public class WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider extends java.lang.Object implements org.apache.nifi.registry.web.security.authentication.oidc.OidcIdentityProvider
{
private static final org.slf4j.Logger logger;
private final java.lang.String EMAIL_CLAIM;
private org.apache.nifi.registry.properties.NiFiRegistryProperties properties;
private org.apache.nifi.registry.web.security.authentication.jwt.JwtService jwtService;
private com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata;
private int oidcConnectTimeout;
private int oidcReadTimeout;
private com.nimbusds.openid.connect.sdk.validators.IDTokenValidator tokenValidator;
private com.nimbusds.oauth.sdk.id.ClientID clientId;
private com.nimbusds.oauth.sdk.auth.Secret clientSecret;
public void <init>(org.apache.nifi.registry.web.security.authentication.jwt.JwtService, org.apache.nifi.registry.properties.NiFiRegistryProperties)
{
org.apache.nifi.registry.web.security.authentication.jwt.JwtService v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: org.apache.nifi.registry.web.security.authentication.jwt.JwtService;
v := @parameter: org.apache.nifi.registry.properties.NiFiRegistryProperties;
specialinvoke v.<java.lang.Object: void <init>()>();
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: java.lang.String EMAIL_CLAIM> = "email";
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties> = v;
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.web.security.authentication.jwt.JwtService jwtService> = v;
return;
}
public void initializeProvider()
{
java.lang.Throwable v;
org.slf4j.Logger v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v;
java.lang.RuntimeException v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v, v, v;
java.lang.String v, v, v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: boolean isOidcEnabled()>();
if v != 0 goto label;
v = <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>("The OIDC provider is not configured or enabled");
return;
label:
specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: void validateOIDCConfiguration()>();
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcDiscoveryUrl()>();
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata retrieveOidcProviderMetadata(java.lang.String)>(v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata> = v;
label:
goto label;
label:
v := @caughtexception;
v = new java.lang.RuntimeException;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcDiscoveryUrl()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to retrieve OpenId Connect Provider metadata from: \u0001");
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String,java.lang.Throwable)>(v, v);
throw v;
label:
specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: void validateOIDCProviderMetadata()>();
return;
catch java.io.IOException from label to label with label;
catch com.nimbusds.oauth.sdk.ParseException from label to label with label;
}
private void validateOIDCProviderMetadata()
{
com.nimbusds.jose.util.DefaultResourceRetriever v;
com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod v, v, v, v, v;
com.nimbusds.jose.JWSAlgorithm v, v, v, v;
java.lang.Exception v;
java.lang.Object[] v;
java.util.ArrayList v;
com.nimbusds.oauth.sdk.auth.Secret v;
com.nimbusds.oauth.sdk.id.Issuer v, v, v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v;
java.lang.String v, v, v, v, v, v, v;
com.nimbusds.oauth.sdk.id.ClientID v, v, v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v, v, v, v, v, v, v, v, v;
java.lang.RuntimeException v, v, v, v, v;
java.net.URL v;
com.nimbusds.openid.connect.sdk.validators.IDTokenValidator v, v, v;
java.net.URI v, v, v;
boolean v, v, v, v, v, v, v, v, v;
java.util.List v, v;
int v, v;
org.slf4j.Logger v, v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.net.URI getAuthorizationEndpointURI()>();
if v != null goto label;
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>("OpenId Connect Provider metadata does not contain an Authorization Endpoint.");
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.net.URI getTokenEndpointURI()>();
if v != null goto label;
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>("OpenId Connect Provider metadata does not contain a Token Endpoint.");
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.util.List getTokenEndpointAuthMethods()>();
v = <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>("OpenId Connect: Available clientAuthenticationMethods {} ", v);
if v == null goto label;
v = interfaceinvoke v.<java.util.List: boolean isEmpty()>();
if v == 0 goto label;
label:
v = new java.util.ArrayList;
specialinvoke v.<java.util.ArrayList: void <init>()>();
v = <com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod: com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod CLIENT_SECRET_BASIC>;
interfaceinvoke v.<java.util.List: boolean add(java.lang.Object)>(v);
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: void setTokenEndpointAuthMethods(java.util.List)>(v);
v = <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>("OpenId Connect: ClientAuthenticationMethods is null, Setting clientAuthenticationMethods as CLIENT_SECRET_BASIC");
goto label;
label:
v = <com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod: com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod CLIENT_SECRET_BASIC>;
v = interfaceinvoke v.<java.util.List: boolean contains(java.lang.Object)>(v);
if v != 0 goto label;
v = <com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod: com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod CLIENT_SECRET_POST>;
v = interfaceinvoke v.<java.util.List: boolean contains(java.lang.Object)>(v);
if v != 0 goto label;
v = new java.lang.RuntimeException;
v = newarray (java.lang.Object)[2];
v = <com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod: com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod CLIENT_SECRET_BASIC>;
v = virtualinvoke v.<com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod: java.lang.String getValue()>();
v[0] = v;
