Search in sources :

Example 1 with ResponseMode

use of io.jans.as.model.common.ResponseMode in project jans by JanssenProject.

the class ParRestWebService method requestPushedAuthorizationRequest.

@POST
@Produces({ MediaType.APPLICATION_JSON })
public Response requestPushedAuthorizationRequest(@FormParam("scope") String scope, @FormParam("response_type") String responseType, @FormParam("client_id") String clientId, @FormParam("redirect_uri") String redirectUri, @FormParam("state") String state, @FormParam("response_mode") String responseMode, @FormParam("nonce") String nonce, @FormParam("display") String display, @FormParam("prompt") String prompt, @FormParam("max_age") Integer maxAge, @FormParam("ui_locales") String uiLocales, @FormParam("id_token_hint") String idTokenHint, @FormParam("login_hint") String loginHint, @FormParam("acr_values") String acrValuesStr, @FormParam("amr_values") String amrValuesStr, @FormParam("request") String request, @FormParam("request_uri") String requestUri, @FormParam("session_id") String sessionId, @FormParam("origin_headers") String originHeaders, @FormParam("code_challenge") String codeChallenge, @FormParam("code_challenge_method") String codeChallengeMethod, @FormParam("nbf") String nbf, @FormParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) String customResponseHeaders, @FormParam("claims") String claims, @Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext) {
    try {
        errorResponseFactory.validateComponentEnabled(ComponentType.PAR);
        // it may be encoded
        scope = ServerUtil.urlDecode(scope);
        String tokenBindingHeader = httpRequest.getHeader("Sec-Token-Binding");
        // ATTENTION : please do not add more parameter in this debug method because it will not work with framework
        // there is limit of 10 parameters (hardcoded), see: org.jboss.seam.core.Interpolator#interpolate
        log.debug("Attempting to request PAR: " + "responseType = {}, clientId = {}, scope = {}, redirectUri = {}, nonce = {}, " + "state = {}, request = {}, isSecure = {}, sessionId = {}", responseType, clientId, scope, redirectUri, nonce, state, request, securityContext.isSecure(), sessionId);
        log.debug("Attempting to request PAR: " + "acrValues = {}, amrValues = {}, originHeaders = {}, codeChallenge = {}, codeChallengeMethod = {}, " + "customRespHeaders = {}, claims = {}, tokenBindingHeader = {}", acrValuesStr, amrValuesStr, originHeaders, codeChallenge, codeChallengeMethod, customResponseHeaders, claims, tokenBindingHeader);
        parValidator.validatePkce(codeChallenge, codeChallengeMethod, state);
        List<ResponseType> responseTypes = ResponseType.fromString(responseType, " ");
        ResponseMode responseModeObj = ResponseMode.getByValue(responseMode);
        Jwt requestObject = Jwt.parseSilently(request);
        clientId = getClientId(clientId, requestObject);
        Client client = authorizeRestWebServiceValidator.validateClient(clientId, state, true);
        redirectUri = getRedirectUri(redirectUri, requestObject);
        redirectUri = authorizeRestWebServiceValidator.validateRedirectUri(client, redirectUri, state, null, httpRequest, AuthorizeErrorResponseType.INVALID_REQUEST);
        RedirectUriResponse redirectUriResponse = new RedirectUriResponse(new RedirectUri(redirectUri, responseTypes, responseModeObj), state, httpRequest, errorResponseFactory);
        redirectUriResponse.setFapiCompatible(appConfiguration.isFapi());
        parValidator.validateRequestUriIsAbsent(requestUri);
        final Integer parLifetime = client.getAttributes().getParLifetime();
        final Par par = new Par();
        par.setDeletable(true);
        par.setTtl(parLifetime);
        par.setExpirationDate(Util.createExpirationDate(parLifetime));
        par.getAttributes().setScope(scope);
        par.getAttributes().setNbf(Util.parseIntegerSilently(nbf));
        par.getAttributes().setResponseType(responseType);
        par.getAttributes().setClientId(clientId);
        par.getAttributes().setRedirectUri(redirectUri);
        par.getAttributes().setState(state);
        par.getAttributes().setResponseMode(responseMode);
        par.getAttributes().setNonce(nonce);
        par.getAttributes().setDisplay(display);
        par.getAttributes().setPrompt(prompt);
        par.getAttributes().setMaxAge(maxAge);
        par.getAttributes().setUiLocales(uiLocales);
        par.getAttributes().setIdTokenHint(idTokenHint);
        par.getAttributes().setLoginHint(loginHint);
        par.getAttributes().setAcrValuesStr(acrValuesStr);
        par.getAttributes().setAmrValuesStr(amrValuesStr);
        par.getAttributes().setRequest(request);
        par.getAttributes().setRequestUri(requestUri);
        par.getAttributes().setSessionId(sessionId);
        par.getAttributes().setOriginHeaders(originHeaders);
        par.getAttributes().setCodeChallenge(codeChallenge);
        par.getAttributes().setCodeChallengeMethod(codeChallengeMethod);
        par.getAttributes().setCustomResponseHeaders(customResponseHeaders);
        par.getAttributes().setClaims(claims);
        par.getAttributes().setCustomParameters(requestParameterService.getCustomParameters(QueryStringDecoder.decode(httpRequest.getQueryString())));
        parValidator.validateRequestObject(redirectUriResponse, par, client);
        authorizeRestWebServiceValidator.validatePkce(par.getAttributes().getCodeChallenge(), redirectUriResponse);
        parService.persist(par);
        ParResponse parResponse = new ParResponse();
        parResponse.setRequestUri(ParService.toOutsideId(par.getId()));
        // set it to TTL instead of lifetime because TTL can be updated during request object validation
        parResponse.setExpiresIn(par.getTtl());
        final String responseAsString = ServerUtil.asJson(parResponse);
        log.debug("Created PAR {}", responseAsString);
        return Response.status(Response.Status.CREATED).entity(responseAsString).type(MediaType.APPLICATION_JSON_TYPE).build();
    } catch (WebApplicationException e) {
        if (e.getResponse().getStatus() == Response.Status.FOUND.getStatusCode()) {
            throw errorResponseFactory.createBadRequestException(createErrorResponseFromRedirectErrorUri(e.getResponse().getLocation()));
        }
        if (log.isErrorEnabled())
            log.error(e.getMessage(), e);
        throw e;
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
    }
}
Also used : Par(io.jans.as.persistence.model.Par) WebApplicationException(javax.ws.rs.WebApplicationException) Jwt(io.jans.as.model.jwt.Jwt) RedirectUriResponse(io.jans.as.server.service.RedirectUriResponse) RedirectUri(io.jans.as.common.util.RedirectUri) WebApplicationException(javax.ws.rs.WebApplicationException) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) ResponseMode(io.jans.as.model.common.ResponseMode) Client(io.jans.as.common.model.registration.Client) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 2 with ResponseMode

