Example 1 with HttpException
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class RegisterSiteOperation method createRegisterClientRequest.
private RegisterRequest createRegisterClientRequest(RegisterSiteParams params, String rpId) {
String clientName = "jans_client_api client for rp: " + rpId;
if (!Strings.isNullOrEmpty(params.getClientName())) {
clientName = params.getClientName();
}
final RegisterRequest request = new RegisterRequest(ApplicationType.WEB, clientName, params.getRedirectUris());
request.setResponseTypesStrings(params.getResponseTypes());
request.setJwksUri(params.getClientJwksUri());
request.setClaimsRedirectUris(params.getClaimsRedirectUri() != null ? params.getClaimsRedirectUri() : new ArrayList<String>());
request.setPostLogoutRedirectUris(params.getPostLogoutRedirectUris() != null ? params.getPostLogoutRedirectUris() : Lists.newArrayList());
request.setContacts(params.getContacts());
request.setScope(params.getScope());
request.setDefaultAcrValues(params.getAcrValues());
if (StringUtils.isNotBlank(params.getClientTokenEndpointAuthSigningAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getClientTokenEndpointAuthSigningAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `client_token_endpoint_auth_signing_alg` property. Value: " + params.getClientTokenEndpointAuthSigningAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setTokenEndpointAuthSigningAlg(signatureAlgorithms);
}
if (StringUtils.isNotBlank(rpId)) {
request.addCustomAttribute("rp_id", rpId);
}
List<GrantType> grantTypes = Lists.newArrayList();
for (String grantType : params.getGrantTypes()) {
grantTypes.add(GrantType.fromString(grantType));
}
request.setGrantTypes(grantTypes);
if (StringUtils.isNotBlank(params.getClientFrontchannelLogoutUri())) {
request.setFrontChannelLogoutUri(params.getClientFrontchannelLogoutUri());
}
if (StringUtils.isNotBlank(params.getClientTokenEndpointAuthMethod())) {
final AuthenticationMethod authenticationMethod = AuthenticationMethod.fromString(params.getClientTokenEndpointAuthMethod());
if (authenticationMethod != null) {
request.setTokenEndpointAuthMethod(authenticationMethod);
}
}
if (params.getClientRequestUris() != null && !params.getClientRequestUris().isEmpty()) {
request.setRequestUris(params.getClientRequestUris());
}
if (!Strings.isNullOrEmpty(params.getClientSectorIdentifierUri())) {
request.setSectorIdentifierUri(params.getClientSectorIdentifierUri());
}
request.setAccessTokenAsJwt(params.getAccessTokenAsJwt());
request.setAccessTokenSigningAlg(SignatureAlgorithm.fromString(params.getAccessTokenSigningAlg()));
request.setRptAsJwt(params.getRptAsJwt());
if (!Strings.isNullOrEmpty(params.getLogoUri())) {
request.setLogoUri(params.getLogoUri());
}
if (!Strings.isNullOrEmpty(params.getClientUri())) {
request.setClientUri(params.getClientUri());
}
if (!Strings.isNullOrEmpty(params.getPolicyUri())) {
request.setPolicyUri(params.getPolicyUri());
}
if (params.getFrontChannelLogoutSessionRequired() != null) {
request.setFrontChannelLogoutSessionRequired(params.getFrontChannelLogoutSessionRequired());
}
if (!Strings.isNullOrEmpty(params.getTosUri())) {
request.setTosUri(params.getTosUri());
}
if (!Strings.isNullOrEmpty(params.getJwks())) {
request.setJwks(params.getJwks());
}
if (!Strings.isNullOrEmpty(params.getIdTokenBindingCnf())) {
request.setIdTokenTokenBindingCnf(params.getIdTokenBindingCnf());
}
if (!Strings.isNullOrEmpty(params.getTlsClientAuthSubjectDn())) {
request.setTlsClientAuthSubjectDn(params.getTlsClientAuthSubjectDn());
}
if (!Strings.isNullOrEmpty(params.getSubjectType())) {
SubjectType subjectType = SubjectType.fromString(params.getSubjectType());
if (subjectType == null) {
LOG.error("Received invalid values in `subject_type` property. Value: " + params.getSubjectType());
throw new HttpException(ErrorResponseCode.INVALID_SUBJECT_TYPE);
}
request.setSubjectType(subjectType);
}
if (params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() != null) {
request.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
}
if (!Strings.isNullOrEmpty(params.getIdTokenSignedResponseAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getIdTokenSignedResponseAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_signed_response_alg` property. Value: " + params.getIdTokenSignedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
if (signatureAlgorithms == SignatureAlgorithm.NONE && !getConfigurationService().getConfiguration().getAcceptIdTokenWithoutSignature()) {
LOG.error("`ID_TOKEN` without signature is not allowed. To allow `ID_TOKEN` without signature set `accept_id_token_without_signature` field to 'true' in client-api-server.yml.");
throw new HttpException(ErrorResponseCode.ID_TOKEN_WITHOUT_SIGNATURE_NOT_ALLOWED);
}
request.setIdTokenSignedResponseAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getIdTokenEncryptedResponseAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getIdTokenEncryptedResponseAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_encrypted_response_alg` property. Value: " + params.getIdTokenEncryptedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setIdTokenEncryptedResponseAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getIdTokenEncryptedResponseEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getIdTokenEncryptedResponseEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `id_token_encrypted_response_enc` property. Value: " + params.getIdTokenEncryptedResponseEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setIdTokenEncryptedResponseEnc(blockEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoSignedResponseAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getUserInfoSignedResponseAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_signed_response_alg` property. Value: " + params.getUserInfoSignedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setUserInfoSignedResponseAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoEncryptedResponseAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getUserInfoEncryptedResponseAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_encrypted_response_alg` property. Value: " + params.getUserInfoEncryptedResponseAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setUserInfoEncryptedResponseAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getUserInfoEncryptedResponseEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getUserInfoEncryptedResponseEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `user_info_encrypted_response_enc` property. Value: " + params.getUserInfoEncryptedResponseEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setUserInfoEncryptedResponseEnc(blockEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectSigningAlg())) {
SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getRequestObjectSigningAlg());
if (signatureAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_signing_alg` property. Value: " + params.getRequestObjectSigningAlg());
throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
}
request.setRequestObjectSigningAlg(signatureAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectEncryptionAlg())) {
KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getRequestObjectEncryptionAlg());
if (keyEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_encryption_alg` property. Value: " + params.getRequestObjectEncryptionAlg());
throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
}
request.setRequestObjectEncryptionAlg(keyEncryptionAlgorithms);
}
if (!Strings.isNullOrEmpty(params.getRequestObjectEncryptionEnc())) {
BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getRequestObjectEncryptionEnc());
if (blockEncryptionAlgorithms == null) {
LOG.error("Received invalid algorithm in `request_object_encryption_enc` property. Value: " + params.getRequestObjectEncryptionEnc());
throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
}
request.setRequestObjectEncryptionEnc(blockEncryptionAlgorithms);
}
if (params.getDefaultMaxAge() != null && NumberUtils.isNumber(params.getDefaultMaxAge().toString())) {
request.setDefaultMaxAge(params.getDefaultMaxAge());
}
if (params.getRequireAuthTime() != null) {
request.setRequireAuthTime(params.getRequireAuthTime());
}
if (!Strings.isNullOrEmpty(params.getInitiateLoginUri())) {
request.setInitiateLoginUri(params.getInitiateLoginUri());
}
if (params.getAuthorizedOrigins() != null && !params.getAuthorizedOrigins().isEmpty()) {
request.setAuthorizedOrigins(params.getAuthorizedOrigins());
}
if (params.getAccessTokenLifetime() != null && NumberUtils.isNumber(params.getAccessTokenLifetime().toString())) {
request.setAccessTokenLifetime(params.getAccessTokenLifetime());
}
if (!Strings.isNullOrEmpty(params.getSoftwareId())) {
request.setSoftwareId(params.getSoftwareId());
}
if (!Strings.isNullOrEmpty(params.getSoftwareVersion())) {
request.setSoftwareVersion(params.getSoftwareVersion());
}
if (!Strings.isNullOrEmpty(params.getSoftwareStatement())) {
request.setSoftwareStatement(params.getSoftwareStatement());
}
if (params.getAllowSpontaneousScopes() != null) {
request.setAllowSpontaneousScopes(params.getAllowSpontaneousScopes());
}
if (CollectionUtils.isNotEmpty(params.getSpontaneousScopes())) {
request.setSpontaneousScopes(params.getSpontaneousScopes());
}
if (params.getCustomAttributes() != null && !params.getCustomAttributes().isEmpty()) {
params.getCustomAttributes().entrySet().removeIf(entry -> entry.getKey().contains("oxAuthTrustedClient"));
params.getCustomAttributes().entrySet().stream().forEach(e -> {
request.addCustomAttribute(e.getKey(), e.getValue());
});
}
return request;
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
SubjectType(io.jans.as.model.common.SubjectType)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
ArrayList(java.util.ArrayList)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
HttpException(io.jans.ca.server.HttpException)
GrantType(io.jans.as.model.common.GrantType)
AuthenticationMethod(io.jans.as.model.common.AuthenticationMethod)
BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)
Example 2 with HttpException
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class RegisterSiteOperation method validateParametersAndFallbackIfNeeded.
