use of io.jans.ca.common.params.UpdateSiteParams in project jans by JanssenProject.
the class UpdateSiteOperation method createRegisterClientRequest.
private RegisterRequest createRegisterClientRequest(Rp rp, UpdateSiteParams params) {
final RegisterRequest request = RegisterRequestMapper.createRegisterRequest(rp);
// force update
request.setHttpMethod(HttpMethod.PUT);
if (params.getResponseTypes() != null && !params.getResponseTypes().isEmpty()) {
request.setResponseTypesStrings(params.getResponseTypes());
}
if (params.getRptAsJwt() != null) {
request.setRptAsJwt(params.getRptAsJwt());
}
if (params.getGrantType() != null && !params.getGrantType().isEmpty()) {
request.setGrantTypes(params.getGrantType().stream().map(item -> GrantType.fromString(item)).collect(Collectors.toList()));
}
Set<String> redirectUris = Sets.newLinkedHashSet();
if (params.getRedirectUris() != null && !params.getRedirectUris().isEmpty()) {
if (!params.getRedirectUris().stream().allMatch(uri -> Utils.isValidUrl(uri))) {
throw new HttpException(ErrorResponseCode.INVALID_REDIRECT_URI);
}
redirectUris.addAll(params.getRedirectUris());
List<String> redirectUriList = Lists.newArrayList(redirectUris);
request.setRedirectUris(redirectUriList);
}
if (params.getAcrValues() != null && !params.getAcrValues().isEmpty()) {
request.setDefaultAcrValues(params.getAcrValues());
}
if (params.getClaimsRedirectUri() != null && !params.getClaimsRedirectUri().isEmpty()) {
request.setClaimsRedirectUris(params.getClaimsRedirectUri());
}
if (params.getAccessTokenAsJwt() != null) {
request.setAccessTokenAsJwt(params.getAccessTokenAsJwt());
}
if (params.getAccessTokenSigningAlg() != null) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getAccessTokenSigningAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `access_token_signing_alg` property. Value: " + params.getAccessTokenSigningAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setAccessTokenSigningAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getClientJwksUri())) {
request.setJwksUri(params.getClientJwksUri());
}
if (params.getPostLogoutRedirectUris() != null && !params.getPostLogoutRedirectUris().isEmpty()) {
request.setPostLogoutRedirectUris(Lists.newArrayList(params.getPostLogoutRedirectUris()));
}
if (params.getContacts() != null) {
request.setContacts(params.getContacts());
}
if (params.getScope() != null) {
request.setScope(params.getScope());
}
if (!Strings.isNullOrEmpty(params.getClientSectorIdentifierUri())) {
request.setSectorIdentifierUri(params.getClientSectorIdentifierUri());
}
if (!Strings.isNullOrEmpty(params.getClientFrontchannelLogoutUri())) {
request.setFrontChannelLogoutUri(params.getClientFrontchannelLogoutUri());
}
if (params.getClientRequestUris() != null && !params.getClientRequestUris().isEmpty()) {
request.setRequestUris(params.getClientRequestUris());
}
if (params.getClientTokenEndpointAuthSigningAlg() != null) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getClientTokenEndpointAuthSigningAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `client_token_endpoint_auth_signing_alg` property. Value: " + params.getClientTokenEndpointAuthSigningAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.fromString(params.getClientTokenEndpointAuthSigningAlg()));
}
if (!Strings.isNullOrEmpty(params.getClientName())) {
request.setClientName(params.getClientName());
}
if (!Strings.isNullOrEmpty(params.getLogoUri())) {
request.setLogoUri(params.getLogoUri());
}
if (!Strings.isNullOrEmpty(params.getClientUri())) {
request.setClientUri(params.getClientUri());
}
if (!Strings.isNullOrEmpty(params.getPolicyUri())) {
request.setPolicyUri(params.getPolicyUri());
}
if (params.getFrontChannelLogoutSessionRequired() != null) {
request.setFrontChannelLogoutSessionRequired(params.getFrontChannelLogoutSessionRequired());
}
if (!Strings.isNullOrEmpty(params.getTosUri())) {
request.setTosUri(params.getTosUri());
}
if (!Strings.isNullOrEmpty(params.getJwks())) {
request.setJwks(params.getJwks());
}
if (!Strings.isNullOrEmpty(params.getIdTokenBindingCnf())) {
request.setIdTokenTokenBindingCnf(params.getIdTokenBindingCnf());
}
if (!Strings.isNullOrEmpty(params.getTlsClientAuthSubjectDn())) {
request.setTlsClientAuthSubjectDn(params.getTlsClientAuthSubjectDn());
}
if (!Strings.isNullOrEmpty(params.getSubjectType())) {
SubjectType subjectType = SubjectType.fromString(params.getSubjectType());
if (subjectType == null) {
LOG.error("Received invalid values in `subject_type` property. Value: " + params.getSubjectType());
throw new HttpException(ErrorResponseCode.INVALID_SUBJECT_TYPE);
}
request.setSubjectType(subjectType);
}
if (params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() != null) {
request.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
}
if (!Strings.isNullOrEmpty(params.getIdTokenSignedResponseAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getIdTokenSignedResponseAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_signed_response_alg` property. Value: " + params.getIdTokenSignedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
