public class org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory extends java.lang.Object implements org.springframework.security.oauth.jwt.JwtDecoderFactory
{
private static final java.lang.String MISSING_SIGNATURE_VERIFIER_ERROR_CODE;
private static final java.lang.String UNSPECIFIED_ERROR_URI;
private static final org.springframework.security.oauth.jose.jws.JwsAlgorithm DEFAULT_JWS_ALGORITHM;
private static final java.util.Map SECRET_KEY_ALGORITHMS;
private static final org.springframework.security.oauth.core.converter.ClaimTypeConverter DEFAULT_CLAIM_TYPE_CONVERTER;
private final java.util.Map jwtDecoders;
private final org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm;
private final org.springframework.web.client.RestOperations restOperations;
public void <init>(java.lang.String, org.springframework.web.client.RestOperations)
{
org.springframework.security.oauth.jose.jws.JwsAlgorithm v;
java.util.concurrent.ConcurrentHashMap v;
java.lang.Object v;
org.springframework.web.client.RestOperations v;
java.lang.String v;
org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory v;
v := @this: org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory;
v := @parameter: java.lang.String;
v := @parameter: org.springframework.web.client.RestOperations;
specialinvoke v.<java.lang.Object: void <init>()>();
v = new java.util.concurrent.ConcurrentHashMap;
specialinvoke v.<java.util.concurrent.ConcurrentHashMap: void <init>()>();
v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: java.util.Map jwtDecoders> = v;
v = specialinvoke v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm getJwsAlgorithm(java.lang.String)>(v);
v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm> = v;
v = staticinvoke <java.util.Objects: java.lang.Object requireNonNull(java.lang.Object,java.lang.String)>(v, "REST Operations required");
v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.web.client.RestOperations restOperations> = v;
return;
}
public org.springframework.security.oauth.jwt.JwtDecoder createDecoder(org.springframework.security.oauth.client.registration.ClientRegistration)
{
java.util.Map v;
java.lang.Object v;
java.lang.String v;
org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory v;
java.util.function.Function v;
org.springframework.security.oauth.client.registration.ClientRegistration v;
v := @this: org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory;
v := @parameter: org.springframework.security.oauth.client.registration.ClientRegistration;
staticinvoke <java.util.Objects: java.lang.Object requireNonNull(java.lang.Object,java.lang.String)>(v, "Client Registration required");
v = virtualinvoke v.<org.springframework.security.oauth.client.registration.ClientRegistration: java.lang.String getRegistrationId()>();
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: java.util.Map jwtDecoders>;
v = staticinvoke <org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory$lambda_createDecoder_0__22: java.util.function.Function bootstrap$(org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory,org.springframework.security.oauth.client.registration.ClientRegistration)>(v, v);
v = interfaceinvoke v.<java.util.Map: java.lang.Object computeIfAbsent(java.lang.Object,java.util.function.Function)>(v, v);
return v;
}
private org.springframework.security.oauth.jwt.NimbusJwtDecoder buildDecoder(org.springframework.security.oauth.client.registration.ClientRegistration)
{
byte[] v;
org.springframework.security.oauth.jwt.NimbusJwtDecoder v;
javax.crypto.spec.SecretKeySpec v;
java.util.Map v;
boolean v, v, v, v;
org.springframework.security.oauth.core.OAuth2AuthenticationException v, v, v;
org.springframework.security.oauth.client.registration.ClientRegistration v;
org.springframework.security.oauth.client.registration.ClientRegistration$ProviderDetails v;
java.lang.Object[] v, v, v;
org.springframework.security.oauth.jwt.NimbusJwtDecoder$JwkSetUriJwtDecoderBuilder v, v, v;
