Package org.forgerock.oauth.resolvers.service

Class OpenIdResolverServiceImpl

java.lang.Object
org.forgerock.oauth.resolvers.service.OpenIdResolverServiceImpl
All Implemented Interfaces:
OpenIdResolverService
public class OpenIdResolverServiceImpl extends Object implements OpenIdResolverService
Holds a copy of the current OpenID Resolvers. As new resolvers are configured, this class loads up the appropriate verification key and stores it along with the other information necessary for it to perform its task. This service stores OpenIdResolvers against their issuer key, so the appropriate OpenIdResolver can be looked up.

  • Constructor Details

    • OpenIdResolverServiceImpl

      @Deprecated public OpenIdResolverServiceImpl(int readTimeout, int connTimeout)
      Deprecated.
      Use org.forgerock.oauth.resolvers.service.OpenIdResolverServiceImpl#OpenIdResolverServiceImpl (org.forgerock.http.Client) instead.
      Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP.
      Parameters:
      readTimeout - HTTP read timeout for resolvers
      connTimeout - HTTP connection timeout for resolvers

    • OpenIdResolverServiceImpl

      public OpenIdResolverServiceImpl(Client client)
      Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP. Uses IssuerComparators.DEFAULT for comparing issuer values by exact string comparison.
      Parameters:
      client - HTTP client for resolvers

    • OpenIdResolverServiceImpl

      public OpenIdResolverServiceImpl(Client client, BiPredicate<String,String> issuerComparator)
      Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP.
      Parameters:
      client - HTTP client for resolvers
      issuerComparator - The comparator for comparing the incoming issuer value against the expected value.

    • OpenIdResolverServiceImpl

      public OpenIdResolverServiceImpl(Client client, SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose)
      Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP. Uses IssuerComparators.DEFAULT for comparing issuer values by exact string comparison.
      Parameters:
      client - HTTP client for resolvers
      secretsProvider - the secrets provider
      idTokenPurpose - the ID token purpose

    • OpenIdResolverServiceImpl

      public OpenIdResolverServiceImpl(Client client, BiPredicate<String,String> issuerComparator, SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose)
      Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP.
      Parameters:
      client - HTTP client for resolvers
      issuerComparator - The comparator for comparing the incoming issuer value against the expected value.
      secretsProvider - the secrets provider
      idTokenPurpose - the ID token purpose

  • Method Details

    • getResolverForIssuer

      public Optional<OpenIdResolver> getResolverForIssuer(String issuer)
      Description copied from interface: OpenIdResolverService
      Returns the appropriate OpenId Connect resolver for the issuer capable of handling signed JWTs. The OpenId Connect JWT's "iss" field MUST be identical to the issuer param.
      Specified by:
      getResolverForIssuer in interface OpenIdResolverService
      Parameters:
      issuer - Reference to the issuer of the OpenID Connect JWT
      Returns:
      an Optional containing the OpenIdResolver for the corresponding provider if found

    • getEncryptedResolverForIssuer

      public Optional<EncryptedOpenIdResolver> getEncryptedResolverForIssuer(String issuer)
      Description copied from interface: OpenIdResolverService
      Returns the appropriate OpenId Connect resolver for the issuer capable of handling signed and encrypted JWTs. The OpenId Connect JWT's "iss" field MUST be identical to the issuer param.
      Specified by:
      getEncryptedResolverForIssuer in interface OpenIdResolverService
      Parameters:
      issuer - Reference to the issuer of the OpenID Connect JWT
      Returns:
      an Optional containing the EncryptedOpenIdResolver for the corresponding provider if found

    • configureResolverWithKey

      public boolean configureResolverWithKey(String issuer, String keyAlias, String keystoreLocation, String keystoreType, String keystorePassword)
      Configures a new Resolver by finding the appropriate public key in the supplied keystore, and adds it to the Map of current resolvers.
      Specified by:
      configureResolverWithKey in interface OpenIdResolverService
      Parameters:
      issuer - The issuer which provides the Open ID Connect auth token
      keyAlias - The alias under which the public key is stored
      keystoreLocation - location of the keystore file
      keystoreType - type of the keystore file
      keystorePassword - password to enter the keystore
      Returns:
      true if the resolver was configured successfully, false otherwise

    • configureResolverWithSecret

      public boolean configureResolverWithSecret(String issuer, String sharedSecret)
      Configures a new Resolver by finding the appropriate public key in the supplied keystore, and adds it to the Map of current resolvers.
      Specified by:
      configureResolverWithSecret in interface OpenIdResolverService
      Parameters:
      issuer - The issuer which provides the Open ID Connect auth token
      sharedSecret - The known-to-both-parties secret String
      Returns:
      true if the resolver was configured successfully, false otherwise

    • configureResolverWithJWK

      public boolean configureResolverWithJWK(String issuer, URL jwkUrl)
      Configures a new Resolver by setting it up to download public keys from the supplied url.
      Specified by:
      configureResolverWithJWK in interface OpenIdResolverService
      Parameters:
      issuer - The issuer which provides the Open ID Connect auth token
      jwkUrl - location from which to determine which public key to use
      Returns:
      true if the resolver was configured successfully, false otherwise

    • configureResolverWithWellKnownOpenIdConfiguration

      public boolean configureResolverWithWellKnownOpenIdConfiguration(String issuer, URL configUrl)
      Configures a new Resolver by setting it up to download public keys from the supplied well-known Open Id Connect URL.
      Specified by:
      configureResolverWithWellKnownOpenIdConfiguration in interface OpenIdResolverService
      Parameters:
      issuer - The issuer which provides the Open ID Connect auth token
      configUrl - location from which to determine which public key to use
      Returns:
      true if the resolver was configured successfully, false otherwise