org.xdi.oxauth.model.authorize.JwtAuthorizationRequest クラス

org.xdi.oxauth.model.authorize.JwtAuthorizationRequest 連携図

公開メンバ関数
	JwtAuthorizationRequest (AppConfiguration appConfiguration, String encodedJwt, Client client) throws InvalidJwtException, InvalidJweException
String	getEncodedJwt ()
String	getKeyId ()
String	getType ()
void	setType (String type)
String	getAlgorithm ()
void	setAlgorithm (String algorithm)
List< ResponseType >	getResponseTypes ()
void	setResponseTypes (List< ResponseType > responseTypes)
String	getClientId ()
void	setClientId (String clientId)
List< String >	getScopes ()
void	setScopes (List< String > scopes)
String	getRedirectUri ()
void	setRedirectUri (String redirectUri)
String	getNonce ()
void	setNonce (String nonce)
String	getState ()
void	setState (String state)
Display	getDisplay ()
void	setDisplay (Display display)
List< Prompt >	getPrompts ()
void	setPrompts (List< Prompt > prompts)
UserInfoMember	getUserInfoMember ()
void	setUserInfoMember (UserInfoMember userInfoMember)
IdTokenMember	getIdTokenMember ()
void	setIdTokenMember (IdTokenMember idTokenMember)

非公開メンバ関数
void	loadHeader (String header) throws JSONException
void	loadPayload (String payload) throws JSONException, UnsupportedEncodingException
boolean	validateSignature (SignatureAlgorithm signatureAlgorithm, Client client, String signingInput, String signature) throws Exception

非公開変数類
String	type
String	algorithm
String	encryptionAlgorithm
String	keyId
List< ResponseType >	responseTypes
String	clientId
List< String >	scopes
String	redirectUri
String	nonce
String	state
Display	display
List< Prompt >	prompts
UserInfoMember	userInfoMember
IdTokenMember	idTokenMember
String	encodedJwt
AppConfiguration	appConfiguration

詳解

著者

Javier Rojas Blum

バージョン

July 31, 2016

構築子と解体子

JwtAuthorizationRequest()

org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.JwtAuthorizationRequest ( AppConfiguration  appConfiguration, String  encodedJwt, Client  client  ) throws InvalidJwtException, InvalidJweException

inline

                                                                                                                                                        {
        try {
                this.appConfiguration = appConfiguration;
                this.responseTypes = new ArrayList<ResponseType>();
                this.scopes = new ArrayList<String>();
                this.prompts = new ArrayList<Prompt>();
            this.encodedJwt = encodedJwt;

            if (encodedJwt != null && !encodedJwt.isEmpty()) {
                String[] parts = encodedJwt.split("\\.");

                if (parts.length == 5) {
                    String encodedHeader = parts[0];
                    String encodedEncryptedKey = parts[1];
                    String encodedInitializationVector = parts[2];
                    String encodedCipherText = parts[3];
                    String encodedIntegrityValue = parts[4];

                    JwtHeader jwtHeader = new JwtHeader(encodedHeader);

                    keyId = jwtHeader.getKeyId();
                    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(
                            jwtHeader.getClaimAsString(JwtHeaderName.ALGORITHM));
                    BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.fromName(
                            jwtHeader.getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD));

                    JweDecrypterImpl jweDecrypter = null;
                    if ("RSA".equals(keyEncryptionAlgorithm.getFamily())) {
                        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(appConfiguration.getKeyStoreFile(),
                                        appConfiguration.getKeyStoreSecret(), appConfiguration.getDnName());
                        PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
                        jweDecrypter = new JweDecrypterImpl(privateKey);
                    } else {
                        ClientService clientService = CdiUtil.bean(ClientService.class); 
                        jweDecrypter = new JweDecrypterImpl(clientService.decryptSecret(client.getClientSecret()).getBytes(Util.UTF8_STRING_ENCODING));
                    }
                    jweDecrypter.setKeyEncryptionAlgorithm(keyEncryptionAlgorithm);
                    jweDecrypter.setBlockEncryptionAlgorithm(blockEncryptionAlgorithm);

                    byte[] contentMasterKey = jweDecrypter.decryptEncryptionKey(encodedEncryptedKey);
                    byte[] initializationVector = Base64Util.base64urldecode(encodedInitializationVector);
                    byte[] authenticationTag = Base64Util.base64urldecode(encodedIntegrityValue);
                    String additionalAuthenticatedData = encodedHeader + "."
                            + encodedEncryptedKey + "."
                            + encodedInitializationVector;