org.springframework.security.oauth.jose.jws.JwsAlgorithm v, v, v, v, v, v, v;
java.nio.charset.Charset v;
java.lang.String v, v, v, v, v;
org.springframework.security.oauth.jwt.NimbusJwtDecoder$SecretKeyJwtDecoderBuilder v, v;
org.springframework.web.client.RestOperations v;
org.springframework.security.oauth.core.OAuth2Error v, v, v;
java.lang.Class v, v, v;
java.lang.Object v;
org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory v;
v := @this: org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory;
v := @parameter: org.springframework.security.oauth.client.registration.ClientRegistration;
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm>;
v = virtualinvoke v.<java.lang.Object: java.lang.Class getClass()>();
v = class "Lorg/springframework/security/oauth2/jose/jws/SignatureAlgorithm;";
v = virtualinvoke v.<java.lang.Class: boolean isAssignableFrom(java.lang.Class)>(v);
if v == 0 goto label;
v = virtualinvoke v.<org.springframework.security.oauth.client.registration.ClientRegistration: org.springframework.security.oauth.client.registration.ClientRegistration$ProviderDetails getProviderDetails()>();
v = virtualinvoke v.<org.springframework.security.oauth.client.registration.ClientRegistration$ProviderDetails: java.lang.String getJwkSetUri()>();
if v == null goto label;
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v == 0 goto label;
label:
v = newarray (java.lang.Object)[1];
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm>;
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("JSON Web Key Set URI required for Signature Verifier JWS Algorithm [%s]", v);
v = specialinvoke v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.core.OAuth2Error getVerifierError(java.lang.String)>(v);
v = new org.springframework.security.oauth.core.OAuth2AuthenticationException;
specialinvoke v.<org.springframework.security.oauth.core.OAuth2AuthenticationException: void <init>(org.springframework.security.oauth.core.OAuth2Error,java.lang.String)>(v, v);
throw v;
label:
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm>;
v = staticinvoke <org.springframework.security.oauth.jwt.NimbusJwtDecoder: org.springframework.security.oauth.jwt.NimbusJwtDecoder$JwkSetUriJwtDecoderBuilder withJwkSetUri(java.lang.String)>(v);
v = virtualinvoke v.<org.springframework.security.oauth.jwt.NimbusJwtDecoder$JwkSetUriJwtDecoderBuilder: org.springframework.security.oauth.jwt.NimbusJwtDecoder$JwkSetUriJwtDecoderBuilder jwsAlgorithm(org.springframework.security.oauth.jose.jws.SignatureAlgorithm)>(v);
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.web.client.RestOperations restOperations>;
v = virtualinvoke v.<org.springframework.security.oauth.jwt.NimbusJwtDecoder$JwkSetUriJwtDecoderBuilder: org.springframework.security.oauth.jwt.NimbusJwtDecoder$JwkSetUriJwtDecoderBuilder restOperations(org.springframework.web.client.RestOperations)>(v);
v = virtualinvoke v.<org.springframework.security.oauth.jwt.NimbusJwtDecoder$JwkSetUriJwtDecoderBuilder: org.springframework.security.oauth.jwt.NimbusJwtDecoder build()>();
goto label;
label:
v = class "Lorg/springframework/security/oauth2/jose/jws/MacAlgorithm;";
v = virtualinvoke v.<java.lang.Class: boolean isAssignableFrom(java.lang.Class)>(v);
if v == 0 goto label;
v = virtualinvoke v.<org.springframework.security.oauth.client.registration.ClientRegistration: java.lang.String getClientSecret()>();
if v == null goto label;
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v == 0 goto label;
label:
v = newarray (java.lang.Object)[1];
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm>;
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("Client Secret required for MAC Verifier JWS Algorithm [%s]", v);
v = specialinvoke v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.core.OAuth2Error getVerifierError(java.lang.String)>(v);
v = new org.springframework.security.oauth.core.OAuth2AuthenticationException;
