keycloak
公開メンバ関数 | 非公開変数類 | 全メンバ一覧
org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser クラス
org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser の継承関係図
Inheritance graph
org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser 連携図
Collaboration graph

公開メンバ関数

AuthenticatedClientSessionModel parseSession (String code, String tabId, KeycloakSession session, RealmModel realm, ClientModel client, EventBuilder event)
 
String retrieveCode (KeycloakSession session, AuthenticatedClientSessionModel clientSession)
 
boolean verifyCode (KeycloakSession session, String code, AuthenticatedClientSessionModel clientSession)
 
void removeExpiredSession (KeycloakSession session, AuthenticatedClientSessionModel clientSession)
 
boolean isExpired (KeycloakSession session, String code, AuthenticatedClientSessionModel clientSession)
 
int getTimestamp (AuthenticatedClientSessionModel clientSession)
 
void setTimestamp (AuthenticatedClientSessionModel clientSession, int timestamp)
 
String getClientNote (AuthenticatedClientSessionModel clientSession, String noteKey)
 
String retrieveCode (KeycloakSession session, CS clientSession)
 
void removeExpiredSession (KeycloakSession session, CS clientSession)
 
boolean verifyCode (KeycloakSession session, String code, CS clientSession)
 
boolean isExpired (KeycloakSession session, String code, CS clientSession)
 
int getTimestamp (CS clientSession)
 
void setTimestamp (CS clientSession, int timestamp)
 
String getClientNote (CS clientSession, String noteKey)
 

非公開変数類

CodeJWT codeJWT
 

詳解

関数詳解

◆ getClientNote() [1/2]

String org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.getClientNote ( CS  clientSession,
String  noteKey 
)
inherited

◆ getClientNote() [2/2]

String org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.getClientNote ( AuthenticatedClientSessionModel  clientSession,
String  noteKey 
)
inline
278  {
279  return clientSession.getNote(noteKey);
280  }

◆ getTimestamp() [1/2]

int org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.getTimestamp ( CS  clientSession)
inherited

◆ getTimestamp() [2/2]

int org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.getTimestamp ( AuthenticatedClientSessionModel  clientSession)
inline
268  {
269  return clientSession.getTimestamp();
270  }

◆ isExpired() [1/2]

boolean org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.isExpired ( KeycloakSession  session,
String  code,
CS  clientSession 
)
inherited

◆ isExpired() [2/2]

boolean org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.isExpired ( KeycloakSession  session,
String  code,
AuthenticatedClientSessionModel  clientSession 
)
inline
263  {
264  return !codeJWT.isActive();
265  }
org.keycloak.representations.JsonWebToken.isActive
boolean isActive()
Definition: JsonWebToken.java:108

◆ parseSession()

AuthenticatedClientSessionModel org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.parseSession ( String  code,
String  tabId,
KeycloakSession  session,
RealmModel  realm,
ClientModel  client,
EventBuilder  event 
)
inline
174  {
175  SecretKey aesKey = session.keys().getActiveAesKey(realm).getSecretKey();
176  SecretKey hmacKey = session.keys().getActiveHmacKey(realm).getSecretKey();
177 
178  try {
179  codeJWT = TokenUtil.jweDirectVerifyAndDecode(aesKey, hmacKey, code, CodeJWT.class);
180  } catch (JWEException jweException) {
181  logger.error("Exception during JWE Verification or decode", jweException);
182  return null;
183  }
184 
185  event.detail(Details.CODE_ID, codeJWT.getUserSessionId());
186  event.session(codeJWT.getUserSessionId());
187 
188  UserSessionModel userSession = new UserSessionCrossDCManager(session).getUserSessionWithClient(realm, codeJWT.getUserSessionId(), codeJWT.getIssuedFor());
189  if (userSession == null) {
190  // TODO:mposolda Temporary workaround needed to track if code is invalid or was already used. Will be good to remove once used OAuth codes are tracked through one-time cache
191  userSession = session.sessions().getUserSession(realm, codeJWT.getUserSessionId());
192  if (userSession == null) {
193  return null;
194  }
195  }
196 
197  return userSession.getAuthenticatedClientSessionByClient(codeJWT.getIssuedFor());
198 
199  }
org.keycloak.representations.JsonWebToken.getIssuedFor
String getIssuedFor()
Definition: JsonWebToken.java:210
org.keycloak.services.managers.CodeGenerateUtil.logger
static final Logger logger
Definition: CodeGenerateUtil.java:53
org.keycloak.representations.CodeJWT.getUserSessionId
String getUserSessionId()
Definition: CodeJWT.java:30

