commit eaa22754e3
7 changed files with 103 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
server/src/main/java/org/mitre/jwt/service/JwtSigningAndValidationService.java Normal file
View File

@ -0,0 +1,37 @@
package org.mitre.jwt.service;
import java.security.PublicKey;
import java.util.List;
import org.mitre.jwt.model.Jwt;
public interface JwtSigningAndValidationService {
/**
* Returns all public keys this service is configured with.
* @return
*/
public List<PublicKey> getAllPublicKeys();
/**
* Checks the signature of the given JWT against all configured signers, returns true if at least one of the signers validates it.
* @param jwtString the string representation of the JWT as sent on the wire
* @return true if the signature is valid, false if not
*/
public boolean validateSignature(String jwtString);
/**
* Checks to see if this JWT has been issued by us
* @param jwt the JWT to check the issuer of
* @return true if the JWT was issued by this AS, false if not
*/
public boolean validateIssuedJwt(Jwt jwt);
/**
* Check to see if this JWT has expired or not
* @param jwt the JWT to check
* @return true if this JWT has an expiration and it has passed, false if the JWT has no expiration or it has an expiration and the expiration has not passed
*/
public boolean isJwtExpired(Jwt jwt);
}

5
server/src/main/java/org/mitre/openid/connect/exception/ExpiredTokenException.java Normal file
View File

@ -0,0 +1,5 @@
package org.mitre.openid.connect.exception;
public class ExpiredTokenException extends RuntimeException {
}

5
server/src/main/java/org/mitre/openid/connect/exception/InvalidJwtIssuerException.java Normal file
View File

@ -0,0 +1,5 @@
package org.mitre.openid.connect.exception;
public class InvalidJwtIssuerException extends RuntimeException {
}

5
server/src/main/java/org/mitre/openid/connect/exception/InvalidJwtSignatureException.java Normal file
View File

@ -0,0 +1,5 @@
package org.mitre.openid.connect.exception;
public class InvalidJwtSignatureException extends RuntimeException {
}

0
server/src/main/java/org/mitre/openid/connect/exception/empty.txt
View File

25
server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java
View File

@ -1,7 +1,12 @@
package org.mitre.openid.connect.web; package org.mitre.openid.connect.web;
import org.mitre.jwt.service.JwtSigningAndValidationService;
import org.mitre.openid.connect.exception.ExpiredTokenException;
import org.mitre.openid.connect.exception.InvalidJwtIssuerException;
import org.mitre.openid.connect.exception.InvalidJwtSignatureException;
import org.mitre.openid.connect.model.IdToken; import org.mitre.openid.connect.model.IdToken;
import org.mitre.openid.connect.model.IdTokenClaims; import org.mitre.openid.connect.model.IdTokenClaims;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
@ -10,17 +15,33 @@ import org.springframework.web.servlet.ModelAndView;
@Controller @Controller
public class CheckIDEndpoint { public class CheckIDEndpoint {
@Autowired
JwtSigningAndValidationService jwtSignerService;
@RequestMapping("/checkid") @RequestMapping("/checkid")
public ModelAndView checkID(@RequestParam("id_token") String tokenString, ModelAndView mav) { public ModelAndView checkID(@RequestParam("id_token") String tokenString, ModelAndView mav) {
if (!jwtSignerService.validateSignature(tokenString)) {
// can't validate
throw new InvalidJwtSignatureException(); // TODO: attach a view to this exception
}
// it's a valid signature, parse the token
IdToken token = IdToken.parse(tokenString); IdToken token = IdToken.parse(tokenString);
// check the expiration
if (jwtSignerService.isJwtExpired(token)) {
// token has expired
throw new ExpiredTokenException(); // TODO create a view for this exception
}
// check the issuer (sanity check)
if (!jwtSignerService.validateIssuedJwt(token)) {
throw new InvalidJwtIssuerException(); // TODO: create a view for this exception
}
return new ModelAndView("jsonIdTokenView", "checkId", token); // TODO: create a view for this
return new ModelAndView("jsonIdTokenView", "checkId", token);
} }
} }

28
server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java Normal file
View File

@ -0,0 +1,28 @@
package org.mitre.openid.connect.web;
import java.security.PublicKey;
import java.util.List;
import org.mitre.jwt.service.JwtSigningAndValidationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class JsonWebKeyEndpoint {
@Autowired
JwtSigningAndValidationService jwtService;
@RequestMapping("/jwk")
public ModelAndView getJwk() {
List<PublicKey> keys = jwtService.getAllPublicKeys();
// TODO: check if keys are empty, return a 404 here?
return new ModelAndView("jwkView", "keys", keys); // TODO: make a view
}
}