                    String encodedClaim = jweDecrypter.decryptCipherText(encodedCipherText, contentMasterKey, initializationVector,
                            authenticationTag, additionalAuthenticatedData.getBytes(Util.UTF8_STRING_ENCODING));
                    String header = new String(Base64Util.base64urldecode(encodedHeader), Util.UTF8_STRING_ENCODING);
                    String payload = new String(Base64Util.base64urldecode(encodedClaim), Util.UTF8_STRING_ENCODING);
                    payload = payload.replace("\\", "");

                    loadHeader(header);
                    loadPayload(payload);
                } else if (parts.length == 2 || parts.length == 3) {
                    String encodedHeader = parts[0];
                    String encodedClaim = parts[1];
                    String encodedSignature = StringUtils.EMPTY;
                    if (parts.length == 3) {
                        encodedSignature = parts[2];
                    }

                    String signingInput = encodedHeader + "." + encodedClaim;
                    String header = new String(Base64Util.base64urldecode(encodedHeader), Util.UTF8_STRING_ENCODING);
                    String payload = new String(Base64Util.base64urldecode(encodedClaim), Util.UTF8_STRING_ENCODING);
                    payload = payload.replace("\\", "");

                    JSONObject jsonHeader = new JSONObject(header);

                    if (jsonHeader.has("typ")) {
                        type = jsonHeader.getString("typ");
                    }
                    if (jsonHeader.has("alg")) {
                        algorithm = jsonHeader.getString("alg");
                    }
                    if (jsonHeader.has("kid")) {
                        keyId = jsonHeader.getString("kid");
                    }

                    SignatureAlgorithm sigAlg = SignatureAlgorithm.fromString(algorithm);
                    if (sigAlg != null) {
                        if (validateSignature(sigAlg, client, signingInput, encodedSignature)) {
                            JSONObject jsonPayload = new JSONObject(payload);

                            if (jsonPayload.has("response_type")) {
                                JSONArray responseTypeJsonArray = jsonPayload.optJSONArray("response_type");
                                if (responseTypeJsonArray != null) {
                                    for (int i = 0; i < responseTypeJsonArray.length(); i++) {
                                        ResponseType responseType = ResponseType.fromString(responseTypeJsonArray.getString(i));
                                        responseTypes.add(responseType);
                                    }
                                } else {
                                    responseTypes.addAll(ResponseType.fromString(jsonPayload.getString("response_type"), " "));
                                }
                            }
                            if (jsonPayload.has("client_id")) {
                                clientId = jsonPayload.getString("client_id");
                            }
                            if (jsonPayload.has("scope")) {
                                JSONArray scopesJsonArray = jsonPayload.optJSONArray("scope");
                                if (scopesJsonArray != null) {
                                    for (int i = 0; i < scopesJsonArray.length(); i++) {
                                        String scope = scopesJsonArray.getString(i);
                                        scopes.add(scope);
                                    }
                                } else {
                                    String scopeStringList = jsonPayload.getString("scope");
                                    scopes.addAll(Util.splittedStringAsList(scopeStringList, " "));
                                }
                            }
                            if (jsonPayload.has("redirect_uri")) {
                                redirectUri = URLDecoder.decode(jsonPayload.getString("redirect_uri"), "UTF-8");
                            }
                            if (jsonPayload.has("nonce")) {
                                nonce = jsonPayload.getString("nonce");
                            }
                            if (jsonPayload.has("state")) {
                                state = jsonPayload.getString("state");
                            }
                            if (jsonPayload.has("display")) {
                                display = Display.fromString(jsonPayload.getString("display"));
                            }
                            if (jsonPayload.has("prompt")) {
                                JSONArray promptJsonArray = jsonPayload.optJSONArray("prompt");
                                if (promptJsonArray != null) {
                                    for (int i = 0; i < promptJsonArray.length(); i++) {
                                        Prompt prompt = Prompt.fromString(promptJsonArray.getString(i));
                                        prompts.add(prompt);
                                    }
                                } else {
                                    prompts.addAll(Prompt.fromString(jsonPayload.getString("prompt"), " "));
                                }
                            }
                            if (jsonPayload.has("claims")) {
                                JSONObject claimsJsonObject = jsonPayload.getJSONObject("claims");