private void validateParametersAndFallbackIfNeeded(RegisterSiteParams params) {
if (StringUtils.isNotBlank(params.getClientId()) && StringUtils.isBlank(params.getClientSecret())) {
throw new HttpException(ErrorResponseCode.INVALID_CLIENT_SECRET_REQUIRED);
}
if (StringUtils.isNotBlank(params.getClientSecret()) && StringUtils.isBlank(params.getClientId())) {
throw new HttpException(ErrorResponseCode.INVALID_CLIENT_ID_REQUIRED);
}
Rp fallback = getConfigurationService().defaultRp();
// op_configuration_endpoint
LOG.info("Either 'op_configuration_endpoint' or 'op_host' should be set. jans_client_api will now check which of these parameter is available.");
if (StringUtils.isBlank(params.getOpConfigurationEndpoint())) {
LOG.warn("'op_configuration_endpoint' is not set for parameter: " + params + ". Look up at configuration file for fallback of 'op_configuration_endpoint'.");
String fallbackOpConfigurationEndpoint = fallback.getOpConfigurationEndpoint();
if (StringUtils.isNotBlank(fallbackOpConfigurationEndpoint)) {
LOG.warn("Fallback to op_configuration_endpoint: " + fallbackOpConfigurationEndpoint + ", from configuration file.");
params.setOpConfigurationEndpoint(fallbackOpConfigurationEndpoint);
}
}
// op_host
if (Strings.isNullOrEmpty(params.getOpHost()) && Strings.isNullOrEmpty(params.getOpConfigurationEndpoint())) {
LOG.error("Either 'op_configuration_endpoint' or 'op_host' should be set. Parameter: " + params);
throw new HttpException(ErrorResponseCode.INVALID_OP_HOST_AND_CONFIGURATION_ENDPOINT);
}
// grant_type
List<String> grantTypes = Lists.newArrayList();
if (params.getGrantTypes() != null && !params.getGrantTypes().isEmpty()) {
grantTypes.addAll(params.getGrantTypes());
}
if (grantTypes.isEmpty() && fallback.getGrantType() != null && !fallback.getGrantType().isEmpty()) {
grantTypes.addAll(fallback.getGrantType());
}
if (!grantTypes.contains(GrantType.CLIENT_CREDENTIALS.getValue()) && getConfigurationService().getConfiguration().getAddClientCredentialsGrantTypeAutomaticallyDuringClientRegistration()) {
grantTypes.add(GrantType.CLIENT_CREDENTIALS.getValue());
}
params.setGrantTypes(grantTypes);
// post_logout_redirect_uri
if (params.getPostLogoutRedirectUris() != null && params.getPostLogoutRedirectUris().isEmpty() && fallback.getPostLogoutRedirectUris() != null && !fallback.getPostLogoutRedirectUris().isEmpty()) {
params.setPostLogoutRedirectUris(fallback.getPostLogoutRedirectUris());
}
// response_type
List<String> responseTypes = Lists.newArrayList();
if (params.getResponseTypes() != null && !params.getResponseTypes().isEmpty()) {
responseTypes.addAll(params.getResponseTypes());
}
if (responseTypes.isEmpty() && fallback.getResponseTypes() != null && !fallback.getResponseTypes().isEmpty()) {
responseTypes.addAll(fallback.getResponseTypes());
}
if (responseTypes.isEmpty()) {
responseTypes.add("code");
}
params.setResponseTypes(responseTypes);
// redirect_uris
if (params.getRedirectUris() == null || params.getRedirectUris().isEmpty()) {
params.setRedirectUris(fallback.getRedirectUris());
}
Set<String> redirectUris = Sets.newLinkedHashSet();
if (params.getRedirectUris() != null && !params.getRedirectUris().isEmpty() && params.getRedirectUris().stream().allMatch(uri -> Utils.isValidUrl(uri))) {
redirectUris.addAll(params.getRedirectUris());
} else {
throw new HttpException(ErrorResponseCode.INVALID_REDIRECT_URI);
}
final Boolean autoRegister = getConfigurationService().getConfiguration().getUma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient();