v = <com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod: com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod CLIENT_SECRET_POST>;
v = virtualinvoke v.<com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod: java.lang.String getValue()>();
v[1] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("OpenId Connect Provider does not support %s or %s", v);
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>(v);
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.util.List getIDTokenJWSAlgs()>();
if v == null goto label;
v = interfaceinvoke v.<java.util.List: boolean isEmpty()>();
if v == 0 goto label;
label:
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>("The OpenId Connect Provider does not support any JWS algorithms.");
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcPreferredJwsAlgorithm()>();
v = staticinvoke <org.apache.commons.lang.StringUtils: boolean isBlank(java.lang.CharSequence)>(v);
if v == 0 goto label;
v = <com.nimbusds.jose.JWSAlgorithm: com.nimbusds.jose.JWSAlgorithm RS256>;
goto label;
label:
v = "none";
v = virtualinvoke v.<java.lang.String: boolean equalsIgnoreCase(java.lang.String)>(v);
if v == 0 goto label;
v = null;
goto label;
label:
v = staticinvoke <com.nimbusds.jose.JWSAlgorithm: com.nimbusds.jose.JWSAlgorithm parse(java.lang.String)>(v);
label:
if v != null goto label;
v = new com.nimbusds.openid.connect.sdk.validators.IDTokenValidator;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: com.nimbusds.oauth.sdk.id.Issuer getIssuer()>();
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.id.ClientID clientId>;
specialinvoke v.<com.nimbusds.openid.connect.sdk.validators.IDTokenValidator: void <init>(com.nimbusds.oauth.sdk.id.Issuer,com.nimbusds.oauth.sdk.id.ClientID)>(v, v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.validators.IDTokenValidator tokenValidator> = v;
goto label;
label:
v = <com.nimbusds.jose.JWSAlgorithm: com.nimbusds.jose.JWSAlgorithm HS256>;
v = virtualinvoke v.<com.nimbusds.jose.JWSAlgorithm: boolean equals(java.lang.Object)>(v);
if v != 0 goto label;
v = <com.nimbusds.jose.JWSAlgorithm: com.nimbusds.jose.JWSAlgorithm HS384>;
v = virtualinvoke v.<com.nimbusds.jose.JWSAlgorithm: boolean equals(java.lang.Object)>(v);
if v != 0 goto label;
v = <com.nimbusds.jose.JWSAlgorithm: com.nimbusds.jose.JWSAlgorithm HS512>;
v = virtualinvoke v.<com.nimbusds.jose.JWSAlgorithm: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
label:
v = new com.nimbusds.openid.connect.sdk.validators.IDTokenValidator;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: com.nimbusds.oauth.sdk.id.Issuer getIssuer()>();
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.id.ClientID clientId>;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.auth.Secret clientSecret>;
specialinvoke v.<com.nimbusds.openid.connect.sdk.validators.IDTokenValidator: void <init>(com.nimbusds.oauth.sdk.id.Issuer,com.nimbusds.oauth.sdk.id.ClientID,com.nimbusds.jose.JWSAlgorithm,com.nimbusds.oauth.sdk.auth.Secret)>(v, v, v, v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.validators.IDTokenValidator tokenValidator> = v;
goto label;
label:
v = new com.nimbusds.jose.util.DefaultResourceRetriever;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcConnectTimeout>;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcReadTimeout>;
specialinvoke v.<com.nimbusds.jose.util.DefaultResourceRetriever: void <init>(int,int)>(v, v);
v = new com.nimbusds.openid.connect.sdk.validators.IDTokenValidator;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: com.nimbusds.oauth.sdk.id.Issuer getIssuer()>();
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.id.ClientID clientId>;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.net.URI getJWKSetURI()>();
v = virtualinvoke v.<java.net.URI: java.net.URL toURL()>();
specialinvoke v.<com.nimbusds.openid.connect.sdk.validators.IDTokenValidator: void <init>(com.nimbusds.oauth.sdk.id.Issuer,com.nimbusds.oauth.sdk.id.ClientID,com.nimbusds.jose.JWSAlgorithm,java.net.URL,com.nimbusds.jose.util.ResourceRetriever)>(v, v, v, v, v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.validators.IDTokenValidator tokenValidator> = v;
label:
goto label;
label:
v := @caughtexception;
v = new java.lang.RuntimeException;
v = virtualinvoke v.<java.lang.Exception: java.lang.String getMessage()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to create the ID token validator for the configured OpenId Connect Provider: \u0001");
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String,java.lang.Throwable)>(v, v);
throw v;
label:
return;
catch java.lang.Exception from label to label with label;
}
private void validateOIDCConfiguration()
{
boolean v, v, v;
java.lang.Exception v, v;
java.lang.Object[] v, v;
com.nimbusds.oauth.sdk.auth.Secret v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v, v, v, v, v;
java.lang.String v, v, v, v;
double v, v, v, v;
com.nimbusds.oauth.sdk.id.ClientID v;
org.slf4j.Logger v, v;
java.lang.RuntimeException v, v, v;
java.util.concurrent.TimeUnit v, v, v, v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: boolean isLoginIdentityProviderEnabled()>();
if v == 0 goto label;
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>("OpenId Connect support cannot be enabled if the Login Identity Provider or Apache Knox SSO is configured.");
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcConnectTimeout()>();
label:
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit MILLISECONDS>;
v = staticinvoke <org.apache.nifi.registry.util.FormatUtils: double getPreciseTimeDuration(java.lang.String,java.util.concurrent.TimeUnit)>(v, v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcConnectTimeout> = v;
label:
goto label;
label:
v := @caughtexception;
v = <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger>;
v = newarray (java.lang.Object)[3];
v[0] = "nifi.registry.security.user.oidc.connect.timeout";
v[1] = v;
v[2] = "5 secs";
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object[])>("Failed to parse value of property \'{}\' as a valid time period. Value was \'{}\'. Ignoring this value and using the default value of \'{}\'", v);