use of io.jans.as.model.common.ResponseMode in project jans by JanssenProject.

the class AuthorizeService method permissionDenied.

public void permissionDenied(final SessionId session) {
    log.trace("permissionDenied");
    invalidateSessionCookiesIfNeeded();
    if (session == null) {
        authenticationFailedSessionInvalid();
        return;
    }
    String baseRedirectUri = session.getSessionAttributes().get(AuthorizeRequestParam.REDIRECT_URI);
    String state = session.getSessionAttributes().get(AuthorizeRequestParam.STATE);
    ResponseMode responseMode = ResponseMode.fromString(session.getSessionAttributes().get(AuthorizeRequestParam.RESPONSE_MODE));
    List<ResponseType> responseType = ResponseType.fromString(session.getSessionAttributes().get(AuthorizeRequestParam.RESPONSE_TYPE), " ");
    RedirectUri redirectUri = new RedirectUri(baseRedirectUri, responseType, responseMode);
    redirectUri.parseQueryString(errorResponseFactory.getErrorAsQueryString(AuthorizeErrorResponseType.ACCESS_DENIED, state));
    // CIBA
    Map<String, String> sessionAttribute = requestParameterService.getAllowedParameters(session.getSessionAttributes());
    if (sessionAttribute.containsKey(AuthorizeRequestParam.AUTH_REQ_ID)) {
        String authReqId = sessionAttribute.get(AuthorizeRequestParam.AUTH_REQ_ID);
        CibaRequestCacheControl request = cibaRequestService.getCibaRequest(authReqId);
        if (request != null && request.getClient() != null) {
            if (request.getStatus() == CibaRequestStatus.PENDING) {
                cibaRequestService.removeCibaRequest(authReqId);
            }
            switch(request.getClient().getBackchannelTokenDeliveryMode()) {
                case POLL:
                    request.setStatus(CibaRequestStatus.DENIED);
                    request.setTokensDelivered(false);
                    cibaRequestService.update(request);
                    break;
                case PING:
                    request.setStatus(CibaRequestStatus.DENIED);
                    request.setTokensDelivered(false);
                    cibaRequestService.update(request);
                    cibaPingCallbackService.pingCallback(request.getAuthReqId(), request.getClient().getBackchannelClientNotificationEndpoint(), request.getClientNotificationToken());
                    break;
                case PUSH:
                    cibaPushErrorService.pushError(request.getAuthReqId(), request.getClient().getBackchannelClientNotificationEndpoint(), request.getClientNotificationToken(), PushErrorResponseType.ACCESS_DENIED, "The end-user denied the authorization request.");
                    break;
            }
        }
    }
    if (sessionAttribute.containsKey(DeviceAuthorizationService.SESSION_USER_CODE)) {
        processDeviceAuthDeniedResponse(sessionAttribute);
    }
    if (responseMode == ResponseMode.JWT) {
        String clientId = session.getSessionAttributes().get(AuthorizeRequestParam.CLIENT_ID);
        Client client = clientService.getClient(clientId);
        facesService.redirectToExternalURL(createJarmRedirectUri(redirectUri, client, session));
    } else
        facesService.redirectToExternalURL(redirectUri.toString());
}
Also used : ResponseMode(io.jans.as.model.common.ResponseMode) CibaRequestCacheControl(io.jans.as.server.model.common.CibaRequestCacheControl) RedirectUri(io.jans.as.common.util.RedirectUri) Client(io.jans.as.common.model.registration.Client) PushErrorResponseType(io.jans.as.model.ciba.PushErrorResponseType) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType)