if (signatureAlgorithms == SignatureAlgorithm.NONE && !getConfigurationService().getConfiguration().getAcceptIdTokenWithoutSignature()) {
LOG.error("`ID_TOKEN` without signature is not allowed. To allow `ID_TOKEN` without signature set `accept_id_token_without_signature` field to 'true' in client-api-server.yml.");
throw new HttpException(ErrorResponseCode.ID_TOKEN_WITHOUT_SIGNATURE_NOT_ALLOWED);
}
request.setIdTokenSignedResponseAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getIdTokenEncryptedResponseAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getIdTokenEncryptedResponseAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_encrypted_response_alg` property. Value: " + params.getIdTokenEncryptedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setIdTokenEncryptedResponseAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getIdTokenEncryptedResponseEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getIdTokenEncryptedResponseEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_encrypted_response_enc` property. Value: " + params.getIdTokenEncryptedResponseEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setIdTokenEncryptedResponseEnc(blockEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoSignedResponseAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getUserInfoSignedResponseAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_signed_response_alg` property. Value: " + params.getUserInfoSignedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setUserInfoSignedResponseAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoEncryptedResponseAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getUserInfoEncryptedResponseAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_encrypted_response_alg` property. Value: " + params.getUserInfoEncryptedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setUserInfoEncryptedResponseAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoEncryptedResponseEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getUserInfoEncryptedResponseEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_encrypted_response_enc` property. Value: " + params.getUserInfoEncryptedResponseEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setUserInfoEncryptedResponseEnc(blockEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectSigningAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getRequestObjectSigningAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_signing_alg` property. Value: " + params.getRequestObjectSigningAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setRequestObjectSigningAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectEncryptionAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getRequestObjectEncryptionAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_encryption_alg` property. Value: " + params.getRequestObjectEncryptionAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setRequestObjectEncryptionAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectEncryptionEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getRequestObjectEncryptionEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_encryption_enc` property. Value: " + params.getRequestObjectEncryptionEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setRequestObjectEncryptionEnc(blockEncryptionAlgorithms);
}
if (params.getDefaultMaxAge() != null && NumberUtils.isNumber(params.getDefaultMaxAge().toString())) {
request.setDefaultMaxAge(params.getDefaultMaxAge());
}
if (params.getRequireAuthTime() != null) {
request.setRequireAuthTime(params.getRequireAuthTime());
}
if (!Strings.isNullOrEmpty(params.getInitiateLoginUri())) {
request.setInitiateLoginUri(params.getInitiateLoginUri());
}
if (params.getAuthorizedOrigins() != null && !params.getAuthorizedOrigins().isEmpty()) {
request.setAuthorizedOrigins(params.getAuthorizedOrigins());
}
if (params.getAccessTokenLifetime() != null && NumberUtils.isNumber(params.getAccessTokenLifetime().toString())) {
request.setAccessTokenLifetime(params.getAccessTokenLifetime());
}
if (!Strings.isNullOrEmpty(params.getSoftwareId())) {
request.setSoftwareId(params.getSoftwareId());
}
if (!Strings.isNullOrEmpty(params.getSoftwareVersion())) {
request.setSoftwareVersion(params.getSoftwareVersion());
}
if (!Strings.isNullOrEmpty(params.getSoftwareStatement())) {
request.setSoftwareStatement(params.getSoftwareStatement());
}
if (params.getAllowSpontaneousScopes() != null) {
request.setAllowSpontaneousScopes(params.getAllowSpontaneousScopes());
}
if (CollectionUtils.isNotEmpty(params.getSpontaneousScopes())) {
request.setSpontaneousScopes(params.getSpontaneousScopes());
}
if (params.getCustomAttributes() != null && !params.getCustomAttributes().isEmpty()) {
params.getCustomAttributes().entrySet().removeIf(entry -> entry.getKey().contains("oxAuthTrustedClient"));
params.getCustomAttributes().entrySet().stream().forEach(e -> {
request.addCustomAttribute(e.getKey(), e.getValue());
});
}
if (StringUtils.isNotBlank(rp.getRpId())) {
request.addCustomAttribute("rp_id", rp.getRpId());
}
return request;
}
use of io.jans.ca.common.params.UpdateSiteParams in project jans by JanssenProject.