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit MILLISECONDS>;
v = staticinvoke <org.apache.nifi.registry.util.FormatUtils: double getPreciseTimeDuration(java.lang.String,java.util.concurrent.TimeUnit)>("5 secs", v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcConnectTimeout> = v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcReadTimeout()>();
label:
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit MILLISECONDS>;
v = staticinvoke <org.apache.nifi.registry.util.FormatUtils: double getPreciseTimeDuration(java.lang.String,java.util.concurrent.TimeUnit)>(v, v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcReadTimeout> = v;
label:
goto label;
label:
v := @caughtexception;
v = <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger>;
v = newarray (java.lang.Object)[3];
v[0] = "nifi.registry.security.user.oidc.read.timeout";
v[1] = v;
v[2] = "5 secs";
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object[])>("Failed to parse value of property \'{}\' as a valid time period. Value was \'{}\'. Ignoring this value and using the default value of \'{}\'", v);
v = <java.util.concurrent.TimeUnit: java.util.concurrent.TimeUnit MILLISECONDS>;
v = staticinvoke <org.apache.nifi.registry.util.FormatUtils: double getPreciseTimeDuration(java.lang.String,java.util.concurrent.TimeUnit)>("5 secs", v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcReadTimeout> = v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcClientId()>();
v = staticinvoke <org.apache.commons.lang.StringUtils: boolean isBlank(java.lang.CharSequence)>(v);
if v == 0 goto label;
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>("Client ID is required when configuring an OIDC Provider.");
throw v;
label:
v = new com.nimbusds.oauth.sdk.id.ClientID;
specialinvoke v.<com.nimbusds.oauth.sdk.id.ClientID: void <init>(java.lang.String)>(v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.id.ClientID clientId> = v;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcClientSecret()>();
v = staticinvoke <org.apache.commons.lang.StringUtils: boolean isBlank(java.lang.CharSequence)>(v);
if v == 0 goto label;
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>("Client secret is required when configuring an OIDC Provider.");
throw v;
label:
v = new com.nimbusds.oauth.sdk.auth.Secret;
specialinvoke v.<com.nimbusds.oauth.sdk.auth.Secret: void <init>(java.lang.String)>(v);
v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.auth.Secret clientSecret> = v;
return;
catch java.lang.Exception from label to label with label;
catch java.lang.Exception from label to label with label;
}
private com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata retrieveOidcProviderMetadata(java.lang.String) throws java.io.IOException, com.nimbusds.oauth.sdk.ParseException
{
com.nimbusds.oauth.sdk.http.HTTPRequest$Method v;
com.nimbusds.oauth.sdk.http.HTTPRequest v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v;
java.net.URL v;
java.io.IOException v;
com.nimbusds.oauth.sdk.http.HTTPResponse v;
net.minidev.json.JSONObject v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
int v, v, v, v;
java.lang.String v, v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: java.lang.String;
v = new java.net.URL;
specialinvoke v.<java.net.URL: void <init>(java.lang.String)>(v);
v = new com.nimbusds.oauth.sdk.http.HTTPRequest;
v = <com.nimbusds.oauth.sdk.http.HTTPRequest$Method: com.nimbusds.oauth.sdk.http.HTTPRequest$Method GET>;
specialinvoke v.<com.nimbusds.oauth.sdk.http.HTTPRequest: void <init>(com.nimbusds.oauth.sdk.http.HTTPRequest$Method,java.net.URL)>(v, v);
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcConnectTimeout>;
virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPRequest: void setConnectTimeout(int)>(v);
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcReadTimeout>;
virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPRequest: void setReadTimeout(int)>(v);
v = virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPRequest: com.nimbusds.oauth.sdk.http.HTTPResponse send()>();
v = virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPResponse: int getStatusCode()>();
if v == 200 goto label;
v = new java.io.IOException;
v = virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPResponse: int getStatusCode()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.net.URL,int)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to download OpenId Connect Provider metadata from \u0001: Status code \u0001");
specialinvoke v.<java.io.IOException: void <init>(java.lang.String)>(v);
throw v;
label:
v = virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPResponse: net.minidev.json.JSONObject getContentAsJSONObject()>();
v = staticinvoke <com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata parse(net.minidev.json.JSONObject)>(v);
return v;
}
public boolean isOidcEnabled()
{
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
boolean v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: boolean isOidcEnabled()>();
return v;
}
public java.net.URI getAuthorizationEndpoint()
{
java.lang.IllegalStateException v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
java.net.URI v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: boolean isOidcEnabled()>();
if v != 0 goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("OpenId Connect support is not configured");
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.net.URI getAuthorizationEndpointURI()>();
return v;
}
public java.net.URI getEndSessionEndpoint()
{
java.lang.IllegalStateException v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
java.net.URI v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: boolean isOidcEnabled()>();
if v != 0 goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("OpenId Connect support is not configured");
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.net.URI getEndSessionEndpointURI()>();
return v;
}
public java.net.URI getRevocationEndpoint()
