SignedAuthRequestUrlBuilder.java

  1. /*******************************************************************************
  2.  * Copyright 2017 The MIT Internet Trust Consortium
  3.  *
  4.  * Portions copyright 2011-2013 The MITRE Corporation
  5.  *
  6.  * Licensed under the Apache License, Version 2.0 (the "License");
  7.  * you may not use this file except in compliance with the License.
  8.  * You may obtain a copy of the License at
  9.  *
  10.  *   http://www.apache.org/licenses/LICENSE-2.0
  11.  *
  12.  * Unless required by applicable law or agreed to in writing, software
  13.  * distributed under the License is distributed on an "AS IS" BASIS,
  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15.  * See the License for the specific language governing permissions and
  16.  * limitations under the License.
  17.  *******************************************************************************/
  18. /**
  19.  *
  20.  */
  21. package org.mitre.openid.connect.client.service.impl;

  23. import java.net.URISyntaxException;
  24. import java.util.Map;
  25. import java.util.Map.Entry;

  27. import org.apache.http.client.utils.URIBuilder;
  28. import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
  29. import org.mitre.oauth2.model.RegisteredClient;
  30. import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder;
  31. import org.mitre.openid.connect.config.ServerConfiguration;
  32. import org.springframework.security.authentication.AuthenticationServiceException;

  34. import com.google.common.base.Joiner;
  35. import com.google.common.base.Strings;
  36. import com.nimbusds.jose.JWSAlgorithm;
  37. import com.nimbusds.jose.JWSHeader;
  38. import com.nimbusds.jwt.JWTClaimsSet;
  39. import com.nimbusds.jwt.SignedJWT;

  41. /**
  42.  * @author jricher
  43.  *
  44.  */
  45. public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {

  47.     private JWTSigningAndValidationService signingAndValidationService;

  49.     /* (non-Javadoc)
  50.      * @see org.mitre.openid.connect.client.service.AuthRequestUrlBuilder#buildAuthRequestUrl(org.mitre.openid.connect.config.ServerConfiguration, org.springframework.security.oauth2.provider.ClientDetails, java.lang.String, java.lang.String, java.lang.String)
  51.      */
  52.     @Override
  53.     public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state, Map<String, String> options, String loginHint) {

  55.         // create our signed JWT for the request object
  56.         JWTClaimsSet.Builder claims = new JWTClaimsSet.Builder();

  58.         //set parameters to JwtClaims
  59.         claims.claim("response_type", "code");
  60.         claims.claim("client_id", clientConfig.getClientId());
  61.         claims.claim("scope", Joiner.on(" ").join(clientConfig.getScope()));

  63.         // build our redirect URI
  64.         claims.claim("redirect_uri", redirectUri);

  66.         // this comes back in the id token
  67.         claims.claim("nonce", nonce);

  69.         // this comes back in the auth request return
  70.         claims.claim("state", state);

  72.         // Optional parameters
  73.         for (Entry<String, String> option : options.entrySet()) {
  74.             claims.claim(option.getKey(), option.getValue());
  75.         }

  77.         // if there's a login hint, send it
  78.         if (!Strings.isNullOrEmpty(loginHint)) {
  79.             claims.claim("login_hint", loginHint);
  80.         }

  82.         JWSAlgorithm alg = clientConfig.getRequestObjectSigningAlg();
  83.         if (alg == null) {
  84.             alg = signingAndValidationService.getDefaultSigningAlgorithm();
  85.         }

  87.         SignedJWT jwt = new SignedJWT(new JWSHeader(alg), claims.build());

  89.         signingAndValidationService.signJwt(jwt, alg);

  91.         try {
  92.             URIBuilder uriBuilder = new URIBuilder(serverConfig.getAuthorizationEndpointUri());
  93.             uriBuilder.addParameter("request", jwt.serialize());

  95.             // build out the URI
  96.             return uriBuilder.build().toString();
  97.         } catch (URISyntaxException e) {
  98.             throw new AuthenticationServiceException("Malformed Authorization Endpoint Uri", e);
  99.         }
  100.     }

  102.     /**
  103.      * @return the signingAndValidationService
  104.      */
  105.     public JWTSigningAndValidationService getSigningAndValidationService() {
  106.         return signingAndValidationService;
  107.     }

  109.     /**
  110.      * @param signingAndValidationService the signingAndValidationService to set
  111.      */
  112.     public void setSigningAndValidationService(JWTSigningAndValidationService signingAndValidationService) {
  113.         this.signingAndValidationService = signingAndValidationService;
  114.     }

  116. }
Created with JaCoCo 0.7.9.201702052155