Search in sources :

Example 1 with RedirectUriResponse

use of io.jans.as.server.service.RedirectUriResponse in project jans by JanssenProject.

the class ParRestWebService method requestPushedAuthorizationRequest.

@POST
@Produces({ MediaType.APPLICATION_JSON })
public Response requestPushedAuthorizationRequest(@FormParam("scope") String scope, @FormParam("response_type") String responseType, @FormParam("client_id") String clientId, @FormParam("redirect_uri") String redirectUri, @FormParam("state") String state, @FormParam("response_mode") String responseMode, @FormParam("nonce") String nonce, @FormParam("display") String display, @FormParam("prompt") String prompt, @FormParam("max_age") Integer maxAge, @FormParam("ui_locales") String uiLocales, @FormParam("id_token_hint") String idTokenHint, @FormParam("login_hint") String loginHint, @FormParam("acr_values") String acrValuesStr, @FormParam("amr_values") String amrValuesStr, @FormParam("request") String request, @FormParam("request_uri") String requestUri, @FormParam("session_id") String sessionId, @FormParam("origin_headers") String originHeaders, @FormParam("code_challenge") String codeChallenge, @FormParam("code_challenge_method") String codeChallengeMethod, @FormParam("nbf") String nbf, @FormParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) String customResponseHeaders, @FormParam("claims") String claims, @Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext) {
    try {
        errorResponseFactory.validateComponentEnabled(ComponentType.PAR);
        // it may be encoded
        scope = ServerUtil.urlDecode(scope);
        String tokenBindingHeader = httpRequest.getHeader("Sec-Token-Binding");
        // ATTENTION : please do not add more parameter in this debug method because it will not work with framework
        // there is limit of 10 parameters (hardcoded), see: org.jboss.seam.core.Interpolator#interpolate
        log.debug("Attempting to request PAR: " + "responseType = {}, clientId = {}, scope = {}, redirectUri = {}, nonce = {}, " + "state = {}, request = {}, isSecure = {}, sessionId = {}", responseType, clientId, scope, redirectUri, nonce, state, request, securityContext.isSecure(), sessionId);
        log.debug("Attempting to request PAR: " + "acrValues = {}, amrValues = {}, originHeaders = {}, codeChallenge = {}, codeChallengeMethod = {}, " + "customRespHeaders = {}, claims = {}, tokenBindingHeader = {}", acrValuesStr, amrValuesStr, originHeaders, codeChallenge, codeChallengeMethod, customResponseHeaders, claims, tokenBindingHeader);
        parValidator.validatePkce(codeChallenge, codeChallengeMethod, state);
        List<ResponseType> responseTypes = ResponseType.fromString(responseType, " ");
        ResponseMode responseModeObj = ResponseMode.getByValue(responseMode);
        Jwt requestObject = Jwt.parseSilently(request);
        clientId = getClientId(clientId, requestObject);
        Client client = authorizeRestWebServiceValidator.validateClient(clientId, state, true);
        redirectUri = getRedirectUri(redirectUri, requestObject);
        redirectUri = authorizeRestWebServiceValidator.validateRedirectUri(client, redirectUri, state, null, httpRequest, AuthorizeErrorResponseType.INVALID_REQUEST);
        RedirectUriResponse redirectUriResponse = new RedirectUriResponse(new RedirectUri(redirectUri, responseTypes, responseModeObj), state, httpRequest, errorResponseFactory);
        redirectUriResponse.setFapiCompatible(appConfiguration.isFapi());
        parValidator.validateRequestUriIsAbsent(requestUri);
        final Integer parLifetime = client.getAttributes().getParLifetime();
        final Par par = new Par();
        par.setDeletable(true);
        par.setTtl(parLifetime);
        par.setExpirationDate(Util.createExpirationDate(parLifetime));
        par.getAttributes().setScope(scope);
        par.getAttributes().setNbf(Util.parseIntegerSilently(nbf));
        par.getAttributes().setResponseType(responseType);
        par.getAttributes().setClientId(clientId);
        par.getAttributes().setRedirectUri(redirectUri);
        par.getAttributes().setState(state);
        par.getAttributes().setResponseMode(responseMode);
        par.getAttributes().setNonce(nonce);
        par.getAttributes().setDisplay(display);
        par.getAttributes().setPrompt(prompt);
        par.getAttributes().setMaxAge(maxAge);
        par.getAttributes().setUiLocales(uiLocales);
        par.getAttributes().setIdTokenHint(idTokenHint);
        par.getAttributes().setLoginHint(loginHint);
        par.getAttributes().setAcrValuesStr(acrValuesStr);
        par.getAttributes().setAmrValuesStr(amrValuesStr);
        par.getAttributes().setRequest(request);
        par.getAttributes().setRequestUri(requestUri);
        par.getAttributes().setSessionId(sessionId);
        par.getAttributes().setOriginHeaders(originHeaders);
        par.getAttributes().setCodeChallenge(codeChallenge);
        par.getAttributes().setCodeChallengeMethod(codeChallengeMethod);
        par.getAttributes().setCustomResponseHeaders(customResponseHeaders);
        par.getAttributes().setClaims(claims);
        par.getAttributes().setCustomParameters(requestParameterService.getCustomParameters(QueryStringDecoder.decode(httpRequest.getQueryString())));
        parValidator.validateRequestObject(redirectUriResponse, par, client);
        authorizeRestWebServiceValidator.validatePkce(par.getAttributes().getCodeChallenge(), redirectUriResponse);
        parService.persist(par);
        ParResponse parResponse = new ParResponse();
        parResponse.setRequestUri(ParService.toOutsideId(par.getId()));
        // set it to TTL instead of lifetime because TTL can be updated during request object validation
        parResponse.setExpiresIn(par.getTtl());
        final String responseAsString = ServerUtil.asJson(parResponse);
        log.debug("Created PAR {}", responseAsString);
        return Response.status(Response.Status.CREATED).entity(responseAsString).type(MediaType.APPLICATION_JSON_TYPE).build();
    } catch (WebApplicationException e) {
        if (e.getResponse().getStatus() == Response.Status.FOUND.getStatusCode()) {
            throw errorResponseFactory.createBadRequestException(createErrorResponseFromRedirectErrorUri(e.getResponse().getLocation()));
        }
        if (log.isErrorEnabled())
            log.error(e.getMessage(), e);
        throw e;
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR).type(MediaType.APPLICATION_JSON_TYPE).build();
    }
}
Also used : Par(io.jans.as.persistence.model.Par) WebApplicationException(javax.ws.rs.WebApplicationException) Jwt(io.jans.as.model.jwt.Jwt) RedirectUriResponse(io.jans.as.server.service.RedirectUriResponse) RedirectUri(io.jans.as.common.util.RedirectUri) WebApplicationException(javax.ws.rs.WebApplicationException) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) ResponseMode(io.jans.as.model.common.ResponseMode) Client(io.jans.as.common.model.registration.Client) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 2 with RedirectUriResponse

