org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator 連携図

クラス
class	TypedList

静的公開メンバ関数
static void	validate (KeycloakSession session, ClientModel client, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException

static void	validate (KeycloakSession session, String rootUrl, Set< String > redirectUris, String sectorIdentifierUri) throws ProtocolMapperConfigException

静的公開変数類
static final String	PAIRWISE_MALFORMED_CLIENT_REDIRECT_URI = "pairwiseMalformedClientRedirectURI"

static final String	PAIRWISE_CLIENT_REDIRECT_URIS_MISSING_HOST = "pairwiseClientRedirectURIsMissingHost"

static final String	PAIRWISE_CLIENT_REDIRECT_URIS_MULTIPLE_HOSTS = "pairwiseClientRedirectURIsMultipleHosts"

static final String	PAIRWISE_MALFORMED_SECTOR_IDENTIFIER_URI = "pairwiseMalformedSectorIdentifierURI"

static final String	PAIRWISE_FAILED_TO_GET_REDIRECT_URIS = "pairwiseFailedToGetRedirectURIs"

static final String	PAIRWISE_REDIRECT_URIS_MISMATCH = "pairwiseRedirectURIsMismatch"

静的非公開メンバ関数
static void	validateClientRedirectUris (String rootUrl, Set< String > redirectUris) throws ProtocolMapperConfigException

static void	validateSectorIdentifierUri (String sectorIdentifierUri) throws ProtocolMapperConfigException

static void	validateSectorIdentifierUri (KeycloakSession session, String rootUrl, Set< String > redirectUris, String sectorIdentifierUri) throws ProtocolMapperConfigException

static Set< String >	getSectorRedirects (KeycloakSession session, String sectorIdentifierUri) throws ProtocolMapperConfigException

詳解

著者: Martin Hardselius

関数詳解

◆ getSectorRedirects()

static Set<String> org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.getSectorRedirects	(	KeycloakSession	session,
		String	sectorIdentifierUri
	)		throws ProtocolMapperConfigException

inlinestaticprivate

                                                                                                                                             {
         InputStream is = null;
         try {
             is = session.getProvider(HttpClientProvider.class).get(sectorIdentifierUri);
             List<String> sectorRedirects = JsonSerialization.readValue(is, TypedList.class);
             return new HashSet<>(sectorRedirects);
         } catch (IOException e) {
             throw new ProtocolMapperConfigException("Failed to get redirect URIs from the Sector Identifier URI.",
                     PAIRWISE_FAILED_TO_GET_REDIRECT_URIS, e);
         } finally {
             if (is != null) {
                 try {
                     is.close();
                 } catch (IOException ignored) {
                 }
             }
         }
     }

◆ validate() [1/2]

static void org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.validate	(	KeycloakSession	session,
		ClientModel	client,
		ProtocolMapperModel	mapperModel
	)		throws ProtocolMapperConfigException

inlinestatic

                                                                                                                                                    {
         String sectorIdentifierUri = PairwiseSubMapperHelper.getSectorIdentifierUri(mapperModel);
         String rootUrl = client.getRootUrl();
         Set<String> redirectUris = client.getRedirectUris();
         validate(session, rootUrl, redirectUris, sectorIdentifierUri);
     }

◆ validate() [2/2]

static void org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.validate	(	KeycloakSession	session,
		String	rootUrl,
		Set< String >	redirectUris,
		String	sectorIdentifierUri
	)		throws ProtocolMapperConfigException

inlinestatic

                                                                                                                                                                     {
         if (sectorIdentifierUri == null || sectorIdentifierUri.isEmpty()) {
             validateClientRedirectUris(rootUrl, redirectUris);
             return;
         }
         validateSectorIdentifierUri(sectorIdentifierUri);
         validateSectorIdentifierUri(session, rootUrl, redirectUris, sectorIdentifierUri);
     }

◆ validateClientRedirectUris()

static void org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.validateClientRedirectUris	(	String	rootUrl,
		Set< String >	redirectUris
	)		throws ProtocolMapperConfigException

inlinestaticprivate

                                                                                                                                   {
         Set<String> hosts = new HashSet<>();
         for (String redirectUri : PairwiseSubMapperUtils.resolveValidRedirectUris(rootUrl, redirectUris)) {
             try {
                 URI uri = new URI(redirectUri);
                 hosts.add(uri.getHost());
             } catch (URISyntaxException e) {
                 throw new ProtocolMapperConfigException("Client contained an invalid redirect URI.",
                         PAIRWISE_MALFORMED_CLIENT_REDIRECT_URI, e);
             }
         }
 
         if (hosts.isEmpty()) {
             throw new ProtocolMapperConfigException("Client redirect URIs must contain a valid host component.",
                     PAIRWISE_CLIENT_REDIRECT_URIS_MISSING_HOST);
         }
 
         if (hosts.size() > 1) {
             throw new ProtocolMapperConfigException("Without a configured Sector Identifier URI, client redirect URIs must not contain multiple host components.", PAIRWISE_CLIENT_REDIRECT_URIS_MULTIPLE_HOSTS);
         }
     }