                                if (claimsJsonObject.has("userinfo")) {
                                    userInfoMember = new UserInfoMember(claimsJsonObject.getJSONObject("userinfo"));
                                }
                                if (claimsJsonObject.has("id_token")) {
                                    idTokenMember = new IdTokenMember(claimsJsonObject.getJSONObject("id_token"));
                                }
                            }
                        } else {
                            throw new InvalidJwtException("The JWT signature is not valid");
                        }
                    } else {
                        throw new InvalidJwtException("The JWT algorithm is not supported");
                    }
                } else {
                    throw new InvalidJwtException("The JWT is not well formed");
                }
            } else {
                throw new InvalidJwtException("The JWT is null or empty");
            }
        } catch (JSONException e) {
            throw new InvalidJwtException(e);
        } catch (UnsupportedEncodingException e) {
            throw new InvalidJwtException(e);
        } catch (StringEncrypter.EncryptionException e) {
            throw new InvalidJwtException(e);
        } catch (Exception e) {
            throw new InvalidJwtException(e);
        }
    }

関数詳解

getAlgorithm()

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getAlgorithm ( )

inline

                                 {
        return algorithm;
    }

getClientId()

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getClientId ( )

inline

                                {
        return clientId;
    }

getDisplay()

Display org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getDisplay ( )

inline

                                {
        return display;
    }

getEncodedJwt()

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getEncodedJwt ( )

inline

                                  {
        return encodedJwt;
    }

getIdTokenMember()

IdTokenMember org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getIdTokenMember ( )

inline

                                            {
        return idTokenMember;
    }

getKeyId()

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getKeyId ( )

inline

                             {
        return keyId;
    }

getNonce()

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getNonce ( )

inline

                             {
        return nonce;
    }

getPrompts()

List<Prompt> org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getPrompts ( )

inline

                                     {
        return prompts;
    }

getRedirectUri()

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getRedirectUri ( )

inline

                                   {
        return redirectUri;
    }

getResponseTypes()

List<ResponseType> org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getResponseTypes ( )

inline

                                                 {
        return responseTypes;
    }

getScopes()

List<String> org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getScopes ( )

inline

                                    {
        return scopes;
    }

getState()

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getState ( )

inline

                             {
        return state;
    }

getType()

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getType ( )

inline

                            {
        return type;
    }

getUserInfoMember()

UserInfoMember org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.getUserInfoMember ( )

inline

                                              {
        return userInfoMember;
    }

loadHeader()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.loadHeader ( String  header ) throws JSONException

inlineprivate

                                                                {
        JSONObject jsonHeader = new JSONObject(header);

        if (jsonHeader.has("typ")) {
            type = jsonHeader.getString("typ");
        }
        if (jsonHeader.has("alg")) {
            algorithm = jsonHeader.getString("alg");
        }
        if (jsonHeader.has("enc")) {
            encryptionAlgorithm = jsonHeader.getString("enc");
        }
        if (jsonHeader.has("kid")) {
            keyId = jsonHeader.getString("kid");
        }
    }

loadPayload()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.loadPayload ( String  payload ) throws JSONException, UnsupportedEncodingException

inlineprivate

                                                                                                {
        JSONObject jsonPayload = new JSONObject(payload);

        if (jsonPayload.has("response_type")) {
            JSONArray responseTypeJsonArray = jsonPayload.optJSONArray("response_type");
            if (responseTypeJsonArray != null) {
                for (int i = 0; i < responseTypeJsonArray.length(); i++) {
                    ResponseType responseType = ResponseType.fromString(responseTypeJsonArray.getString(i));
                    responseTypes.add(responseType);
                }
            } else {
                responseTypes.addAll(ResponseType.fromString(jsonPayload.getString("response_type"), " "));
            }
        }
        if (jsonPayload.has("client_id")) {
            clientId = jsonPayload.getString("client_id");
        }
        if (jsonPayload.has("scope")) {
            JSONArray scopesJsonArray = jsonPayload.optJSONArray("scope");
            if (scopesJsonArray != null) {
                for (int i = 0; i < scopesJsonArray.length(); i++) {
                    String scope = scopesJsonArray.getString(i);
                    scopes.add(scope);
                }
            } else {
                String scopeStringList = jsonPayload.getString("scope");
                scopes.addAll(Util.splittedStringAsList(scopeStringList, " "));
            }
        }
        if (jsonPayload.has("redirect_uri")) {
            redirectUri = URLDecoder.decode(jsonPayload.getString("redirect_uri"), "UTF-8");
        }
        if (jsonPayload.has("nonce")) {
            nonce = jsonPayload.getString("nonce");
        }
        if (jsonPayload.has("state")) {
            state = jsonPayload.getString("state");
        }
        if (jsonPayload.has("display")) {
            display = Display.fromString(jsonPayload.getString("display"));
        }
        if (jsonPayload.has("prompt")) {
            JSONArray promptJsonArray = jsonPayload.optJSONArray("prompt");
            if (promptJsonArray != null) {
                for (int i = 0; i < promptJsonArray.length(); i++) {
                    Prompt prompt = Prompt.fromString(promptJsonArray.getString(i));
                    prompts.add(prompt);
                }
            } else {
                prompts.addAll(Prompt.fromString(jsonPayload.getString("prompt"), " "));
            }
        }
        if (jsonPayload.has("claims")) {
            JSONObject claimsJsonObject = jsonPayload.getJSONObject("claims");

