Skip to content

Commit d768e95

Browse files
jalaurosjalauros
committed
committed
1 parent b3db70f commit d768e95

3 files changed

Lines changed: 88 additions & 21 deletions

File tree

src/main/java/org/oidc/msg/AuthenticationRequest.java

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,17 @@ public class AuthenticationRequest extends AuthorizationRequest {
3131
paramVerDefs.put("request", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
3232
paramVerDefs.put("request_uri", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
3333
paramVerDefs.put("response_mode", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
34-
// TODO: Roland has SINGLE_OPTIONAL_CLAIMSREQ. Do we get by with MESSAGE?
35-
paramVerDefs.put("claims", ParameterVerification.SINGLE_OPTIONAL_MESSAGE.getValue());
36-
34+
35+
// TODO: TASK1
36+
// Roland has SINGLE_OPTIONAL_CLAIMSREQ.
37+
/*
38+
class ClaimsRequest(Message):
39+
c_param = {
40+
"userinfo": OPTIONAL_MULTIPLE_Claims,
41+
"id_token": OPTIONAL_MULTIPLE_Claims
42+
}
43+
*/
44+
//paramVerDefs.put("claims", ParameterVerification.SINGLE_OPTIONAL_CLAIMSREQ.getValue());
3745
// TODO: Roland has this "registration" parameter, what is it?
3846
// paramVerDefs.put("registration", ParameterVerification.SINGLE_OPTIONAL_JSON.getValue());
3947

@@ -66,12 +74,17 @@ public AuthenticationRequest(Map<String, Object> claims) {
6674
@SuppressWarnings("unchecked")
6775
public boolean verify() throws InvalidClaimException {
6876
super.verify();
69-
// TODO:Verify "request" is formed correctly if it exists..
77+
78+
// TODO: TASK2
79+
// Verify "request" is formed correctly if it exists..
7080
// Create OpenIDRequest message class, decode it from JWT. It should check the signature
7181
// Check that fields match -> ValueError
72-
// TODO:Verify "id_token_hint" if it exists..
82+
83+
// TODO: TASK3
84+
// Verify "id_token_hint" if it exists..
7385
// Use IdToken, decode it from JWT. It should check the signature
74-
// TODO: verify from Rolands code the case ''Nonce in id_token not matching nonce in authz'
86+
87+
// TODO: verify from Rolands code the case ''Nonce in id_token not matching nonce in authz'..what is a
7588

7689
String spaceSeparatedScopes = ((String) getClaims().get("scope"));
7790
if (spaceSeparatedScopes == null

src/main/java/org/oidc/msg/IDToken.java

Lines changed: 0 additions & 15 deletions
This file was deleted.

src/main/java/org/oidc/msg/oidc/IDToken.java

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
package org.oidc.msg.oidc;
2+
3+
import java.util.HashMap;
4+
import java.util.Map;
5+
6+
import org.oidc.msg.InvalidClaimException;
7+
import org.oidc.msg.ParameterVerification;
8+
9+
/** ID Token as in http://openid.net/specs/openid-connect-core-1_0.html#IDToken. */
10+
public class IDToken extends OpenIDSchema {
11+
12+
{
13+
// Updating parameter requirements.
14+
paramVerDefs.put("iss", ParameterVerification.SINGLE_REQUIRED_STRING.getValue());
15+
paramVerDefs.put("sub", ParameterVerification.SINGLE_REQUIRED_STRING.getValue());
16+
paramVerDefs.put("aud", ParameterVerification.REQUIRED_LIST_OF_STRINGS.getValue());
17+
paramVerDefs.put("exp", ParameterVerification.SINGLE_REQUIRED_INT.getValue());
18+
paramVerDefs.put("iat", ParameterVerification.SINGLE_REQUIRED_INT.getValue());
19+
paramVerDefs.put("auth_time", ParameterVerification.SINGLE_OPTIONAL_INT.getValue());
20+
paramVerDefs.put("nonce", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
21+
paramVerDefs.put("at_hash", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
22+
paramVerDefs.put("c_hash", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
23+
paramVerDefs.put("acr", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
24+
paramVerDefs.put("amr", ParameterVerification.OPTIONAL_LIST_OF_STRINGS.getValue());
25+
paramVerDefs.put("azp", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
26+
paramVerDefs.put("sub_jwk", ParameterVerification.SINGLE_OPTIONAL_STRING.getValue());
27+
28+
}
29+
30+
/**
31+
* Constructor.
32+
*/
33+
public IDToken() {
34+
this(new HashMap<String, Object>());
35+
}
36+
37+
/**
38+
* Constructor.
39+
*
40+
* @param claims
41+
* ID Token claims as described in
42+
* http://openid.net/specs/openid-connect-core-1_0.html#IDToken.
43+
*/
44+
public IDToken(Map<String, Object> claims) {
45+
super(claims);
46+
}
47+
48+
/**
49+
* Verifies the presence of required message parameters. Verifies the the format of message
50+
* parameters.
51+
*
52+
* @return true if parameters are successfully verified.
53+
* @throws InvalidClaimException
54+
* if verification fails.
55+
*/
56+
public boolean verify() throws InvalidClaimException {
57+
super.verify();
58+
// TODO:Check issuer. Requires setter for issuer to compare against.
59+
// TODO:Check client_id is among aud. Requires a setter for client_id to compare against.
60+
// TODO:if multiple aud, check azp is in audience.
61+
// TODO:if client_id is set and azp exists, they must match.
62+
// TODO:check exp is not in the past. Requires setter for skew to allow skew.
63+
// TODO:check iat+NONCE_STORAGE_TIME < now - skew. Requires setter but leave it until
64+
// requirement is clear. NONCE_STORAGE_TIME = 4 * 3600
65+
// TODO: Check nonce. Requires setter for nonce to compare against.
66+
return true;
67+
68+
}
69+
}

0 commit comments

Comments
 (0)