private ErrorObject validateIdTokenClaims(
      ReadOnlyJWTClaimsSet claimsSet, SessionManager.Entry entry) {
    ErrorObject error = CommonValidator.validateBaseJwtClaims(claimsSet, TokenClass.ID_TOKEN);

    if (error == null
        && !Objects.equals(this.tenantInfo.getIssuer().getValue(), claimsSet.getIssuer())) {
      error = OAuth2Error.INVALID_REQUEST.setDescription("id_token has incorrect issuer");
    }

    if (error == null
        && entry != null
        && !Objects.equals(entry.getPersonUser().getSubject().getValue(), claimsSet.getSubject())) {
      error =
          OAuth2Error.INVALID_REQUEST.setDescription(
              "id_token subject does not match the session user");
    }

    if (error == null && claimsSet.getAudience().size() != 1) {
      error =
          OAuth2Error.INVALID_REQUEST.setDescription(
              "id_token must have a single audience value containing the client_id");
    }

    return error;
  }
 /**
  * Validate uri.
  *
  * @return true, if successful
  */
 @Override
 public final boolean validateUri() {
   LOG.trace("Start SessionResourceValidator#validateUri()");
   boolean isValid = false;
   setInvalidParameter(VtnServiceJsonConsts.URI + VtnServiceJsonConsts.SESSIONID);
   if (resource instanceof SessionResource
       && ((SessionResource) resource).getSessionId() != null
       && !((SessionResource) resource).getSessionId().isEmpty()) {
     /*
      * if (Long.parseLong(((SessionResource) resource).getSessionId() )
      * >= 0) { isValid = true; }
      */
     isValid =
         validator.isValidRange(
             ((SessionResource) resource).getSessionId(),
             VtnServiceJsonConsts.LONG_VAL_1,
             VtnServiceJsonConsts.LONG_VAL_4294967295);
     setListOpFlag(false);
   } else if (resource instanceof SessionsResource) {
     isValid = true;
     setListOpFlag(true);
   }
   LOG.trace("Complete SessionResourceValidator#validateUri()");
   return isValid;
 }
 /**
  * Validate get request Json for List Sessions API.
  *
  * @param requestBody the request Json object
  * @return true, if successful
  */
 private boolean validateGet(final JsonObject requestBody) {
   LOG.trace("Start SessionResourceValidator#validateGet()");
   boolean isValid = true;
   // validation for key: op
   setInvalidParameter(VtnServiceJsonConsts.OP);
   if (requestBody.has(VtnServiceJsonConsts.OP)
       && requestBody.getAsJsonPrimitive(VtnServiceJsonConsts.OP).getAsString() != null
       && !requestBody.getAsJsonPrimitive(VtnServiceJsonConsts.OP).getAsString().isEmpty()) {
     isValid = validator.isValidOperation(requestBody);
   }
   LOG.trace("Complete SessionResourceValidator#validateGet()");
   return isValid;
 }
 /**
  * Validate put request Json for Set Password API.
  *
  * @param requestBody the request Json object
  * @return true, if successful
  */
 private boolean validatePut(final JsonObject requestBody) {
   LOG.trace("Start UserResourceValidator#validatePut()");
   boolean isValid = false;
   // validation for password
   setInvalidParameter(VtnServiceJsonConsts.PASSWORD);
   if (requestBody.has(VtnServiceJsonConsts.PASSWORD)
       && requestBody.get(VtnServiceJsonConsts.PASSWORD) instanceof JsonObject
       && requestBody
               .get(VtnServiceJsonConsts.PASSWORD)
               .getAsJsonObject()
               .getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD)
               .getAsString()
           != null) {
     final String password =
         requestBody
             .get(VtnServiceJsonConsts.PASSWORD)
             .getAsJsonObject()
             .get(VtnServiceJsonConsts.PASSWORD)
             .getAsString();
     requestBody.remove(VtnServiceJsonConsts.PASSWORD);
     requestBody.addProperty(VtnServiceJsonConsts.PASSWORD, password);
   }
   if (requestBody.has(VtnServiceJsonConsts.PASSWORD)
       && requestBody.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString() != null
       && !requestBody
           .getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD)
           .getAsString()
           .trim()
           .isEmpty()) {
     isValid =
         validator.isValidMaxLength(
             requestBody.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString().trim(),
             VtnServiceJsonConsts.LEN_72);
   } else {
     isValid = false;
   }
   LOG.trace("Complete UserResourceValidator#validatePut()");
   return isValid;
 }
 /**
  * Validate post request Json for Create Session API
  *
  * @param requestBody the request Json object
  * @return true, if successful
  */
 private boolean validatePost(final JsonObject requestBody) {
   LOG.trace("Start SessionResourceValidator#validatePost()");