specialinvoke v.<org.springframework.security.oauth.core.OAuth2AuthenticationException: void <init>(org.springframework.security.oauth.core.OAuth2Error,java.lang.String)>(v, v);
throw v;
label:
v = <java.nio.charset.StandardCharsets: java.nio.charset.Charset UTF_8>;
v = virtualinvoke v.<java.lang.String: byte[] getBytes(java.nio.charset.Charset)>(v);
v = <org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: java.util.Map SECRET_KEY_ALGORITHMS>;
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
v = new javax.crypto.spec.SecretKeySpec;
specialinvoke v.<javax.crypto.spec.SecretKeySpec: void <init>(byte[],java.lang.String)>(v, v);
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm>;
v = staticinvoke <org.springframework.security.oauth.jwt.NimbusJwtDecoder: org.springframework.security.oauth.jwt.NimbusJwtDecoder$SecretKeyJwtDecoderBuilder withSecretKey(javax.crypto.SecretKey)>(v);
v = virtualinvoke v.<org.springframework.security.oauth.jwt.NimbusJwtDecoder$SecretKeyJwtDecoderBuilder: org.springframework.security.oauth.jwt.NimbusJwtDecoder$SecretKeyJwtDecoderBuilder macAlgorithm(org.springframework.security.oauth.jose.jws.MacAlgorithm)>(v);
v = virtualinvoke v.<org.springframework.security.oauth.jwt.NimbusJwtDecoder$SecretKeyJwtDecoderBuilder: org.springframework.security.oauth.jwt.NimbusJwtDecoder build()>();
goto label;
label:
v = newarray (java.lang.Object)[1];
v = v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm configuredJwsAlgorithm>;
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("Signature Verifier JWS Algorithm [%s] not supported", v);
v = specialinvoke v.<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.core.OAuth2Error getVerifierError(java.lang.String)>(v);
v = new org.springframework.security.oauth.core.OAuth2AuthenticationException;
specialinvoke v.<org.springframework.security.oauth.core.OAuth2AuthenticationException: void <init>(org.springframework.security.oauth.core.OAuth2Error,java.lang.String)>(v, v);
throw v;
label:
return v;
}
private org.springframework.security.oauth.core.OAuth2TokenValidator getTokenValidator(org.springframework.security.oauth.client.registration.ClientRegistration)
{
org.springframework.security.oauth.core.DelegatingOAuth2TokenValidator v;
org.springframework.security.oauth.jwt.JwtTimestampValidator v;
java.lang.Object[] v;
org.springframework.security.oauth.client.oidc.authentication.OidcIdTokenValidator v;
org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory v;
org.springframework.security.oauth.client.registration.ClientRegistration v;
v := @this: org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory;
v := @parameter: org.springframework.security.oauth.client.registration.ClientRegistration;
v = new org.springframework.security.oauth.core.DelegatingOAuth2TokenValidator;
v = newarray (org.springframework.security.oauth.core.OAuth2TokenValidator)[2];
v = new org.springframework.security.oauth.jwt.JwtTimestampValidator;
specialinvoke v.<org.springframework.security.oauth.jwt.JwtTimestampValidator: void <init>()>();
v[0] = v;
v = new org.springframework.security.oauth.client.oidc.authentication.OidcIdTokenValidator;
specialinvoke v.<org.springframework.security.oauth.client.oidc.authentication.OidcIdTokenValidator: void <init>(org.springframework.security.oauth.client.registration.ClientRegistration)>(v);
v[1] = v;
specialinvoke v.<org.springframework.security.oauth.core.DelegatingOAuth2TokenValidator: void <init>(org.springframework.security.oauth.core.OAuth2TokenValidator[])>(v);
return v;
}
private org.springframework.security.oauth.jose.jws.JwsAlgorithm getJwsAlgorithm(java.lang.String)
{
java.lang.Object[] v;
org.apache.nifi.web.security.oidc.OidcConfigurationException v;
org.springframework.security.oauth.jose.jws.MacAlgorithm v;
org.springframework.security.oauth.jose.jws.SignatureAlgorithm v;
java.lang.Object v;
java.lang.String v, v;