{
java.lang.IllegalStateException v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
java.net.URI v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: boolean isOidcEnabled()>();
if v != 0 goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("OpenId Connect support is not configured");
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.net.URI getRevocationEndpointURI()>();
return v;
}
public com.nimbusds.oauth.sdk.Scope getScope()
{
java.lang.IllegalStateException v;
java.util.Iterator v;
com.nimbusds.oauth.sdk.Scope v;
java.lang.String[] v;
java.util.List v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v;
java.lang.Object v;
boolean v, v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: boolean isOidcEnabled()>();
if v != 0 goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("OpenId Connect support is not configured");
throw v;
label:
v = new com.nimbusds.oauth.sdk.Scope;
v = newarray (java.lang.String)[2];
v[0] = "openid";
v[1] = "email";
specialinvoke v.<com.nimbusds.oauth.sdk.Scope: void <init>(java.lang.String[])>(v);
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.util.List getOidcAdditionalScopes()>();
v = interfaceinvoke v.<java.util.List: java.util.Iterator iterator()>();
label:
v = interfaceinvoke v.<java.util.Iterator: boolean hasNext()>();
if v == 0 goto label;
v = interfaceinvoke v.<java.util.Iterator: java.lang.Object next()>();
virtualinvoke v.<com.nimbusds.oauth.sdk.Scope: boolean add(java.lang.String)>(v);
goto label;
label:
return v;
}
public com.nimbusds.oauth.sdk.id.ClientID getClientId()
{
com.nimbusds.oauth.sdk.id.ClientID v;
java.lang.IllegalStateException v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: boolean isOidcEnabled()>();
if v != 0 goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("OpenId Connect support is not configured");
throw v;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.id.ClientID clientId>;
return v;
}
public java.lang.String exchangeAuthorizationCodeForLoginAuthenticationToken(com.nimbusds.oauth.sdk.AuthorizationGrant) throws java.io.IOException
{
java.lang.Throwable v;
java.lang.IllegalStateException v;
com.nimbusds.oauth.sdk.http.HTTPRequest v;
com.nimbusds.oauth.sdk.AuthorizationGrant v;
com.nimbusds.oauth.sdk.auth.ClientAuthentication v;
java.lang.RuntimeException v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.oauth.sdk.TokenResponse v;
java.lang.String v, v, v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.oauth.sdk.AuthorizationGrant;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: boolean isOidcEnabled()>();
if v != 0 goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("OpenId Connect support is not configured");
throw v;
label:
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.auth.ClientAuthentication createClientAuthentication()>();
label:
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.http.HTTPRequest createTokenHTTPRequest(com.nimbusds.oauth.sdk.AuthorizationGrant,com.nimbusds.oauth.sdk.auth.ClientAuthentication)>(v, v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.TokenResponse authorizeClient(com.nimbusds.oauth.sdk.http.HTTPRequest)>(v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: java.lang.String convertOIDCTokenToNiFiToken(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)>(v);
label:
return v;
label:
v := @caughtexception;
v = new java.lang.RuntimeException;
v = virtualinvoke v.<java.lang.Exception: java.lang.String getMessage()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to parse the response from the Token request: \u0001");
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>(v);
throw v;
catch com.nimbusds.oauth.sdk.ParseException from label to label with label;
catch com.nimbusds.jose.JOSEException from label to label with label;
catch com.nimbusds.jose.proc.BadJOSEException from label to label with label;
catch java.text.ParseException from label to label with label;
}
public java.lang.String exchangeAuthorizationCodeForAccessToken(com.nimbusds.oauth.sdk.AuthorizationGrant) throws java.lang.Exception
{
java.lang.Throwable v;
java.lang.IllegalStateException v;
com.nimbusds.oauth.sdk.http.HTTPRequest v;
com.nimbusds.oauth.sdk.AuthorizationGrant v;
com.nimbusds.oauth.sdk.auth.ClientAuthentication v;
java.lang.RuntimeException v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.oauth.sdk.TokenResponse v;
java.lang.String v, v, v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.oauth.sdk.AuthorizationGrant;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: boolean isOidcEnabled()>();
if v != 0 goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("OpenId Connect support is not configured");
throw v;
label:
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.auth.ClientAuthentication createClientAuthentication()>();
label:
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.http.HTTPRequest createTokenHTTPRequest(com.nimbusds.oauth.sdk.AuthorizationGrant,com.nimbusds.oauth.sdk.auth.ClientAuthentication)>(v, v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.TokenResponse authorizeClient(com.nimbusds.oauth.sdk.http.HTTPRequest)>(v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: java.lang.String getAccessTokenString(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)>(v);
label:
return v;
label:
v := @caughtexception;
v = new java.lang.RuntimeException;
v = virtualinvoke v.<java.lang.Exception: java.lang.String getMessage()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to parse the response from the Token request: \u0001");
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>(v);
throw v;
catch com.nimbusds.oauth.sdk.ParseException from label to label with label;
catch com.nimbusds.jose.JOSEException from label to label with label;
catch com.nimbusds.jose.proc.BadJOSEException from label to label with label;
catch java.text.ParseException from label to label with label;
}
public java.lang.String exchangeAuthorizationCodeForIdToken(com.nimbusds.oauth.sdk.AuthorizationGrant)
{
java.lang.Throwable v;
java.lang.IllegalStateException v;