Example 3 with ResponseMode

use of io.jans.as.model.common.ResponseMode in project jans by JanssenProject.

the class FapiOpenIdConfiguration method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
 *
 * @param servletRequest servlet request
 * @param httpResponse   servlet response
 */
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse httpResponse) {
    // addedforfapi
    String authFromReq = null;
    String xfapiinteractionid = null;
    String tempaccess_token = null;
    httpResponse.setContentType("application/json");
    try (PrintWriter out = httpResponse.getWriter()) {
        xfapiinteractionid = servletRequest.getHeader("x-fapi-interaction-id");
        tempaccess_token = servletRequest.getParameter("access_token");
        if ((tempaccess_token != null) && (xfapiinteractionid != null)) {
            if (tempaccess_token.startsWith("Bearer")) {
                log.info("FAPI: Authorization Bearer Token from qeury ********************************************* {}", tempaccess_token);
                log.info("FAPI: Bearler Token is not allowed.**********************************************************************.");
                httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "Bearer token in query is disallowed");
            } else
                httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "token in query is disallowed");
            log.info("FAPI: Authorization token is non-Bearer is not allowed in query*********************************************");
        }
        String clientCertAsPem = servletRequest.getHeader("X-ClientCert");
        if (clientCertAsPem != null) {
            log.info("FAPI: clientCertAsPem found*****************************************");
            log.info("FAPI: clientCertAsPem found*****************************************" + clientCertAsPem);
        } else
            log.info("FAPI: No clientCertAsPem *****************************************");
        authFromReq = servletRequest.getHeader("Authorization");
        String clientDn = null;
        Client cl = null;
        clientDn = tokenService.getClientDn(authFromReq);
        String bearerToken = tokenService.getBearerToken(authFromReq);
        X509Certificate cert = CertUtils.x509CertificateFromPem(clientCertAsPem);
        AuthorizationGrant authorizationGrant = tokenService.getBearerAuthorizationGrant(authFromReq);
        if (authorizationGrant == null) {
            log.error("FAPI: Authorization grant is null.*********************************************");
            httpResponse.sendError(httpResponse.SC_UNAUTHORIZED, "Authorization grant is null.");
        }
        if (cert == null) {
            log.debug("Failed to parse client certificate, client_dn: {}.", clientDn);
            return;
        }
        PublicKey publicKey = cert.getPublicKey();
        byte[] encodedKey = publicKey.getEncoded();
        if (clientDn != null) {
            log.info("FAPI: ClientDn from Authoirization(tokenService) *********************************************" + clientDn);
            cl = clientService.getClientByDn(clientDn);
            String tempjwks = cl.getJwks();
            if (tempjwks == null)
                log.debug("********************FAPIRS JWKS not defined for the client");
            else {
                JSONObject jsonWebKeys = new JSONObject(tempjwks);
                int matchctr = 0;
                final JSONWebKeySet keySet = JSONWebKeySet.fromJSONObject(jsonWebKeys);
                try {
                    for (JSONWebKey key : keySet.getKeys()) {
                        if (ArrayUtils.isEquals(encodedKey, cryptoProvider.getPublicKey(key.getKid(), jsonWebKeys, null).getEncoded())) {
                            matchctr += 1;
                            log.debug("********************************Client {} authenticated via `self_signed_tls_client_auth`, matched kid: {}.", cl.getClientId(), key.getKid());
                        }
                    }
                    if (matchctr == 0) {
                        log.error("Client certificate does not match clientId. clientId: " + cl.getClientId() + "*********************************************");
                        httpResponse.setStatus(401, "The resource owner or authorization server denied the request");
                        return;
                    }
                } catch (Exception e) {
                    log.info("Exception while keymatching****************************************************************");
                }
            }
        } else
            log.info("FAPI: ClientDn from Authoirization(tokenService) is NULL*********************************************");
        // original
        JSONObject jsonObj = new JSONObject();
        if (xfapiinteractionid != null) {
            httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
            log.info("x-fapi-interaction-id*************************=" + xfapiinteractionid);
        } else {
            xfapiinteractionid = "c770aef3-6784-41f7-8e0e-ff5f97bddb3a";
            httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
            log.info("x-fapi-interaction-id***********************=" + xfapiinteractionid);
        }
        jsonObj.put(ISSUER, appConfiguration.getIssuer());
