Skip to content

Commit

Permalink
format
Browse files Browse the repository at this point in the history
  • Loading branch information
@ryosuke-wakaba
ryosuke-wakaba committed Jun 20, 2024
1 parent 5a6dcc6 commit 0d18278
Showing 1 changed file with 39 additions and 38 deletions.
77 changes: 39 additions & 38 deletions app/src/main/java/com/ownd_project/tw2023_wallet_android/oid/OpenIdProvider.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,43 +129,44 @@ class OpenIdProvider(val uri: String, val option: SigningOption = SigningOption(
val payloadJson = String(Base64.getUrlDecoder().decode(decodedJwt.payload))
val payload = objectMapper.readValue(payloadJson, RequestObjectPayloadImpl::class.java)

val clientId = payload.clientId?: authorizationRequestPayload.clientId
if (clientId.isNullOrBlank()) {
return Either.Left("Invalid client_id or response_uri")
}
val clientScheme = payload.clientIdScheme?: authorizationRequestPayload.clientIdScheme
val clientId = payload.clientId ?: authorizationRequestPayload.clientId
if (clientId.isNullOrBlank()) {
return Either.Left("Invalid client_id or response_uri")
}
val clientScheme = payload.clientIdScheme ?: authorizationRequestPayload.clientIdScheme

val jwtValidationResult =
if (clientScheme == "x509_san_dns") {
val verifyResult = JWT.verifyJwtByX5C(requestObjectJwt)
verifyResult.fold(
ifLeft = {
// throw RuntimeException(it)
Either.Left("Invalid request")
},
ifRight = {(decodedJwt, certificates) ->
// https://openid.net/specs/openid-4-verifiable-presentations-1_0.html
/*
the Client Identifier MUST be a DNS name and match a dNSName Subject Alternative Name (SAN) [RFC5280] entry in the leaf certificate passed with the request.
*/
if (!certificates[0].hasSubjectAlternativeName(clientId)) {
Either.Left("Invalid client_id or response_uri")
}
val uri = payload.responseUri ?: payload.redirectUri
if (clientId != uri) {
Either.Left("Invalid client_id or host uri")
if (clientScheme == "x509_san_dns") {
val verifyResult = JWT.verifyJwtByX5C(requestObjectJwt)
verifyResult.fold(
ifLeft = {
// throw RuntimeException(it)
Either.Left("Invalid request")
},
ifRight = { (decodedJwt, certificates) ->
// https://openid.net/specs/openid-4-verifiable-presentations-1_0.html
/*
the Client Identifier MUST be a DNS name and match a dNSName Subject Alternative Name (SAN) [RFC5280] entry in the leaf certificate passed with the request.
*/
if (!certificates[0].hasSubjectAlternativeName(clientId)) {
Either.Left("Invalid client_id or response_uri")
}
val uri = payload.responseUri ?: payload.redirectUri
if (clientId != uri) {
Either.Left("Invalid client_id or host uri")
}
decodedJwt
}
decodedJwt
}
)
} else {
val jwksUrl = registrationMetadata.jwksUri ?: throw IllegalStateException("JWKS URLが見つかりません。")
JWT.verifyJwtWithJwks(requestObjectJwt, jwksUrl)
}
)
} else {
val jwksUrl = registrationMetadata.jwksUri
?: throw IllegalStateException("JWKS URLが見つかりません。")
JWT.verifyJwtWithJwks(requestObjectJwt, jwksUrl)
}

val result = try {
if (clientScheme == "redirect_uri") {
val responseUri = payload.responseUri?: authorizationRequestPayload.responseUri
val responseUri = payload.responseUri ?: authorizationRequestPayload.responseUri
if (clientId.isNullOrBlank() || responseUri.isNullOrBlank() || clientId != responseUri) {
return Either.Left("Invalid client_id or response_uri")
}
Expand Down Expand Up @@ -198,13 +199,13 @@ class OpenIdProvider(val uri: String, val option: SigningOption = SigningOption(
}
}
val siopRequest = ProcessSIOPRequestResult(
scheme,
null,
authorizationRequestPayload,
requestObjectJwt,
registrationMetadata,
presentationDefinition
)
scheme,
null,
authorizationRequestPayload,
requestObjectJwt,
registrationMetadata,
presentationDefinition
)
this.siopRequest = siopRequest
Either.Right(siopRequest)
}
Expand Down

0 comments on commit 0d18278

Please sign in to comment.