Package org.forgerock.openig.filter.oauth2.cnf

Class ClientContextCertificateThumbprintVerifier

java.lang.Object

org.forgerock.openig.filter.oauth2.cnf.ClientContextCertificateThumbprintVerifier

All Implemented Interfaces:

ConfirmationKeyVerifier

public class ClientContextCertificateThumbprintVerifier
extends Object
implements ConfirmationKeyVerifier

Verifies a certificate thumbprint by computing a digest of the client certificate (found in ClientContext) and comparing the result with the base64-url-encoded value provided within the confirmation key node.

Field Summary

Fields inherited from interface org.forgerock.openig.filter.oauth2.cnf.ConfirmationKeyVerifier

UNKNOWN

Constructor Summary

Constructors

Constructor	Description
ClientContextCertificateThumbprintVerifier(String algorithm)	Constructs a new verifier with the given MessageDigest algorithm name.

Method Summary

Modifier and Type	Method	Description
Promise<Result,NeverThrowsException>	verify(Context context, AccessTokenInfo tokenInfo, JsonValue cnfKey)	Verifies the given confirmation key value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ClientContextCertificateThumbprintVerifier

public ClientContextCertificateThumbprintVerifier(String algorithm)

Constructs a new verifier with the given MessageDigest algorithm name.

Parameters:

algorithm - algorithm name

Method Details

verify

public Promise<Result,NeverThrowsException> verify(Context context,
 AccessTokenInfo tokenInfo,
 JsonValue cnfKey)

Description copied from interface: ConfirmationKeyVerifier

Verifies the given confirmation key value.

Specified by:

verify in interface ConfirmationKeyVerifier

Parameters:

context - execution context

tokenInfo - resolved (but not authorized) access_token info

cnfKey - cnf child node such as x5t#S256.

Returns:

a promise of a validation result