            if (claimsJsonObject.has("userinfo")) {
                userInfoMember = new UserInfoMember(claimsJsonObject.getJSONObject("userinfo"));
            }
            if (claimsJsonObject.has("id_token")) {
                idTokenMember = new IdTokenMember(claimsJsonObject.getJSONObject("id_token"));
            }
        }
    }

setAlgorithm()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setAlgorithm ( String  algorithm )

inline

                                               {
        this.algorithm = algorithm;
    }

setClientId()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setClientId ( String  clientId )

inline

                                             {
        this.clientId = clientId;
    }

setDisplay()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setDisplay ( Display  display )

inline

                                            {
        this.display = display;
    }

setIdTokenMember()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setIdTokenMember ( IdTokenMember  idTokenMember )

inline

                                                              {
        this.idTokenMember = idTokenMember;
    }

setNonce()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setNonce ( String  nonce )

inline

                                       {
        this.nonce = nonce;
    }

setPrompts()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setPrompts ( List< Prompt >  prompts )

inline

                                                 {
        this.prompts = prompts;
    }

setRedirectUri()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setRedirectUri ( String  redirectUri )

inline

                                                   {
        this.redirectUri = redirectUri;
    }

setResponseTypes()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setResponseTypes ( List< ResponseType >  responseTypes )

inline

                                                                   {
        this.responseTypes = responseTypes;
    }

setScopes()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setScopes ( List< String >  scopes )

inline

                                               {
        this.scopes = scopes;
    }

setState()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setState ( String  state )

inline

                                       {
        this.state = state;
    }

setType()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setType ( String  type )

inline

                                     {
        this.type = type;
    }

setUserInfoMember()

void org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.setUserInfoMember ( UserInfoMember  userInfoMember )

inline

                                                                 {
        this.userInfoMember = userInfoMember;
    }

validateSignature()

boolean org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.validateSignature ( SignatureAlgorithm  signatureAlgorithm, Client  client, String  signingInput, String  signature  ) throws Exception

inlineprivate

                                                                                                                                                    {
        ClientService clientService = CdiUtil.bean(ClientService.class); 
        String sharedSecret = clientService.decryptSecret(client.getClientSecret());
        JSONObject jwks = Strings.isNullOrEmpty(client.getJwks()) ?
                JwtUtil.getJSONWebKeys(client.getJwksUri()) :
                new JSONObject(client.getJwks());
        AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(
                        appConfiguration);
        boolean validSignature = cryptoProvider.verifySignature(signingInput, signature, keyId, jwks, sharedSecret, signatureAlgorithm);

        return validSignature;
    }

メンバ詳解

algorithm

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.algorithm

private

appConfiguration

AppConfiguration org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.appConfiguration

private

clientId

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.clientId

private

display

Display org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.display

private

encodedJwt

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.encodedJwt

private

encryptionAlgorithm

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.encryptionAlgorithm

private

idTokenMember

IdTokenMember org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.idTokenMember

private

keyId

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.keyId

private

nonce

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.nonce

private

prompts

List<Prompt> org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.prompts

private

redirectUri

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.redirectUri

private

responseTypes

List<ResponseType> org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.responseTypes

private

scopes

List<String> org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.scopes

private

state

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.state

private

type

String org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.type

private

userInfoMember

UserInfoMember org.xdi.oxauth.model.authorize.JwtAuthorizationRequest.userInfoMember

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/model/authorize/JwtAuthorizationRequest.java