From f672f6095a5dd91d8232408620d0636a51516f75 Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Thu, 22 Dec 2022 14:22:33 +0200 Subject: [PATCH] fix(jans-auth-server): Duplicate iss and aud on introspection as jwt #3366 --- .../io/jans/as/model/jwt/JwtClaimSet.java | 22 ++++++-- .../io/jans/as/model/jwt/JwtClaimsTest.java | 50 +++++++++++++++++++ .../ws/rs/IntrospectionWebService.java | 3 ++ 3 files changed, 71 insertions(+), 4 deletions(-) create mode 100644 jans-auth-server/model/src/test/java/io/jans/as/model/jwt/JwtClaimsTest.java diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/jwt/JwtClaimSet.java b/jans-auth-server/model/src/main/java/io/jans/as/model/jwt/JwtClaimSet.java index dda6ea9c9bd..0abe45b9a0c 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/jwt/JwtClaimSet.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/jwt/JwtClaimSet.java @@ -202,11 +202,25 @@ public void setClaimObject(String key, Object value, boolean overrideValue) { } private void setClaimString(String key, Object value, boolean overrideValue) { - Object currentValue = getClaim(key); - if (overrideValue || currentValue == null) { + if (overrideValue) { setClaim(key, (String) value); - } else { - setClaim(key, Lists.newArrayList(currentValue.toString(), (String) value)); + return; + } + + Object currentValue = getClaim(key); + String valueAsString = (String) value; + + if (currentValue instanceof String) { + if (!currentValue.equals(value)) { + setClaim(key, Lists.newArrayList(currentValue.toString(), valueAsString)); + } else { + setClaim(key, (String) value); + } + } else if (currentValue instanceof List) { + List currentValueAsList = (List) currentValue; + if (!currentValueAsList.contains(valueAsString)) { + currentValueAsList.add(valueAsString); + } } } diff --git a/jans-auth-server/model/src/test/java/io/jans/as/model/jwt/JwtClaimsTest.java b/jans-auth-server/model/src/test/java/io/jans/as/model/jwt/JwtClaimsTest.java new file mode 100644 index 00000000000..6935dbd0ed8 --- /dev/null +++ b/jans-auth-server/model/src/test/java/io/jans/as/model/jwt/JwtClaimsTest.java @@ -0,0 +1,50 @@ +package io.jans.as.model.jwt; + +import com.google.common.collect.Lists; +import org.testng.annotations.Test; + +import static org.testng.Assert.assertEquals; + +/** + * @author Yuriy Z + */ +public class JwtClaimsTest { + + @Test + public void setClaimObject_whenSetSameValue_shouldNotCreateDuplicate() { + JwtClaims claims = new JwtClaims(); + claims.addAudience("client1"); + + claims.setClaimObject("aud", "client1", false); + assertEquals(claims.getClaim("aud"), "client1"); + } + + @Test + public void setClaimObject_whenSetDifferentValues_shouldCreateCorrectArray() { + JwtClaims claims = new JwtClaims(); + claims.addAudience("client1"); + + claims.setClaimObject("aud", "client2", false); + assertEquals(claims.getClaim("aud"), Lists.newArrayList("client1", "client2")); + } + + @Test + public void setClaimObject_whenSetDifferentValue_shouldCreateCorrectArray() { + JwtClaims claims = new JwtClaims(); + claims.addAudience("client1"); + + claims.setClaimObject("aud", "client2", false); + claims.setClaimObject("aud", "client3", false); + assertEquals(claims.getClaim("aud"), Lists.newArrayList("client1", "client2", "client3")); + } + + @Test + public void setClaimObject_whenSetDifferentValueWithOverride_shouldOverrideValue() { + JwtClaims claims = new JwtClaims(); + claims.addAudience("client1"); + + claims.setClaimObject("aud", "client2", false); + claims.setClaimObject("aud", "client3", true); + assertEquals(claims.getClaim("aud"), "client3"); + } +} diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/introspection/ws/rs/IntrospectionWebService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/introspection/ws/rs/IntrospectionWebService.java index 037e60f7c67..e77e08a9e5d 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/introspection/ws/rs/IntrospectionWebService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/introspection/ws/rs/IntrospectionWebService.java @@ -250,6 +250,9 @@ private String createResponseAsJwt(JSONObject response, AuthorizationGrant grant } } } + if (log.isTraceEnabled()) { + log.trace("Response before signing: {}", jwt.getClaims().toJsonString()); + } return jwtSigner.sign().toString(); }