use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class PermissionTest method testAttributes.
public void testAttributes(PermissionsStore pStore, ClientStore clientStore, AdminClientStore acStore) throws Exception {
AdminClient ac = (AdminClient) acStore.create();
OA2Client c = (OA2Client) clientStore.create();
Permission p = (Permission) pStore.create();
p.setAdminID(ac.getIdentifier());
p.setClientID(c.getIdentifier());
p.setApprove(false);
pStore.save(p);
Permission p2 = (Permission) pStore.get(p.getIdentifier());
assert p2.equals(p);
p.setCreate(false);
pStore.save(p);
p2 = (Permission) pStore.get(p.getIdentifier());
assert p2.equals(p);
p.setRead(false);
pStore.save(p);
p2 = (Permission) pStore.get(p.getIdentifier());
assert p2.equals(p);
p.setDelete(false);
pStore.save(p);
p2 = (Permission) pStore.get(p.getIdentifier());
assert p2.equals(p);
p.setDelete(false);
pStore.save(p);
p2 = (Permission) pStore.get(p.getIdentifier());
assert p2.equals(p);
}
use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class OA2CertServlet method getClient.
/**
* This looks for the information about the client and checks the secret.
*
* @param req
* @return
*/
@Override
public Client getClient(HttpServletRequest req) {
String rawID = req.getParameter(CONST(CONSUMER_KEY));
String rawSecret = getFirstParameterValue(req, CLIENT_SECRET);
// According to the spec. this must be in a Basic Authz header if it is not sent as parameter
List<String> basicTokens = HeaderUtils.getAuthHeader(req, "Basic");
if (2 < basicTokens.size()) {
// too many tokens to unscramble
throw new OA2GeneralError(OA2Errors.INVALID_TOKEN, "Error: Too many authorization tokens.", HttpStatus.SC_UNAUTHORIZED);
// throw new GeneralException("Too many authorization tokens");
}
if (rawID == null) {
for (String x : basicTokens) {
try {
// Here is some detective work. We get up to TWO basic Authz headers with the id and secret.
// Since ids are valid URIs the idea here is anything that is uri must be an id and the other
// one is the secret. This also handles the case that one of these is sent as a parameter
// in the call and the other is in the header.
URI test = URI.create(x);
// be the secret.
if (test.getScheme() != null) {
rawID = x;
} else {
rawSecret = x;
}
} catch (Throwable t) {
if (rawSecret == null) {
rawSecret = x;
}
}
}
}
if (rawID == null) {
throw new UnknownClientException("No client id");
}
Identifier id = BasicIdentifier.newID(rawID);
OA2Client client = (OA2Client) getClient(id);
if (client.isPublicClient()) {
throw new GeneralException("Error: public clients not supported for this operation.");
}
if (rawSecret == null) {
throw new GeneralException("Error: No secret. request refused.");
}
if (!client.getSecret().equals(DigestUtils.shaHex(rawSecret))) {
throw new GeneralException("Error: Secret is incorrect. request refused.");
}
return client;
}
use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class OA2RegistrationServlet method addNewClient.
protected Client addNewClient(HttpServletRequest request, HttpServletResponse response, boolean fireClientEvents) throws Throwable {
OA2Client client = (OA2Client) super.addNewClient(request, response);
String rawCBs = getRequiredParam(request, CALLBACK_URI, client);
String rawRTLifetime = getParameter(request, REFRESH_TOKEN_LIFETIME);
String[] rawScopes = request.getParameterValues("chkScopes");
if (rawScopes != null) {
Collection<String> newScopes = new LinkedList<>();
boolean hasDefaultScope = false;
for (String scope : rawScopes) {
if (OA2Scopes.SCOPE_OPENID.equals(scope))
hasDefaultScope = true;
newScopes.add(scope);
}
if (!hasDefaultScope) {
// has to be there or all requests are rejected.
newScopes.add(OA2Scopes.SCOPE_OPENID);
}
client.setScopes(newScopes);
}
String issuer = getParameter(request, ISSUER_NAME);
String ldap = getParameter(request, LDAP_NAME);
if (!isEmpty(issuer)) {
client.setIssuer(issuer);
}
if (!isEmpty(ldap)) {
try {
JSON json = JSONObject.fromObject(ldap);
Collection<LDAPConfiguration> ldapConfiguration = LDAPConfigurationUtil.fromJSON(json);
client.setLdaps(ldapConfiguration);
} catch (Throwable t) {
warn("Could not parse LDAP string during client registration for \"" + client.getIdentifierString() + "\". Skipping...");
}
}
try {
URI.create(client.getHomeUri());
} catch (Throwable t) {
throw new ClientRegistrationRetryException("Error. The stated home uri is invalid: " + t.getMessage(), null, client);
}
if (rawRTLifetime == null || rawRTLifetime.length() == 0) {
// This effectively means there is no refresh token set.