        jsonObj.put(AUTHORIZATION_ENDPOINT, appConfiguration.getAuthorizationEndpoint());
        jsonObj.put(TOKEN_ENDPOINT, appConfiguration.getTokenEndpoint());
        jsonObj.put(REVOCATION_ENDPOINT, appConfiguration.getTokenRevocationEndpoint());
        jsonObj.put(SESSION_REVOCATION_ENDPOINT, endpointUrl("/revoke_session"));
        jsonObj.put(USER_INFO_ENDPOINT, appConfiguration.getUserInfoEndpoint());
        jsonObj.put(CLIENT_INFO_ENDPOINT, appConfiguration.getClientInfoEndpoint());
        jsonObj.put(CHECK_SESSION_IFRAME, appConfiguration.getCheckSessionIFrame());
        jsonObj.put(END_SESSION_ENDPOINT, appConfiguration.getEndSessionEndpoint());
        jsonObj.put(JWKS_URI, appConfiguration.getJwksUri());
        jsonObj.put(REGISTRATION_ENDPOINT, appConfiguration.getRegistrationEndpoint());
        jsonObj.put(ID_GENERATION_ENDPOINT, appConfiguration.getIdGenerationEndpoint());
        jsonObj.put(INTROSPECTION_ENDPOINT, appConfiguration.getIntrospectionEndpoint());
        jsonObj.put(PAR_ENDPOINT, appConfiguration.getParEndpoint());
        jsonObj.put(REQUIRE_PAR, appConfiguration.getRequirePar());
        JSONArray responseTypesSupported = new JSONArray();
        for (Set<ResponseType> responseTypes : appConfiguration.getResponseTypesSupported()) {
            responseTypesSupported.put(implode(responseTypes, " "));
        }
        if (responseTypesSupported.length() > 0) {
            jsonObj.put(RESPONSE_TYPES_SUPPORTED, responseTypesSupported);
        }
        JSONArray responseModesSupported = new JSONArray();
        if (appConfiguration.getResponseModesSupported() != null) {
            for (ResponseMode responseMode : appConfiguration.getResponseModesSupported()) {
                responseModesSupported.put(responseMode);
            }
        }
        if (responseModesSupported.length() > 0) {
            jsonObj.put(RESPONSE_MODES_SUPPORTED, responseModesSupported);
        }
        JSONArray grantTypesSupported = new JSONArray();
        for (GrantType grantType : appConfiguration.getGrantTypesSupported()) {
            grantTypesSupported.put(grantType);
        }
        if (grantTypesSupported.length() > 0) {
            jsonObj.put(GRANT_TYPES_SUPPORTED, grantTypesSupported);
        }
        JSONArray acrValuesSupported = new JSONArray();
        for (String acr : externalAuthenticationService.getAcrValuesList()) {
            acrValuesSupported.put(acr);
        }
        jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported);
        jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping());
        JSONArray subjectTypesSupported = new JSONArray();
        for (String subjectType : appConfiguration.getSubjectTypesSupported()) {
            subjectTypesSupported.put(subjectType);
        }
        if (subjectTypesSupported.length() > 0) {
            jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported);
        }
        JSONArray userInfoSigningAlgValuesSupported = new JSONArray();
        for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) {
            userInfoSigningAlgValuesSupported.put(userInfoSigningAlg);
        }
        if (userInfoSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported);
        }
        JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray();
        for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) {
            userInfoEncryptionAlgValuesSupported.put(userInfoEncryptionAlg);
        }
        if (userInfoEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
        }
        JSONArray userInfoEncryptionEncValuesSupported = new JSONArray();
        for (String userInfoEncryptionEnc : appConfiguration.getUserInfoEncryptionEncValuesSupported()) {
            userInfoEncryptionEncValuesSupported.put(userInfoEncryptionEnc);
        }
        if (userInfoEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
        }
        JSONArray idTokenSigningAlgValuesSupported = new JSONArray();
        for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) {
            idTokenSigningAlgValuesSupported.put(idTokenSigningAlg);
        }
        if (idTokenSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported);
        }
        JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray();
        for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) {
            idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg);
        }
        if (idTokenEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported);
        }
        JSONArray idTokenEncryptionEncValuesSupported = new JSONArray();
        for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) {
            idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc);
        }
        if (idTokenEncryptionEncValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported);
        }
        JSONArray requestObjectSigningAlgValuesSupported = new JSONArray();
        for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) {
            requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg);
        }
        if (requestObjectSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported);
        }
        JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray();
