Package org.forgerock.oauth.resolvers.service

Class OpenIdResolverServiceImpl

  • All Implemented Interfaces:
    OpenIdResolverService
    public class OpenIdResolverServiceImpl
extends Object
implements OpenIdResolverService
    Holds a copy of the current OpenID Resolvers. As new resolvers are configured, this class loads up the appropriate verification key and stores it along with the other information necessary for it to perform its task. This service stores OpenIdResolvers against their issuer key, so the appropriate OpenIdResolver can be looked up.

    • Constructor Detail

      • OpenIdResolverServiceImpl

        @Deprecated
public OpenIdResolverServiceImpl​(int readTimeout,
                                 int connTimeout)
        Deprecated.
        Use org.forgerock.oauth.resolvers.service.OpenIdResolverServiceImpl#OpenIdResolverServiceImpl (org.forgerock.http.Client) instead.
        Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP.
        Parameters:
        readTimeout - HTTP read timeout for resolvers
        connTimeout - HTTP connection timeout for resolvers

      • OpenIdResolverServiceImpl

        public OpenIdResolverServiceImpl​(Client client)
        Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP. Uses IssuerComparators.DEFAULT for comparing issuer values by exact string comparison.
        Parameters:
        client - HTTP client for resolvers

      • OpenIdResolverServiceImpl

        public OpenIdResolverServiceImpl​(Client client,
                                 BiPredicate<String,​String> issuerComparator)
        Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP.
        Parameters:
        client - HTTP client for resolvers
        issuerComparator - The comparator for comparing the incoming issuer value against the expected value.

      • OpenIdResolverServiceImpl

        public OpenIdResolverServiceImpl​(Client client,
                                 SecretsProvider secretsProvider,
                                 Purpose<DataDecryptionKey> idTokenPurpose)
        Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP. Uses IssuerComparators.DEFAULT for comparing issuer values by exact string comparison.
        Parameters:
        client - HTTP client for resolvers
        secretsProvider - the secrets provider
        idTokenPurpose - the ID token purpose

      • OpenIdResolverServiceImpl

        public OpenIdResolverServiceImpl​(Client client,
                                 BiPredicate<String,​String> issuerComparator,
                                 SecretsProvider secretsProvider,
                                 Purpose<DataDecryptionKey> idTokenPurpose)
        Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP.
        Parameters:
        client - HTTP client for resolvers
        issuerComparator - The comparator for comparing the incoming issuer value against the expected value.
        secretsProvider - the secrets provider
        idTokenPurpose - the ID token purpose

    • Method Detail

      • getResolverForIssuer

        public Optional<OpenIdResolver> getResolverForIssuer​(String issuer)
        Description copied from interface: OpenIdResolverService
        Returns the appropriate OpenId Connect resolver for the issuer capable of handling signed JWTs. The OpenId Connect JWT's "iss" field MUST be identical to the issuer param.
        Specified by:
        getResolverForIssuer in interface OpenIdResolverService
        Parameters:
        issuer - Reference to the issuer of the OpenID Connect JWT
        Returns:
        an Optional containing the OpenIdResolver for the corresponding provider if found

      • configureResolverWithKey

        public boolean configureResolverWithKey​(String issuer,
                                        String keyAlias,
                                        String keystoreLocation,
                                        String keystoreType,
                                        String keystorePassword)
        Configures a new Resolver by finding the appropriate public key in the supplied keystore, and adds it to the Map of current resolvers.
        Specified by:
        configureResolverWithKey in interface OpenIdResolverService
        Parameters:
        issuer - The issuer which provides the Open ID Connect auth token
        keyAlias - The alias under which the public key is stored
        keystoreLocation - location of the keystore file
        keystoreType - type of the keystore file
        keystorePassword - password to enter the keystore
        Returns:
        true if the resolver was configured successfully, false otherwise

      • configureResolverWithSecret

        public boolean configureResolverWithSecret​(String issuer,
                                           String sharedSecret)
        Configures a new Resolver by finding the appropriate public key in the supplied keystore, and adds it to the Map of current resolvers.
        Specified by:
        configureResolverWithSecret in interface OpenIdResolverService
        Parameters:
        issuer - The issuer which provides the Open ID Connect auth token
        sharedSecret - The known-to-both-parties secret String
        Returns:
        true if the resolver was configured successfully, false otherwise

      • configureResolverWithJWK

        public boolean configureResolverWithJWK​(String issuer,
                                        URL jwkUrl)
        Configures a new Resolver by setting it up to download public keys from the supplied url.
        Specified by:
        configureResolverWithJWK in interface OpenIdResolverService
        Parameters:
        issuer - The issuer which provides the Open ID Connect auth token
        jwkUrl - location from which to determine which public key to use
        Returns:
        true if the resolver was configured successfully, false otherwise

      • configureResolverWithWellKnownOpenIdConfiguration

        public boolean configureResolverWithWellKnownOpenIdConfiguration​(String issuer,
                                                                 URL configUrl)
        Configures a new Resolver by setting it up to download public keys from the supplied well-known Open Id Connect URL.
        Specified by:
        configureResolverWithWellKnownOpenIdConfiguration in interface OpenIdResolverService
        Parameters:
        issuer - The issuer which provides the Open ID Connect auth token
        configUrl - location from which to determine which public key to use
        Returns:
        true if the resolver was configured successfully, false otherwise