org.mitre.openid.connect.service.impl.DefaultOIDCTokenService クラス

org.mitre.openid.connect.service.impl.DefaultOIDCTokenService の継承関係図

org.mitre.openid.connect.service.impl.DefaultOIDCTokenService 連携図

公開メンバ関数
JWT	createIdToken (ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken)
OAuth2AccessTokenEntity	createRegistrationAccessToken (ClientDetailsEntity client)
OAuth2AccessTokenEntity	createResourceAccessToken (ClientDetailsEntity client)
OAuth2AccessTokenEntity	rotateRegistrationAccessTokenForClient (ClientDetailsEntity client)
ConfigurationPropertiesBean	getConfigBean ()
void	setConfigBean (ConfigurationPropertiesBean configBean)
JWTSigningAndValidationService	getJwtService ()
void	setJwtService (JWTSigningAndValidationService jwtService)
AuthenticationHolderRepository	getAuthenticationHolderRepository ()
void	setAuthenticationHolderRepository (AuthenticationHolderRepository authenticationHolderRepository)

非公開メンバ関数
OAuth2AccessTokenEntity	createAssociatedToken (ClientDetailsEntity client, Set< String > scope)

非公開変数類
JWTSigningAndValidationService	jwtService
AuthenticationHolderRepository	authenticationHolderRepository
ConfigurationPropertiesBean	configBean
ClientKeyCacheService	encrypters
SymmetricKeyJWTValidatorCacheService	symmetricCacheService
OAuth2TokenEntityService	tokenService

静的非公開変数類
static final Logger	logger = LoggerFactory.getLogger(DefaultOIDCTokenService.class)

詳解

Default implementation of service to create specialty OpenID Connect tokens.

著者

Amanda Anganes

関数詳解

createAssociatedToken()

OAuth2AccessTokenEntity org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.createAssociatedToken ( ClientDetailsEntity  client, Set< String >  scope  )

inlineprivate

                                                                                                             {

                // revoke any previous tokens that might exist, just to be sure
                OAuth2AccessTokenEntity oldToken = tokenService.getRegistrationAccessTokenForClient(client);
                if (oldToken != null) {
                        tokenService.revokeAccessToken(oldToken);
                }

                // create a new token

                Map<String, String> authorizationParameters = Maps.newHashMap();
                OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(),
                                Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true,
                                scope, null, null, null, null);
                OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);

                OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
                token.setClient(client);
                token.setScope(scope);

                AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
                authHolder.setAuthentication(authentication);
                authHolder = authenticationHolderRepository.save(authHolder);
                token.setAuthenticationHolder(authHolder);

                JWTClaimsSet claims = new JWTClaimsSet.Builder()
                                .audience(Lists.newArrayList(client.getClientId()))
                                .issuer(configBean.getIssuer())
                                .issueTime(new Date())
                                .expirationTime(token.getExpiration())
                                .jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
                                .build();

                JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
                JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
                                jwtService.getDefaultSignerKeyId(),
                                null, null);
                SignedJWT signed = new SignedJWT(header, claims);

                jwtService.signJwt(signed);

                token.setJwt(signed);

                return token;
        }

createIdToken()

JWT org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.createIdToken ( ClientDetailsEntity  client, OAuth2Request  request, Date  issueTime, String  sub, OAuth2AccessTokenEntity  accessToken  )

inline

org.mitre.openid.connect.service.OIDCTokenServiceを実装しています。

                                                                                                                                                     {

                JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();

                if (client.getIdTokenSignedResponseAlg() != null) {
                        signingAlg = client.getIdTokenSignedResponseAlg();
                }


                JWT idToken = null;

                JWTClaimsSet.Builder idClaims = new JWTClaimsSet.Builder();

                // if the auth time claim was explicitly requested OR if the client always wants the auth time, put it in
                if (request.getExtensions().containsKey(MAX_AGE)
                                || (request.getExtensions().containsKey("idtoken")) // TODO: parse the ID Token claims (#473) -- for now assume it could be in there
                                || (client.getRequireAuthTime() != null && client.getRequireAuthTime())) {

                        if (request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP) != null) {

                                Long authTimestamp = Long.parseLong((String) request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP));
                                if (authTimestamp != null) {
                                        idClaims.claim("auth_time", authTimestamp / 1000L);
                                }
                        } else {
                                // we couldn't find the timestamp!
                                logger.warn("Unable to find authentication timestamp! There is likely something wrong with the configuration.");
                        }
                }

                idClaims.issueTime(issueTime);

                if (client.getIdTokenValiditySeconds() != null) {
                        Date expiration = new Date(System.currentTimeMillis() + (client.getIdTokenValiditySeconds() * 1000L));
                        idClaims.expirationTime(expiration);
                }

                idClaims.issuer(configBean.getIssuer());
                idClaims.subject(sub);
                idClaims.audience(Lists.newArrayList(client.getClientId()));
                idClaims.jwtID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it

                String nonce = (String)request.getExtensions().get(NONCE);
                if (!Strings.isNullOrEmpty(nonce)) {
                        idClaims.claim("nonce", nonce);
                }

