org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils 連携図

静的公開メンバ関数
static Set< String >	resolveValidRedirectUris (String clientRootUrl, Collection< String > clientRedirectUris)

static String	resolveValidSectorIdentifier (String sectorIdentifierUri)

static String	resolveValidSectorIdentifier (String clientRootUrl, Set< String > clientRedirectUris)

static boolean	matchesRedirects (String clientRootUrl, Set< String > clientRedirectUris, Set< String > sectorRedirects)

static List< ProtocolMapperRepresentation >	getPairwiseSubMappers (ClientRepresentation client)

静的非公開メンバ関数
static boolean	matchesRedirect (Set< String > validRedirects, String redirect)

static String	relativeToAbsoluteURI (String rootUrl, String relative)

静的非公開変数類
static final Logger	logger = Logger.getLogger(PairwiseSubMapperUtils.class)

詳解

関数詳解

◆ getPairwiseSubMappers()

static List<ProtocolMapperRepresentation> org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils.getPairwiseSubMappers ( ClientRepresentation client )

inlinestatic

                                                                                                         {
         List<ProtocolMapperRepresentation> pairwiseMappers = new LinkedList<>();
         List<ProtocolMapperRepresentation> mappers = client.getProtocolMappers();
 
         if (mappers != null) {
             client.getProtocolMappers().stream().filter((ProtocolMapperRepresentation mapping) -> {
                 return mapping.getProtocolMapper().endsWith(AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX);
             }).forEach((ProtocolMapperRepresentation mapping) -> {
                 pairwiseMappers.add(mapping);
             });
         }
 
         return pairwiseMappers;
     }

◆ matchesRedirect()

static boolean org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils.matchesRedirect	(	Set< String >	validRedirects,
		String	redirect
	)

inlinestaticprivate

                                                                                         {
         for (String validRedirect : validRedirects) {
             if (validRedirect.endsWith("*") && !validRedirect.contains("?")) {
                 // strip off the query component - we don't check them when wildcards are effective
                 String r = redirect.contains("?") ? redirect.substring(0, redirect.indexOf("?")) : redirect;
                 // strip off *
                 int length = validRedirect.length() - 1;
                 validRedirect = validRedirect.substring(0, length);
                 if (r.startsWith(validRedirect)) return true;
                 // strip off trailing '/'
                 if (length - 1 > 0 && validRedirect.charAt(length - 1) == '/') length--;
                 validRedirect = validRedirect.substring(0, length);
                 if (validRedirect.equals(r)) return true;
             } else if (validRedirect.equals(redirect)) return true;
         }
         return false;
     }

◆ matchesRedirects()

static boolean org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils.matchesRedirects	(	String	clientRootUrl,
		Set< String >	clientRedirectUris,
		Set< String >	sectorRedirects
	)

inlinestatic

Checks if the the registered client redirect URIs matches the set of redirect URIs from the sector identifier URI.

引数

clientRootUrl	root url registered on the client.
clientRedirectUris	redirect URIs registered on the client.
sectorRedirects	value of the sector identifier URI.

戻り値: true
iff. the all the redirect URIs can be described by the
sectorRedirects
, i.e if the registered redirect URIs is a subset of the
sectorRedirects
, otherwise
false
.

                                                                                                                               {
         Set<String> validRedirects = resolveValidRedirectUris(clientRootUrl, clientRedirectUris);
         for (String redirect : validRedirects) {
             if (!matchesRedirect(sectorRedirects, redirect)) return false;
         }
         return true;
     }

◆ relativeToAbsoluteURI()

static String org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils.relativeToAbsoluteURI	(	String	rootUrl,
		String	relative
	)

inlinestaticprivate

                                                                                  {
         if (rootUrl == null || rootUrl.isEmpty()) {
             return null;
         }
         relative = rootUrl + relative;
         return relative;
     }

◆ resolveValidRedirectUris()

static Set<String> org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils.resolveValidRedirectUris	(	String	clientRootUrl,
		Collection< String >	clientRedirectUris
	)

inlinestatic

Returns a set of valid redirect URIs from the root url and redirect URIs registered on a client.