the class UpdateSiteTest method update.
@Parameters({ "host", "opHost" })
@Test
public void update(String host, String opHost) throws IOException {
String authorizationRedirectUri = "https://client.example.com/cb";
String anotherRedirectUri = "https://client.example.com/another";
String logoutUri = "https://client.example.com/logout";
final RegisterSiteParams registerParams = new RegisterSiteParams();
registerParams.setOpHost(opHost);
registerParams.setClientFrontchannelLogoutUri(logoutUri);
registerParams.setRedirectUris(Lists.newArrayList(authorizationRedirectUri, anotherRedirectUri, logoutUri));
registerParams.setAcrValues(Lists.newArrayList("basic"));
registerParams.setScope(Lists.newArrayList("openid", "profile"));
registerParams.setGrantTypes(Lists.newArrayList("authorization_code"));
registerParams.setResponseTypes(Lists.newArrayList("code"));
registerParams.setAcrValues(Lists.newArrayList("acrBefore"));
RegisterSiteResponse registerResponse = Tester.newClient(host).registerSite(registerParams);
assertNotNull(registerResponse);
assertNotNull(registerResponse.getRpId());
String rpId = registerResponse.getRpId();
Rp fetchedRp = fetchRp(host, registerResponse);
assertEquals(authorizationRedirectUri, fetchedRp.getRedirectUri());
assertEquals(Lists.newArrayList("acrBefore"), fetchedRp.getAcrValues());
final UpdateSiteParams updateParams = new UpdateSiteParams();
updateParams.setRpId(rpId);
updateParams.setRedirectUris(Lists.newArrayList(anotherRedirectUri));
updateParams.setScope(Lists.newArrayList("profile"));
updateParams.setAcrValues(Lists.newArrayList("acrAfter"));
UpdateSiteResponse updateResponse = Tester.newClient(host).updateSite(Tester.getAuthorization(registerResponse), null, updateParams);
assertNotNull(updateResponse);
fetchedRp = fetchRp(host, registerResponse);
assertEquals(anotherRedirectUri, fetchedRp.getRedirectUri());
assertEquals(Lists.newArrayList("acrAfter"), fetchedRp.getAcrValues());
}
use of io.jans.ca.common.params.UpdateSiteParams in project jans by JanssenProject.
the class GetRequestUriTest method test.