// FIXES CIL-309 (partial)
client.setRtLifetime(0);
} else {
long clientRtLifetime = 0L;
boolean rtLifetimeOK = true;
if (rawRTLifetime != null && 0 < rawRTLifetime.length()) {
try {
// The value is in seconds on the form
clientRtLifetime = Long.parseLong(rawRTLifetime) * 1000;
if (clientRtLifetime < 0) {
rtLifetimeOK = false;
} else {
rtLifetimeOK = true;
}
} catch (Throwable t) {
// do nix...
rtLifetimeOK = false;
}
if (!rtLifetimeOK) {
info("Client requested illegal value for refresh token lifetime at registration of \"" + rawRTLifetime + "\"");
}
}
// FIX CIL-309 (partial)
client.setRtLifetime(Math.min(getOA2SE().getMaxClientRefreshTokenLifetime(), clientRtLifetime));
}
// Now generate the client secret. We generate this here:
byte[] bytes = new byte[getOA2SE().getClientSecretLength()];
random.nextBytes(bytes);
String secret64 = Base64.encodeBase64URLSafeString(bytes);
// we have to return this to the client registration ok page and store a hash of it internally
// so we don't have a copy of it any place but the client.
// After this is displayed the secret is actually hashed and stored.
client.setSecret(secret64);
BufferedReader br = new BufferedReader(new StringReader(rawCBs));
String x = br.readLine();
LinkedList<String> uris = new LinkedList<>();
while (x != null) {
if (!x.toLowerCase().startsWith("https:")) {
warn("Attempt to add bad callback uri for client " + client.getIdentifierString());
throw new ClientRegistrationRetryException("The callback \"" + x + "\" is not secure.", null, client);
}
// passes here means it is a uri. All we want this to do is throw an exception if needed.
URI.create(x);
uris.add(x);
// skip it.
x = br.readLine();
}
br.close();
client.setCallbackURIs(uris);
// part of CIL-359, signing ID tokens.
client.setSignTokens(true);
// CIL-414 makes the approval record here so that we can get an accurate count later.
ClientApproval approval = (ClientApproval) getOA2SE().getClientApprovalStore().create();
approval.setApproved(false);
approval.setIdentifier(client.getIdentifier());
getOA2SE().getClientApprovalStore().save(approval);
if (fireClientEvents) {
fireNewClientEvent(client);
}
return client;
}
use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class AttributeServerTest method testAttributeServerSet.
public void testAttributeServerSet(CMTestStoreProvider tp2) throws Exception {
CC cc = setupClients(tp2);
OA2ClientKeys keys = getClientKeys(tp2);
AttributeServer attributeServer = new AttributeServer(tp2.getCOSE());
JSONObject map = new JSONObject();
String random = getRandom(8);
LinkedList<String> scopes = new LinkedList<>();
scopes.add(OA2Scopes.SCOPE_PROFILE);
scopes.add(OA2Scopes.SCOPE_OPENID);
map.put(keys.name(), "new name " + random);
map.put(keys.homeURL(), "https://" + random + "/client");
map.put(keys.scopes(), scopes);
AttributeSetClientRequest req = RequestFactory.createRequest(cc.adminClient, new TypeAttribute(), new ActionSet(), cc.client, map);
AttributeClientResponse resp = (AttributeClientResponse) attributeServer.process(req);
OA2Client client = (OA2Client) resp.getClient();
assert client.getName().equals(map.get(keys.name()));
assert client.getIdentifier().equals(cc.client.getIdentifier());
assert client.getHomeUri().equals(map.get(keys.homeURL()));
assert client.getScopes().size() == scopes.size();
for (String scope : scopes) {
assert client.getScopes().contains(scope) : "returned scopes failed to contain " + scope;
}
}
use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.
the class ResponseSerializer method serialize.
protected void serialize(ListClientResponse response, HttpServletResponse servletResponse) throws IOException {
JSONArray clientIDs = new JSONArray();
if (response.getClients() != null) {
for (OA2Client client : response.getClients()) {
clientIDs.add(client.getIdentifierString());
}
}
PrintWriter pw = servletResponse.getWriter();
JSONObject json = new JSONObject();
json.put("status", 0);
json.put("content", clientIDs);
pw.println(json);
}
Aggregations