diff --git a/src/main/java/com/nubisware/oidc/rest/JWTToken.java b/src/main/java/com/nubisware/oidc/rest/JWTToken.java index e5408a2..38cc498 100644 --- a/src/main/java/com/nubisware/oidc/rest/JWTToken.java +++ b/src/main/java/com/nubisware/oidc/rest/JWTToken.java @@ -17,33 +17,29 @@ import org.json.simple.parser.ParseException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.nubisware.oidc.keycloak.KeycloakHelper; - public class JWTToken implements Serializable { - protected static Logger logger = LoggerFactory.getLogger(KeycloakHelper.class); + protected static Logger logger = LoggerFactory.getLogger(JWTToken.class); private static final long serialVersionUID = -7063122428186284827L; - private static String SHARE_PREFIX = "USER_"; - - public static String OIDC_TOKEN_ATTRIBUTE = SHARE_PREFIX + "OIDC_JWT"; - public static String RPT_TOKEN_ATTRIBUTE = SHARE_PREFIX + "UMA_RPT_JWT"; - public static final String ACCOUNT_RESOURCE = "account"; private String raw; private JSONObject token; - private JSONObject identity; + private JSONObject payload; public static JWTToken fromString(String tokenString) { if (tokenString == null) { + if (logger.isDebugEnabled()) { + logger.debug("Token string is null, cannot create token object"); + } return null; } try { return new JWTToken(tokenString); } catch (ParseException e) { - + logger.error("Cannot parse token string", e); return null; } } @@ -56,7 +52,7 @@ public class JWTToken implements Serializable { private void parse() throws ParseException { token = (JSONObject) new JSONParser().parse(this.raw); String[] parts = getAccessTokenString().split("\\."); - identity = (JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(parts[1]))); + payload = (JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(parts[1]))); } public String getRaw() { @@ -75,12 +71,12 @@ public class JWTToken implements Serializable { return "Bearer " + getAccessTokenString(); } - public JSONObject getIdentity() { - return identity; + public JSONObject getPayload() { + return payload; } public String getExp() { - return (String) getIdentity().get("exp"); + return (String) getPayload().get("exp"); } public Date getExpAsDate() { @@ -97,32 +93,46 @@ public class JWTToken implements Serializable { return new Date().after(getExpAsDate()); } + public List getAud() { + List audienceStrings = new ArrayList<>(); + Object audience = getPayload().get("aud"); + if (audience instanceof String) { + audienceStrings.add((String) audience); + } else if (audience instanceof JSONArray) { + JSONArray audienceArray = (JSONArray) audience; + for (int i = 0; i < audienceArray.size(); i++) { + audienceStrings.add((String) audienceArray.get(i)); + } + } + return audienceStrings; + } + public String getSub() { - return (String) getIdentity().get("sub"); + return (String) getPayload().get("sub"); } public String getEmail() { - return (String) getIdentity().get("email"); + return (String) getPayload().get("email"); } public String getFamily() { - return (String) getIdentity().get("family_name"); + return (String) getPayload().get("family_name"); } public