org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser クラス

org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser の継承関係図

org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser 連携図

公開メンバ関数
AuthenticatedClientSessionModel	parseSession (String code, String tabId, KeycloakSession session, RealmModel realm, ClientModel client, EventBuilder event)
String	retrieveCode (KeycloakSession session, AuthenticatedClientSessionModel clientSession)
boolean	verifyCode (KeycloakSession session, String code, AuthenticatedClientSessionModel clientSession)
void	removeExpiredSession (KeycloakSession session, AuthenticatedClientSessionModel clientSession)
boolean	isExpired (KeycloakSession session, String code, AuthenticatedClientSessionModel clientSession)
int	getTimestamp (AuthenticatedClientSessionModel clientSession)
void	setTimestamp (AuthenticatedClientSessionModel clientSession, int timestamp)
String	getClientNote (AuthenticatedClientSessionModel clientSession, String noteKey)
String	retrieveCode (KeycloakSession session, CS clientSession)
void	removeExpiredSession (KeycloakSession session, CS clientSession)
boolean	verifyCode (KeycloakSession session, String code, CS clientSession)
boolean	isExpired (KeycloakSession session, String code, CS clientSession)
int	getTimestamp (CS clientSession)
void	setTimestamp (CS clientSession, int timestamp)
String	getClientNote (CS clientSession, String noteKey)

非公開変数類
CodeJWT	codeJWT

詳解

関数詳解

getClientNote() [1/2]

String org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.getClientNote ( CS  clientSession, String  noteKey  )

inherited

getClientNote() [2/2]

String org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.getClientNote ( AuthenticatedClientSessionModel  clientSession, String  noteKey  )

inline

                                                                                                   {
            return clientSession.getNote(noteKey);
        }

getTimestamp() [1/2]

int org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.getTimestamp ( CS  clientSession )

inherited

getTimestamp() [2/2]

int org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.getTimestamp ( AuthenticatedClientSessionModel  clientSession )

inline

                                                                               {
            return clientSession.getTimestamp();
        }

isExpired() [1/2]

boolean org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.isExpired ( KeycloakSession  session, String  code, CS  clientSession  )

inherited

isExpired() [2/2]

boolean org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.isExpired ( KeycloakSession  session, String  code, AuthenticatedClientSessionModel  clientSession  )

inline

                                                                                                                      {
            return !codeJWT.isActive();
        }

parseSession()

AuthenticatedClientSessionModel org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.parseSession ( String  code, String  tabId, KeycloakSession  session, RealmModel  realm, ClientModel  client, EventBuilder  event  )

inline

                                                                                                                                                                          {
            SecretKey aesKey = session.keys().getActiveAesKey(realm).getSecretKey();
            SecretKey hmacKey = session.keys().getActiveHmacKey(realm).getSecretKey();

            try {
                codeJWT = TokenUtil.jweDirectVerifyAndDecode(aesKey, hmacKey, code, CodeJWT.class);
            } catch (JWEException jweException) {
                logger.error("Exception during JWE Verification or decode", jweException);
                return null;
            }

            event.detail(Details.CODE_ID, codeJWT.getUserSessionId());
            event.session(codeJWT.getUserSessionId());

            UserSessionModel userSession = new UserSessionCrossDCManager(session).getUserSessionWithClient(realm, codeJWT.getUserSessionId(), codeJWT.getIssuedFor());
            if (userSession == null) {
                // TODO:mposolda Temporary workaround needed to track if code is invalid or was already used. Will be good to remove once used OAuth codes are tracked through one-time cache
                userSession = session.sessions().getUserSession(realm, codeJWT.getUserSessionId());
                if (userSession == null) {
                    return null;
                }
            }

            return userSession.getAuthenticatedClientSessionByClient(codeJWT.getIssuedFor());

        }

removeExpiredSession() [1/2]

void org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.removeExpiredSession ( KeycloakSession  session, CS  clientSession  )

inherited

removeExpiredSession() [2/2]

void org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.removeExpiredSession ( KeycloakSession  session, AuthenticatedClientSessionModel  clientSession  )

inline

                                                                                                                 {
            throw new IllegalStateException("Not yet implemented");
        }

retrieveCode() [1/2]

String org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.retrieveCode ( KeycloakSession  session, CS  clientSession  )

inherited

retrieveCode() [2/2]

String org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.retrieveCode ( KeycloakSession  session, AuthenticatedClientSessionModel  clientSession  )

inline

                                                                                                           {
            String actionId = KeycloakModelUtils.generateId();

            CodeJWT codeJWT = new CodeJWT();
            codeJWT.id(actionId);
            codeJWT.issuedFor(clientSession.getClient().getId());
            codeJWT.userSessionId(clientSession.getUserSession().getId());

            RealmModel realm = clientSession.getRealm();

            int issuedAt = Time.currentTime();
            codeJWT.issuedAt(issuedAt);
            codeJWT.expiration(issuedAt + realm.getAccessCodeLifespan());

            SecretKey aesKey = session.keys().getActiveAesKey(realm).getSecretKey();
            SecretKey hmacKey = session.keys().getActiveHmacKey(realm).getSecretKey();

            if (logger.isTraceEnabled()) {
                logger.tracef("Using AES key of length '%d' bytes and HMAC key of length '%d' bytes . Client: '%s', User Session: '%s'", aesKey.getEncoded().length,
                        hmacKey.getEncoded().length, clientSession.getClient().getClientId(), clientSession.getUserSession().getId());
            }

            try {
                return TokenUtil.jweDirectEncode(aesKey, hmacKey, codeJWT);
            } catch (JWEException jweEx) {
                throw new RuntimeException(jweEx);
            }
        }

setTimestamp() [1/2]

void org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.setTimestamp ( CS  clientSession, int  timestamp  )

inherited

setTimestamp() [2/2]

void org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.setTimestamp ( AuthenticatedClientSessionModel  clientSession, int  timestamp  )

inline

                                                                                               {
            clientSession.setTimestamp(timestamp);
        }

verifyCode() [1/2]

boolean org.keycloak.services.managers.CodeGenerateUtil.ClientSessionParser< CS extends CommonClientSessionModel >.verifyCode ( KeycloakSession  session, String  code, CS  clientSession  )

inherited

verifyCode() [2/2]

boolean org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.verifyCode ( KeycloakSession  session, String  code, AuthenticatedClientSessionModel  clientSession  )

inline

                                                                                                                       {
            if (codeJWT == null) {
                throw new IllegalStateException("Illegal use. codeJWT not yet set");
            }

            UUID codeId = UUID.fromString(codeJWT.getId());
            CodeToTokenStoreProvider singleUseCache = session.getProvider(CodeToTokenStoreProvider.class);

            if (singleUseCache.putIfAbsent(codeId)) {

                if (logger.isTraceEnabled()) {
                    logger.tracef("Added code '%s' to single-use cache. User session: %s, client: %s", codeJWT.getId(), codeJWT.getUserSessionId(), codeJWT.getIssuedFor());
                }

                return true;
            } else {
                logger.warnf("Code '%s' already used for userSession '%s' and client '%s'.", codeJWT.getId(), codeJWT.getUserSessionId(), codeJWT.getIssuedFor());
                return false;
            }
        }

メンバ詳解

codeJWT

CodeJWT org.keycloak.services.managers.CodeGenerateUtil.AuthenticatedClientSessionModelParser.codeJWT

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/managers/CodeGenerateUtil.java