Search in sources :

Example 1 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class RegisterSiteOperation method createRegisterClientRequest.

private RegisterRequest createRegisterClientRequest(RegisterSiteParams params, String rpId) {
    String clientName = "jans_client_api client for rp: " + rpId;
    if (!Strings.isNullOrEmpty(params.getClientName())) {
        clientName = params.getClientName();
    }
    final RegisterRequest request = new RegisterRequest(ApplicationType.WEB, clientName, params.getRedirectUris());
    request.setResponseTypesStrings(params.getResponseTypes());
    request.setJwksUri(params.getClientJwksUri());
    request.setClaimsRedirectUris(params.getClaimsRedirectUri() != null ? params.getClaimsRedirectUri() : new ArrayList<String>());
    request.setPostLogoutRedirectUris(params.getPostLogoutRedirectUris() != null ? params.getPostLogoutRedirectUris() : Lists.newArrayList());
    request.setContacts(params.getContacts());
    request.setScope(params.getScope());
    request.setDefaultAcrValues(params.getAcrValues());
    if (StringUtils.isNotBlank(params.getClientTokenEndpointAuthSigningAlg())) {
        SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getClientTokenEndpointAuthSigningAlg());
        if (signatureAlgorithms == null) {
            LOG.error("Received invalid algorithm in `client_token_endpoint_auth_signing_alg` property. Value: " + params.getClientTokenEndpointAuthSigningAlg());
            throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
        }
        request.setTokenEndpointAuthSigningAlg(signatureAlgorithms);
    }
    if (StringUtils.isNotBlank(rpId)) {
        request.addCustomAttribute("rp_id", rpId);
    }
    List<GrantType> grantTypes = Lists.newArrayList();
    for (String grantType : params.getGrantTypes()) {
        grantTypes.add(GrantType.fromString(grantType));
    }
    request.setGrantTypes(grantTypes);
    if (StringUtils.isNotBlank(params.getClientFrontchannelLogoutUri())) {
        request.setFrontChannelLogoutUri(params.getClientFrontchannelLogoutUri());
    }
    if (StringUtils.isNotBlank(params.getClientTokenEndpointAuthMethod())) {
        final AuthenticationMethod authenticationMethod = AuthenticationMethod.fromString(params.getClientTokenEndpointAuthMethod());
        if (authenticationMethod != null) {
            request.setTokenEndpointAuthMethod(authenticationMethod);
        }
    }
    if (params.getClientRequestUris() != null && !params.getClientRequestUris().isEmpty()) {
        request.setRequestUris(params.getClientRequestUris());
    }
    if (!Strings.isNullOrEmpty(params.getClientSectorIdentifierUri())) {
        request.setSectorIdentifierUri(params.getClientSectorIdentifierUri());
    }
    request.setAccessTokenAsJwt(params.getAccessTokenAsJwt());
    request.setAccessTokenSigningAlg(SignatureAlgorithm.fromString(params.getAccessTokenSigningAlg()));
    request.setRptAsJwt(params.getRptAsJwt());
    if (!Strings.isNullOrEmpty(params.getLogoUri())) {
        request.setLogoUri(params.getLogoUri());
    }
    if (!Strings.isNullOrEmpty(params.getClientUri())) {
        request.setClientUri(params.getClientUri());
    }
    if (!Strings.isNullOrEmpty(params.getPolicyUri())) {
        request.setPolicyUri(params.getPolicyUri());
    }
    if (params.getFrontChannelLogoutSessionRequired() != null) {
        request.setFrontChannelLogoutSessionRequired(params.getFrontChannelLogoutSessionRequired());
    }
    if (!Strings.isNullOrEmpty(params.getTosUri())) {
        request.setTosUri(params.getTosUri());
    }
    if (!Strings.isNullOrEmpty(params.getJwks())) {
        request.setJwks(params.getJwks());
    }
    if (!Strings.isNullOrEmpty(params.getIdTokenBindingCnf())) {
        request.setIdTokenTokenBindingCnf(params.getIdTokenBindingCnf());
    }
    if (!Strings.isNullOrEmpty(params.getTlsClientAuthSubjectDn())) {
        request.setTlsClientAuthSubjectDn(params.getTlsClientAuthSubjectDn());
    }
    if (!Strings.isNullOrEmpty(params.getSubjectType())) {
        SubjectType subjectType = SubjectType.fromString(params.getSubjectType());
