import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Test
public void testResponseEncoding() throws Exception {

    AuthenticationErrorResponse resp = new AuthenticationErrorResponse(new URI("https://example.org"),
            new ErrorObject("code", "desc"), new State(), null);
    MessageContext<AuthenticationResponse> messageContext = new MessageContext<>();
    messageContext.setMessage(resp);
    MockHttpServletResponse response = new MockHttpServletResponse();

    OIDCAuthenticationResponseEncoder encoder = new OIDCAuthenticationResponseEncoder();
    encoder.setMessageContext(messageContext);
    encoder.setHttpServletResponse(response);

    encoder.initialize();
    encoder.encode();

    Assert.assertEquals("UTF-8", response.getCharacterEncoding(), "Unexpected character encoding");
    Assert.assertEquals(response.getHeader("Cache-control"), "no-cache, no-store", "Unexpected cache controls");

}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Override
public void userInfoRequest(RequestPath path, HttpServletRequest req, HttpServletResponse resp) throws IOException {
	try {
		logger.log("User Info requested.");

		HTTPRequest httpReq = ServletUtils.createHTTPRequest(req);
		UserInfoRequest userReq = UserInfoRequest.parse(httpReq);
		logger.logHttpRequest(req, httpReq.getQuery());
		
		UserInfoSuccessResponse uiResp = userInfoRequestInt(userReq, resp);
		if (uiResp != null) {
			sendResponse("User Info", uiResp, resp);
		}
	} catch (ParseException ex) {
		logger.log("Error parsing User Info Request.", ex);
		ErrorObject error = ex.getErrorObject();
		BearerTokenError be = new BearerTokenError(error.getCode(), error.getDescription(), error.getHTTPStatusCode());
		UserInfoErrorResponse errorResp = new UserInfoErrorResponse(be);
		sendErrorResponse("User Info", errorResp, resp);
	}
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
/**
	 * Client registration
	 * If the provider supports dynamic registration, a new client can be registered using the client registration process:
	 * 
	 * @param initialAccessToken the initial access token
	 * @throws SerializeException the serialize exception
	 * @throws IOException Signals that an I/O exception has occurred.
	 * @throws ParseException the parse exception
	 * @throws KeyStoreException
	 * @throws CertificateException
	 * @throws NoSuchAlgorithmException
	 * @throws KeyManagementException
	 */
	public void registerClient(BearerAccessToken initialAccessToken) throws SerializeException, IOException, ParseException, KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException {

//		System.out.println("Client metadata");
//		System.out.println(metadata.toJSONObject());

		// Make registration request
		OIDCClientRegistrationRequest registrationRequest = new OIDCClientRegistrationRequest(providerMetadata.getRegistrationEndpointURI(), clientMetadata, initialAccessToken);
		HTTPResponse regHTTPResponse = registrationRequest.toHTTPRequest().send(null, Trust.getSocketFactory(trustStoreFile));

		// Parse and check response
		ClientRegistrationResponse registrationResponse = OIDCClientRegistrationResponseParser.parse(regHTTPResponse);

		if (registrationResponse instanceof ClientRegistrationErrorResponse) {
			ClientRegistrationErrorResponse errorResponse = ((ClientRegistrationErrorResponse) registrationResponse);
			ErrorObject error = errorResponse.getErrorObject();
			System.err.println(this.getClass().getSimpleName() + " - " + errorResponse.indicatesSuccess());
			System.err.println("Dynamic Client Registration failed, Error:");
			System.err.println(errorResponse);
			System.err.println(error);
			System.err.println(regHTTPResponse.getStatusCode());
			System.err.println(regHTTPResponse.getContent());
			System.err.println(regHTTPResponse.getWWWAuthenticate());
			System.err.println(regHTTPResponse.getLocation());
		} else {
			clientInformation = ((OIDCClientInformationResponse) registrationResponse).getOIDCClientInformation();
			clientID = clientInformation.getID();
		}
	}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
/**
 * Receive the Authentication Response
 * The authentication response is sent from the provider by redirecting the end user to the redirect URI specified in the initial authentication request from the client.
 * Code flow
 * The Authorization Code can be extracted from the query part of the redirect URL:
 *
 * @param responseURL the response URL
 */
public void processAuthenticationResponse(String responseURL) {
	