com.nimbusds.oauth.sdk.http.HTTPRequest v;
com.nimbusds.oauth.sdk.AuthorizationGrant v;
com.nimbusds.oauth.sdk.auth.ClientAuthentication v;
java.lang.RuntimeException v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.oauth.sdk.TokenResponse v;
java.lang.String v, v, v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.oauth.sdk.AuthorizationGrant;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: boolean isOidcEnabled()>();
if v != 0 goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("OpenId Connect support is not configured");
throw v;
label:
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.auth.ClientAuthentication createClientAuthentication()>();
label:
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.http.HTTPRequest createTokenHTTPRequest(com.nimbusds.oauth.sdk.AuthorizationGrant,com.nimbusds.oauth.sdk.auth.ClientAuthentication)>(v, v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.TokenResponse authorizeClient(com.nimbusds.oauth.sdk.http.HTTPRequest)>(v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: java.lang.String getIdTokenString(com.nimbusds.openid.connect.sdk.OIDCTokenResponse)>(v);
label:
return v;
label:
v := @caughtexception;
v = new java.lang.RuntimeException;
v = virtualinvoke v.<java.lang.Exception: java.lang.String getMessage()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to parse the response from the Token request: \u0001");
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String,java.lang.Throwable)>(v, v);
throw v;
catch java.lang.RuntimeException from label to label with label;
catch com.nimbusds.jose.JOSEException from label to label with label;
catch com.nimbusds.jose.proc.BadJOSEException from label to label with label;
catch com.nimbusds.oauth.sdk.ParseException from label to label with label;
catch java.io.IOException from label to label with label;
catch java.text.ParseException from label to label with label;
}
private com.nimbusds.oauth.sdk.TokenResponse authorizeClient(com.nimbusds.oauth.sdk.http.HTTPRequest) throws com.nimbusds.oauth.sdk.ParseException, java.io.IOException, com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException, java.text.ParseException
{
com.nimbusds.oauth.sdk.http.HTTPRequest v;
com.nimbusds.oauth.sdk.ErrorObject v;
java.lang.RuntimeException v;
com.nimbusds.oauth.sdk.http.HTTPResponse v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.oauth.sdk.TokenResponse v;
java.lang.String v, v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.oauth.sdk.http.HTTPRequest;
v = virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPRequest: com.nimbusds.oauth.sdk.http.HTTPResponse send()>();
v = staticinvoke <com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser: com.nimbusds.oauth.sdk.TokenResponse parse(com.nimbusds.oauth.sdk.http.HTTPResponse)>(v);
v = virtualinvoke v.<com.nimbusds.oauth.sdk.TokenResponse: boolean indicatesSuccess()>();
if v == 0 goto label;
return v;
label:
v = new java.lang.RuntimeException;
v = virtualinvoke v.<com.nimbusds.oauth.sdk.TokenErrorResponse: com.nimbusds.oauth.sdk.ErrorObject getErrorObject()>();
v = virtualinvoke v.<com.nimbusds.oauth.sdk.ErrorObject: java.lang.String getDescription()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("An error occurred while invoking the Token endpoint: \u0001");
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>(v);
throw v;
}
private java.lang.String convertOIDCTokenToNiFiToken(com.nimbusds.openid.connect.sdk.OIDCTokenResponse) throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException, java.text.ParseException, java.io.IOException
{
java.util.Date v;
org.apache.nifi.registry.web.security.authentication.jwt.JwtService v;
com.nimbusds.openid.connect.sdk.OIDCTokenResponse v;
com.nimbusds.jwt.JWTClaimsSet v;
long v, v, v;
com.nimbusds.oauth.sdk.id.Issuer v;
java.util.Calendar v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.jwt.JWT v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v;
com.nimbusds.openid.connect.sdk.validators.IDTokenValidator v;
java.lang.String v, v, v, v;
com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet v;
boolean v, v, v;
org.slf4j.Logger v, v, v;
com.nimbusds.openid.connect.sdk.token.OIDCTokens v;
java.util.List v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.OIDCTokenResponse: com.nimbusds.openid.connect.sdk.token.OIDCTokens getOIDCTokens()>();
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.token.OIDCTokens: com.nimbusds.jwt.JWT getIDToken()>();
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.validators.IDTokenValidator tokenValidator>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.validators.IDTokenValidator: com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet validate(com.nimbusds.jwt.JWT,com.nimbusds.openid.connect.sdk.Nonce)>(v, null);
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcClaimIdentifyingUser()>();
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet: java.lang.String getStringClaim(java.lang.String)>(v);
v = staticinvoke <org.apache.commons.lang.StringUtils: boolean isBlank(java.lang.CharSequence)>(v);
if v == 0 goto label;
v = interfaceinvoke v.<com.nimbusds.jwt.JWT: com.nimbusds.jwt.JWTClaimsSet getJWTClaimsSet()>();
v = staticinvoke <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: java.util.List getAvailableClaims(com.nimbusds.jwt.JWTClaimsSet)>(v);
v = <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object,java.lang.Object)>("Failed to obtain the identity of the user with the claim \'{}\'. The available claims on the OIDC response are: {}. Will attempt to obtain the identity from secondary sources", v, v);
v = virtualinvoke v.<java.lang.String: boolean equalsIgnoreCase(java.lang.String)>("email");
if v != 0 goto label;
v = interfaceinvoke v.<java.util.List: boolean contains(java.lang.Object)>("email");
if v == 0 goto label;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet: java.lang.String getStringClaim(java.lang.String)>("email");
