Search in sources :

Example 1 with Condition

use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.

the class RsProtectOperation method validate.

private void validate(RsProtectParams params) {
    if (params.getResources() == null || params.getResources().isEmpty()) {
        throw new HttpException(ErrorResponseCode.NO_UMA_RESOURCES_TO_PROTECT);
    }
    if (!ResourceValidator.isHttpMethodUniqueInPath(params.getResources())) {
        throw new HttpException(ErrorResponseCode.UMA_HTTP_METHOD_NOT_UNIQUE);
    }
    if (params.getResources() != null) {
        for (RsResource resource : params.getResources()) {
            if (resource.getConditions() != null) {
                for (Condition condition : resource.getConditions()) {
                    if (condition.getScopeExpression() != null) {
                        String json = condition.getScopeExpression().toString();
                        if (StringUtils.isNotBlank(json) && !json.equalsIgnoreCase("null")) {
                            boolean nodeValid = JsonLogicNodeParser.isNodeValid(json);
                            LOG.trace("Scope expression validator - Valid: " + nodeValid + ", expression: " + json);
                            if (!nodeValid) {
                                throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
                            }
                            validateScopeExpression(json);
                        }
                    }
                }
            }
        }
    }
    Rp rp = getRp();
    List<UmaResource> existingUmaResources = rp.getUmaProtectedResources();
    if (existingUmaResources != null && !existingUmaResources.isEmpty()) {
        if (params.getOverwrite() == null || !params.getOverwrite()) {
            throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS);
        } else {
            // remove existing resources, overwrite=true
            UmaMetadata discovery = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId());
            String pat = getUmaTokenService().getPat(params.getRpId()).getToken();
            UmaResourceService resourceService = UmaClientFactory.instance().createResourceService(discovery, getHttpService().getClientEngine());
            for (UmaResource resource : existingUmaResources) {
                LOG.trace("Removing existing resource " + resource.getId() + " ...");
                resourceService.deleteResource("Bearer " + pat, resource.getId());
                LOG.trace("Removed existing resource " + resource.getId() + ".");
            }
            rp.getUmaProtectedResources().clear();
            getRpService().updateSilently(rp);
        }
    }
}
Also used : Condition(io.jans.ca.rs.protect.Condition) UmaMetadata(io.jans.as.model.uma.UmaMetadata) RsResource(io.jans.ca.rs.protect.RsResource) UmaResourceService(io.jans.as.client.uma.UmaResourceService) HttpException(io.jans.ca.server.HttpException) Rp(io.jans.ca.server.service.Rp) UmaResource(io.jans.ca.server.model.UmaResource)

Example 2 with Condition

use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.

the class ApiProtectionService method createScopeIfNeeded.

private void createScopeIfNeeded(String apiProtectionType) {
    log.debug("ApiProtectionService:::createScopeIfNeeded() - apiProtectionType:{}", apiProtectionType);
    List<String> rsScopes = null;
    List<Scope> scopeList = new ArrayList<>();
    for (RsResource rsResource : rsResourceList) {
        for (Condition condition : rsResource.getConditions()) {
            String resourceName = condition.getHttpMethods() + ":::" + rsResource.getPath();
            rsScopes = condition.getScopes();
            log.trace("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, rsScopes:{} ", resourceName, rsScopes);
            // If no scopes for the path then skip validation
            if (rsScopes == null || rsScopes.isEmpty()) {
                break;
            }
            for (String scopeName : rsScopes) {
                log.debug("ApiProtectionService:::createScopeIfNeeded() - scopeName:{} ", scopeName);
                // Check in cache
                Scope scope = ApiProtectionCache.getScope(scopeName);
                log.debug("ApiProtectionService:::createScopeIfNeeded() - ApiProtectionCache.getScope(scopeName):{}", ApiProtectionCache.getScope(scopeName));
                if (scope != null) {
                    log.debug("Scope - '{}' exists in cache.", scopeName);
                    scopeList.add(scope);
                    break;
                }
                // validate scope
                scopeList = validateScope(scopeName);
            }
            // for scopes
            // Add to resource cache
            ApiProtectionCache.putResource(resourceName, scopeList);
            log.debug("ApiProtectionService:::createScopeIfNeeded() - resourceName:{}, scopeList:{}", resourceName, scopeList);
        }
    // condition
    }
}
Also used : Condition(io.jans.ca.rs.protect.Condition) Scope(io.jans.as.persistence.model.Scope) RsResource(io.jans.ca.rs.protect.RsResource) ArrayList(java.util.ArrayList)

