Package org.keycloak

Examples of org.keycloak.VerificationException


        Desktop.getDesktop().browse(new URI(authUrl));

        callback.join();

        if (!state.equals(callback.state)) {
            throw new VerificationException("Invalid state");
        }

        if (callback.error != null) {
            throw new OAuthErrorException(callback.error, callback.errorDescription);
        }
View Full Code Here


        if (idTokenString != null) {
            JWSInput input = new JWSInput(idTokenString);
            try {
                idToken = input.readJsonContent(IDToken.class);
            } catch (IOException e) {
                throw new VerificationException();
            }
        }
    }
View Full Code Here

            if (idTokenString != null) {
                JWSInput input = new JWSInput(idTokenString);
                try {
                    idToken = input.readJsonContent(IDToken.class);
                } catch (IOException e) {
                    throw new VerificationException();
                }
            }
            log.debug("Token Verification succeeded!");
        } catch (VerificationException e) {
            log.error("failed verification of token");
View Full Code Here

            MultivaluedMap<String, String> encodedParams = uriInfo.getQueryParameters(false);
            String request = encodedParams.getFirst(GeneralConstants.SAML_REQUEST_KEY);
            String algorithm = encodedParams.getFirst(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY);
            String signature = encodedParams.getFirst(GeneralConstants.SAML_SIGNATURE_REQUEST_KEY);

            if (request == null) throw new VerificationException("SAMLRequest as null");
            if (algorithm == null) throw new VerificationException("SigAlg as null");
            if (signature == null) throw new VerificationException("Signature as null");

            // Shibboleth doesn't sign the document for redirect binding.
            // todo maybe a flag?
            // SamlProtocolUtils.verifyDocumentSignature(client, documentHolder.getSamlDocument());

            PublicKey publicKey = SamlProtocolUtils.getSignatureValidationKey(client);


            UriBuilder builder = UriBuilder.fromPath("/")
                    .queryParam(GeneralConstants.SAML_REQUEST_KEY, request);
            if (encodedParams.containsKey(GeneralConstants.RELAY_STATE)) {
                builder.queryParam(GeneralConstants.RELAY_STATE, encodedParams.getFirst(GeneralConstants.RELAY_STATE));
            }
            builder.queryParam(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, algorithm);
            String rawQuery = builder.build().getRawQuery();

            try {
                byte[] decodedSignature = RedirectBindingUtil.urlBase64Decode(signature);

                SignatureAlgorithm signatureAlgorithm = SamlProtocol.getSignatureAlgorithm(client);
                Signature validator = signatureAlgorithm.createSignature(); // todo plugin signature alg
                validator.initVerify(publicKey);
                validator.update(rawQuery.getBytes("UTF-8"));
                if (!validator.verify(decodedSignature)) {
                    throw new VerificationException("Invalid query param signature");
                }
            } catch (Exception e) {
                throw new VerificationException(e);
            }


        }
View Full Code Here

        }
        SAML2Signature saml2Signature = new SAML2Signature();
        PublicKey publicKey = getSignatureValidationKey(client);
        try {
            if (!saml2Signature.validate(document, publicKey)) {
                throw new VerificationException("Invalid signature on document");
            }
        } catch (ProcessingException e) {
            throw new VerificationException("Error validating signature", e);
        }
    }
View Full Code Here

        return getPublicKey(client, SamlProtocol.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE);
    }

    public static PublicKey getPublicKey(ClientModel client, String attribute) throws VerificationException {
        String certPem = client.getAttribute(attribute);
        if (certPem == null) throw new VerificationException("Client does not have a public key.");
        Certificate cert = null;
        try {
            cert = PemUtils.decodeCertificate(certPem);
        } catch (Exception e) {
            throw new VerificationException("Could not decode cert", e);
        }
        return cert.getPublicKey();
    }
View Full Code Here

            if (idTokenString != null && idTokenString.length() > 0) {
                JWSInput input = new JWSInput(idTokenString);
                try {
                    idToken = input.readJsonContent(IDToken.class);
                } catch (IOException e) {
                    throw new VerificationException(e);
                }
            } else {
                idToken = null;
            }
View Full Code Here

TOP

Related Classes of org.keycloak.VerificationException

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.