keycloak-service
クラス | 公開メンバ関数 | 静的公開変数類 | 限定公開メンバ関数 | 関数 | 静的関数 | 非公開変数類 | 全メンバ一覧
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser クラス
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser の継承関係図
Inheritance graph
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser 連携図
Collaboration graph

クラス

class  TypedHashMap
 

公開メンバ関数

 AuthzEndpointRequestObjectParser (KeycloakSession session, String requestObject, ClientModel client) throws Exception
 
void parseRequest (AuthorizationEndpointRequest request)
 

静的公開変数類

static final int ADDITIONAL_REQ_PARAMS_MAX_MUMBER = 5
 
static final int ADDITIONAL_REQ_PARAMS_MAX_SIZE = 200
 

限定公開メンバ関数

String getParameter (String paramName)
 
Integer getIntParameter (String paramName)
 
Set< String > keySet ()
 
void extractAdditionalReqParams (Map< String, String > additionalReqParams)
 

関数

protected< T > T replaceIfNotNull (T previousVal, T newVal)
 

静的関数

 [static initializer]
 

非公開変数類

final JsonNode requestParams
 

詳解

Parse the parameters from OIDC "request" object

著者
Marek Posolda

構築子と解体子

◆ AuthzEndpointRequestObjectParser()

org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.AuthzEndpointRequestObjectParser ( KeycloakSession  session,
String  requestObject,
ClientModel  client 
) throws Exception
inline
44  {
45  JWSInput input = new JWSInput(requestObject);
46  JWSHeader header = input.getHeader();
47 
48  Algorithm requestedSignatureAlgorithm = OIDCAdvancedConfigWrapper.fromClientModel(client).getRequestObjectSignatureAlg();
49 
50  if (requestedSignatureAlgorithm != null && requestedSignatureAlgorithm != header.getAlgorithm()) {
51  throw new RuntimeException("Request object signed with different algorithm than client requested algorithm");
52  }
53 
54  if (header.getAlgorithm() == Algorithm.none) {
55  this.requestParams = JsonSerialization.readValue(input.getContent(), JsonNode.class);
56  } else if (header.getAlgorithm() == Algorithm.RS256) {
57  PublicKey clientPublicKey = PublicKeyStorageManager.getClientPublicKey(session, client, input);
58  if (clientPublicKey == null) {
59  throw new RuntimeException("Client public key not found");
60  }
61 
62  boolean verified = RSAProvider.verify(input, clientPublicKey);
63  if (!verified) {
64  throw new RuntimeException("Failed to verify signature on 'request' object");
65  }
66 
67  this.requestParams = JsonSerialization.readValue(input.getContent(), JsonNode.class);
68  } else {
69  throw new RuntimeException("Unsupported JWA algorithm used for signed request");
70  }
71  }
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.requestParams
final JsonNode requestParams
Definition: AuthzEndpointRequestObjectParser.java:42

関数詳解

◆ [static initializer]()

org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.[static initializer] ( )
inlinestaticpackageinherited

◆ extractAdditionalReqParams()

void org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.extractAdditionalReqParams ( Map< String, String >  additionalReqParams)
inlineprotectedinherited
105  {
106  for (String paramName : keySet()) {
107  if (!KNOWN_REQ_PARAMS.contains(paramName)) {
108  String value = getParameter(paramName);
109  if (value != null && value.trim().isEmpty()) {
110  value = null;
111  }
112  if (value != null && value.length() <= ADDITIONAL_REQ_PARAMS_MAX_SIZE) {
113  if (additionalReqParams.size() >= ADDITIONAL_REQ_PARAMS_MAX_MUMBER) {
114  logger.debug("Maximal number of additional OIDC params (" + ADDITIONAL_REQ_PARAMS_MAX_MUMBER + ") exceeded, ignoring rest of them!");
115  break;
116  }
117  additionalReqParams.put(paramName, value);
118  } else {
119  logger.debug("OIDC Additional param " + paramName + " ignored because value is empty or longer than " + ADDITIONAL_REQ_PARAMS_MAX_SIZE);
120  }
121  }
122 
123  }
124  }
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.logger
static final Logger logger
Definition: AuthzEndpointRequestParser.java:34
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.KNOWN_REQ_PARAMS
static final Set< String > KNOWN_REQ_PARAMS
Definition: AuthzEndpointRequestParser.java:49
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.ADDITIONAL_REQ_PARAMS_MAX_SIZE
static final int ADDITIONAL_REQ_PARAMS_MAX_SIZE
Definition: AuthzEndpointRequestParser.java:46
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.ADDITIONAL_REQ_PARAMS_MAX_MUMBER
static final int ADDITIONAL_REQ_PARAMS_MAX_MUMBER
Definition: AuthzEndpointRequestParser.java:40

◆ getIntParameter()