        if (subjectType == null) {
            LOG.error("Received invalid values in `subject_type` property. Value: " + params.getSubjectType());
            throw new HttpException(ErrorResponseCode.INVALID_SUBJECT_TYPE);
        }
        request.setSubjectType(subjectType);
    }
    if (params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() != null) {
        request.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
    }
    if (!Strings.isNullOrEmpty(params.getIdTokenSignedResponseAlg())) {
        SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getIdTokenSignedResponseAlg());
        if (signatureAlgorithms == null) {
            LOG.error("Received invalid algorithm in `id_token_signed_response_alg` property. Value: " + params.getIdTokenSignedResponseAlg());
            throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
        }
        if (signatureAlgorithms == SignatureAlgorithm.NONE && !getConfigurationService().getConfiguration().getAcceptIdTokenWithoutSignature()) {
            LOG.error("`ID_TOKEN` without signature is not allowed. To allow `ID_TOKEN` without signature set `accept_id_token_without_signature` field to 'true' in client-api-server.yml.");
            throw new HttpException(ErrorResponseCode.ID_TOKEN_WITHOUT_SIGNATURE_NOT_ALLOWED);
        }
        request.setIdTokenSignedResponseAlg(signatureAlgorithms);
    }
    if (!Strings.isNullOrEmpty(params.getIdTokenEncryptedResponseAlg())) {
        KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getIdTokenEncryptedResponseAlg());
        if (keyEncryptionAlgorithms == null) {
            LOG.error("Received invalid algorithm in `id_token_encrypted_response_alg` property. Value: " + params.getIdTokenEncryptedResponseAlg());
            throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
        }
        request.setIdTokenEncryptedResponseAlg(keyEncryptionAlgorithms);
    }
    if (!Strings.isNullOrEmpty(params.getIdTokenEncryptedResponseEnc())) {
        BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getIdTokenEncryptedResponseEnc());
        if (blockEncryptionAlgorithms == null) {
            LOG.error("Received invalid algorithm in `id_token_encrypted_response_enc` property. Value: " + params.getIdTokenEncryptedResponseEnc());
            throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
        }
        request.setIdTokenEncryptedResponseEnc(blockEncryptionAlgorithms);
    }
    if (!Strings.isNullOrEmpty(params.getUserInfoSignedResponseAlg())) {
        SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getUserInfoSignedResponseAlg());
        if (signatureAlgorithms == null) {
            LOG.error("Received invalid algorithm in `user_info_signed_response_alg` property. Value: " + params.getUserInfoSignedResponseAlg());
            throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
        }
        request.setUserInfoSignedResponseAlg(signatureAlgorithms);
    }
    if (!Strings.isNullOrEmpty(params.getUserInfoEncryptedResponseAlg())) {
        KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getUserInfoEncryptedResponseAlg());
        if (keyEncryptionAlgorithms == null) {
            LOG.error("Received invalid algorithm in `user_info_encrypted_response_alg` property. Value: " + params.getUserInfoEncryptedResponseAlg());
            throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
        }
        request.setUserInfoEncryptedResponseAlg(keyEncryptionAlgorithms);
    }
    if (!Strings.isNullOrEmpty(params.getUserInfoEncryptedResponseEnc())) {
        BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getUserInfoEncryptedResponseEnc());
        if (blockEncryptionAlgorithms == null) {
            LOG.error("Received invalid algorithm in `user_info_encrypted_response_enc` property. Value: " + params.getUserInfoEncryptedResponseEnc());
            throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
        }
        request.setUserInfoEncryptedResponseEnc(blockEncryptionAlgorithms);
    }
    if (!Strings.isNullOrEmpty(params.getRequestObjectSigningAlg())) {
