Source code

001/*******************************************************************************
002 * Copyright 2017 The MIT Internet Trust Consortium
003 *
004 * Portions copyright 2011-2013 The MITRE Corporation
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 *******************************************************************************/
018/**
019 *
020 */
021package org.mitre.openid.connect.client.service.impl;
022
023import java.net.URISyntaxException;
024import java.util.Map;
025import java.util.Map.Entry;
026
027import org.apache.http.client.utils.URIBuilder;
028import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
029import org.mitre.oauth2.model.RegisteredClient;
030import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder;
031import org.mitre.openid.connect.config.ServerConfiguration;
032import org.springframework.security.authentication.AuthenticationServiceException;
033
034import com.google.common.base.Joiner;
035import com.google.common.base.Strings;
036import com.nimbusds.jose.JWSAlgorithm;
037import com.nimbusds.jose.JWSHeader;
038import com.nimbusds.jwt.JWTClaimsSet;
039import com.nimbusds.jwt.SignedJWT;
040
041/**
042 * @author jricher
043 *
044 */
045public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
046
047        private JWTSigningAndValidationService signingAndValidationService;
048
049        /* (non-Javadoc)
050         * @see org.mitre.openid.connect.client.service.AuthRequestUrlBuilder#buildAuthRequestUrl(org.mitre.openid.connect.config.ServerConfiguration, org.springframework.security.oauth2.provider.ClientDetails, java.lang.String, java.lang.String, java.lang.String)
051         */
052        @Override
053        public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state, Map<String, String> options, String loginHint) {
054
055                // create our signed JWT for the request object
056                JWTClaimsSet.Builder claims = new JWTClaimsSet.Builder();
057
058                //set parameters to JwtClaims
059                claims.claim("response_type", "code");
060                claims.claim("client_id", clientConfig.getClientId());
061                claims.claim("scope", Joiner.on(" ").join(clientConfig.getScope()));
062
063                // build our redirect URI
064                claims.claim("redirect_uri", redirectUri);
065
066                // this comes back in the id token
067                claims.claim("nonce", nonce);
068
069                // this comes back in the auth request return
070                claims.claim("state", state);
071
072                // Optional parameters
073                for (Entry<String, String> option : options.entrySet()) {
074                        claims.claim(option.getKey(), option.getValue());
075                }
076
077                // if there's a login hint, send it
078                if (!Strings.isNullOrEmpty(loginHint)) {
079                        claims.claim("login_hint", loginHint);
080                }
081
082                JWSAlgorithm alg = clientConfig.getRequestObjectSigningAlg();
083                if (alg == null) {
084                        alg = signingAndValidationService.getDefaultSigningAlgorithm();
085                }
086
087                SignedJWT jwt = new SignedJWT(new JWSHeader(alg), claims.build());
088
089                signingAndValidationService.signJwt(jwt, alg);
090
091                try {
092                        URIBuilder uriBuilder = new URIBuilder(serverConfig.getAuthorizationEndpointUri());
093                        uriBuilder.addParameter("request", jwt.serialize());
094
095                        // build out the URI
096                        return uriBuilder.build().toString();
097                } catch (URISyntaxException e) {
098                        throw new AuthenticationServiceException("Malformed Authorization Endpoint Uri", e);
099                }
100        }
101
102        /**
103         * @return the signingAndValidationService
104         */
105        public JWTSigningAndValidationService getSigningAndValidationService() {
106                return signingAndValidationService;
107        }
108
109        /**
110         * @param signingAndValidationService the signingAndValidationService to set
111         */
112        public void setSigningAndValidationService(JWTSigningAndValidationService signingAndValidationService) {
113                this.signingAndValidationService = signingAndValidationService;
114        }
115
116}