                Set<String> responseTypes = request.getResponseTypes();

                if (responseTypes.contains("token")) {
                        // calculate the token hash
                        Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, accessToken);
                        idClaims.claim("at_hash", at_hash);
                }

                if (client.getIdTokenEncryptedResponseAlg() != null && !client.getIdTokenEncryptedResponseAlg().equals(Algorithm.NONE)
                                && client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE)
                                && (!Strings.isNullOrEmpty(client.getJwksUri()) || client.getJwks() != null)) {

                        JWTEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client);

                        if (encrypter != null) {

                                idToken = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), idClaims.build());

                                encrypter.encryptJwt((JWEObject) idToken);

                        } else {
                                logger.error("Couldn't find encrypter for client: " + client.getClientId());
                        }

                } else {

                        if (signingAlg.equals(Algorithm.NONE)) {
                                // unsigned ID token
                                idToken = new PlainJWT(idClaims.build());

                        } else {

                                // signed ID token

                                if (signingAlg.equals(JWSAlgorithm.HS256)
                                                || signingAlg.equals(JWSAlgorithm.HS384)
                                                || signingAlg.equals(JWSAlgorithm.HS512)) {

                                        JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
                                                        jwtService.getDefaultSignerKeyId(),
                                                        null, null);
                                        idToken = new SignedJWT(header, idClaims.build());

                                        JWTSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);

                                        // sign it with the client's secret
                                        signer.signJwt((SignedJWT) idToken);
                                } else {
                                        idClaims.claim("kid", jwtService.getDefaultSignerKeyId());

                                        JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
                                                        jwtService.getDefaultSignerKeyId(),
                                                        null, null);

                                        idToken = new SignedJWT(header, idClaims.build());

                                        // sign it with the server's key
                                        jwtService.signJwt((SignedJWT) idToken);
                                }
                        }

                }

                return idToken;
        }

createRegistrationAccessToken()

OAuth2AccessTokenEntity org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.createRegistrationAccessToken ( ClientDetailsEntity  client )

inline

引数

client

戻り値

例外

AuthenticationException

org.mitre.openid.connect.service.OIDCTokenServiceを実装しています。

                                                                                                 {

                return createAssociatedToken(client, Sets.newHashSet(SystemScopeService.REGISTRATION_TOKEN_SCOPE));

        }

createResourceAccessToken()

OAuth2AccessTokenEntity org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.createResourceAccessToken ( ClientDetailsEntity  client )

inline

引数

client

戻り値

org.mitre.openid.connect.service.OIDCTokenServiceを実装しています。

                                                                                             {

                return createAssociatedToken(client, Sets.newHashSet(SystemScopeService.RESOURCE_TOKEN_SCOPE));

        }

getAuthenticationHolderRepository()

AuthenticationHolderRepository org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.getAuthenticationHolderRepository ( )

inline

戻り値

the authenticationHolderRepository

                                                                                  {
                return authenticationHolderRepository;
        }

getConfigBean()

ConfigurationPropertiesBean org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.getConfigBean ( )

inline

戻り値

the configBean

                                                           {
                return configBean;
        }

getJwtService()

JWTSigningAndValidationService org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.getJwtService ( )

inline

戻り値

the jwtService

                                                              {
                return jwtService;
        }

rotateRegistrationAccessTokenForClient()

OAuth2AccessTokenEntity org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.rotateRegistrationAccessTokenForClient ( ClientDetailsEntity  client )

inline

org.mitre.openid.connect.service.OIDCTokenServiceを実装しています。

                                                                                                          {
                // revoke any previous tokens
                OAuth2AccessTokenEntity oldToken = tokenService.getRegistrationAccessTokenForClient(client);
                if (oldToken != null) {
                        Set<String> scope = oldToken.getScope();
                        tokenService.revokeAccessToken(oldToken);
                        return createAssociatedToken(client, scope);
                } else {
                        return null;
                }

        }

setAuthenticationHolderRepository()

void org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.setAuthenticationHolderRepository ( AuthenticationHolderRepository  authenticationHolderRepository )

inline

引数

authenticationHolderRepository

the authenticationHolderRepository to set

                                                                                       {
                this.authenticationHolderRepository = authenticationHolderRepository;
        }

setConfigBean()

void org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.setConfigBean ( ConfigurationPropertiesBean  configBean )

inline

引数

configBean

the configBean to set

                                                                          {
                this.configBean = configBean;
        }

setJwtService()

void org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.setJwtService ( JWTSigningAndValidationService  jwtService )

inline

引数

jwtService

the jwtService to set

                                                                             {
                this.jwtService = jwtService;
        }

メンバ詳解

authenticationHolderRepository

AuthenticationHolderRepository org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.authenticationHolderRepository

private

configBean

ConfigurationPropertiesBean org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.configBean

private

encrypters

ClientKeyCacheService org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.encrypters

private

jwtService

JWTSigningAndValidationService org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.jwtService

private

logger

final Logger org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.logger = LoggerFactory.getLogger(DefaultOIDCTokenService.class)

staticprivate

Logger for this class

symmetricCacheService

SymmetricKeyJWTValidatorCacheService org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.symmetricCacheService

private

tokenService

OAuth2TokenEntityService org.mitre.openid.connect.service.impl.DefaultOIDCTokenService.tokenService

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/mitreid-connect/src/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java