v = <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void info(java.lang.String)>("The \'email\' claim was present. Using that claim to avoid extra remote call");
goto label;
label:
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: java.lang.String retrieveIdentityFromUserInfoEndpoint(com.nimbusds.openid.connect.sdk.token.OIDCTokens)>(v);
v = <org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger>;
interfaceinvoke v.<org.slf4j.Logger: void info(java.lang.String)>("Retrieved identity from UserInfo endpoint");
label:
v = staticinvoke <java.util.Calendar: java.util.Calendar getInstance()>();
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet: java.util.Date getExpirationTime()>();
v = virtualinvoke v.<java.util.Date: long getTime()>();
v = virtualinvoke v.<java.util.Calendar: long getTimeInMillis()>();
v = v - v;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet: com.nimbusds.oauth.sdk.id.Issuer getIssuer()>();
v = virtualinvoke v.<com.nimbusds.oauth.sdk.id.Issuer: java.lang.String getValue()>();
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.web.security.authentication.jwt.JwtService jwtService>;
v = virtualinvoke v.<org.apache.nifi.registry.web.security.authentication.jwt.JwtService: java.lang.String generateSignedToken(java.lang.String,java.lang.String,java.lang.String,java.lang.String,long)>(v, v, v, v, v);
return v;
}
private java.lang.String retrieveIdentityFromUserInfoEndpoint(com.nimbusds.openid.connect.sdk.token.OIDCTokens) throws java.io.IOException
{
java.lang.IllegalStateException v;
com.nimbusds.oauth.sdk.http.HTTPRequest v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.oauth.sdk.token.BearerAccessToken v;
java.lang.String v;
com.nimbusds.openid.connect.sdk.token.OIDCTokens v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.openid.connect.sdk.token.OIDCTokens;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.token.OIDCTokens: com.nimbusds.oauth.sdk.token.BearerAccessToken getBearerAccessToken()>();
if v != null goto label;
v = new java.lang.IllegalStateException;
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>("No access token found in the ID tokens");
throw v;
label:
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.http.HTTPRequest createUserInfoRequest(com.nimbusds.oauth.sdk.token.BearerAccessToken)>(v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: java.lang.String lookupIdentityInUserInfo(com.nimbusds.oauth.sdk.http.HTTPRequest)>(v);
return v;
}
private com.nimbusds.oauth.sdk.http.HTTPRequest createTokenHTTPRequest(com.nimbusds.oauth.sdk.AuthorizationGrant, com.nimbusds.oauth.sdk.auth.ClientAuthentication)
{
com.nimbusds.oauth.sdk.TokenRequest v;
com.nimbusds.oauth.sdk.http.HTTPRequest v;
com.nimbusds.oauth.sdk.AuthorizationGrant v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.oauth.sdk.auth.ClientAuthentication v;
java.net.URI v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.oauth.sdk.AuthorizationGrant;
v := @parameter: com.nimbusds.oauth.sdk.auth.ClientAuthentication;
v = new com.nimbusds.oauth.sdk.TokenRequest;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.net.URI getTokenEndpointURI()>();
specialinvoke v.<com.nimbusds.oauth.sdk.TokenRequest: void <init>(java.net.URI,com.nimbusds.oauth.sdk.auth.ClientAuthentication,com.nimbusds.oauth.sdk.AuthorizationGrant)>(v, v, v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.http.HTTPRequest formHTTPRequest(com.nimbusds.oauth.sdk.Request)>(v);
return v;
}
private com.nimbusds.oauth.sdk.http.HTTPRequest createUserInfoRequest(com.nimbusds.oauth.sdk.token.BearerAccessToken)
{
com.nimbusds.oauth.sdk.http.HTTPRequest v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.oauth.sdk.token.BearerAccessToken v;
com.nimbusds.openid.connect.sdk.UserInfoRequest v;
java.net.URI v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.oauth.sdk.token.BearerAccessToken;
v = new com.nimbusds.openid.connect.sdk.UserInfoRequest;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.net.URI getUserInfoEndpointURI()>();
specialinvoke v.<com.nimbusds.openid.connect.sdk.UserInfoRequest: void <init>(java.net.URI,com.nimbusds.oauth.sdk.token.AccessToken)>(v, v);
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.http.HTTPRequest formHTTPRequest(com.nimbusds.oauth.sdk.Request)>(v);
return v;
}
private com.nimbusds.oauth.sdk.http.HTTPRequest formHTTPRequest(com.nimbusds.oauth.sdk.Request)
{
com.nimbusds.oauth.sdk.Request v;
com.nimbusds.oauth.sdk.http.HTTPRequest v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
int v, v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.oauth.sdk.Request;
v = interfaceinvoke v.<com.nimbusds.oauth.sdk.Request: com.nimbusds.oauth.sdk.http.HTTPRequest toHTTPRequest()>();
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcConnectTimeout>;
virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPRequest: void setConnectTimeout(int)>(v);
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: int oidcReadTimeout>;
virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPRequest: void setReadTimeout(int)>(v);
return v;
}
private com.nimbusds.oauth.sdk.auth.ClientAuthentication createClientAuthentication()
{
com.nimbusds.oauth.sdk.id.ClientID v, v;
com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata v;
com.nimbusds.oauth.sdk.auth.ClientSecretPost v;
com.nimbusds.oauth.sdk.auth.Secret v, v;
java.util.List v;
com.nimbusds.oauth.sdk.auth.ClientSecretBasic v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod v;
java.lang.Object v;
boolean v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata oidcProviderMetadata>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata: java.util.List getTokenEndpointAuthMethods()>();
if v == null goto label;
v = <com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod: com.nimbusds.oauth.sdk.auth.ClientAuthenticationMethod CLIENT_SECRET_POST>;
v = interfaceinvoke v.<java.util.List: boolean contains(java.lang.Object)>(v);
if v == 0 goto label;
v = new com.nimbusds.oauth.sdk.auth.ClientSecretPost;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.id.ClientID clientId>;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.auth.Secret clientSecret>;