use of io.jans.as.server.service.RedirectUriResponse in project jans by JanssenProject.

the class JwtAuthorizationRequest method queryRequest.

@Nullable
private static String queryRequest(@Nullable String requestUri, @Nullable RedirectUriResponse redirectUriResponse, AppConfiguration appConfiguration) {
    if (StringUtils.isBlank(requestUri)) {
        return null;
    }
    boolean validRequestUri = false;
    try {
        URI reqUri = new URI(requestUri);
        String reqUriHash = reqUri.getFragment();
        String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
        javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
        String request = null;
        try {
            Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
            int status = clientResponse.getStatus();
            if (status == 200) {
                request = clientResponse.readEntity(String.class);
                if (StringUtils.isBlank(reqUriHash) || !appConfiguration.getRequestUriHashVerificationEnabled()) {
                    validRequestUri = true;
                } else {
                    String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(request));
                    validRequestUri = StringUtils.equals(reqUriHash, hash);
                }
            }
        } finally {
            clientRequest.close();
        }
        if (!validRequestUri && redirectUriResponse != null) {
            throw redirectUriResponse.createWebException(AuthorizeErrorResponseType.INVALID_REQUEST_URI, "Invalid request uri.");
        }
        return request;
    } catch (WebApplicationException e) {
        throw e;
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        return null;
    }
}
Also used : Response(javax.ws.rs.core.Response) RedirectUriResponse(io.jans.as.server.service.RedirectUriResponse) WebApplicationException(javax.ws.rs.WebApplicationException) URI(java.net.URI) JSONException(org.json.JSONException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) Nullable(org.jetbrains.annotations.Nullable)

Aggregations

RedirectUriResponse (io.jans.as.server.service.RedirectUriResponse)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 Client (io.jans.as.common.model.registration.Client)1 RedirectUri (io.jans.as.common.util.RedirectUri)1 AuthorizeErrorResponseType (io.jans.as.model.authorize.AuthorizeErrorResponseType)1 ResponseMode (io.jans.as.model.common.ResponseMode)1 ResponseType (io.jans.as.model.common.ResponseType)1 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)1 Jwt (io.jans.as.model.jwt.Jwt)1 Par (io.jans.as.persistence.model.Par)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 URI (java.net.URI)1 POST (javax.ws.rs.POST)1 Produces (javax.ws.rs.Produces)1 Response (javax.ws.rs.core.Response)1 Nullable (org.jetbrains.annotations.Nullable)1 JSONException (org.json.JSONException)1