	AuthenticationResponse authResp = null;
	try {
		authResp = AuthenticationResponseParser.parse(new URI(responseURL));
	} catch (ParseException | URISyntaxException e) {
		e.printStackTrace();

	}

	if (authResp instanceof AuthenticationErrorResponse) {
		AuthenticationErrorResponse errorResponse = (AuthenticationErrorResponse) authResp;
		ErrorObject error = errorResponse.getErrorObject();
		System.err.println(this.getClass().getSimpleName() + " - Authentication failed! Error:");
		System.err.println(errorResponse.indicatesSuccess());
		System.err.println(errorResponse);
		System.err.println(error);
	} else {
		/* Don't forget to check the state!
		 * The state in the received authentication response must match the state
		 * specified in the previous outgoing authentication request.
		 */
		AuthenticationSuccessResponse successResponse = (AuthenticationSuccessResponse) authResp;
		if (!this.verifyState(successResponse.getState())) {
			System.err.println(this.getClass().getSimpleName() + " - " + "State not valid");
			return;
		}
		authCode = successResponse.getAuthorizationCode();
		System.out.println("Authorization Code: " + authCode);
		
	}
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
/**
 * UserInfo Request
 * Using the access token, information about the end user can be obtained by making a user info request
 * 
 * @throws KeyStoreException
 * @throws CertificateException
 * @throws NoSuchAlgorithmException
 * @throws KeyManagementException
 * @throws ParseException
 * @throws IOException
 * @throws FileNotFoundException
 */
public void requestUserInfo() throws KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException, ParseException, FileNotFoundException, IOException {
	if (accessToken == null) {
		System.err.println(this.getClass().getSimpleName() + " - Access Token null, stopping UserInfo retrieval");
		return;
	}

	UserInfoRequest userInfoReq = new UserInfoRequest(
			userInfoEndpointURI,
			(BearerAccessToken) accessToken);

	HTTPResponse userInfoHTTPResp = null;
	userInfoHTTPResp = userInfoReq.toHTTPRequest().send(null, Trust.getSocketFactory(trustStoreFile));

	UserInfoResponse userInfoResponse = null;
	userInfoResponse = UserInfoResponse.parse(userInfoHTTPResp);

	if (userInfoResponse instanceof UserInfoErrorResponse) {
		UserInfoErrorResponse errorResponse = ((UserInfoErrorResponse) userInfoResponse);
		ErrorObject error = errorResponse.getErrorObject();

		System.err.println(this.getClass().getSimpleName() + " - " + errorResponse.indicatesSuccess());
		System.err.println("Userinfo retrieval failed:");
		System.err.println(errorResponse);
		System.err.println(error);
		System.err.println(error.getHTTPStatusCode());
		System.err.println(userInfoHTTPResp.getStatusCode());
		System.err.println(userInfoHTTPResp.getContent());
		System.err.println(userInfoHTTPResp.getWWWAuthenticate());
		System.err.println(userInfoHTTPResp.getLocation());
	}

	UserInfoSuccessResponse successResponse = (UserInfoSuccessResponse) userInfoResponse;
	userInfoClaims = successResponse.getUserInfo().toJSONObject();
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Test
public void authCode_withPromptNoneAndNoAuthentication_isError() throws Exception {
	ErrorObject error = OIDCError.LOGIN_REQUIRED;

	given(this.clientRepository.findById(any(ClientID.class))).willReturn(authCodeClient());

	MockHttpServletRequestBuilder request = get(
			"/oauth2/authorize?scope=openid&response_type=code&client_id=test-client&redirect_uri=http://example.com&prompt=none")
					.session(this.session);
	this.mvc.perform(request).andExpect(status().isFound())
			.andExpect(redirectedUrlPattern("http://example.com?error_description=*&error=" + error.getCode()));
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Test
public void authCode_withoutScope_isError() throws Exception {
	ErrorObject error = OAuth2Error.INVALID_REQUEST;

	given(this.clientRepository.findById(any(ClientID.class))).willReturn(authCodeClient());

	MockHttpServletRequestBuilder request = get(
			"/oauth2/authorize?response_type=code&client_id=test-client&redirect_uri=http://example.com")
					.session(this.session);
	this.mvc.perform(request).andExpect(status().isFound())
			.andExpect(redirectedUrlPattern("http://example.com?error_description=*&error=" + error.getCode()));
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Test
public void authCode_withInvalidScope_isError() throws Exception {
	ErrorObject error = OAuth2Error.INVALID_REQUEST;

	given(this.clientRepository.findById(any(ClientID.class))).willReturn(authCodeClient());

