@Override public String convertToDatabaseColumn(JWT attribute) { if (attribute != null) { return attribute.serialize(); } else { return null; } }
/** * Get the JWT-encoded value of this token */ @Override @Transient public String getValue() { return jwt.serialize(); }
/** * Get the string-encoded value of this access token. */ @Override @Transient public String getValue() { return jwtValue.serialize(); }
private void writeObject(ObjectOutputStream out) throws IOException { out.defaultWriteObject(); if (idToken == null) { out.writeObject(null); } else { out.writeObject(idToken.serialize()); } } private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException, ParseException {
/** * Add the ID Token to the additionalInformation map for a token response. * @param idToken */ @Transient public void setIdToken(JWT idToken) { if (idToken != null) { additionalInformation.put(ID_TOKEN_FIELD_NAME, idToken.serialize()); } } }
private void writeObject(ObjectOutputStream out) throws IOException { out.defaultWriteObject(); if (idToken == null) { out.writeObject(null); } else { out.writeObject(idToken.serialize()); } } private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException, ParseException {
/** * Compute the SHA hash of a token * * @param signingAlg * @param token * @return */ public static Base64URL getAccessTokenHash(JWSAlgorithm signingAlg, OAuth2AccessTokenEntity token) { byte[] tokenBytes = token.getJwt().serialize().getBytes(); return getHash(signingAlg, tokenBytes); }
@Override @Transactional(value="defaultTransactionManager") public void clearDuplicateAccessTokens() { Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2AccessTokenEntity a GROUP BY a.jwt HAVING count(1) > 1"); @SuppressWarnings("unchecked") List<Object[]> resultList = query.getResultList(); List<JWT> values = new ArrayList<>(); for (Object[] r : resultList) { logger.warn("Found duplicate access tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]); values.add((JWT) r[0]); } if (values.size() > 0) { CriteriaBuilder cb = manager.getCriteriaBuilder(); CriteriaDelete<OAuth2AccessTokenEntity> criteriaDelete = cb.createCriteriaDelete(OAuth2AccessTokenEntity.class); Root<OAuth2AccessTokenEntity> root = criteriaDelete.from(OAuth2AccessTokenEntity.class); criteriaDelete.where(root.get("jwt").in(values)); int result = manager.createQuery(criteriaDelete).executeUpdate(); logger.warn("Deleted {} duplicate access tokens", result); } }
@Override @Transactional(value="defaultTransactionManager") public void clearDuplicateRefreshTokens() { Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2RefreshTokenEntity a GROUP BY a.jwt HAVING count(1) > 1"); @SuppressWarnings("unchecked") List<Object[]> resultList = query.getResultList(); List<JWT> values = new ArrayList<>(); for (Object[] r : resultList) { logger.warn("Found duplicate refresh tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]); values.add((JWT) r[0]); } if (values.size() > 0) { CriteriaBuilder cb = manager.getCriteriaBuilder(); CriteriaDelete<OAuth2RefreshTokenEntity> criteriaDelete = cb.createCriteriaDelete(OAuth2RefreshTokenEntity.class); Root<OAuth2RefreshTokenEntity> root = criteriaDelete.from(OAuth2RefreshTokenEntity.class); criteriaDelete.where(root.get("jwt").in(values)); int result = manager.createQuery(criteriaDelete).executeUpdate(); logger.warn("Deleted {} duplicate refresh tokens", result); } }
writer.name(SOFTWARE_ID).value(client.getSoftwareId()); writer.name(SOFTWARE_VERSION).value(client.getSoftwareVersion()); writer.name(SOFTWARE_STATEMENT).value(client.getSoftwareStatement() != null ? client.getSoftwareStatement().serialize() : null); writer.name(CREATION_DATE).value(toUTCString(client.getCreatedAt())); writer.endObject();
o.addProperty(SOFTWARE_STATEMENT, c.getSoftwareStatement().serialize());
/** * Compute the SHA hash of a token * * @param signingAlg * @param token * @return */ public static Base64URL getAccessTokenHash(JWSAlgorithm signingAlg, OAuth2AccessTokenEntity token) { byte[] tokenBytes = token.getJwt().serialize().getBytes(); return getHash(signingAlg, tokenBytes); }
/** * sign JWT token from RSA algorithm * * @param jwtClaimsSet contains JWT body * @param authzReqMessageContext * @return signed JWT token * @throws IdentityOAuth2Exception */ @Deprecated protected String signJWTWithRSA(JWTClaimsSet jwtClaimsSet, OAuthAuthzReqMessageContext authzReqMessageContext) throws IdentityOAuth2Exception { String signingTenantDomain = getSigningTenantDomain(authzReqMessageContext); return OAuth2Util.signJWTWithRSA(jwtClaimsSet, signatureAlgorithm, signingTenantDomain).serialize(); }
/** * sign JWT token from RSA algorithm * * @param jwtClaimsSet contains JWT body * @param tokenReqMessageContext * @return signed JWT token * @throws IdentityOAuth2Exception */ @Deprecated protected String signJWTWithRSA(JWTClaimsSet jwtClaimsSet, OAuthTokenReqMessageContext tokenReqMessageContext) throws IdentityOAuth2Exception { String tenantDomain = getSigningTenantDomain(tokenReqMessageContext); return OAuth2Util.signJWTWithRSA(jwtClaimsSet, signatureAlgorithm, tenantDomain).serialize(); }