◆ validateSectorIdentifierUri() [1/2]

static void org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.validateSectorIdentifierUri ( String sectorIdentifierUri ) throws ProtocolMapperConfigException

inlinestaticprivate

                                                                                                                      {
         URI uri;
         try {
             uri = new URI(sectorIdentifierUri);
         } catch (URISyntaxException e) {
             throw new ProtocolMapperConfigException("Invalid Sector Identifier URI.",
                     PAIRWISE_MALFORMED_SECTOR_IDENTIFIER_URI, e);
         }
         if (uri.getScheme() == null || uri.getHost() == null) {
             throw new ProtocolMapperConfigException("Invalid Sector Identifier URI.",
                     PAIRWISE_MALFORMED_SECTOR_IDENTIFIER_URI);
         }
     }

◆ validateSectorIdentifierUri() [2/2]

static void org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.validateSectorIdentifierUri	(	KeycloakSession	session,
		String	rootUrl,
		Set< String >	redirectUris,
		String	sectorIdentifierUri
	)		throws ProtocolMapperConfigException

inlinestaticprivate

                                                                                                                                                                                         {
         Set<String> sectorRedirects = getSectorRedirects(session, sectorIdentifierUri);
         if (!PairwiseSubMapperUtils.matchesRedirects(rootUrl, redirectUris, sectorRedirects)) {
             throw new ProtocolMapperConfigException("Client redirect URIs does not match redirect URIs fetched from the Sector Identifier URI.",
                     PAIRWISE_REDIRECT_URIS_MISMATCH);
         }
     }

メンバ詳解

◆ PAIRWISE_CLIENT_REDIRECT_URIS_MISSING_HOST

final String org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.PAIRWISE_CLIENT_REDIRECT_URIS_MISSING_HOST = "pairwiseClientRedirectURIsMissingHost"

static

◆ PAIRWISE_CLIENT_REDIRECT_URIS_MULTIPLE_HOSTS

final String org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.PAIRWISE_CLIENT_REDIRECT_URIS_MULTIPLE_HOSTS = "pairwiseClientRedirectURIsMultipleHosts"

static

◆ PAIRWISE_FAILED_TO_GET_REDIRECT_URIS

final String org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.PAIRWISE_FAILED_TO_GET_REDIRECT_URIS = "pairwiseFailedToGetRedirectURIs"

static

◆ PAIRWISE_MALFORMED_CLIENT_REDIRECT_URI

final String org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.PAIRWISE_MALFORMED_CLIENT_REDIRECT_URI = "pairwiseMalformedClientRedirectURI"

static

◆ PAIRWISE_MALFORMED_SECTOR_IDENTIFIER_URI

final String org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.PAIRWISE_MALFORMED_SECTOR_IDENTIFIER_URI = "pairwiseMalformedSectorIdentifierURI"

static

◆ PAIRWISE_REDIRECT_URIS_MISMATCH

final String org.keycloak.protocol.oidc.utils.PairwiseSubMapperValidator.PAIRWISE_REDIRECT_URIS_MISMATCH = "pairwiseRedirectURIsMismatch"

static

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/oidc/utils/PairwiseSubMapperValidator.java

クラス

静的公開メンバ関数

静的公開変数類

静的非公開メンバ関数

詳解

関数詳解

◆ getSectorRedirects()

◆ validate() [1/2]

◆ validate() [2/2]

◆ validateClientRedirectUris()

◆ validateSectorIdentifierUri() [1/2]

◆ validateSectorIdentifierUri() [2/2]

メンバ詳解

◆ PAIRWISE_CLIENT_REDIRECT_URIS_MISSING_HOST

◆ PAIRWISE_CLIENT_REDIRECT_URIS_MULTIPLE_HOSTS

◆ PAIRWISE_FAILED_TO_GET_REDIRECT_URIS

◆ PAIRWISE_MALFORMED_CLIENT_REDIRECT_URI

◆ PAIRWISE_MALFORMED_SECTOR_IDENTIFIER_URI

◆ PAIRWISE_REDIRECT_URIS_MISMATCH