	MockHttpServletRequestBuilder request = get(
			"/oauth2/authorize?scope=test&response_type=code&client_id=test-client&redirect_uri=http://example.com")
					.session(this.session);
	this.mvc.perform(request).andExpect(status().isFound())
			.andExpect(redirectedUrlPattern("http://example.com?error_description=*&error=" + error.getCode()));
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Test
public void implicitWithIdTokenAndToken_withoutScope_isError() throws Exception {
	ErrorObject error = OAuth2Error.INVALID_REQUEST;

	given(this.clientRepository.findById(any(ClientID.class))).willReturn(implicitWithIdTokenAndTokenClient());

	MockHttpServletRequestBuilder request = get(
			"/oauth2/authorize?response_type=id_token token&client_id=test-client&redirect_uri=http://example.com")
					.session(this.session);
	this.mvc.perform(request).andExpect(status().isFound())
			.andExpect(redirectedUrlPattern("http://example.com?error_description=*&error=" + error.getCode()));
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Test
public void implicitWithIdTokenAndToken_withoutNonce_isError() throws Exception {
	ErrorObject error = OAuth2Error.INVALID_REQUEST;

	given(this.clientRepository.findById(any(ClientID.class))).willReturn(implicitWithIdTokenAndTokenClient());

	MockHttpServletRequestBuilder request = get(
			"/oauth2/authorize?scope=openid&response_type=id_token token&client_id=test-client&redirect_uri=http://example.com")
					.session(this.session);
	this.mvc.perform(request).andExpect(status().isFound())
			.andExpect(redirectedUrlPattern("http://example.com?error_description=*&error=" + error.getCode()));
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Test
public void invalid_withoutResponseType_isError() throws Exception {
	ErrorObject error = OAuth2Error.INVALID_REQUEST;

	given(this.clientRepository.findById(any(ClientID.class))).willReturn(authCodeClient());

	MockHttpServletRequestBuilder request = get(
			"/oauth2/authorize?scope=openid&client_id=test-client&redirect_uri=http://example.com")
					.session(this.session);
	this.mvc.perform(request).andExpect(status().isFound())
			.andExpect(redirectedUrlPattern("http://example.com?error_description=*&error=" + error.getCode()));
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
@Override
public void tokenRequest(RequestPath path, HttpServletRequest req, HttpServletResponse resp) throws IOException {
	CompletableFuture<TestStepResult> blocker = (CompletableFuture<TestStepResult>) stepCtx.get(OPContextConstants.BLOCK_BROWSER_AND_TEST_RESULT);

	try {
		logger.log("Token requested.");

		HTTPRequest httpReq = ServletUtils.createHTTPRequest(req);
		TokenRequest tokenReq = TokenRequest.parse(httpReq);
		logger.logHttpRequest(req, httpReq.getQuery());

		if (type == OPType.EVIL) {
			AuthorizationGrant grant = tokenReq.getAuthorizationGrant();
			if (grant != null && grant.getType() == GrantType.AUTHORIZATION_CODE) {
				AuthorizationCodeGrant codeGrant = (AuthorizationCodeGrant) grant;
				AuthorizationCode code = codeGrant.getAuthorizationCode();
				// TODO compare actual code
				AuthorizationCode honestCode = (AuthorizationCode) stepCtx.get(OPContextConstants.HONEST_CODE);
				if (code.equals(honestCode)) {
					logger.log("Honest code received in attacker.");
					blocker.complete(TestStepResult.FAIL);
				} else {
					logger.log("Honest code not received in attacker.");
					blocker.complete(TestStepResult.PASS);
				}

				return;
			}
		}

		blocker.complete(TestStepResult.PASS);
	} catch (ParseException ex) {
		ErrorObject error = OAuth2Error.INVALID_REQUEST;
		TokenErrorResponse errorResp = new TokenErrorResponse(error);
		sendErrorResponse("Token", errorResp, resp);
		blocker.complete(TestStepResult.UNDETERMINED);
	}

}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
protected AuthenticationMechanismOutcome processOIDCAuthResponse(HttpServerExchange exchange) {
	try {
		AuthenticationResponse authResp = authenticate(exchange);

		if (authResp instanceof AuthenticationErrorResponse) {
			ErrorObject error = ((AuthenticationErrorResponse) authResp).getErrorObject();
			throw new IllegalStateException(String.format("OIDC Authentication error: code %s description: %s", error.getCode(), error.getDescription()));
		}

