Skip to content

Commit 92ba794

Browse files
jalaurosjalauros
committed
evolution, not revolution
1 parent d768e95 commit 92ba794

2 files changed

Lines changed: 59 additions & 7 deletions

File tree

src/main/java/org/oidc/msg/AuthenticationRequest.java

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,13 @@
11
package org.oidc.msg;
22

3+
import java.io.IOException;
34
import java.util.Arrays;
45
import java.util.List;
56
import java.util.Map;
67
import java.util.regex.Pattern;
78

9+
import org.oidc.msg.oidc.IDToken;
10+
811
/**
912
* Authentication request message as described in
1013
* http://openid.net/specs/openid-connect-core-1_0.html.
@@ -80,11 +83,25 @@ public boolean verify() throws InvalidClaimException {
8083
// Create OpenIDRequest message class, decode it from JWT. It should check the signature
8184
// Check that fields match -> ValueError
8285

83-
// TODO: TASK3
84-
// Verify "id_token_hint" if it exists..
85-
// Use IdToken, decode it from JWT. It should check the signature
86+
// TODO: verify from Rolands code the case ''Nonce in id_token not matching nonce in authz'
8687

87-
// TODO: verify from Rolands code the case ''Nonce in id_token not matching nonce in authz'..what is a
88+
String idTokenHint = ((String) getClaims().get("id_token_hint"));
89+
if (idTokenHint != null) {
90+
IDToken idToken = new IDToken();
91+
try {
92+
idToken.fromJwt(idTokenHint);
93+
} catch (IOException e) {
94+
getError().getMessages()
95+
.add(String.format("Unable to from id token from '%s'", idTokenHint));
96+
}
97+
try {
98+
idToken.verify();
99+
} catch (InvalidClaimException e) {
100+
for (String errorDesc : idToken.getError().getMessages()) {
101+
getError().getMessages().add(String.format("id_token_hint failed: '%s'", errorDesc));
102+
}
103+
}
104+
}
88105

89106
String spaceSeparatedScopes = ((String) getClaims().get("scope"));
90107
if (spaceSeparatedScopes == null

src/test/java/org/oidc/msg/AuthenticationRequestTest.java

Lines changed: 38 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ public class AuthenticationRequestTest {
1313
Map<String, Object> claims = new HashMap<String, Object>();
1414

1515
/**
16-
* Setuo mandatory claims.
16+
* Setup mandatory claims.
1717
*/
1818
@Before
1919
public void setup() {
@@ -51,7 +51,7 @@ public void testSuccessOfflineAccess() throws InvalidClaimException {
5151
Assert.assertEquals("consent", ((List<String>) req.getClaims().get("prompt")).get(0));
5252
Assert.assertEquals("openid offline_access", req.getClaims().get("scope"));
5353
}
54-
54+
5555
@Test
5656
public void testSuccessResponseTypeIdToken() throws InvalidClaimException {
5757
claims.put("response_type", "id_token token");
@@ -61,7 +61,7 @@ public void testSuccessResponseTypeIdToken() throws InvalidClaimException {
6161
Assert.assertEquals("DFHGFG", (String) req.getClaims().get("nonce"));
6262
Assert.assertEquals("id_token token", req.getClaims().get("response_type"));
6363
}
64-
64+
6565
@Test(expected = InvalidClaimException.class)
6666
public void testFailResponseTypeIdTokenMissingNonce() throws InvalidClaimException {
6767
claims.put("response_type", "id_token token");
@@ -108,4 +108,39 @@ public void testFailUnAllowedDisplayValue() throws InvalidClaimException {
108108
req.verify();
109109
}
110110

111+
@Test
112+
public void testSuccessIdTokenHint() throws InvalidClaimException {
113+
// TODO: There is no capability in is token to verify signature nor timestamps or sorts yet.
114+
// Once there is, this test will fail and needs to be updated to produce id token that passes
115+
// validation.
116+
String idToken = "eyJraWQiOiIxZTlnZGs3IiwiYWxnIjoiUlMyNTYifQ.ewogImlz"
117+
+ "cyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4"
118+
+ "Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAi"
119+
+ "bi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEz"
120+
+ "MTEyODA5NzAsCiAibmFtZSI6ICJKYW5lIERvZSIsCiAiZ2l2ZW5fbmFtZSI6"
121+
+ "ICJKYW5lIiwKICJmYW1pbHlfbmFtZSI6ICJEb2UiLAogImdlbmRlciI6ICJm"
122+
+ "ZW1hbGUiLAogImJpcnRoZGF0ZSI6ICIwMDAwLTEwLTMxIiwKICJlbWFpbCI6"
123+
+ "ICJqYW5lZG9lQGV4YW1wbGUuY29tIiwKICJwaWN0dXJlIjogImh0dHA6Ly9l"
124+
+ "eGFtcGxlLmNvbS9qYW5lZG9lL21lLmpwZyIKfQ.rHQjEmBqn9Jre0OLykYNn"
125+
+ "spA10Qql2rvx4FsD00jwlB0Sym4NzpgvPKsDjn_wMkHxcp6CilPcoKrWHcip"
126+
+ "R2iAjzLvDNAReF97zoJqq880ZD1bwY82JDauCXELVR9O6_B0w3K-E7yM2mac"
127+
+ "AAgNCUwtik6SjoSUZRcf-O5lygIyLENx882p6MtmwaL1hd6qn5RZOQ0TLrOY"
128+
+ "u0532g9Exxcm-ChymrB4xLykpDj3lUivJt63eEGGN6DH5K6o33TcxkIjNrCD"
129+
+ "4XB1CKKumZvCedgHHF3IAK4dVEDSUoGlH9z4pP_eWYNXvqQOjGs-rDaQzUHl"
130+
+ "6cQQWNiDpWOl_lxXjQEvQ";
131+
claims.put("id_token_hint", idToken);
132+
AuthenticationRequest req = new AuthenticationRequest(claims);
133+
req.verify();
134+
Assert.assertEquals(idToken, req.getClaims().get("id_token_hint"));
135+
}
136+
137+
@Test(expected = Exception.class)
138+
public void testFailIdTokenHintInvalid() throws InvalidClaimException {
139+
String idToken = "notparsableasidtoken";
140+
claims.put("id_token_hint", idToken);
141+
AuthenticationRequest req = new AuthenticationRequest(claims);
142+
req.verify();
143+
Assert.assertEquals(idToken, req.getClaims().get("id_token_hint"));
144+
}
145+
111146
}

0 commit comments

Comments
 (0)