        for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) {
            requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg);
        }
        if (requestObjectEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported);
        }
        JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray();
        for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) {
            requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc);
        }
        if (requestObjectEncryptionEncValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported);
        }
        JSONArray tokenEndpointAuthMethodsSupported = new JSONArray();
        for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) {
            tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod);
        }
        if (tokenEndpointAuthMethodsSupported.length() > 0) {
            jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported);
        }
        JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray();
        for (String tokenEndpointAuthSigningAlg : appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported()) {
            tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg);
        }
        if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, tokenEndpointAuthSigningAlgValuesSupported);
        }
        JSONArray displayValuesSupported = new JSONArray();
        for (String display : appConfiguration.getDisplayValuesSupported()) {
            displayValuesSupported.put(display);
        }
        if (displayValuesSupported.length() > 0) {
            jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported);
        }
        JSONArray claimTypesSupported = new JSONArray();
        for (String claimType : appConfiguration.getClaimTypesSupported()) {
            claimTypesSupported.put(claimType);
        }
        if (claimTypesSupported.length() > 0) {
            jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported);
        }
        jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation());
        JSONArray idTokenTokenBindingCnfValuesSupported = new JSONArray();
        for (String value : appConfiguration.getIdTokenTokenBindingCnfValuesSupported()) {
            idTokenTokenBindingCnfValuesSupported.put(value);
        }
        jsonObj.put(ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED, idTokenTokenBindingCnfValuesSupported);
        JSONArray claimsLocalesSupported = new JSONArray();
        for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) {
            claimsLocalesSupported.put(claimLocale);
        }
        if (claimsLocalesSupported.length() > 0) {
            jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported);
        }
        JSONArray uiLocalesSupported = new JSONArray();
        for (String uiLocale : appConfiguration.getUiLocalesSupported()) {
            uiLocalesSupported.put(uiLocale);
        }
        if (uiLocalesSupported.length() > 0) {
            jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported);
        }
        JSONArray scopesSupported = new JSONArray();
        JSONArray claimsSupported = new JSONArray();
        JSONArray scopeToClaimsMapping = createScopeToClaimsMapping(scopesSupported, claimsSupported);
        if (scopesSupported.length() > 0) {
            jsonObj.put(SCOPES_SUPPORTED, scopesSupported);
        }
        if (claimsSupported.length() > 0) {
            jsonObj.put(CLAIMS_SUPPORTED, claimsSupported);
        }
        jsonObj.put(SCOPE_TO_CLAIMS_MAPPING, scopeToClaimsMapping);
        jsonObj.put(CLAIMS_PARAMETER_SUPPORTED, appConfiguration.getClaimsParameterSupported());
        jsonObj.put(REQUEST_PARAMETER_SUPPORTED, appConfiguration.getRequestParameterSupported());
        jsonObj.put(REQUEST_URI_PARAMETER_SUPPORTED, appConfiguration.getRequestUriParameterSupported());
        jsonObj.put(REQUIRE_REQUEST_URI_REGISTRATION, appConfiguration.getRequireRequestUriRegistration());
        jsonObj.put(OP_POLICY_URI, appConfiguration.getOpPolicyUri());
        jsonObj.put(OP_TOS_URI, appConfiguration.getOpTosUri());
        jsonObj.put(TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, Boolean.TRUE);
        jsonObj.put(BACKCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
        jsonObj.put(BACKCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONTCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED, appConfiguration.getFrontChannelLogoutSessionSupported());
        cibaConfigurationService.processConfiguration(jsonObj);
        out.println(ServerUtil.toPrettyJson(jsonObj).replace("\\/", "/"));
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
}
Also used : JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) PublicKey(java.security.PublicKey) JSONArray(org.json.JSONArray) GrantType(io.jans.as.model.common.GrantType) X509Certificate(java.security.cert.X509Certificate) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) ResponseType(io.jans.as.model.common.ResponseType) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JSONObject(org.json.JSONObject) ResponseMode(io.jans.as.model.common.ResponseMode) Client(io.jans.as.common.model.registration.Client) AuthorizationGrant(io.jans.as.server.model.common.AuthorizationGrant) PrintWriter(java.io.PrintWriter)

