Java Code Examples for org.apache.cxf.rs.security.jose.jws.JwsUtils#loadSignatureOutProperties()

The following examples show how to use org.apache.cxf.rs.security.jose.jws.JwsUtils#loadSignatureOutProperties() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OidcImplicitService.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected String processIdToken(OAuthRedirectionState state, IdToken idToken) {
    OAuthJoseJwtProducer processor = idTokenHandler == null ? new OAuthJoseJwtProducer() : idTokenHandler;

    String code =
        (String)JAXRSUtils.getCurrentMessage().getExchange().get(OAuthConstants.AUTHORIZATION_CODE_VALUE);
    if (code != null) {
        // this service is invoked as part of the hybrid flow
        Properties props = JwsUtils.loadSignatureOutProperties(false);
        SignatureAlgorithm sigAlgo = null;
        if (processor.isSignWithClientSecret()) {
            sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
        } else {
            sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
        }
        idToken.setAuthorizationCodeHash(OidcUtils.calculateAuthorizationCodeHash(code, sigAlgo));
    }

    idToken.setNonce(state.getNonce());
    return processor.processJwt(new JwtToken(idToken));
}
 
Example 2
Source File: OidcConfigurationService.java    From cxf with Apache License 2.0 5 votes vote down vote up
@Override
protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri) {
    super.prepareConfigurationData(cfg, baseUri);
    // UriInfo Endpoint
    if (!isUserInfoEndpointNotAvailable()) {
        String theUserInfoEndpointAddress =
            calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo");
        cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
    }

    Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
    if (sigProps != null && sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)) {
        cfg.put("id_token_signing_alg_values_supported",
                Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)));
    }
    
    // RP Initiated Logout Endpoint
    if (!isEndSessionEndpointNotAvailable()) {
        String theEndSessionEndpointAddress =
            calculateEndpointAddress(endSessionEndpointAddress, baseUri, "/idp/logout");
        cfg.put("end_session_endpoint", theEndSessionEndpointAddress);
    }
    
    if (isBackChannelLogoutSupported()) {
        cfg.put("backchannel_logout_supported", Boolean.TRUE);
    }
    
    //Subject types: pairwise is not supported yet
    cfg.put("subject_types_supported", Collections.singletonList("public"));
    
    List<String> theResponseTypes = responseTypes == null ? DEFAULT_RESPONSE_TYPES : responseTypes;
    cfg.put("response_types_supported", theResponseTypes);
}
 
Example 3
Source File: OAuthUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static JwsSignatureProvider getClientSecretSignatureProvider(String clientSecret) {
    Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
    return JwsUtils.getHmacSignatureProvider(clientSecret,
                                             getClientSecretSignatureAlgorithm(sigProps));
}
 
Example 4
Source File: OAuthUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static JwsSignatureVerifier getClientSecretSignatureVerifier(String clientSecret) {
    Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
    return JwsUtils.getHmacSignatureVerifier(clientSecret,
                                             getClientSecretSignatureAlgorithm(sigProps));
}
 
Example 5
Source File: IdTokenResponseFilter.java    From cxf with Apache License 2.0 4 votes vote down vote up
private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
    String rType = st.getResponseType();
    boolean atHashRequired = idToken.getAccessTokenHash() == null
        && (rType == null || !rType.equals(OidcUtils.ID_TOKEN_RESPONSE_TYPE));
    boolean cHashRequired = idToken.getAuthorizationCodeHash() == null
        && rType != null
        && (rType.equals(OidcUtils.CODE_ID_TOKEN_AT_RESPONSE_TYPE)
            || rType.equals(OidcUtils.CODE_ID_TOKEN_RESPONSE_TYPE));

    Message m = JAXRSUtils.getCurrentMessage();
    if (atHashRequired || cHashRequired) {
        Properties props = JwsUtils.loadSignatureOutProperties(false);
        final SignatureAlgorithm sigAlgo;
        if (super.isSignWithClientSecret()) {
            sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
        } else {
            sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
        }
        if (sigAlgo != SignatureAlgorithm.NONE) {
            if (atHashRequired) {
                String tokenKey = st.getEncodedToken() != null ? st.getEncodedToken() : st.getTokenKey();
                String atHash = OidcUtils.calculateAccessTokenHash(tokenKey, sigAlgo);
                idToken.setAccessTokenHash(atHash);
            }
            if (cHashRequired) {
                // c_hash can be returned from either Authorization or Token endpoints
                String code;
                if (st.getGrantCode() != null) {
                    // This is a token endpoint, the code has been exchanged for a token
                    code = st.getGrantCode();
                } else {
                    // Authorization endpoint: hybrid flow, implicit part
                    code = (String)m.getExchange().get(OAuthConstants.AUTHORIZATION_CODE_VALUE);
                }
                if (code != null) {
                    idToken.setAuthorizationCodeHash(OidcUtils.calculateAuthorizationCodeHash(code, sigAlgo));
                }
            }
        }
    }

    if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
        idToken.setNonce((String)m.getExchange().get(OAuthConstants.NONCE));
    } else if (st.getNonce() != null) {
        idToken.setNonce(st.getNonce());
    }

}