◆ removeExpiredSession() [1/2]

void org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.removeExpiredSession ( KeycloakSession  session,
CS  clientSession 
)
inherited

◆ removeExpiredSession() [2/2]

void org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.removeExpiredSession ( KeycloakSession  session,
AuthenticatedClientSessionModel  clientSession 
)
inline
257  {
258  throw new IllegalStateException("Not yet implemented");
259  }

◆ retrieveCode() [1/2]

String org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.retrieveCode ( KeycloakSession  session,
CS  clientSession 
)
inherited

◆ retrieveCode() [2/2]

String org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.retrieveCode ( KeycloakSession  session,
AuthenticatedClientSessionModel  clientSession 
)
inline
203  {
204  String actionId = KeycloakModelUtils.generateId();
205 
206  CodeJWT codeJWT = new CodeJWT();
207  codeJWT.id(actionId);
208  codeJWT.issuedFor(clientSession.getClient().getId());
209  codeJWT.userSessionId(clientSession.getUserSession().getId());
210 
211  RealmModel realm = clientSession.getRealm();
212 
213  int issuedAt = Time.currentTime();
214  codeJWT.issuedAt(issuedAt);
215  codeJWT.expiration(issuedAt + realm.getAccessCodeLifespan());
216 
217  SecretKey aesKey = session.keys().getActiveAesKey(realm).getSecretKey();
218  SecretKey hmacKey = session.keys().getActiveHmacKey(realm).getSecretKey();
219 
220  if (logger.isTraceEnabled()) {
221  logger.tracef("Using AES key of length '%d' bytes and HMAC key of length '%d' bytes . Client: '%s', User Session: '%s'", aesKey.getEncoded().length,
222  hmacKey.getEncoded().length, clientSession.getClient().getClientId(), clientSession.getUserSession().getId());
223  }
224 
225  try {
226  return TokenUtil.jweDirectEncode(aesKey, hmacKey, codeJWT);
227  } catch (JWEException jweEx) {
228  throw new RuntimeException(jweEx);
229  }
230  }
org.keycloak.services.managers.CodeGenerateUtil.logger
static final Logger logger
Definition: CodeGenerateUtil.java:53

◆ setTimestamp() [1/2]

void org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.setTimestamp ( CS  clientSession,
int  timestamp 
)
inherited

◆ setTimestamp() [2/2]

void org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.setTimestamp ( AuthenticatedClientSessionModel  clientSession,
int  timestamp 
)
inline
273  {
274  clientSession.setTimestamp(timestamp);
275  }

◆ verifyCode() [1/2]

boolean org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.verifyCode ( KeycloakSession  session,
String  code,
CS  clientSession 
)
inherited

◆ verifyCode() [2/2]

boolean org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.verifyCode ( KeycloakSession  session,
String  code,
AuthenticatedClientSessionModel  clientSession 
)
inline
234  {
235  if (codeJWT == null) {
236  throw new IllegalStateException("Illegal use. codeJWT not yet set");
237  }
238 
239  UUID codeId = UUID.fromString(codeJWT.getId());
240  CodeToTokenStoreProvider singleUseCache = session.getProvider(CodeToTokenStoreProvider.class);
241 
242  if (singleUseCache.putIfAbsent(codeId)) {
243 
244  if (logger.isTraceEnabled()) {
245  logger.tracef("Added code '%s' to single-use cache. User session: %s, client: %s", codeJWT.getId(), codeJWT.getUserSessionId(), codeJWT.getIssuedFor());
246  }
247 
248  return true;
249  } else {
250  logger.warnf("Code '%s' already used for userSession '%s' and client '%s'.", codeJWT.getId(), codeJWT.getUserSessionId(), codeJWT.getIssuedFor());
251  return false;
252  }
253  }
org.keycloak.representations.JsonWebToken.getId
String getId()
Definition: JsonWebToken.java:64
org.keycloak.representations.JsonWebToken.getIssuedFor
String getIssuedFor()
Definition: JsonWebToken.java:210
org.keycloak.services.managers.CodeGenerateUtil.logger
static final Logger logger
Definition: CodeGenerateUtil.java:53
org.keycloak.representations.CodeJWT.getUserSessionId
String getUserSessionId()
Definition: CodeJWT.java:30

メンバ詳解

◆ codeJWT

CodeJWT org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.codeJWT
private
このクラス詳解は次のファイルから抽出されました:
2018年10月29日(月) 00時35分56秒作成 - keycloak / 構成:   doxygen 1.8.13