@Parameters({ "host", "redirectUrls", "opHost" })
@Test
public void test(String host, String redirectUrls, String opHost) {
ClientInterface client = Tester.newClient(host);
// client registration
final RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, redirectUrls);
// jwks generation
JsonNode jwks = client.getRpJwks();
// update jwks in OP
UpdateSiteParams updateSiteParams = new UpdateSiteParams();
updateSiteParams.setRpId(site.getRpId());
updateSiteParams.setJwks(jwks.asText());
updateSiteParams.setRequestObjectSigningAlg("RS256");
client.updateSite(Tester.getAuthorization(site), null, updateSiteParams);
// Request uri
GetRequestObjectUriParams getRequestUriParams = new GetRequestObjectUriParams();
getRequestUriParams.setRpId(site.getRpId());
getRequestUriParams.setRpHostUrl("http://localhost" + ":" + SetUpTest.SUPPORT.getLocalPort());
GetRequestObjectUriResponse getRequestUriResponse = client.getRequestObjectUri(Tester.getAuthorization(site), null, getRequestUriParams);
assertNotNull(getRequestUriResponse.getRequestUri());
// Get Request object
String requestObjectId = getRequestUriResponse.getRequestUri().substring(getRequestUriResponse.getRequestUri().lastIndexOf('/') + 1);
String requestObject = client.getRequestObject(requestObjectId);
assertNotNull(requestObject);
Map<String, String> paramsMap = new HashMap<>();
paramsMap.put("request", requestObject);
final GetAuthorizationUrlParams commandParams = new GetAuthorizationUrlParams();
commandParams.setRpId(site.getRpId());
commandParams.setParams(paramsMap);
final GetAuthorizationUrlResponse resp = client.getAuthorizationUrl(Tester.getAuthorization(site), null, commandParams);
assertNotNull(resp);
TestUtils.notEmpty(resp.getAuthorizationUrl());
}
use of io.jans.ca.common.params.UpdateSiteParams in project jans by JanssenProject.
the class RegisterSiteTest method update.
@Parameters({ "host" })
@Test(dependsOnMethods = { "register" })
public void update(String host) {
TestUtils.notEmpty(site.getRpId());
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_YEAR, 1);
// more specific site registration
final UpdateSiteParams params = new UpdateSiteParams();
params.setRpId(site.getRpId());
params.setScope(Lists.newArrayList("profile"));
params.setClientName("rp-client-updated-test");
params.setClientTokenEndpointAuthMethod("client_secret_basic");
params.setClientTokenEndpointAuthSigningAlg("HS256");
params.setClaimsRedirectUri(Lists.newArrayList("https://client.example.org/update"));
params.setAccessTokenSigningAlg("RS256");
params.setAccessTokenAsJwt(false);
params.setRptAsJwt(true);
params.setFrontChannelLogoutSessionRequired(false);
params.setRequireAuthTime(false);
params.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(true);
params.setLogoUri("https://client.example.org/authorization//update1");
params.setClientUri("https://client.example.org/authorization/update2");
params.setPolicyUri("https://client.example.org/authorization/update3");
params.setTosUri("https://client.example.org/authorization/update4");
params.setJwks("{\"key1\": \"value1\", \"key2\": \"value2\"}");
params.setIdTokenBindingCnf("4NRB1-0XZABZI9E6-5SM3R");
params.setTlsClientAuthSubjectDn("www.test.com");
params.setSubjectType("pairwise");
params.setIdTokenSignedResponseAlg("PS256");
params.setIdTokenEncryptedResponseAlg("A128KW");
params.setIdTokenEncryptedResponseEnc("A128CBC+HS256");
params.setUserInfoSignedResponseAlg("HS256");
params.setUserInfoEncryptedResponseAlg("RSA1_5");
params.setUserInfoEncryptedResponseEnc("A128CBC+HS256");
params.setRequestObjectSigningAlg("HS256");
params.setRequestObjectEncryptionAlg("RSA1_5");
params.setRequestObjectEncryptionEnc("A128CBC+HS256");
params.setDefaultMaxAge(200000000);
params.setInitiateLoginUri("https://client.example.org/authorization/page2");
params.setAuthorizedOrigins(Lists.newArrayList("beem://www.test-updated.com", "fb://updated.local.url"));
params.setAccessTokenLifetime(200000000);
params.setSoftwareId("4NRB1-0XZABZI9E6-5SM3R");
params.setSoftwareVersion("3.0");
Map<String, String> customAttributes = new HashMap<>();
customAttributes.put("key1", "v1");
customAttributes.put("key2", "v2");
params.setCustomAttributes(customAttributes);
UpdateSiteResponse resp = Tester.newClient(host).updateSite(Tester.getAuthorization(site), null, params);
assertNotNull(resp);
}
Aggregations