Example 4 with ResponseMode

use of io.jans.as.model.common.ResponseMode in project jans by JanssenProject.

the class OpenIdConfiguration method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param servletRequest servlet request
 * @param httpResponse   servlet response
 * @throws IOException
 */
@SuppressWarnings("deprecation")
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse httpResponse) throws IOException {
    if (!(externalAuthenticationService.isLoaded() && externalDynamicScopeService.isLoaded())) {
        httpResponse.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
        log.error("Jans Auth still starting up!");
        return;
    }
    httpResponse.setContentType("application/json");
    try (PrintWriter out = httpResponse.getWriter()) {
        final JSONObject cachedResponse = localResponseCache.getDiscoveryResponse();
        if (cachedResponse != null) {
            log.trace("Cached discovery response returned.");
            out.println(ServerUtil.toPrettyJson(cachedResponse).replace("\\/", "/"));
            return;
        }
        JSONObject jsonObj = new JSONObject();
        jsonObj.put(ISSUER, appConfiguration.getIssuer());
        jsonObj.put(AUTHORIZATION_ENDPOINT, appConfiguration.getAuthorizationEndpoint());
        jsonObj.put(TOKEN_ENDPOINT, appConfiguration.getTokenEndpoint());
        jsonObj.put(JWKS_URI, appConfiguration.getJwksUri());
        jsonObj.put(CHECK_SESSION_IFRAME, appConfiguration.getCheckSessionIFrame());
        if (appConfiguration.isEnabledComponent(ComponentType.REVOKE_TOKEN))
            jsonObj.put(REVOCATION_ENDPOINT, appConfiguration.getTokenRevocationEndpoint());
        if (appConfiguration.isEnabledComponent(ComponentType.REVOKE_SESSION))
            jsonObj.put(SESSION_REVOCATION_ENDPOINT, endpointUrl("/revoke_session"));
        if (appConfiguration.isEnabledComponent(ComponentType.USERINFO))
            jsonObj.put(USER_INFO_ENDPOINT, appConfiguration.getUserInfoEndpoint());
        if (appConfiguration.isEnabledComponent(ComponentType.CLIENTINFO))
            jsonObj.put(CLIENT_INFO_ENDPOINT, appConfiguration.getClientInfoEndpoint());
        if (appConfiguration.isEnabledComponent(ComponentType.END_SESSION))
            jsonObj.put(END_SESSION_ENDPOINT, appConfiguration.getEndSessionEndpoint());
        if (appConfiguration.isEnabledComponent(ComponentType.REGISTRATION))
            jsonObj.put(REGISTRATION_ENDPOINT, appConfiguration.getRegistrationEndpoint());
        if (appConfiguration.isEnabledComponent(ComponentType.ID_GENERATION))
            jsonObj.put(ID_GENERATION_ENDPOINT, appConfiguration.getIdGenerationEndpoint());
        if (appConfiguration.isEnabledComponent(ComponentType.INTROSPECTION))
            jsonObj.put(INTROSPECTION_ENDPOINT, appConfiguration.getIntrospectionEndpoint());
        if (appConfiguration.isEnabledComponent(ComponentType.DEVICE_AUTHZ))
            jsonObj.put(DEVICE_AUTHZ_ENDPOINT, appConfiguration.getDeviceAuthzEndpoint());
        if (appConfiguration.isEnabledComponent(ComponentType.PAR)) {
            jsonObj.put(PAR_ENDPOINT, appConfiguration.getParEndpoint());
            jsonObj.put(REQUIRE_PAR, appConfiguration.getRequirePar());
        }
        JSONArray responseTypesSupported = new JSONArray();
        for (Set<ResponseType> responseTypes : appConfiguration.getResponseTypesSupported()) {
            responseTypesSupported.put(implode(responseTypes, " "));
        }
        if (responseTypesSupported.length() > 0) {
            jsonObj.put(RESPONSE_TYPES_SUPPORTED, responseTypesSupported);
        }
        JSONArray responseModesSupported = new JSONArray();
        if (appConfiguration.getResponseModesSupported() != null) {
            for (ResponseMode responseMode : appConfiguration.getResponseModesSupported()) {
                responseModesSupported.put(responseMode);
            }
        }
        if (responseModesSupported.length() > 0) {
            jsonObj.put(RESPONSE_MODES_SUPPORTED, responseModesSupported);
        }
        JSONArray grantTypesSupported = new JSONArray();
        for (GrantType grantType : appConfiguration.getGrantTypesSupported()) {
            grantTypesSupported.put(grantType);
        }
        if (grantTypesSupported.length() > 0) {
            jsonObj.put(GRANT_TYPES_SUPPORTED, grantTypesSupported);
        }
        JSONArray acrValuesSupported = new JSONArray();
        for (String acr : externalAuthenticationService.getAcrValuesList()) {
            acrValuesSupported.put(acr);
        }
        jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported);
        jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping());
        JSONArray subjectTypesSupported = new JSONArray();
        for (String subjectType : appConfiguration.getSubjectTypesSupported()) {
            subjectTypesSupported.put(subjectType);
        }
        if (subjectTypesSupported.length() > 0) {
            jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported);
        }
        JSONArray authorizationSigningAlgValuesSupported = new JSONArray();
        for (String authorizationSigningAlg : appConfiguration.getAuthorizationSigningAlgValuesSupported()) {