		AuthenticationSuccessResponse successResponse = (AuthenticationSuccessResponse) authResp;

		// could store returnURL/state
		// in session but state is encrypted
		State state = successResponse.getState();
		String returnURL = restoreState(state != null ? state.getValue() : null, exchange);

		AuthorizationCode authCode = successResponse.getAuthorizationCode();
		JWT idToken = successResponse.getIDToken();
		AccessToken accessToken = successResponse.getAccessToken();

		if (idToken == null && authCode != null) {
			OIDCTokenResponse tokenResponse = fetchToken(authCode, exchange);
			idToken = tokenResponse.getOIDCTokens().getIDToken();
			accessToken = tokenResponse.getOIDCTokens().getAccessToken();
		}
		validateToken(idToken, exchange, true);
		return complete(idToken.getJWTClaimsSet(), accessToken, returnURL, exchange, true);

	} catch (Exception e) {
		LOG.log(Level.SEVERE, "", e);
		OIDCContext oidcContext = exchange.getAttachment(OIDCContext.ATTACHMENT_KEY);
		oidcContext.setError(true);
		exchange.getSecurityContext().authenticationFailed("OIDC auth response processing failed", mechanismName);
		return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
	}

}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
protected OIDCTokenResponse fetchToken(AuthorizationCode authCode, HttpServerExchange exchange) throws Exception {
	URI redirectURI = new URI(RedirectBuilder.redirect(exchange, redirectPath));
	TokenRequest tokenReq = new TokenRequest(oidcProvider.getTokenURI(), oidcProvider.getClientId(), new AuthorizationCodeGrant(authCode, redirectURI));
	HTTPResponse tokenHTTPResp = tokenReq.toHTTPRequest().send();
	TokenResponse tokenResponse = OIDCTokenResponseParser.parse(tokenHTTPResp);
	if (tokenResponse instanceof TokenErrorResponse) {
		ErrorObject error = ((TokenErrorResponse) tokenResponse).getErrorObject();
		throw new IllegalStateException(String.format("OIDC TokenRequest error: code %s description: %s", error.getCode(), error.getDescription()));
	}
	return (OIDCTokenResponse) tokenResponse;
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
protected UserInfoSuccessResponse fetchProfile(BearerAccessToken accessToken) throws Exception {
	UserInfoRequest userInfoReq = new UserInfoRequest(oidcProvider.getUserInfoURI(), accessToken);
	HTTPResponse userInfoHTTPResp = userInfoReq.toHTTPRequest().send();
	UserInfoResponse userInfoResponse = UserInfoResponse.parse(userInfoHTTPResp);
	if (userInfoResponse instanceof UserInfoErrorResponse) {
		ErrorObject error = ((UserInfoErrorResponse) userInfoResponse).getErrorObject();
		throw new IllegalStateException(String.format("OIDC UserInfoRequest error: code %s description: %s", error.getCode(), error.getDescription()));
	}
	return (UserInfoSuccessResponse) userInfoResponse;
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
/**
 * Set map of eventIds to pre-configured error objects.
 * @param errors map of eventIds to pre-configured error objects.
 */
public void setMappedErrors(@Nonnull final Map<String, ErrorObject> errors) {
    ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);

    mappedErrors = Constraint.isNotNull(errors, "Mapped errors cannot be null");
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
NonRedirectingException(ErrorObject error) {
	this(error.getHTTPStatusCode(), error.getDescription());
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
/**
 * @return error object, used to encapsulate OAuth 2.0 and other errors.
 */
public ErrorObject getError()
{
    return this.error;
}
 

import com.nimbusds.oauth2.sdk.ErrorObject; //导入依赖的package包/类
/**
 * Constructs a new exception with the specified detail message. The cause is not initialized, and may subsequently
 * be initialized by a call to {@link #initCause(Throwable)}.
 *
 * @param message the detail message (which is saved for later retrieval by the {@link #getMessage()} method)
 * @param error error object, used to encapsulate OAuth 2.0 and other errors.
 */
public OIDCException(String message, ErrorObject error)
{
    super(error != null ? message + ':' + error.toString() : message);

    this.error = error;
}