   boolean isValid = false;
   setInvalidParameter(VtnServiceJsonConsts.SESSION);
   if (requestBody.has(VtnServiceJsonConsts.SESSION)
       && requestBody.get(VtnServiceJsonConsts.SESSION).isJsonObject()) {
     final JsonObject session = requestBody.getAsJsonObject(VtnServiceJsonConsts.SESSION);
     // validation for mandatory key: password
     setInvalidParameter(VtnServiceJsonConsts.PASSWORD);
     if (session.has(VtnServiceJsonConsts.PASSWORD)
         && session.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString() != null
         && !session.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString().isEmpty()) {
       isValid =
           validator.isValidMaxLength(
               session.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString(),
               VtnServiceJsonConsts.LEN_72);
     }
     // validation for mandatory key: ipaddr
     if (isValid) {
       setInvalidParameter(VtnServiceJsonConsts.IPADDR);
       if (session.has(VtnServiceJsonConsts.IPADDR)
           && session.getAsJsonPrimitive(VtnServiceJsonConsts.IPADDR).getAsString() != null
           && !session.getAsJsonPrimitive(VtnServiceJsonConsts.IPADDR).getAsString().isEmpty()) {
         isValid =
             validator.isValidIpV4(
                 session.getAsJsonPrimitive(VtnServiceJsonConsts.IPADDR).getAsString());
       } else {
         isValid = false;
       }
     }
     // validation for key: login_name
     if (isValid) {
       setInvalidParameter(VtnServiceJsonConsts.LOGIN_NAME);
       if (session.has(VtnServiceJsonConsts.LOGIN_NAME)
           && session.getAsJsonPrimitive(VtnServiceJsonConsts.LOGIN_NAME).getAsString() != null
           && !session
               .getAsJsonPrimitive(VtnServiceJsonConsts.LOGIN_NAME)
               .getAsString()
               .isEmpty()) {
         isValid =
             validator.isValidMaxLength(
                 session.getAsJsonPrimitive(VtnServiceJsonConsts.LOGIN_NAME).getAsString(),
                 VtnServiceJsonConsts.LEN_32);
       }
     }
     // validation for key: username
     if (isValid) {
       setInvalidParameter(VtnServiceJsonConsts.USERNAME);
       if (session.has(VtnServiceJsonConsts.USERNAME)
           && session.getAsJsonPrimitive(VtnServiceJsonConsts.USERNAME).getAsString() != null
           && !session.getAsJsonPrimitive(VtnServiceJsonConsts.USERNAME).getAsString().isEmpty()) {
         isValid =
             validator.isValidMaxLength(
                 session.getAsJsonPrimitive(VtnServiceJsonConsts.USERNAME).getAsString(),
                 VtnServiceJsonConsts.LEN_32);
       } else {
         requestBody
             .getAsJsonObject(VtnServiceJsonConsts.SESSION)
             .remove(VtnServiceJsonConsts.USERNAME);
         requestBody
             .getAsJsonObject(VtnServiceJsonConsts.SESSION)
             .addProperty(VtnServiceJsonConsts.USERNAME, VtnServiceJsonConsts.OPER);
       }
     }
     // validation for key: type
     if (isValid) {
       setInvalidParameter(VtnServiceJsonConsts.TYPE);
       if (session.has(VtnServiceJsonConsts.TYPE)
           && session.getAsJsonPrimitive(VtnServiceJsonConsts.TYPE).getAsString() != null
           && !session.getAsJsonPrimitive(VtnServiceJsonConsts.TYPE).getAsString().isEmpty()) {
         isValid =
             session
                     .getAsJsonPrimitive(VtnServiceJsonConsts.TYPE)
                     .getAsString()
                     .equalsIgnoreCase(VtnServiceJsonConsts.WEBAPI)
                 || session
                     .getAsJsonPrimitive(VtnServiceJsonConsts.TYPE)
                     .getAsString()
                     .equalsIgnoreCase(VtnServiceJsonConsts.WEBUI);
       } else {
         requestBody
             .getAsJsonObject(VtnServiceJsonConsts.SESSION)
             .remove(VtnServiceJsonConsts.TYPE);
         requestBody
             .getAsJsonObject(VtnServiceJsonConsts.SESSION)
             .addProperty(VtnServiceJsonConsts.TYPE, VtnServiceJsonConsts.WEBUI);
       }
     }
     // validation for key: info
     if (isValid) {
       setInvalidParameter(VtnServiceJsonConsts.INFO);
       if (session.has(VtnServiceJsonConsts.INFO)
           && session.getAsJsonPrimitive(VtnServiceJsonConsts.INFO).getAsString() != null
           && !session.getAsJsonPrimitive(VtnServiceJsonConsts.INFO).getAsString().isEmpty()) {
         isValid =
             validator.isValidMaxLength(
                 session.getAsJsonPrimitive(VtnServiceJsonConsts.INFO).getAsString(),
                 VtnServiceJsonConsts.LEN_63);
       }
     }
   }
   LOG.trace("Complete SessionResourceValidator#validatePost()");
   return isValid;
 }