if (autoRegister != null && autoRegister && !redirectUris.isEmpty()) {
String first = redirectUris.iterator().next();
if (first.contains(getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer())) {
final UmaMetadata discovery = getDiscoveryService().getUmaDiscovery(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath());
String autoRedirectUri = discovery.getClaimsInteractionEndpoint() + "?authentication=true";
LOG.trace("Register claims interaction endpoint as redirect_uri: " + autoRedirectUri);
redirectUris.add(autoRedirectUri);
} else {
LOG.trace("Skip auto registration of claims interaction endpoint as redirect_uri because OP host for different uri's is different which will not pass AS redirect_uri's validation (same host must be present).");
}
}
params.setRedirectUris(Lists.newArrayList(redirectUris));
// claims_redirect_uri
if ((params.getClaimsRedirectUri() == null || params.getClaimsRedirectUri().isEmpty()) && (fallback.getClaimsRedirectUri() != null && !fallback.getClaimsRedirectUri().isEmpty())) {
params.setClaimsRedirectUri(fallback.getClaimsRedirectUri());
}
Set<String> claimsRedirectUris = Sets.newHashSet();
if (params.getClaimsRedirectUri() != null && !params.getClaimsRedirectUri().isEmpty()) {
claimsRedirectUris.addAll(params.getClaimsRedirectUri());
}
params.setClaimsRedirectUri(Lists.newArrayList(claimsRedirectUris));
// scope
if (params.getScope() == null || params.getScope().isEmpty()) {
params.setScope(fallback.getScope());
}
if (params.getScope() == null || params.getScope().isEmpty()) {
throw new HttpException(ErrorResponseCode.INVALID_SCOPE);
}
// acr_values
if (params.getAcrValues() == null || params.getAcrValues().isEmpty()) {
params.setAcrValues(fallback.getAcrValues());
}
// client_jwks_uri
if (Strings.isNullOrEmpty(params.getClientJwksUri()) && !Strings.isNullOrEmpty(fallback.getClientJwksUri())) {
params.setClientJwksUri(fallback.getClientJwksUri());
}
// contacts
if (params.getContacts() == null || params.getContacts().isEmpty()) {
params.setContacts(fallback.getContacts());
}
// ui_locales
if (params.getUiLocales() == null || params.getUiLocales().isEmpty()) {
params.setUiLocales(fallback.getUiLocales());
}
// claims_locales
if ((params.getClaimsLocales() == null || params.getClaimsLocales().isEmpty()) && (fallback.getClaimsLocales() != null && !fallback.getClaimsLocales().isEmpty())) {
params.setClaimsLocales(fallback.getClaimsLocales());
}
// client_name
if (StringUtils.isBlank(params.getClientName()) && StringUtils.isNotBlank(fallback.getClientName())) {
params.setClientName(fallback.getClientName());
}
// client_jwks_uri
if (StringUtils.isBlank(params.getClientJwksUri()) && StringUtils.isNotBlank(fallback.getClientJwksUri())) {
params.setClientJwksUri(fallback.getClientJwksUri());
}
// token_endpoint_auth_method
if (StringUtils.isBlank(params.getClientTokenEndpointAuthMethod()) && StringUtils.isNotBlank(fallback.getTokenEndpointAuthMethod())) {
params.setClientTokenEndpointAuthMethod(fallback.getTokenEndpointAuthMethod());
}
// token_endpoint_auth_signing_alg
if (StringUtils.isBlank(params.getClientTokenEndpointAuthSigningAlg()) && StringUtils.isNotBlank(fallback.getTokenEndpointAuthSigningAlg())) {
params.setClientTokenEndpointAuthSigningAlg(fallback.getTokenEndpointAuthSigningAlg());
}
// request_uris
if ((params.getClientRequestUris() == null || params.getClientRequestUris().isEmpty()) && (fallback.getRequestUris() != null && !fallback.getRequestUris().isEmpty())) {
