org.forgerock.jaspi.modules.openid.resolvers

Class BaseOpenIdResolver

java.lang.Object

org.forgerock.jaspi.modules.openid.resolvers.BaseOpenIdResolver

All Implemented Interfaces:

OpenIdResolver

Direct Known Subclasses:

JWKOpenIdResolverImpl, PublicKeyOpenIdResolverImpl, SharedSecretOpenIdResolverImpl

public abstract class BaseOpenIdResolver
extends Object
implements OpenIdResolver

Implementation of the OpenIdResolver interface. Comments in the specific verify methods are taken directly from OpenID Connect Basic Client Implementer's Guide 1.0, section 2.2.1 - ID Token Validation Currently we do NO validation against the client ID/intended audience.

See Also:

http://openid.net/specs/openid-connect-basic-1_0.html

Field Summary

Fields inherited from interface org.forgerock.jaspi.modules.openid.resolvers.OpenIdResolver

CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors

Constructor and Description
BaseOpenIdResolver(String issuer) Abstract constructor for setting the issuer's identity.

Method Summary

Modifier and Type	Method and Description
protected SigningHandler	createSigningHandlerForKey(SigningManager signingManager, Key key) Determine an appropriate signing handler to use for verifying signatures using the given verification key.
String	getIssuer() Returns the issuer (IdP) for which this resolver will resolve identities.
void	validateIdentity(SignedJwt idClaim) Validates the supplied Jwt against this OpenId Connect Idp.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BaseOpenIdResolver

public BaseOpenIdResolver(String issuer)

Abstract constructor for setting the issuer's identity.

Parameters:

issuer - The issuer (provider) of the Open Id Connect id token

Method Detail

validateIdentity

public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException

Validates the supplied Jwt against this OpenId Connect Idp.

Specified by:

validateIdentity in interface OpenIdResolver

Parameters:

idClaim - The Jwt to test is authenticated from this issuer

Throws:

OpenIdConnectVerificationException - If the Jwt is unable to be verified

createSigningHandlerForKey

protected SigningHandler createSigningHandlerForKey(SigningManager signingManager,
                                                    Key key)

Determine an appropriate signing handler to use for verifying signatures using the given verification key.

Parameters:

signingManager - the signing manager.

key - the verification key.

Returns:

the appropriate signing handler.

Throws:

IllegalArgumentException - if no handler can be determined for the given key.

getIssuer

public String getIssuer()

Returns the issuer (IdP) for which this resolver will resolve identities.

Specified by:

getIssuer in interface OpenIdResolver

Returns:

the name of the issuer