org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory v;
boolean v;
v := @this: org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory;
v := @parameter: java.lang.String;
if v == null goto label;
v = virtualinvoke v.<java.lang.String: boolean isEmpty()>();
if v == 0 goto label;
label:
v = <org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm DEFAULT_JWS_ALGORITHM>;
goto label;
label:
v = staticinvoke <org.springframework.security.oauth.jose.jws.MacAlgorithm: org.springframework.security.oauth.jose.jws.MacAlgorithm 'from'(java.lang.String)>(v);
if v != null goto label;
v = staticinvoke <org.springframework.security.oauth.jose.jws.SignatureAlgorithm: org.springframework.security.oauth.jose.jws.SignatureAlgorithm 'from'(java.lang.String)>(v);
if v != null goto label;
v = newarray (java.lang.Object)[1];
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("Preferred JWS Algorithm [%s] not supported", v);
v = new org.apache.nifi.web.security.oidc.OidcConfigurationException;
specialinvoke v.<org.apache.nifi.web.security.oidc.OidcConfigurationException: void <init>(java.lang.String)>(v);
throw v;
label:
v = v;
goto label;
label:
v = v;
label:
return v;
}
private org.springframework.security.oauth.core.OAuth2Error getVerifierError(java.lang.String)
{
org.springframework.security.oauth.core.OAuth2Error v;
java.lang.String v, v;
org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory v;
v := @this: org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory;
v := @parameter: java.lang.String;
v = new org.springframework.security.oauth.core.OAuth2Error;
v = <org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: java.lang.String UNSPECIFIED_ERROR_URI>;
specialinvoke v.<org.springframework.security.oauth.core.OAuth2Error: void <init>(java.lang.String,java.lang.String,java.lang.String)>("missing_signature_verifier", v, v);
return v;
}
static void <clinit>()
{
java.util.HashMap v;
org.springframework.security.oauth.jose.jws.MacAlgorithm v, v, v;
org.springframework.security.oauth.jose.jws.SignatureAlgorithm v;
java.util.Map v, v;
org.springframework.security.oauth.core.converter.ClaimTypeConverter v;
<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: java.lang.String UNSPECIFIED_ERROR_URI> = null;
v = <org.springframework.security.oauth.jose.jws.SignatureAlgorithm: org.springframework.security.oauth.jose.jws.SignatureAlgorithm RS256>;
<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.jose.jws.JwsAlgorithm DEFAULT_JWS_ALGORITHM> = v;
v = new java.util.HashMap;
specialinvoke v.<java.util.HashMap: void <init>()>();
v = <org.springframework.security.oauth.jose.jws.MacAlgorithm: org.springframework.security.oauth.jose.jws.MacAlgorithm HS256>;
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, "HmacSHA256");
v = <org.springframework.security.oauth.jose.jws.MacAlgorithm: org.springframework.security.oauth.jose.jws.MacAlgorithm HS384>;
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, "HmacSHA384");
v = <org.springframework.security.oauth.jose.jws.MacAlgorithm: org.springframework.security.oauth.jose.jws.MacAlgorithm HS512>;
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, "HmacSHA512");
v = staticinvoke <java.util.Collections: java.util.Map unmodifiableMap(java.util.Map)>(v);
<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: java.util.Map SECRET_KEY_ALGORITHMS> = v;
v = new org.springframework.security.oauth.core.converter.ClaimTypeConverter;
v = staticinvoke <org.springframework.security.oauth.client.oidc.authentication.OidcIdTokenDecoderFactory: java.util.Map createDefaultClaimTypeConverters()>();
specialinvoke v.<org.springframework.security.oauth.core.converter.ClaimTypeConverter: void <init>(java.util.Map)>(v);
<org.apache.nifi.web.security.oidc.authentication.StandardOidcIdTokenDecoderFactory: org.springframework.security.oauth.core.converter.ClaimTypeConverter DEFAULT_CLAIM_TYPE_CONVERTER> = v;
return;
}
}