params.setClientRequestUris(fallback.getRequestUris());
}
// front_channel_logout_uris
if (StringUtils.isBlank(params.getClientFrontchannelLogoutUri()) && StringUtils.isNotBlank(fallback.getFrontChannelLogoutUri())) {
params.setClientFrontchannelLogoutUri(fallback.getFrontChannelLogoutUri());
}
// sector_identifier_uri
if (StringUtils.isBlank(params.getClientSectorIdentifierUri()) && StringUtils.isNotBlank(fallback.getSectorIdentifierUri())) {
params.setClientSectorIdentifierUri(fallback.getSectorIdentifierUri());
}
// client_id
if (StringUtils.isBlank(params.getClientId()) && StringUtils.isNotBlank(fallback.getClientId())) {
params.setClientId(fallback.getClientId());
}
// client_secret
if (StringUtils.isBlank(params.getClientSecret()) && StringUtils.isNotBlank(fallback.getClientSecret())) {
params.setClientSecret(fallback.getClientSecret());
}
// access_token_signing_alg
if (StringUtils.isBlank(params.getAccessTokenSigningAlg()) && StringUtils.isNotBlank(fallback.getAccessTokenSigningAlg())) {
params.setAccessTokenSigningAlg(fallback.getAccessTokenSigningAlg());
}
// logo_uri
if (StringUtils.isBlank(params.getLogoUri()) && StringUtils.isNotBlank(fallback.getLogoUri())) {
params.setLogoUri(fallback.getLogoUri());
}
// client_uri
if (StringUtils.isBlank(params.getClientUri()) && StringUtils.isNotBlank(fallback.getClientUri())) {
params.setClientUri(fallback.getClientUri());
}
// policy_uri
if (StringUtils.isBlank(params.getPolicyUri()) && StringUtils.isNotBlank(fallback.getPolicyUri())) {
params.setPolicyUri(fallback.getPolicyUri());
}
// tos_uri
if (StringUtils.isBlank(params.getTosUri()) && StringUtils.isNotBlank(fallback.getTosUri())) {
params.setTosUri(fallback.getTosUri());
}
// jwks
if (StringUtils.isBlank(params.getJwks()) && StringUtils.isNotBlank(fallback.getJwks())) {
params.setJwks(fallback.getJwks());
}
// id_token_binding_cnf
if (StringUtils.isBlank(params.getIdTokenBindingCnf()) && StringUtils.isNotBlank(fallback.getIdTokenBindingCnf())) {
params.setIdTokenBindingCnf(fallback.getIdTokenBindingCnf());
}
// tls_client_auth_subject_dn
if (StringUtils.isBlank(params.getTlsClientAuthSubjectDn()) && StringUtils.isNotBlank(fallback.getTlsClientAuthSubjectDn())) {
params.setTlsClientAuthSubjectDn(fallback.getTlsClientAuthSubjectDn());
}
// id_token_signed_response_alg
if (StringUtils.isBlank(params.getIdTokenSignedResponseAlg()) && StringUtils.isNotBlank(fallback.getIdTokenSignedResponseAlg())) {
params.setIdTokenSignedResponseAlg(fallback.getIdTokenSignedResponseAlg());
}
// id_token_encrypted_response_alg
if (StringUtils.isBlank(params.getIdTokenEncryptedResponseAlg()) && StringUtils.isNotBlank(fallback.getIdTokenEncryptedResponseAlg())) {
params.setIdTokenEncryptedResponseAlg(fallback.getIdTokenEncryptedResponseAlg());
}
// id_token_encrypted_response_enc
if (StringUtils.isBlank(params.getIdTokenEncryptedResponseEnc()) && StringUtils.isNotBlank(fallback.getIdTokenEncryptedResponseEnc())) {
params.setIdTokenEncryptedResponseEnc(fallback.getIdTokenEncryptedResponseEnc());
}
// user_info_signed_response_alg
if (StringUtils.isBlank(params.getUserInfoSignedResponseAlg()) && StringUtils.isNotBlank(fallback.getUserInfoSignedResponseAlg())) {
params.setUserInfoSignedResponseAlg(fallback.getUserInfoSignedResponseAlg());
}
// user_info_encrypted_response_alg
if (StringUtils.isBlank(params.getUserInfoEncryptedResponseAlg()) && StringUtils.isNotBlank(fallback.getUserInfoEncryptedResponseAlg())) {
params.setUserInfoEncryptedResponseAlg(fallback.getUserInfoEncryptedResponseAlg());
