kamma/adfs-auth-ms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cert normalization

Browse Source
This commit is contained in:
Radek Davidek 2026-06-30 18:11:16 +02:00
parent 54afbba444
commit fe53545eee
1 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/main/java/cz/trask/adfs/service/AdfsTokenService.java
View File

@ -28,6 +28,7 @@ import java.util.UUID;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import cz.trask.adfs.config.AdfsConfig; import cz.trask.adfs.config.AdfsConfig;
@ -169,16 +170,10 @@ public class AdfsTokenService {
} }
private String generateJwtAssertion(String clientId) throws Exception { private String generateJwtAssertion(String clientId) throws Exception {
String certPem = new String(Base64.getDecoder().decode(config.getCertificate().replaceAll("\\s+", "")), StandardCharsets.UTF_8) String certPem = new String(Base64.getDecoder().decode(config.getCertificate().replaceAll("\\s+", "")), StandardCharsets.UTF_8);
.replace("-----BEGIN CERTIFICATE-----", "")
.replace("-----END CERTIFICATE-----", "")
.replaceAll("\\s+", "");
X509Certificate cert = getCertificate(certPem); X509Certificate cert = getCertificate(certPem);
String keyPem = new String(Base64.getDecoder().decode(config.getPrivateKey().replaceAll("\\s+", "")), StandardCharsets.UTF_8) String keyPem = new String(Base64.getDecoder().decode(config.getPrivateKey().replaceAll("\\s+", "")), StandardCharsets.UTF_8);
.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
.replaceAll("\\s+", "");
PrivateKey privateKey = getPrivateKey(keyPem); PrivateKey privateKey = getPrivateKey(keyPem);
MessageDigest sha1 = MessageDigest.getInstance("SHA-1"); MessageDigest sha1 = MessageDigest.getInstance("SHA-1");
@ -221,7 +216,7 @@ public class AdfsTokenService {
} }
byte[] decodedBytes = Base64.getUrlDecoder().decode(parts[1]); byte[] decodedBytes = Base64.getUrlDecoder().decode(parts[1]);
Map<String, Object> claims = objectMapper.readValue(decodedBytes, Map.class); Map<String, Object> claims = objectMapper.readValue(decodedBytes, new TypeReference<Map<String, Object>>() {});
Number exp = (Number) claims.get("exp"); Number exp = (Number) claims.get("exp");
if (exp == null) { if (exp == null) {
throw new IllegalArgumentException("JWT does not contain 'exp' claim"); throw new IllegalArgumentException("JWT does not contain 'exp' claim");