• Home
• no.nav.common
• oidc-security
• 1.2019.05.08-08.52-482a48e1a056
• source code
• IssoOidcProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

no.nav.brukerdialog.security.oidc.provider.IssoOidcProvider Maven / Gradle / Ivy

package no.nav.brukerdialog.security.oidc.provider;

import no.nav.brukerdialog.security.domain.IdentType;
import no.nav.brukerdialog.security.domain.OidcCredential;
import no.nav.brukerdialog.security.jaspic.TokenLocator;
import no.nav.brukerdialog.security.jwks.CacheMissAction;
import no.nav.brukerdialog.security.jwks.JsonWebKeyCache;
import no.nav.brukerdialog.security.jwks.JwtHeader;
import no.nav.brukerdialog.security.oidc.IdTokenProvider;
import no.nav.brukerdialog.security.oidc.IdTokenProviderConfig;
import no.nav.brukerdialog.security.oidc.OidcTokenUtils;

import javax.servlet.http.HttpServletRequest;
import java.security.Key;
import java.util.Optional;

import static no.nav.brukerdialog.security.Constants.*;
import static no.nav.brukerdialog.security.oidc.OidcTokenUtils.getOpenamClientFromToken;

public class IssoOidcProvider implements OidcProvider {

    private final TokenLocator tokenLocator = new TokenLocator(ID_TOKEN_COOKIE_NAME, REFRESH_TOKEN_COOKIE_NAME);
    private final IdTokenProvider idTokenProvider;
    private final JsonWebKeyCache keyCache;
    private final String issoExpectedTokenIssuer;

    public IssoOidcProvider() {
        this(IssoOidcProviderConfig.resolveFromSystemProperties());
    }

    public IssoOidcProvider(IssoOidcProviderConfig issoOidcProviderConfig) {
        this.issoExpectedTokenIssuer = issoOidcProviderConfig.issoExpectedTokenIssuer;
        this.idTokenProvider = new IdTokenProvider(IdTokenProviderConfig.from(issoOidcProviderConfig));
        this.keyCache = new JsonWebKeyCache(issoOidcProviderConfig.issoJwksUrl, true);
    }

    @Override
    public String getExpectedIssuer() {
        return issoExpectedTokenIssuer;
    }

    @Override
    public String getExpectedAudience(String token) {
        return null; // We intentionally expect any or no audience when validating internal oidc tokens
    }

    @Override
    public Optional getVerificationKey(JwtHeader header, CacheMissAction cacheMissAction) {
        return keyCache.getVerificationKey(header, cacheMissAction);
    }

    @Override
    public Optional getToken(HttpServletRequest httpServletRequest) {
        return tokenLocator.getToken(httpServletRequest);
    }

    @Override
    public Optional getRefreshToken(HttpServletRequest httpServletRequest) {
        return tokenLocator.getRefreshToken(httpServletRequest);
    }

    @Override
    public OidcCredential getFreshToken(String refreshToken, String requestToken) {
        return idTokenProvider.getToken(refreshToken, getOpenamClientFromToken(requestToken));
    }

    @Override
    public IdentType getIdentType(String token) {
        return IdentType.InternBruker;
    }

}