}
// user_info_encrypted_response_enc
if (StringUtils.isBlank(params.getUserInfoEncryptedResponseEnc()) && StringUtils.isNotBlank(fallback.getUserInfoEncryptedResponseEnc())) {
params.setUserInfoEncryptedResponseEnc(fallback.getUserInfoEncryptedResponseEnc());
}
// request_object_signing_alg
if (StringUtils.isBlank(params.getRequestObjectSigningAlg()) && StringUtils.isNotBlank(fallback.getRequestObjectSigningAlg())) {
params.setRequestObjectSigningAlg(fallback.getRequestObjectSigningAlg());
}
// request_object_encryption_alg
if (StringUtils.isBlank(params.getRequestObjectEncryptionAlg()) && StringUtils.isNotBlank(fallback.getRequestObjectEncryptionAlg())) {
params.setRequestObjectEncryptionAlg(fallback.getRequestObjectEncryptionAlg());
}
// request_object_encryption_enc
if (StringUtils.isBlank(params.getRequestObjectEncryptionEnc()) && StringUtils.isNotBlank(fallback.getRequestObjectEncryptionEnc())) {
params.setRequestObjectEncryptionEnc(fallback.getRequestObjectEncryptionEnc());
}
// default_max_age
if (params.getDefaultMaxAge() == null && fallback.getDefaultMaxAge() != null) {
params.setDefaultMaxAge(fallback.getDefaultMaxAge());
}
// initiate_login_uri
if (StringUtils.isBlank(params.getInitiateLoginUri()) && StringUtils.isNotBlank(fallback.getInitiateLoginUri())) {
params.setInitiateLoginUri(fallback.getInitiateLoginUri());
}
// authorized_origins
if ((params.getAuthorizedOrigins() == null || params.getAuthorizedOrigins().isEmpty()) && (fallback.getAuthorizedOrigins() != null && !fallback.getAuthorizedOrigins().isEmpty())) {
params.setAuthorizedOrigins(fallback.getAuthorizedOrigins());
}
// access_token_lifetime
if (params.getAccessTokenLifetime() == null && fallback.getAccessTokenLifetime() != null) {
params.setAccessTokenLifetime(fallback.getAccessTokenLifetime());
}
// software_id
if (StringUtils.isBlank(params.getSoftwareId()) && StringUtils.isNotBlank(fallback.getSoftwareId())) {
params.setSoftwareId(fallback.getSoftwareId());
}
// software_version
if (StringUtils.isBlank(params.getSoftwareVersion()) && StringUtils.isNotBlank(fallback.getSoftwareVersion())) {
params.setSoftwareVersion(fallback.getSoftwareVersion());
}
// software_statement
if (StringUtils.isBlank(params.getSoftwareStatement()) && StringUtils.isNotBlank(fallback.getSoftwareStatement())) {
params.setSoftwareStatement(fallback.getSoftwareStatement());
}
// custom_attributes
if ((params.getCustomAttributes() == null || params.getCustomAttributes().isEmpty()) && (fallback.getCustomAttributes() != null && !fallback.getCustomAttributes().isEmpty())) {
params.setCustomAttributes(fallback.getCustomAttributes());
}
// access_token_as_jwt
if (params.getAccessTokenAsJwt() == null) {
params.setAccessTokenAsJwt(fallback.getAccessTokenAsJwt());
}
// rpt_as_jwt
if (params.getRptAsJwt() == null) {
params.setRptAsJwt(fallback.getRptAsJwt());
}
// front_channel_logout_session_required
if (params.getFrontChannelLogoutSessionRequired() == null) {
params.setFrontChannelLogoutSessionRequired(fallback.getFrontChannelLogoutSessionRequired());
}
// run_introspection_script_beforeaccess_token_as_jwt_creation_and_include_claims
if (params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() == null) {
params.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(fallback.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
}
// require_auth_time
if (params.getRequireAuthTime() == null) {
params.setRequireAuthTime(fallback.getRequireAuthTime());
}
}