            authorizationSigningAlgValuesSupported.put(authorizationSigningAlg);
        }
        if (!authorizationSigningAlgValuesSupported.isEmpty()) {
            jsonObj.put(AUTHORIZATION_SIGNING_ALG_VALUES_SUPPORTED, authorizationSigningAlgValuesSupported);
        }
        JSONArray authorizationEncryptionAlgValuesSupported = new JSONArray();
        for (String authorizationEncryptionAlg : appConfiguration.getAuthorizationEncryptionAlgValuesSupported()) {
            authorizationEncryptionAlgValuesSupported.put(authorizationEncryptionAlg);
        }
        if (!authorizationEncryptionAlgValuesSupported.isEmpty()) {
            jsonObj.put(AUTHORIZATION_ENCRYPTION_ALG_VALUES_SUPPORTED, authorizationEncryptionAlgValuesSupported);
        }
        JSONArray authorizationEncryptionEncValuesSupported = new JSONArray();
        for (String authorizationEncyptionEnc : appConfiguration.getAuthorizationEncryptionEncValuesSupported()) {
            authorizationEncryptionEncValuesSupported.put(authorizationEncyptionEnc);
        }
        if (!authorizationEncryptionEncValuesSupported.isEmpty()) {
            jsonObj.put(AUTHORIZATION_ENCRYPTION_ENC_VALUES_SUPPORTED, authorizationEncryptionEncValuesSupported);
        }
        JSONArray userInfoSigningAlgValuesSupported = new JSONArray();
        for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) {
            userInfoSigningAlgValuesSupported.put(userInfoSigningAlg);
        }
        if (userInfoSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported);
        }
        JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray();
        for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) {
            userInfoEncryptionAlgValuesSupported.put(userInfoEncryptionAlg);
        }
        if (userInfoEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
        }
        JSONArray userInfoEncryptionEncValuesSupported = new JSONArray();
        for (String userInfoEncryptionEnc : appConfiguration.getUserInfoEncryptionEncValuesSupported()) {
            userInfoEncryptionEncValuesSupported.put(userInfoEncryptionEnc);
        }
        if (userInfoEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
        }
        JSONArray idTokenSigningAlgValuesSupported = new JSONArray();
        for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) {
            idTokenSigningAlgValuesSupported.put(idTokenSigningAlg);
        }
        if (idTokenSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported);
        }
        JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray();
        for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) {
            idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg);
        }
        if (idTokenEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported);
        }
        JSONArray idTokenEncryptionEncValuesSupported = new JSONArray();
        for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) {
            idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc);
        }
        if (idTokenEncryptionEncValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported);
        }
        JSONArray requestObjectSigningAlgValuesSupported = new JSONArray();
        for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) {
            requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg);
        }
        if (requestObjectSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported);
        }
        JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray();
        for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) {
            requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg);
        }
        if (requestObjectEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported);
        }
        JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray();
        for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) {
            requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc);
        }
        if (requestObjectEncryptionEncValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported);
        }
        JSONArray tokenEndpointAuthMethodsSupported = new JSONArray();
        for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) {
            tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod);
        }
        if (tokenEndpointAuthMethodsSupported.length() > 0) {
            jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported);
        }
        JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray();
        for (String tokenEndpointAuthSigningAlg : appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported()) {
            tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg);
        }
        if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, tokenEndpointAuthSigningAlgValuesSupported);
        }
        JSONArray dpopSigningAlgValuesSupported = new JSONArray();
        for (String dpopSigningAlg : appConfiguration.getDpopSigningAlgValuesSupported()) {
            dpopSigningAlgValuesSupported.put(dpopSigningAlg);
        }
        if (dpopSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(DPOP_SIGNING_ALG_VALUES_SUPPORTED, dpopSigningAlgValuesSupported);