private String getIDToken(String clientId, String spTenantDomain, JWTClaimsSet jwtClaimsSet, OAuthAppDO oAuthAppDO, String signingTenantDomain) throws IdentityOAuth2Exception { if (oAuthAppDO.isIdTokenEncryptionEnabled()) { setupEncryptionAlgorithms(oAuthAppDO, clientId); return OAuth2Util.encryptJWT(jwtClaimsSet, encryptionAlgorithm, encryptionMethod, spTenantDomain, clientId).serialize(); } else { return OAuth2Util.signJWT(jwtClaimsSet, signatureAlgorithm, signingTenantDomain).serialize(); } }
@Override @Transactional(value="defaultTransactionManager") public void clearDuplicateAccessTokens() { Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2AccessTokenEntity a GROUP BY a.jwt HAVING count(1) > 1"); @SuppressWarnings("unchecked") List<Object[]> resultList = query.getResultList(); List<JWT> values = new ArrayList<>(); for (Object[] r : resultList) { logger.warn("Found duplicate access tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]); values.add((JWT) r[0]); } if (values.size() > 0) { CriteriaBuilder cb = manager.getCriteriaBuilder(); CriteriaDelete<OAuth2AccessTokenEntity> criteriaDelete = cb.createCriteriaDelete(OAuth2AccessTokenEntity.class); Root<OAuth2AccessTokenEntity> root = criteriaDelete.from(OAuth2AccessTokenEntity.class); criteriaDelete.where(root.get("jwt").in(values)); int result = manager.createQuery(criteriaDelete).executeUpdate(); logger.warn("Deleted {} duplicate access tokens", result); } }
@Override @Transactional(value="defaultTransactionManager") public void clearDuplicateRefreshTokens() { Query query = manager.createQuery("select a.jwt, count(1) as c from OAuth2RefreshTokenEntity a GROUP BY a.jwt HAVING count(1) > 1"); @SuppressWarnings("unchecked") List<Object[]> resultList = query.getResultList(); List<JWT> values = new ArrayList<>(); for (Object[] r : resultList) { logger.warn("Found duplicate refresh tokens: {}, {}", ((JWT)r[0]).serialize(), r[1]); values.add((JWT) r[0]); } if (values.size() > 0) { CriteriaBuilder cb = manager.getCriteriaBuilder(); CriteriaDelete<OAuth2RefreshTokenEntity> criteriaDelete = cb.createCriteriaDelete(OAuth2RefreshTokenEntity.class); Root<OAuth2RefreshTokenEntity> root = criteriaDelete.from(OAuth2RefreshTokenEntity.class); criteriaDelete.where(root.get("jwt").in(values)); int result = manager.createQuery(criteriaDelete).executeUpdate(); logger.warn("Deleted {} duplicate refresh tokens", result); } }
public ClientCredentialsAccessTokenRequest(String clientId, T clientCredentials, Scopes scopes) { super(clientId, clientCredentials, AccessTokenGrantType.CLIENT_CREDENTIALS); Validate.notNull(scopes, "Scopes must not be null"); this.tokenRequestParams.put("scope", scopes.asParamValue()); if (clientCredentials instanceof JWTCredentials) { Validate.notNull(((JWTCredentials) clientCredentials).getIssuer(), "Issuer/Client ID must not ne null"); Validate.notNull(((JWTCredentials) clientCredentials).getSubject(), "Subject/Client ID must not ne null"); Validate.notNull(((JWTCredentials) clientCredentials).getAudience(), "Authorization server's token URL must not ne null"); Validate.notNull(((JWTCredentials) clientCredentials).getDuration(), "Expiration time must not ne null"); this.tokenRequestParams.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); this.tokenRequestParams.put("client_assertion", ((JWTCredentials) clientCredentials).getCredentials().serialize()); } }
public ClientCredentialsAccessTokenRequest(String clientId, T clientCredentials, Scopes scopes) { super(clientId, clientCredentials, AccessTokenGrantType.CLIENT_CREDENTIALS); Validate.notNull(scopes, "Scopes must not be null"); this.tokenRequestParams.put("scope", scopes.asParamValue()); if (clientCredentials instanceof JWTCredentials) { Validate.notNull(((JWTCredentials) clientCredentials).getIssuer(), "Issuer/Client ID must not ne null"); Validate.notNull(((JWTCredentials) clientCredentials).getSubject(), "Subject/Client ID must not ne null"); Validate.notNull(((JWTCredentials) clientCredentials).getAudience(), "Authorization server's token URL must not ne null"); Validate.notNull(((JWTCredentials) clientCredentials).getDuration(), "Expiration time must not ne null"); this.tokenRequestParams.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"); this.tokenRequestParams.put("client_assertion", ((JWTCredentials) clientCredentials).getCredentials().serialize()); } }
/** * Generate a JWT from a claims set. * * @param claimsSet the claims set * @return the JWT */ protected String internalGenerate(final JWTClaimsSet claimsSet) { JWT jwt; // signature? if (signatureConfiguration == null) { jwt = new PlainJWT(claimsSet); } else { jwt = signatureConfiguration.sign(claimsSet); } // encryption? if (encryptionConfiguration != null) { return encryptionConfiguration.encrypt(jwt); } else { return jwt.serialize(); } }