Also used :
StringUtils(org.apache.commons.lang.StringUtils)
SubjectType(io.jans.as.model.common.SubjectType)
RegisterSiteParams(io.jans.ca.common.params.RegisterSiteParams)
Utils(io.jans.ca.server.Utils)
LoggerFactory(org.slf4j.LoggerFactory)
RegisterRequestMapper(io.jans.ca.server.mapper.RegisterRequestMapper)
BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)
NumberUtils(org.apache.commons.lang.math.NumberUtils)
ArrayList(java.util.ArrayList)
HttpException(io.jans.ca.server.HttpException)
Strings(com.google.common.base.Strings)
ApplicationType(io.jans.as.model.register.ApplicationType)
ErrorResponseCode(io.jans.ca.common.ErrorResponseCode)
IOpResponse(io.jans.ca.common.response.IOpResponse)
Lists(com.google.common.collect.Lists)
CollectionUtils(org.apache.commons.collections.CollectionUtils)
RegisterClient(io.jans.as.client.RegisterClient)
Command(io.jans.ca.common.Command)
Logger(org.slf4j.Logger)
Set(java.util.Set)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
UUID(java.util.UUID)
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterSiteResponse(io.jans.ca.common.response.RegisterSiteResponse)
Sets(com.google.common.collect.Sets)
Injector(com.google.inject.Injector)
UmaMetadata(io.jans.as.model.uma.UmaMetadata)
RegisterResponse(io.jans.as.client.RegisterResponse)
List(java.util.List)
AuthenticationMethod(io.jans.as.model.common.AuthenticationMethod)
Preconditions(com.google.common.base.Preconditions)
GrantType(io.jans.as.model.common.GrantType)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
Rp(io.jans.ca.server.service.Rp)
UmaMetadata(io.jans.as.model.uma.UmaMetadata)
HttpException(io.jans.ca.server.HttpException)
Rp(io.jans.ca.server.service.Rp)
Example 3 with HttpException
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class RegisterSiteOperation method persistRp.
private void persistRp(String rpId, RegisterSiteParams params) {
try {
final RegisterRequest registerRequest = createRegisterClientRequest(params, rpId);
rp = createRp(registerRequest);
rp.setRpId(rpId);
rp.setApplicationType("web");
rp.setOpHost(getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer());
rp.setOpDiscoveryPath(params.getOpDiscoveryPath());
rp.setOpConfigurationEndpoint(params.getOpConfigurationEndpoint());
rp.setUiLocales(params.getUiLocales());
rp.setSyncClientFromOp(params.getSyncClientFromOp());
rp.setSyncClientPeriodInSeconds(params.getSyncClientPeriodInSeconds());
if (!hasClient(params)) {
final RegisterResponse registerResponse = registerClient(params, registerRequest);
rp.setClientId(registerResponse.getClientId());
rp.setClientSecret(registerResponse.getClientSecret());
rp.setClientRegistrationAccessToken(registerResponse.getRegistrationAccessToken());
rp.setClientRegistrationClientUri(registerResponse.getRegistrationClientUri());
rp.setClientIdIssuedAt(registerResponse.getClientIdIssuedAt());
rp.setClientSecretExpiresAt(registerResponse.getClientSecretExpiresAt());
} else {
rp.setClientId(params.getClientId());
rp.setClientSecret(params.getClientSecret());
}
getRpService().create(rp);
} catch (HttpException e) {
throw e;
} catch (Exception e) {
LOG.error("Failed to persist site configuration, params: " + params, e);
throw new RuntimeException(e);
}
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
HttpException(io.jans.ca.server.HttpException)
HttpException(io.jans.ca.server.HttpException)
Example 4 with HttpException
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class RsProtectOperation method validate.