        }
        JSONArray displayValuesSupported = new JSONArray();
        for (String display : appConfiguration.getDisplayValuesSupported()) {
            displayValuesSupported.put(display);
        }
        if (displayValuesSupported.length() > 0) {
            jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported);
        }
        JSONArray claimTypesSupported = new JSONArray();
        for (String claimType : appConfiguration.getClaimTypesSupported()) {
            claimTypesSupported.put(claimType);
        }
        if (claimTypesSupported.length() > 0) {
            jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported);
        }
        jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation());
        JSONArray idTokenTokenBindingCnfValuesSupported = new JSONArray();
        for (String value : appConfiguration.getIdTokenTokenBindingCnfValuesSupported()) {
            idTokenTokenBindingCnfValuesSupported.put(value);
        }
        jsonObj.put(ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED, idTokenTokenBindingCnfValuesSupported);
        JSONArray claimsLocalesSupported = new JSONArray();
        for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) {
            claimsLocalesSupported.put(claimLocale);
        }
        if (claimsLocalesSupported.length() > 0) {
            jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported);
        }
        JSONArray uiLocalesSupported = new JSONArray();
        for (String uiLocale : appConfiguration.getUiLocalesSupported()) {
            uiLocalesSupported.put(uiLocale);
        }
        if (uiLocalesSupported.length() > 0) {
            jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported);
        }
        JSONArray scopesSupported = new JSONArray();
        JSONArray claimsSupported = new JSONArray();
        JSONArray scopeToClaimsMapping = createScopeToClaimsMapping(scopesSupported, claimsSupported);
        if (scopesSupported.length() > 0) {
            jsonObj.put(SCOPES_SUPPORTED, scopesSupported);
        }
        if (claimsSupported.length() > 0) {
            jsonObj.put(CLAIMS_SUPPORTED, claimsSupported);
        }
        jsonObj.put(SCOPE_TO_CLAIMS_MAPPING, scopeToClaimsMapping);
        jsonObj.put(CLAIMS_PARAMETER_SUPPORTED, appConfiguration.getClaimsParameterSupported());
        jsonObj.put(REQUEST_PARAMETER_SUPPORTED, appConfiguration.getRequestParameterSupported());
        jsonObj.put(REQUEST_URI_PARAMETER_SUPPORTED, appConfiguration.getRequestUriParameterSupported());
        jsonObj.put(REQUIRE_REQUEST_URI_REGISTRATION, appConfiguration.getRequireRequestUriRegistration());
        jsonObj.put(OP_POLICY_URI, appConfiguration.getOpPolicyUri());
        jsonObj.put(OP_TOS_URI, appConfiguration.getOpTosUri());
        jsonObj.put(TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, Boolean.TRUE);
        jsonObj.put(BACKCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
        jsonObj.put(BACKCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONTCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED, appConfiguration.getFrontChannelLogoutSessionSupported());
        addMtlsAliases(jsonObj);
        // CIBA Configuration
        cibaConfigurationService.processConfiguration(jsonObj);
        filterOutKeys(jsonObj);
        localResponseCache.putDiscoveryResponse(jsonObj);
        JSONObject clone = new JSONObject(jsonObj.toString());
        ExecutionContext context = new ExecutionContext(servletRequest, httpResponse);
        if (!externalDiscoveryService.modifyDiscovery(jsonObj, context)) {
            // revert to original state if object was modified in script
            jsonObj = clone;
        }
        out.println(ServerUtil.toPrettyJson(jsonObj).replace("\\/", "/"));
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
}
Also used : ExecutionContext(io.jans.as.server.model.common.ExecutionContext) JSONObject(org.json.JSONObject) ResponseMode(io.jans.as.model.common.ResponseMode) JSONArray(org.json.JSONArray) GrantType(io.jans.as.model.common.GrantType) IOException(java.io.IOException) PrintWriter(java.io.PrintWriter) ResponseType(io.jans.as.model.common.ResponseType)

Aggregations

ResponseMode (io.jans.as.model.common.ResponseMode)4 ResponseType (io.jans.as.model.common.ResponseType)4 Client (io.jans.as.common.model.registration.Client)3 RedirectUri (io.jans.as.common.util.RedirectUri)2 AuthorizeErrorResponseType (io.jans.as.model.authorize.AuthorizeErrorResponseType)2 GrantType (io.jans.as.model.common.GrantType)2 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 JSONArray (org.json.JSONArray)2 JSONObject (org.json.JSONObject)2 PushErrorResponseType (io.jans.as.model.ciba.PushErrorResponseType)1 JSONWebKey (io.jans.as.model.jwk.JSONWebKey)1 JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)1 Jwt (io.jans.as.model.jwt.Jwt)1 Par (io.jans.as.persistence.model.Par)1 AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)1 CibaRequestCacheControl (io.jans.as.server.model.common.CibaRequestCacheControl)1 ExecutionContext (io.jans.as.server.model.common.ExecutionContext)1 RedirectUriResponse (io.jans.as.server.service.RedirectUriResponse)1 PublicKey (java.security.PublicKey)1