Package org.forgerock.oauth.resolvers

Class SharedSecretOpenIdResolverImpl

java.lang.Object

org.forgerock.oauth.resolvers.BaseOpenIdResolver

org.forgerock.oauth.resolvers.SharedSecretOpenIdResolverImpl

All Implemented Interfaces:

GenericOpenIdResolver<SignedJwt>, OpenIdResolver

public class SharedSecretOpenIdResolverImpl
extends BaseOpenIdResolver

This class exists to allow functionality for those Open ID Connect providers which supply their signatures through symmetric key algorithms (e.g. HMAC). In these cases we want to use the shared secret (known to both the provider and client) such that we can generate a "private key". We do this using the SecretKeySpec call in verifySignature(org.forgerock.json.jose.jws.SignedJwt).

Field Summary

Fields inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver

CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors

Constructor	Description
SharedSecretOpenIdResolverImpl(String issuer, String sharedSecret)	Constructor for SharedSecretOpenIdResolverImpl.
SharedSecretOpenIdResolverImpl(BiPredicate<String,String> issuerComparator, String issuer, String sharedSecret)	Constructor for SharedSecretOpenIdResolverImpl.

Method Summary

Modifier and Type	Method	Description
void	validateIdentity(SignedJwt idClaim)	Validates the supplied Jwt against this OpenId Connect Idp.
void	verifySignature(SignedJwt idClaim)	Verifies that the JWS was signed by the supplied key.

Methods inherited from class org.forgerock.oauth.resolvers.BaseOpenIdResolver

getIssuer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver

getExpectedJwtType

Constructor Details

SharedSecretOpenIdResolverImpl

public SharedSecretOpenIdResolverImpl(String issuer,
 String sharedSecret)

Constructor for SharedSecretOpenIdResolverImpl. Uses IssuerComparators.DEFAULT for comparing issuer values by exact string comparison.

Parameters:

issuer - The issuer (provider) of the Open Id Connect id token

sharedSecret - The secret String, known to both provider and consumer

Throws:

IllegalArgumentException - if the sharedSecret is null

SharedSecretOpenIdResolverImpl

public SharedSecretOpenIdResolverImpl(BiPredicate<String,String> issuerComparator,
 String issuer,
 String sharedSecret)

Constructor for SharedSecretOpenIdResolverImpl.

Parameters:

issuerComparator - The comparator for comparing the incoming issuer value against the expected value.

issuer - The issuer (provider) of the Open Id Connect id token

sharedSecret - The secret String, known to both provider and consumer

Throws:

IllegalArgumentException - if the sharedSecret is null

Method Details

validateIdentity

public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException

Description copied from class: BaseOpenIdResolver

Validates the supplied Jwt against this OpenId Connect Idp.

Specified by:

validateIdentity in interface GenericOpenIdResolver<SignedJwt>

Overrides:

validateIdentity in class BaseOpenIdResolver

Parameters:

idClaim - The Jwt to test is authenticated

Throws:

OpenIdConnectVerificationException - If the Jwt is unable to be verified

verifySignature

public void verifySignature(SignedJwt idClaim)
                     throws InvalidSignatureException

Verifies that the JWS was signed by the supplied key. Throws an exception otherwise.

Parameters:

idClaim - The JWS to verify

Throws:

InvalidSignatureException - If the JWS supplied does not match the key for this resolver