Integer org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.getIntParameter ( String  paramName)
inlineprotected
86  {
87  Object val = this.requestParams.get(paramName);
88  return val==null ? null : Integer.parseInt(getParameter(paramName));
89  }
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.requestParams
final JsonNode requestParams
Definition: AuthzEndpointRequestObjectParser.java:42
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.getParameter
String getParameter(String paramName)
Definition: AuthzEndpointRequestObjectParser.java:74

◆ getParameter()

String org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.getParameter ( String  paramName)
inlineprotected
74  {
75  JsonNode val = this.requestParams.get(paramName);
76  if (val == null) {
77  return null;
78  } else if (val.isValueNode()) {
79  return val.asText();
80  } else {
81  return val.toString();
82  }
83  }
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.requestParams
final JsonNode requestParams
Definition: AuthzEndpointRequestObjectParser.java:42

◆ keySet()

Set<String> org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.keySet ( )
inlineprotected
92  {
93  HashSet<String> keys = new HashSet<>();
94  requestParams.fieldNames().forEachRemaining(keys::add);
95  return keys;
96  }
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.requestParams
final JsonNode requestParams
Definition: AuthzEndpointRequestObjectParser.java:42

◆ parseRequest()

void org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.parseRequest ( AuthorizationEndpointRequest  request)
inlineinherited
75  {
76  String clientId = getParameter(OIDCLoginProtocol.CLIENT_ID_PARAM);
77 
78  if (request.clientId != null && !request.clientId.equals(clientId)) {
79  throw new IllegalArgumentException("The client_id parameter doesn't match the one from OIDC 'request' or 'request_uri'");
80  }
81 
82  request.clientId = clientId;
83  request.responseType = replaceIfNotNull(request.responseType, getParameter(OIDCLoginProtocol.RESPONSE_TYPE_PARAM));
84  request.responseMode = replaceIfNotNull(request.responseMode, getParameter(OIDCLoginProtocol.RESPONSE_MODE_PARAM));
85  request.redirectUriParam = replaceIfNotNull(request.redirectUriParam, getParameter(OIDCLoginProtocol.REDIRECT_URI_PARAM));
86  request.state = replaceIfNotNull(request.state, getParameter(OIDCLoginProtocol.STATE_PARAM));
87  request.scope = replaceIfNotNull(request.scope, getParameter(OIDCLoginProtocol.SCOPE_PARAM));
88  request.loginHint = replaceIfNotNull(request.loginHint, getParameter(OIDCLoginProtocol.LOGIN_HINT_PARAM));
89  request.prompt = replaceIfNotNull(request.prompt, getParameter(OIDCLoginProtocol.PROMPT_PARAM));
90  request.idpHint = replaceIfNotNull(request.idpHint, getParameter(AdapterConstants.KC_IDP_HINT));
91  request.nonce = replaceIfNotNull(request.nonce, getParameter(OIDCLoginProtocol.NONCE_PARAM));
92  request.maxAge = replaceIfNotNull(request.maxAge, getIntParameter(OIDCLoginProtocol.MAX_AGE_PARAM));
93  request.claims = replaceIfNotNull(request.claims, getParameter(OIDCLoginProtocol.CLAIMS_PARAM));
94  request.acr = replaceIfNotNull(request.acr, getParameter(OIDCLoginProtocol.ACR_PARAM));
95  request.display = replaceIfNotNull(request.display, getParameter(OAuth2Constants.DISPLAY));
96 
97  // https://tools.ietf.org/html/rfc7636#section-6.1
98  request.codeChallenge = replaceIfNotNull(request.codeChallenge, getParameter(OIDCLoginProtocol.CODE_CHALLENGE_PARAM));
99  request.codeChallengeMethod = replaceIfNotNull(request.codeChallengeMethod, getParameter(OIDCLoginProtocol.CODE_CHALLENGE_METHOD_PARAM));
100 
101  extractAdditionalReqParams(request.additionalReqParams);
102  }
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.extractAdditionalReqParams
void extractAdditionalReqParams(Map< String, String > additionalReqParams)
Definition: AuthzEndpointRequestParser.java:105
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.replaceIfNotNull
protected< T > T replaceIfNotNull(T previousVal, T newVal)
Definition: AuthzEndpointRequestParser.java:126

◆ replaceIfNotNull()

protected<T> T org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.replaceIfNotNull ( previousVal,
newVal 
)
inlinepackageinherited
126  {
127  return newVal==null ? previousVal : newVal;
128  }

メンバ詳解

◆ ADDITIONAL_REQ_PARAMS_MAX_MUMBER

final int org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.ADDITIONAL_REQ_PARAMS_MAX_MUMBER = 5
staticinherited

Max number of additional req params copied into client session note to prevent DoS attacks

◆ ADDITIONAL_REQ_PARAMS_MAX_SIZE

final int org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser.ADDITIONAL_REQ_PARAMS_MAX_SIZE = 200
staticinherited

Max size of additional req param value copied into client session note to prevent DoS attacks - params with longer value are ignored

◆ requestParams

final JsonNode org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestObjectParser.requestParams
private
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時00分19秒作成 - keycloak-service / 構成:   doxygen 1.8.13