        SignatureAlgorithm signatureAlgorithms = SignatureAlgorithm.fromString(params.getRequestObjectSigningAlg());
        if (signatureAlgorithms == null) {
            LOG.error("Received invalid algorithm in `request_object_signing_alg` property. Value: " + params.getRequestObjectSigningAlg());
            throw new HttpException(ErrorResponseCode.INVALID_SIGNATURE_ALGORITHM);
        }
        request.setRequestObjectSigningAlg(signatureAlgorithms);
    }
    if (!Strings.isNullOrEmpty(params.getRequestObjectEncryptionAlg())) {
        KeyEncryptionAlgorithm keyEncryptionAlgorithms = KeyEncryptionAlgorithm.fromName(params.getRequestObjectEncryptionAlg());
        if (keyEncryptionAlgorithms == null) {
            LOG.error("Received invalid algorithm in `request_object_encryption_alg` property. Value: " + params.getRequestObjectEncryptionAlg());
            throw new HttpException(ErrorResponseCode.INVALID_KEY_ENCRYPTION_ALGORITHM);
        }
        request.setRequestObjectEncryptionAlg(keyEncryptionAlgorithms);
    }
    if (!Strings.isNullOrEmpty(params.getRequestObjectEncryptionEnc())) {
        BlockEncryptionAlgorithm blockEncryptionAlgorithms = BlockEncryptionAlgorithm.fromName(params.getRequestObjectEncryptionEnc());
        if (blockEncryptionAlgorithms == null) {
            LOG.error("Received invalid algorithm in `request_object_encryption_enc` property. Value: " + params.getRequestObjectEncryptionEnc());
            throw new HttpException(ErrorResponseCode.INVALID_BLOCK_ENCRYPTION_ALGORITHM);
        }
        request.setRequestObjectEncryptionEnc(blockEncryptionAlgorithms);
    }
    if (params.getDefaultMaxAge() != null && NumberUtils.isNumber(params.getDefaultMaxAge().toString())) {
        request.setDefaultMaxAge(params.getDefaultMaxAge());
    }
    if (params.getRequireAuthTime() != null) {
        request.setRequireAuthTime(params.getRequireAuthTime());
    }
    if (!Strings.isNullOrEmpty(params.getInitiateLoginUri())) {
        request.setInitiateLoginUri(params.getInitiateLoginUri());
    }
    if (params.getAuthorizedOrigins() != null && !params.getAuthorizedOrigins().isEmpty()) {
        request.setAuthorizedOrigins(params.getAuthorizedOrigins());
    }
    if (params.getAccessTokenLifetime() != null && NumberUtils.isNumber(params.getAccessTokenLifetime().toString())) {
        request.setAccessTokenLifetime(params.getAccessTokenLifetime());
    }
    if (!Strings.isNullOrEmpty(params.getSoftwareId())) {
        request.setSoftwareId(params.getSoftwareId());
    }
    if (!Strings.isNullOrEmpty(params.getSoftwareVersion())) {
        request.setSoftwareVersion(params.getSoftwareVersion());
    }
    if (!Strings.isNullOrEmpty(params.getSoftwareStatement())) {
        request.setSoftwareStatement(params.getSoftwareStatement());
    }
    if (params.getAllowSpontaneousScopes() != null) {
        request.setAllowSpontaneousScopes(params.getAllowSpontaneousScopes());
    }
    if (CollectionUtils.isNotEmpty(params.getSpontaneousScopes())) {
        request.setSpontaneousScopes(params.getSpontaneousScopes());
    }
    if (params.getCustomAttributes() != null && !params.getCustomAttributes().isEmpty()) {
        params.getCustomAttributes().entrySet().removeIf(entry -> entry.getKey().contains("oxAuthTrustedClient"));
        params.getCustomAttributes().entrySet().stream().forEach(e -> {
            request.addCustomAttribute(e.getKey(), e.getValue());
        });
    }
    return request;
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) SubjectType(io.jans.as.model.common.SubjectType) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) ArrayList(java.util.ArrayList) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) HttpException(io.jans.ca.server.HttpException) GrantType(io.jans.as.model.common.GrantType) AuthenticationMethod(io.jans.as.model.common.AuthenticationMethod) BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)

Example 2 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class RegisterSiteOperation method validateParametersAndFallbackIfNeeded.