引数

clientRootUrl
clientRedirectUris

戻り値

                                                                                                                     {
         if (clientRedirectUris == null) {
             return Collections.emptySet();
         }
 
         Set<String> validRedirects = new HashSet<String>();
         for (String redirectUri : clientRedirectUris) {
             if (redirectUri.startsWith("/")) {
                 redirectUri = relativeToAbsoluteURI(clientRootUrl, redirectUri);
                 logger.debugv("replacing relative valid redirect with: {0}", redirectUri);
             }
             if (redirectUri != null) {
                 validRedirects.add(redirectUri);
             }
         }
         return validRedirects.stream()
                 .filter(r -> r != null && !r.trim().isEmpty())
                 .collect(Collectors.toSet());
     }

◆ resolveValidSectorIdentifier() [1/2]

static String org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils.resolveValidSectorIdentifier ( String sectorIdentifierUri )

inlinestatic

Tries to resolve a valid sector identifier from a sector identifier URI.

引数

sectorIdentifierUri

戻り値: a sector identifier iff. the sector identifier URI is a valid URI, contains a valid scheme and contains a valid host component.

                                                                                   {
         URI uri;
         try {
             uri = new URI(sectorIdentifierUri);
         } catch (URISyntaxException e) {
             logger.debug("Invalid sector identifier URI", e);
             return null;
         }
 
         if (uri.getScheme() == null) {
             logger.debugv("Invalid sector identifier URI: {0}", sectorIdentifierUri);
             return null;
         }
 
         /*if (!uri.getScheme().equalsIgnoreCase("https")) {
             logger.debugv("The sector identifier URI scheme must be HTTPS. Was '{0}'", uri.getScheme());
             return null;
         }*/
 
         if (uri.getHost() == null) {
             logger.debug("The sector identifier URI must specify a host");
             return null;
         }
 
         return uri.getHost();
     }

◆ resolveValidSectorIdentifier() [2/2]

static String org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils.resolveValidSectorIdentifier	(	String	clientRootUrl,
		Set< String >	clientRedirectUris
	)

inlinestatic

Tries to resolve a valid sector identifier from the redirect URIs registered on a client.

引数

clientRootUrl	Root url registered on the client.
clientRedirectUris	Redirect URIs registered on the client.

戻り値: a sector identifier iff. all the registered redirect URIs are located at the same host, otherwise
null
.

                                                                                                             {
         Set<String> hosts = new HashSet<>();
         for (String redirectUri : resolveValidRedirectUris(clientRootUrl, clientRedirectUris)) {
             try {
                 URI uri = new URI(redirectUri);
                 hosts.add(uri.getHost());
             } catch (URISyntaxException e) {
                 logger.debugv("client redirect uris contained an invalid uri: {0}", redirectUri);
             }
         }
         if (hosts.isEmpty()) {
             logger.debug("could not infer any valid sector_identifiers from client redirect uris");
             return null;
         }
         if (hosts.size() > 1) {
             logger.debug("the client redirect uris contained multiple hosts");
             return null;
         }
         return hosts.iterator().next();
     }

メンバ詳解

◆ logger

final Logger org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils.logger = Logger.getLogger(PairwiseSubMapperUtils.class)

staticprivate

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/oidc/utils/PairwiseSubMapperUtils.java

静的公開メンバ関数

静的非公開メンバ関数

静的非公開変数類

詳解

関数詳解

◆ getPairwiseSubMappers()

◆ matchesRedirect()

◆ matchesRedirects()

◆ relativeToAbsoluteURI()

◆ resolveValidRedirectUris()

◆ resolveValidSectorIdentifier() [1/2]

◆ resolveValidSectorIdentifier() [2/2]

メンバ詳解

◆ logger