use of io.jans.as.server.service.RedirectUriResponse in project jans by JanssenProject.
the class ParRestWebService method requestPushedAuthorizationRequest.
@POST
@Produces({ MediaType.APPLICATION_JSON })
public Response requestPushedAuthorizationRequest(@FormParam("scope") String scope, @FormParam("response_type") String responseType, @FormParam("client_id") String clientId, @FormParam("redirect_uri") String redirectUri, @FormParam("state") String state, @FormParam("response_mode") String responseMode, @FormParam("nonce") String nonce, @FormParam("display") String display, @FormParam("prompt") String prompt, @FormParam("max_age") Integer maxAge, @FormParam("ui_locales") String uiLocales, @FormParam("id_token_hint") String idTokenHint, @FormParam("login_hint") String loginHint, @FormParam("acr_values") String acrValuesStr, @FormParam("amr_values") String amrValuesStr, @FormParam("request") String request, @FormParam("request_uri") String requestUri, @FormParam("session_id") String sessionId, @FormParam("origin_headers") String originHeaders, @FormParam("code_challenge") String codeChallenge, @FormParam("code_challenge_method") String codeChallengeMethod, @FormParam("nbf") String nbf, @FormParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) String customResponseHeaders, @FormParam("claims") String claims, @Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext) {
try {
errorResponseFactory.validateComponentEnabled(ComponentType.PAR);
// it may be encoded
scope = ServerUtil.urlDecode(scope);
String tokenBindingHeader = httpRequest.getHeader("Sec-Token-Binding");
// ATTENTION : please do not add more parameter in this debug method because it will not work with framework
// there is limit of 10 parameters (hardcoded), see: org.jboss.seam.core.Interpolator#interpolate
log.debug("Attempting to request PAR: " + "responseType = {}, clientId = {}, scope = {}, redirectUri = {}, nonce = {}, " + "state = {}, request = {}, isSecure = {}, sessionId = {}", responseType, clientId, scope, redirectUri, nonce, state, request, securityContext.isSecure(), sessionId);
log.debug("Attempting to request PAR: " + "acrValues = {}, amrValues = {}, originHeaders = {}, codeChallenge = {}, codeChallengeMethod = {}, " + "customRespHeaders = {}, claims = {}, tokenBindingHeader = {}", acrValuesStr, amrValuesStr, originHeaders, codeChallenge, codeChallengeMethod, customResponseHeaders, claims, tokenBindingHeader);
parValidator.validatePkce(codeChallenge, codeChallengeMethod, state);
List<ResponseType> responseTypes = ResponseType.fromString(responseType, " ");
ResponseMode responseModeObj = ResponseMode.getByValue(responseMode);
Jwt requestObject = Jwt.parseSilently(request);
clientId = getClientId(clientId, requestObject);
Client client = authorizeRestWebServiceValidator.validateClient(clientId, state, true);
redirectUri = getRedirectUri(redirectUri, requestObject);
redirectUri = authorizeRestWebServiceValidator.validateRedirectUri(client, redirectUri, state, null, httpRequest, AuthorizeErrorResponseType.INVALID_REQUEST);
RedirectUriResponse redirectUriResponse = new RedirectUriResponse(new RedirectUri(redirectUri, responseTypes, responseModeObj), state, httpRequest, errorResponseFactory);
redirectUriResponse.setFapiCompatible(appConfiguration.isFapi());
parValidator.validateRequestUriIsAbsent(requestUri);
final Integer parLifetime = client.getAttributes().getParLifetime();
final Par par = new Par();
par.setDeletable(true);
par.setTtl(parLifetime);
par.setExpirationDate(Util.createExpirationDate(parLifetime));
par.getAttributes().setScope(scope);
par.getAttributes().setNbf(Util.parseIntegerSilently(nbf));
par.getAttributes().setResponseType(responseType);
par.getAttributes().setClientId(clientId);
par.getAttributes().setRedirectUri(redirectUri);
par.getAttributes().setState(state);
par.getAttributes().setResponseMode(responseMode);
par.getAttributes().setNonce(nonce);
par.getAttributes().setDisplay(display);
par.getAttributes().setPrompt(prompt);
par.getAttributes().setMaxAge(maxAge);
par.getAttributes().setUiLocales(uiLocales);
par.getAttributes().setIdTokenHint(idTokenHint);
par.getAttributes().setLoginHint(loginHint);
par.getAttributes().setAcrValuesStr(acrValuesStr);
par.getAttributes().setAmrValuesStr(amrValuesStr);
par.getAttributes().setRequest(request);
par.getAttributes().setRequestUri(requestUri);
par.getAttributes().setSessionId(sessionId);
par.getAttributes().setOriginHeaders(originHeaders);
par.getAttributes().setCodeChallenge(codeChallenge);
par.getAttributes().setCodeChallengeMethod(codeChallengeMethod);
par.getAttributes().setCustomResponseHeaders(customResponseHeaders);
par.getAttributes().setClaims(claims);
par.getAttributes().setCustomParameters(requestParameterService.getCustomParameters(QueryStringDecoder.decode(httpRequest.getQueryString())));
parValidator.validateRequestObject(redirectUriResponse, par, client);
authorizeRestWebServiceValidator.validatePkce(par.getAttributes().getCodeChallenge(), redirectUriResponse);
parService.persist(par);
ParResponse parResponse = new ParResponse();
parResponse.setRequestUri(ParService.toOutsideId(par.getId()));
// set it to TTL instead of lifetime because TTL can be updated during request object validation
parResponse.setExpiresIn(par.getTtl());
final String responseAsString = ServerUtil.asJson(parResponse);
log.debug("Created PAR {}", responseAsString);
return Response.status(Response.Status.CREATED).entity(responseAsString).type(MediaType.APPLICATION_JSON_TYPE).build();
} catch (WebApplicationException e) {
if (e.getResponse().getStatus() == Response.Status.FOUND.getStatusCode()) {
throw errorResponseFactory.createBadRequestException(createErrorResponseFromRedirectErrorUri(e.getResponse().getLocation()));
}
if (log.isErrorEnabled())
log.error(e.getMessage(), e);
throw e;
} catch (Exception e) {
log.error(e.getMessage(), e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
}
}
use of io.jans.as.server.service.RedirectUriResponse in project jans by JanssenProject.
the class JwtAuthorizationRequest method queryRequest.
@Nullable
private static String queryRequest(@Nullable String requestUri, @Nullable RedirectUriResponse redirectUriResponse, AppConfiguration appConfiguration) {
if (StringUtils.isBlank(requestUri)) {
return null;
}
boolean validRequestUri = false;
try {
URI reqUri = new URI(requestUri);
String reqUriHash = reqUri.getFragment();
String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
String request = null;
try {
Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
int status = clientResponse.getStatus();
if (status == 200) {
request = clientResponse.readEntity(String.class);
if (StringUtils.isBlank(reqUriHash) || !appConfiguration.getRequestUriHashVerificationEnabled()) {
validRequestUri = true;
} else {
String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(request));
validRequestUri = StringUtils.equals(reqUriHash, hash);
}
}
} finally {
clientRequest.close();
}
if (!validRequestUri && redirectUriResponse != null) {
throw redirectUriResponse.createWebException(AuthorizeErrorResponseType.INVALID_REQUEST_URI, "Invalid request uri.");
}
return request;
} catch (WebApplicationException e) {
throw e;
} catch (Exception e) {
log.error(e.getMessage(), e);
return null;
}
}
Aggregations