Example 1 with PairwiseIdentifier
use of io.jans.as.persistence.model.PairwiseIdentifier in project jans by JanssenProject.
the class PairwiseIdentifierService method findPairWiseIdentifier.
public PairwiseIdentifier findPairWiseIdentifier(String userInum, String sectorIdentifier, String clientId) throws Exception {
PairwiseIdType pairwiseIdType = PairwiseIdType.fromString(appConfiguration.getPairwiseIdType());
if (PairwiseIdType.PERSISTENT == pairwiseIdType) {
prepareBranch(userInum);
String baseDnForPairwiseIdentifiers = getBaseDnForPairwiseIdentifiers(userInum);
final Filter filter;
if (appConfiguration.isShareSubjectIdBetweenClientsWithSameSectorId()) {
Filter sectorIdentifierFilter = Filter.createEqualityFilter("jansSectorIdentifier", sectorIdentifier);
Filter userInumFilter = Filter.createEqualityFilter("jansUsrId", userInum);
filter = Filter.createANDFilter(sectorIdentifierFilter, userInumFilter);
} else {
Filter sectorIdentifierFilter = Filter.createEqualityFilter("jansSectorIdentifier", sectorIdentifier);
Filter clientIdFilter = Filter.createEqualityFilter("jansClntId", clientId);
Filter userInumFilter = Filter.createEqualityFilter("jansUsrId", userInum);
filter = Filter.createANDFilter(sectorIdentifierFilter, clientIdFilter, userInumFilter);
}
List<PairwiseIdentifier> entries = ldapEntryManager.findEntries(baseDnForPairwiseIdentifiers, PairwiseIdentifier.class, filter);
if (entries != null && !entries.isEmpty()) {
// if more then one entry then it's problem, non-deterministic behavior, id must be unique
if (entries.size() > 1) {
log.error("Found more then one pairwise identifier by sector identifier: {}" + sectorIdentifier);
for (PairwiseIdentifier pairwiseIdentifier : entries) {
log.error("PairwiseIdentifier: {}", pairwiseIdentifier);
}
}
return entries.get(0);
}
} else {
// PairwiseIdType.ALGORITHMIC
String key = appConfiguration.getPairwiseCalculationKey();
String salt = appConfiguration.getPairwiseCalculationSalt();
String localAccountId = appConfiguration.isShareSubjectIdBetweenClientsWithSameSectorId() ? userInum : userInum + clientId;
String calculatedSub = SubjectIdentifierGenerator.generatePairwiseSubjectIdentifier(sectorIdentifier, localAccountId, key, salt, appConfiguration);
PairwiseIdentifier pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifier, clientId, userInum);
pairwiseIdentifier.setId(calculatedSub);
return pairwiseIdentifier;
}
return null;
}
Also used :
PairwiseIdentifier(io.jans.as.persistence.model.PairwiseIdentifier)
Filter(io.jans.orm.search.filter.Filter)
PairwiseIdType(io.jans.as.model.common.PairwiseIdType)
Example 2 with PairwiseIdentifier
use of io.jans.as.persistence.model.PairwiseIdentifier in project jans by JanssenProject.
the class SectorIdentifierService method getSub.
public String getSub(Client client, User user, boolean isCibaGrant) {
if (user == null) {
log.trace("User is null, return blank sub");
return "";
}
if (client == null) {
log.trace("Client is null, return blank sub.");
return "";
}
final boolean isClientPairwise = SubjectType.PAIRWISE.equals(client.getSubjectType());
if (isClientPairwise) {
final String sectorIdentifierUri;
if (StringUtils.isNotBlank(client.getSectorIdentifierUri())) {
sectorIdentifierUri = client.getSectorIdentifierUri();
} else {
if (!isCibaGrant) {
sectorIdentifierUri = !ArrayUtils.isEmpty(client.getRedirectUris()) ? client.getRedirectUris()[0] : null;
} else {
if (client.getBackchannelTokenDeliveryMode() == io.jans.as.model.common.BackchannelTokenDeliveryMode.PUSH) {
sectorIdentifierUri = client.getBackchannelClientNotificationEndpoint();
} else {
sectorIdentifierUri = client.getJwksUri();
}
}
}
String userInum = user.getAttribute("inum");
try {
if (StringUtils.isNotBlank(sectorIdentifierUri)) {
String sectorIdentifier = URI.create(sectorIdentifierUri).getHost();
PairwiseIdentifier pairwiseIdentifier = pairwiseIdentifierService.findPairWiseIdentifier(userInum, sectorIdentifier, client.getClientId());
if (pairwiseIdentifier == null) {
pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifier, client.getClientId(), userInum);
pairwiseIdentifier.setId(UUID.randomUUID().toString());
pairwiseIdentifier.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(pairwiseIdentifier.getId(), userInum));
pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseIdentifier);
}
return pairwiseIdentifier.getId();
} else {
log.trace("Sector identifier uri is blank for client: " + client.getClientId());
}
} catch (Exception e) {
log.error("Failed to get sub claim. PairwiseIdentifierService failed to find pair wise identifier.", e);
return "";
}
}
String openidSubAttribute = appConfiguration.getOpenidSubAttribute();
if (Boolean.TRUE.equals(appConfiguration.getPublicSubjectIdentifierPerClientEnabled()) && StringUtils.isNotBlank(client.getAttributes().getPublicSubjectIdentifierAttribute())) {
openidSubAttribute = client.getAttributes().getPublicSubjectIdentifierAttribute();
}
if (StringHelper.equalsIgnoreCase(openidSubAttribute, "uid")) {
return user.getUserId();
}
return user.getAttribute(openidSubAttribute);
}
Also used :
PairwiseIdentifier(io.jans.as.persistence.model.PairwiseIdentifier)
Aggregations
PairwiseIdentifier (io.jans.as.persistence.model.PairwiseIdentifier)2
PairwiseIdType (io.jans.as.model.common.PairwiseIdType)1
Filter (io.jans.orm.search.filter.Filter)1