Example 3 with Condition

use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.

the class OpClientFactoryMockImpl method getIdMap.

private static Map<Key, String> getIdMap(String rsProtect) {
    Map<Key, String> rsIdMap = new HashMap<>();
    try {
        rsProtect = StringUtils.replace(rsProtect, "'", "\"");
        RsResourceList rsResourceList = Jackson2.createJsonMapper().readValue(rsProtect, RsResourceList.class);
        for (RsResource rsResource : rsResourceList.getResources()) {
            for (Condition condition : rsResource.getConditions()) {
                Key key = new Key();
                key.setHttpMethods(condition.getHttpMethods());
                key.setPath(rsResource.getPath());
                rsIdMap.put(key, UUID.randomUUID().toString());
            }
        }
    } catch (Exception e) {
        LOG.error("Failed to parse uma-rs-protect resource json .", e);
    }
    return rsIdMap;
}
Also used : Condition(io.jans.ca.rs.protect.Condition) RsResource(io.jans.ca.rs.protect.RsResource) RsResourceList(io.jans.ca.rs.protect.RsResourceList) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)

Example 4 with Condition

use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.

the class ResourceRegistrar method register.

private void register(RsResource rsResource) {
    try {
        for (Condition condition : rsResource.getConditions()) {
            Key key = new Key(rsResource.getPath(), condition.getHttpMethods());
            UmaResource resource = new UmaResource();
            resource.setName(key.getResourceName());
            if (condition.getScopeExpression() != null && JsonLogicNodeParser.isNodeValid(condition.getScopeExpression().toString())) {
                resource.setScopeExpression(condition.getScopeExpression().toString());
                resource.setScopes(JsonLogicNodeParser.parseNode(condition.getScopeExpression().toString()).getData());
            } else {
                resource.setScopes(condition.getScopes());
            }
            // set creation and expiration timestamp
            if (isSafeToInt(rsResource.getIat())) {
                resource.setIat(rsResource.getIat());
            }
            if (isSafeToInt(rsResource.getExp())) {
                resource.setExp(rsResource.getExp());
            }
            UmaResourceResponse resourceResponse = serviceProvider.getResourceService().addResource("Bearer " + patProvider.getPatToken(), resource);
            Preconditions.checkNotNull(resourceResponse.getId(), "Resource ID can not be null.");
            resourceMap.put(key, rsResource);
            idMap.put(key, resourceResponse.getId());
            LOG.debug("Registered resource, path: " + key.getPath() + ", http methods: " + condition.getHttpMethods() + ", id: " + resourceResponse.getId());
        }
    } catch (Exception ex) {
        LOG.error(ex.getMessage(), ex);
        throw ex;
    }
}
Also used : Condition(io.jans.ca.rs.protect.Condition) UmaResourceResponse(io.jans.as.model.uma.UmaResourceResponse) UmaResource(io.jans.as.model.uma.UmaResource)

Example 5 with Condition

use of io.jans.ca.rs.protect.Condition in project jans by JanssenProject.

the class ResourceRegistrar method putRegisteredResource.

public void putRegisteredResource(RsResource resource, String idOfResourceOnAuthorizationServer) {
    for (Condition condition : resource.getConditions()) {
        Key key = new Key(resource.getPath(), condition.getHttpMethods());
        resourceMap.put(key, resource);
        idMap.put(key, idOfResourceOnAuthorizationServer);
        LOG.debug("Put registered resource, path: " + key.getPath() + ", http methods: " + condition.getHttpMethods() + ", id: " + idOfResourceOnAuthorizationServer);
    }
}
Also used : Condition(io.jans.ca.rs.protect.Condition)

Aggregations

Condition (io.jans.ca.rs.protect.Condition)6 RsResource (io.jans.ca.rs.protect.RsResource)4 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)2 RsResourceList (io.jans.ca.rs.protect.RsResourceList)2 UmaResourceService (io.jans.as.client.uma.UmaResourceService)1 UmaMetadata (io.jans.as.model.uma.UmaMetadata)1 UmaResource (io.jans.as.model.uma.UmaResource)1 UmaResourceResponse (io.jans.as.model.uma.UmaResourceResponse)1 Scope (io.jans.as.persistence.model.Scope)1 HttpException (io.jans.ca.server.HttpException)1 UmaResource (io.jans.ca.server.model.UmaResource)1 Rp (io.jans.ca.server.service.Rp)1 ArrayList (java.util.ArrayList)1