String getGiven() { - return (String) getIdentity().get("given_name"); + return (String) getPayload().get("given_name"); } public String getUserName() { - return (String) getIdentity().get("preferred_username"); + return (String) getPayload().get("preferred_username"); } public String getDisplayName() { - return (String) getIdentity().get("name"); + return (String) getPayload().get("name"); } protected JSONObject getResourceAccess() { - return (JSONObject) getIdentity().get("resource_access"); + return (JSONObject) getPayload().get("resource_access"); } @SuppressWarnings("unchecked") @@ -153,20 +163,8 @@ public class JWTToken implements Serializable { return map; } - /* - "authorization": { - "permissions": [ - { - "rsid": "e9afce09-baeb-4569-8e9a-67342ce39cf5", - "rsname": "a", - "resource_scopes" : [] - } - ] - } - */ - protected JSONArray getAuthorizationPermissions() { - JSONObject authorization = (JSONObject) getIdentity().get("authorization"); + JSONObject authorization = (JSONObject) getPayload().get("authorization"); return (JSONArray) authorization.get("permissions"); } @@ -206,4 +204,9 @@ public class JWTToken implements Serializable { return map; } + @Override + public String toString() { + return getRaw(); + } + } diff --git a/src/main/java/com/nubisware/oidc/rest/OpenIdConnectRESTHelper.java b/src/main/java/com/nubisware/oidc/rest/OpenIdConnectRESTHelper.java index 37e6d33..4c6ef2c 100644 --- a/src/main/java/com/nubisware/oidc/rest/OpenIdConnectRESTHelper.java +++ b/src/main/java/com/nubisware/oidc/rest/OpenIdConnectRESTHelper.java @@ -42,7 +42,6 @@ public class OpenIdConnectRESTHelper { if (logger.isDebugEnabled()) { logger.debug("Query string is: " + q); } - System.out.println("Query string is: " + q); return q; } @@ -75,7 +74,6 @@ public class OpenIdConnectRESTHelper { if (authorization != null) { con.setRequestProperty("Authorization", authorization); } - System.err.println("Authorization: " + authorization); OutputStream os = con.getOutputStream(); os.write(mapToQueryString(params).getBytes("UTF-8")); os.close(); diff --git a/src/test/java/com/nubisware/oidc/rest/JWTTokenTest.java b/src/test/java/com/nubisware/oidc/rest/JWTTokenTest.java new file mode 100644 index 0000000..e48c0b7 --- /dev/null +++ b/src/test/java/com/nubisware/oidc/rest/JWTTokenTest.java @@ -0,0 +1,14 @@ +package com.nubisware.oidc.rest; + +public class JWTTokenTest { + + private static String tokenString = "{\"access_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfNEdzbmg3eGZpQ2VNOUFFOTU4S0FqeG5hcllmZlBMbDRrVEpjajN5bThFIn0.eyJleHAiOjE1OTA2NzU4NDEsImlhdCI6MTU5MDY3NTU0MSwiYXV0aF90aW1lIjoxNTkwNjc1NTQwLCJqdGkiOiIxZDc2MjZmMi0xYjcxLTQ2NmEtOWNjNS0wNmYyNWYwODgzZDciLCJpc3MiOiJodHRwczovL251YmlzMi5pbnQuZDRzY2llbmNlLm5ldC9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOlsiJTJGZ2N1YmUiLCIlMkZnY3ViZSUyRmRldk5leHQlMkZOZXh0TmV4dCIsIiUyRmdjdWJlJTJGZGV2c2VjJTJGZGV2VlJFIiwiYWNjb3VudCJdLCJzdWIiOiIzNTQ5MjQ2MS0yZjY4LTQ1YTctOGQyNy1iOGNjNzgyOTJkNGEiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJwb3J0YWwiLCJzZXNzaW9uX3N0YXRlIjoiYzA4MzYzOWUtMjNlMy00ZWU2LTg3YjgtODRkMDcxMDBkY2Y2IiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiJTJGZ2N1YmUiOnsicm9sZXMiOlsiTWVtYmVyIl19LCIlMkZnY3ViZSUyRmRldk5leHQlMkZOZXh0TmV4dCI6eyJyb2xlcyI6WyJNZW1iZXIiXX0sIiUyRmdjdWJlJTJGZGV2c2VjJTJGZGV2VlJFIjp7InJvbGVzIjpbIk1lbWJlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiTWF1cm8gTXVnbmFpbmkiLCJncm91cHMiOltdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJtYXVybyIsImdpdmVuX25hbWUiOiJNYXVybyIsImZhbWlseV9uYW1lIjoiTXVnbmFpbmkiLCJlbWFpbCI6Im1hdXJvLm11Z25haW5pQG51Ymlzd2FyZS5jb20ifQ.dYHmdm23iqO3swhUllyICnzhJlH8h1pTmT8n7S7w-y2b2pNTgK98YiRspSbIC-yPzreAf_GkvsUWyVXeRKnbstiwonIeH5EjVglEF1LgppzTClqaMel1C1AcbPdccno7uIzsE0m03ErKwhzOS8o3SiZEZfELg6bH-UtdOrqnB0Hk8EGVZ7wfso-LwumMw_t600l7E_m4wuPw2UqQNHVtu714043_1cAi4YQXg-KVGzhLcwX-zZj--EJgmm8voTHTENQ-mKYuM-UCK2iZkVYOLcz4I6W97nLbk_Vx59ysTZh4J21cbh7sQRwhp5kE3itYV1ec-xHfjWDjTY-DDZNJ-Q\",\"expires_in\":300,\"refresh_expires_in\":1800,\"refresh_token\":\"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIzZjUyZDcxMS01Nzk5LTRjYjYtOGExMi02MzEyNjg2NGU0ODAifQ.eyJleHAiOjE1OTA2NzczNDEsImlhdCI6MTU5MDY3NTU0MSwianRpIjoiODdkNDAwN2EtMjQ4MC00MDliLTgyZTAtODFkOTIwZmFiM2E5IiwiaXNzIjoiaHR0cHM6Ly9udWJpczIuaW50LmQ0c2NpZW5jZS5uZXQvYXV0aC9yZWFsbXMvZDRzY2llbmNlIiwiYXVkIjoiaHR0cHM6Ly9udWJpczIuaW50LmQ0c2NpZW5jZS5uZXQvYXV0aC9yZWFsbXMvZDRzY2llbmNlIiwic3ViIjoiMzU0OTI0NjEtMmY2OC00NWE3LThkMjctYjhjYzc4MjkyZDRhIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InBvcnRhbCIsInNlc3Npb25fc3RhdGUiOiJjMDgzNjM5ZS0yM2UzLTRlZTYtODdiOC04NGQwNzEwMGRjZjYiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIn0.8Mz_hlZ7635YRW_f1c4fHEzUzutRLxuooA0XAu3g24w\",\"token_type\":\"bearer\",\"id_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfNEdzbmg3eGZpQ2VNOUFFOTU4S0FqeG5hcllmZlBMbDRrVEpjajN5bThFIn0.eyJleHAiOjE1OTA2NzU4NDEsImlhdCI6MTU5MDY3NTU0MSwiYXV0aF90aW1lIjoxNTkwNjc1NTQwLCJqdGkiOiJkM2M1Mjc5NC00ZTJkLTQ4MWQtODBhNy0wMjdiZWIxNzM0YmIiLCJpc3MiOiJodHRwczovL251YmlzMi5pbnQuZDRzY2llbmNlLm5ldC9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJwb3J0YWwiLCJzdWIiOiIzNTQ5MjQ2MS0yZjY4LTQ1YTctOGQyNy1iOGNjNzgyOTJkNGEiLCJ0eXAiOiJJRCIsImF6cCI6InBvcnRhbCIsInNlc3Npb25fc3RhdGUiOiJjMDgzNjM5ZS0yM2UzLTRlZTYtODdiOC04NGQwNzEwMGRjZjYiLCJhY3IiOiIxIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJNYXVybyBNdWduYWluaSIsImdyb3VwcyI6W10sInByZWZlcnJlZF91c2VybmFtZSI6Im1hdXJvIiwiZ2l2ZW5fbmFtZSI6Ik1hdXJvIiwiZmFtaWx5X25hbWUiOiJNdWduYWluaSIsImVtYWlsIjoibWF1cm8ubXVnbmFpbmlAbnViaXN3YXJlLmNvbSJ9.X4aY7q3cQ5TFk8phfpKlomE1kttu4hIySEfNjeasQl3lDMiGspnS2LmilSV9agFkDs2z8sdvWLUmmCpevZ_eOdDK0WgsmuYunXXOOCBbNyzzw6AmyDK4DYC2aUUfe8wNndgi7e7bf1TTA4TuFJgC_-xaWfwBrIU8NmDZyozBsms2s4oXxMXUGSb_WmJnXARnHIfWR0F72fngF7jkGs_S6UjyB3g4ZKFk1F3ctrxNT8S49Y82w6n7RqjaLkPBq_WtSXnOQG0Osagv1lkkg2FeXrE6lKZVdAsxbVFVN9epFlvn5aFB7OK1smevjYd_PQxk498rm11H4WLkXBgUqifKWg\",\"not-before-policy\":0,\"session_state\":\"c083639e-23e3-4ee6-87b8-84d07100dcf6\",\"scope\":\"openid profile email\"}"; + + public JWTTokenTest() { + } + + public static void main(String[] args) { + JWTToken token = JWTToken.fromString(tokenString); + System.out.println(token.getAud()); + } +}