specialinvoke v.<com.nimbusds.oauth.sdk.auth.ClientSecretPost: void <init>(com.nimbusds.oauth.sdk.id.ClientID,com.nimbusds.oauth.sdk.auth.Secret)>(v, v);
v = v;
goto label;
label:
v = new com.nimbusds.oauth.sdk.auth.ClientSecretBasic;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.id.ClientID clientId>;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.oauth.sdk.auth.Secret clientSecret>;
specialinvoke v.<com.nimbusds.oauth.sdk.auth.ClientSecretBasic: void <init>(com.nimbusds.oauth.sdk.id.ClientID,com.nimbusds.oauth.sdk.auth.Secret)>(v, v);
v = v;
label:
return v;
}
private static java.util.List getAvailableClaims(com.nimbusds.jwt.JWTClaimsSet)
{
java.util.function.Predicate v;
com.nimbusds.jwt.JWTClaimsSet v;
java.util.Set v;
java.util.function.Function v;
java.util.stream.Stream v, v, v, v;
java.util.Map v;
java.lang.Object v;
java.util.stream.Collector v;
v := @parameter: com.nimbusds.jwt.JWTClaimsSet;
v = virtualinvoke v.<com.nimbusds.jwt.JWTClaimsSet: java.util.Map getClaims()>();
v = interfaceinvoke v.<java.util.Map: java.util.Set entrySet()>();
v = interfaceinvoke v.<java.util.Set: java.util.stream.Stream stream()>();
v = staticinvoke <WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider$lambda_getAvailableClaims_0__26: java.util.function.Predicate bootstrap$()>();
v = interfaceinvoke v.<java.util.stream.Stream: java.util.stream.Stream filter(java.util.function.Predicate)>(v);
v = staticinvoke <WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider$getKey__27: java.util.function.Function bootstrap$()>();
v = interfaceinvoke v.<java.util.stream.Stream: java.util.stream.Stream map(java.util.function.Function)>(v);
v = interfaceinvoke v.<java.util.stream.Stream: java.util.stream.Stream sorted()>();
v = staticinvoke <java.util.stream.Collectors: java.util.stream.Collector toList()>();
v = interfaceinvoke v.<java.util.stream.Stream: java.lang.Object collect(java.util.stream.Collector)>(v);
return v;
}
private java.lang.String lookupIdentityInUserInfo(com.nimbusds.oauth.sdk.http.HTTPRequest) throws java.io.IOException
{
java.lang.Throwable v;
java.lang.IllegalStateException v;
com.nimbusds.jwt.JWTClaimsSet v;
com.nimbusds.openid.connect.sdk.UserInfoResponse v;
org.apache.nifi.registry.security.authentication.exception.IdentityAccessException v, v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.jwt.JWT v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v, v;
java.lang.String v, v, v, v, v, v, v, v;
boolean v, v;
com.nimbusds.oauth.sdk.http.HTTPRequest v;
com.nimbusds.oauth.sdk.ErrorObject v;
com.nimbusds.openid.connect.sdk.claims.UserInfo v, v;
com.nimbusds.oauth.sdk.http.HTTPResponse v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.oauth.sdk.http.HTTPRequest;
label:
v = virtualinvoke v.<com.nimbusds.oauth.sdk.http.HTTPRequest: com.nimbusds.oauth.sdk.http.HTTPResponse send()>();
v = staticinvoke <com.nimbusds.openid.connect.sdk.UserInfoResponse: com.nimbusds.openid.connect.sdk.UserInfoResponse parse(com.nimbusds.oauth.sdk.http.HTTPResponse)>(v);
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.UserInfoResponse: boolean indicatesSuccess()>();
if v == 0 goto label;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse: com.nimbusds.openid.connect.sdk.claims.UserInfo getUserInfo()>();
if v == null goto label;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse: com.nimbusds.openid.connect.sdk.claims.UserInfo getUserInfo()>();
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.claims.UserInfo: com.nimbusds.jwt.JWTClaimsSet toJWTClaimsSet()>();
goto label;
label:
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse: com.nimbusds.jwt.JWT getUserInfoJWT()>();
v = interfaceinvoke v.<com.nimbusds.jwt.JWT: com.nimbusds.jwt.JWTClaimsSet getJWTClaimsSet()>();
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcClaimIdentifyingUser()>();
v = virtualinvoke v.<com.nimbusds.jwt.JWTClaimsSet: java.lang.String getStringClaim(java.lang.String)>(v);
v = staticinvoke <org.apache.commons.lang.StringUtils: boolean isBlank(java.lang.CharSequence)>(v);
if v == 0 goto label;
v = new java.lang.IllegalStateException;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcClaimIdentifyingUser()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to extract identity from the UserInfo token using the claim \'\u0001\'.");
specialinvoke v.<java.lang.IllegalStateException: void <init>(java.lang.String)>(v);
throw v;
label:
return v;
label:
v = new org.apache.nifi.registry.security.authentication.exception.IdentityAccessException;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.UserInfoErrorResponse: com.nimbusds.oauth.sdk.ErrorObject getErrorObject()>();
v = virtualinvoke v.<com.nimbusds.oauth.sdk.ErrorObject: java.lang.String getDescription()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("An error occurred while invoking the UserInfo endpoint: \u0001");
specialinvoke v.<org.apache.nifi.registry.security.authentication.exception.IdentityAccessException: void <init>(java.lang.String)>(v);
throw v;
label:
v := @caughtexception;
v = new org.apache.nifi.registry.security.authentication.exception.IdentityAccessException;
v = virtualinvoke v.<java.lang.Exception: java.lang.String getMessage()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to parse the response from the UserInfo token request: \u0001");
specialinvoke v.<org.apache.nifi.registry.security.authentication.exception.IdentityAccessException: void <init>(java.lang.String)>(v);
throw v;
catch com.nimbusds.oauth.sdk.ParseException from label to label with label;
catch java.text.ParseException from label to label with label;
}
private java.lang.String getAccessTokenString(com.nimbusds.openid.connect.sdk.OIDCTokenResponse) throws java.lang.Exception
{
com.nimbusds.oauth.sdk.token.AccessToken v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.openid.connect.sdk.OIDCTokenResponse v;
java.lang.String v;
com.nimbusds.openid.connect.sdk.token.OIDCTokens v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.OIDCTokenResponse: com.nimbusds.openid.connect.sdk.token.OIDCTokens getOIDCTokens()>();
specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: void validateAccessToken(com.nimbusds.openid.connect.sdk.token.OIDCTokens)>(v);
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.token.OIDCTokens: com.nimbusds.oauth.sdk.token.AccessToken getAccessToken()>();
v = virtualinvoke v.<com.nimbusds.oauth.sdk.token.AccessToken: java.lang.String getValue()>();
return v;
}
private java.lang.String getIdTokenString(com.nimbusds.openid.connect.sdk.OIDCTokenResponse) throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
{
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.jwt.JWT v;
com.nimbusds.openid.connect.sdk.OIDCTokenResponse v;
java.lang.String v;
com.nimbusds.openid.connect.sdk.token.OIDCTokens v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.OIDCTokenResponse: com.nimbusds.openid.connect.sdk.token.OIDCTokens getOIDCTokens()>();
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.token.OIDCTokens: com.nimbusds.jwt.JWT getIDToken()>();
specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet validateIdToken(com.nimbusds.jwt.JWT)>(v);
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.token.OIDCTokens: java.lang.String getIDTokenString()>();
return v;
}
private void validateAccessToken(com.nimbusds.openid.connect.sdk.token.OIDCTokens) throws java.lang.Exception
{
java.lang.Throwable v;
com.nimbusds.oauth.sdk.token.AccessToken v;
com.nimbusds.jwt.JWTClaimsSet v;
com.nimbusds.jose.JWSAlgorithm v;
com.nimbusds.openid.connect.sdk.token.OIDCTokens v;
java.lang.Exception v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.jwt.JWT v;
java.lang.String v, v, v;
com.nimbusds.openid.connect.sdk.claims.AccessTokenHash v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.openid.connect.sdk.token.OIDCTokens;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.token.OIDCTokens: com.nimbusds.oauth.sdk.token.AccessToken getAccessToken()>();
v = specialinvoke v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.jose.JWSAlgorithm extractJwsAlgorithm()>();
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.token.OIDCTokens: com.nimbusds.jwt.JWT getIDToken()>();
v = interfaceinvoke v.<com.nimbusds.jwt.JWT: com.nimbusds.jwt.JWTClaimsSet getJWTClaimsSet()>();
v = virtualinvoke v.<com.nimbusds.jwt.JWTClaimsSet: java.lang.String getStringClaim(java.lang.String)>("at_hash");
v = new com.nimbusds.openid.connect.sdk.claims.AccessTokenHash;
specialinvoke v.<com.nimbusds.openid.connect.sdk.claims.AccessTokenHash: void <init>(java.lang.String)>(v);
label:
staticinvoke <com.nimbusds.openid.connect.sdk.validators.AccessTokenValidator: void validate(com.nimbusds.oauth.sdk.token.AccessToken,com.nimbusds.jose.JWSAlgorithm,com.nimbusds.openid.connect.sdk.claims.AccessTokenHash)>(v, v, v);
label:
goto label;
label:
v := @caughtexception;
v = new java.lang.Exception;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.validators.InvalidHashException: java.lang.String getMessage()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to validate the Access Token: \u0001");
specialinvoke v.<java.lang.Exception: void <init>(java.lang.String)>(v);
throw v;
label:
return;
catch com.nimbusds.openid.connect.sdk.validators.InvalidHashException from label to label with label;
}
private com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet validateIdToken(com.nimbusds.jwt.JWT) throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
{
java.lang.Throwable v;
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
com.nimbusds.jose.proc.BadJOSEException v;
com.nimbusds.jwt.JWT v;
com.nimbusds.openid.connect.sdk.validators.IDTokenValidator v;
java.lang.String v, v;
com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v := @parameter: com.nimbusds.jwt.JWT;
label:
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: com.nimbusds.openid.connect.sdk.validators.IDTokenValidator tokenValidator>;
v = virtualinvoke v.<com.nimbusds.openid.connect.sdk.validators.IDTokenValidator: com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet validate(com.nimbusds.jwt.JWT,com.nimbusds.openid.connect.sdk.Nonce)>(v, null);
label:
return v;
label:
v := @caughtexception;
v = new com.nimbusds.jose.proc.BadJOSEException;
v = virtualinvoke v.<com.nimbusds.jose.proc.BadJOSEException: java.lang.String getMessage()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unable to validate the ID Token: \u0001");
specialinvoke v.<com.nimbusds.jose.proc.BadJOSEException: void <init>(java.lang.String)>(v);
throw v;
catch com.nimbusds.jose.proc.BadJOSEException from label to label with label;
}
private com.nimbusds.jose.JWSAlgorithm extractJwsAlgorithm()
{
WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider v;
org.apache.nifi.registry.properties.NiFiRegistryProperties v;
com.nimbusds.jose.JWSAlgorithm v;
java.lang.String v, v;
boolean v, v;
v := @this: WEB-INF.classes.org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider;
v = v.<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.apache.nifi.registry.properties.NiFiRegistryProperties properties>;
v = virtualinvoke v.<org.apache.nifi.registry.properties.NiFiRegistryProperties: java.lang.String getOidcPreferredJwsAlgorithm()>();
v = staticinvoke <org.apache.commons.lang.StringUtils: boolean isBlank(java.lang.CharSequence)>(v);
if v == 0 goto label;
v = <com.nimbusds.jose.JWSAlgorithm: com.nimbusds.jose.JWSAlgorithm RS256>;
goto label;
label:
v = "none";
v = virtualinvoke v.<java.lang.String: boolean equalsIgnoreCase(java.lang.String)>(v);
if v == 0 goto label;
v = null;
goto label;
label:
v = staticinvoke <com.nimbusds.jose.JWSAlgorithm: com.nimbusds.jose.JWSAlgorithm parse(java.lang.String)>(v);
label:
return v;
}
static void <clinit>()
{
org.slf4j.Logger v;
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.Class)>(class "Lorg/apache/nifi/registry/web/security/authentication/oidc/StandardOidcIdentityProvider;");
<org.apache.nifi.registry.web.security.authentication.oidc.StandardOidcIdentityProvider: org.slf4j.Logger logger> = v;
return;
}
}