private void validate(RsProtectParams params) {
if (params.getResources() == null || params.getResources().isEmpty()) {
throw new HttpException(ErrorResponseCode.NO_UMA_RESOURCES_TO_PROTECT);
}
if (!ResourceValidator.isHttpMethodUniqueInPath(params.getResources())) {
throw new HttpException(ErrorResponseCode.UMA_HTTP_METHOD_NOT_UNIQUE);
}
if (params.getResources() != null) {
for (RsResource resource : params.getResources()) {
if (resource.getConditions() != null) {
for (Condition condition : resource.getConditions()) {
if (condition.getScopeExpression() != null) {
String json = condition.getScopeExpression().toString();
if (StringUtils.isNotBlank(json) && !json.equalsIgnoreCase("null")) {
boolean nodeValid = JsonLogicNodeParser.isNodeValid(json);
LOG.trace("Scope expression validator - Valid: " + nodeValid + ", expression: " + json);
if (!nodeValid) {
throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
}
validateScopeExpression(json);
}
}
}
}
}
}
Rp rp = getRp();
List<UmaResource> existingUmaResources = rp.getUmaProtectedResources();
if (existingUmaResources != null && !existingUmaResources.isEmpty()) {
if (params.getOverwrite() == null || !params.getOverwrite()) {
throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS);
} else {
// remove existing resources, overwrite=true
UmaMetadata discovery = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId());
String pat = getUmaTokenService().getPat(params.getRpId()).getToken();
UmaResourceService resourceService = UmaClientFactory.instance().createResourceService(discovery, getHttpService().getClientEngine());
for (UmaResource resource : existingUmaResources) {
LOG.trace("Removing existing resource " + resource.getId() + " ...");
resourceService.deleteResource("Bearer " + pat, resource.getId());
LOG.trace("Removed existing resource " + resource.getId() + ".");
}
rp.getUmaProtectedResources().clear();
getRpService().updateSilently(rp);
}
}
}
Also used :
Condition(io.jans.ca.rs.protect.Condition)
UmaMetadata(io.jans.as.model.uma.UmaMetadata)
RsResource(io.jans.ca.rs.protect.RsResource)
UmaResourceService(io.jans.as.client.uma.UmaResourceService)
HttpException(io.jans.ca.server.HttpException)
Rp(io.jans.ca.server.service.Rp)
UmaResource(io.jans.ca.server.model.UmaResource)
Example 5 with HttpException
use of io.jans.ca.server.HttpException in project jans by JanssenProject.
the class DiscoveryService method getUmaDiscovery.
public UmaMetadata getUmaDiscovery(String opConfigurationEndpoint) {
validationService.validateOpConfigurationEndpoint(opConfigurationEndpoint);
try {
final UmaMetadata r = umaMap.get(opConfigurationEndpoint);
if (r != null) {
validationService.isOpHostAllowed(r.getIssuer());
return r;
}
final UmaMetadata response = opClientFactory.createUmaClientFactory().createMetadataService(getUmaDiscoveryUrl(opConfigurationEndpoint), httpService.getClientEngine()).getMetadata();
LOG.trace("Uma discovery response: {} ", response);
umaMap.put(opConfigurationEndpoint, response);
validationService.isOpHostAllowed(response.getIssuer());
return response;
} catch (Exception e) {
LOG.error(e.getMessage(), e);
}
LOG.error("Unable to fetch UMA discovery information for op_configuration_endpoint: {}", opConfigurationEndpoint);
throw new HttpException(ErrorResponseCode.NO_UMA_DISCOVERY_RESPONSE);
}
Also used :
UmaMetadata(io.jans.as.model.uma.UmaMetadata)
HttpException(io.jans.ca.server.HttpException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
IOException(java.io.IOException)
HttpException(io.jans.ca.server.HttpException)
WebApplicationException(javax.ws.rs.WebApplicationException)
Aggregations
HttpException (io.jans.ca.server.HttpException)34
Jwt (io.jans.as.model.jwt.Jwt)10
Rp (io.jans.ca.server.service.Rp)9
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)8
OpenIdConfigurationResponse (io.jans.as.client.OpenIdConfigurationResponse)6
InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)6
Test (org.testng.annotations.Test)6
RegisterResponse (io.jans.as.client.RegisterResponse)5
RegisterClient (io.jans.as.client.RegisterClient)4
RegisterRequest (io.jans.as.client.RegisterRequest)4
AuthenticationMethod (io.jans.as.model.common.AuthenticationMethod)4
UmaMetadata (io.jans.as.model.uma.UmaMetadata)4
IOException (java.io.IOException)4
TokenClient (io.jans.as.client.TokenClient)3
TokenResponse (io.jans.as.client.TokenResponse)3
GrantType (io.jans.as.model.common.GrantType)3
SubjectType (io.jans.as.model.common.SubjectType)3
BlockEncryptionAlgorithm (io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)3
KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)3
Strings (com.google.common.base.Strings)2