private void validateParametersAndFallbackIfNeeded(RegisterSiteParams params) {
    if (StringUtils.isNotBlank(params.getClientId()) && StringUtils.isBlank(params.getClientSecret())) {
        throw new HttpException(ErrorResponseCode.INVALID_CLIENT_SECRET_REQUIRED);
    }
    if (StringUtils.isNotBlank(params.getClientSecret()) && StringUtils.isBlank(params.getClientId())) {
        throw new HttpException(ErrorResponseCode.INVALID_CLIENT_ID_REQUIRED);
    }
    Rp fallback = getConfigurationService().defaultRp();
    // op_configuration_endpoint
    LOG.info("Either 'op_configuration_endpoint' or 'op_host' should be set. jans_client_api will now check which of these parameter is available.");
    if (StringUtils.isBlank(params.getOpConfigurationEndpoint())) {
        LOG.warn("'op_configuration_endpoint' is not set for parameter: " + params + ". Look up at configuration file for fallback of 'op_configuration_endpoint'.");
        String fallbackOpConfigurationEndpoint = fallback.getOpConfigurationEndpoint();
        if (StringUtils.isNotBlank(fallbackOpConfigurationEndpoint)) {
            LOG.warn("Fallback to op_configuration_endpoint: " + fallbackOpConfigurationEndpoint + ", from configuration file.");
            params.setOpConfigurationEndpoint(fallbackOpConfigurationEndpoint);
        }
    }
    // op_host
    if (Strings.isNullOrEmpty(params.getOpHost()) && Strings.isNullOrEmpty(params.getOpConfigurationEndpoint())) {
        LOG.error("Either 'op_configuration_endpoint' or 'op_host' should be set. Parameter: " + params);
        throw new HttpException(ErrorResponseCode.INVALID_OP_HOST_AND_CONFIGURATION_ENDPOINT);
    }
    // grant_type
    List<String> grantTypes = Lists.newArrayList();
    if (params.getGrantTypes() != null && !params.getGrantTypes().isEmpty()) {
        grantTypes.addAll(params.getGrantTypes());
    }
    if (grantTypes.isEmpty() && fallback.getGrantType() != null && !fallback.getGrantType().isEmpty()) {
        grantTypes.addAll(fallback.getGrantType());
    }
    if (!grantTypes.contains(GrantType.CLIENT_CREDENTIALS.getValue()) && getConfigurationService().getConfiguration().getAddClientCredentialsGrantTypeAutomaticallyDuringClientRegistration()) {
        grantTypes.add(GrantType.CLIENT_CREDENTIALS.getValue());
    }
    params.setGrantTypes(grantTypes);
    // post_logout_redirect_uri
    if (params.getPostLogoutRedirectUris() != null && params.getPostLogoutRedirectUris().isEmpty() && fallback.getPostLogoutRedirectUris() != null && !fallback.getPostLogoutRedirectUris().isEmpty()) {
        params.setPostLogoutRedirectUris(fallback.getPostLogoutRedirectUris());
    }
    // response_type
    List<String> responseTypes = Lists.newArrayList();
    if (params.getResponseTypes() != null && !params.getResponseTypes().isEmpty()) {
        responseTypes.addAll(params.getResponseTypes());
    }
    if (responseTypes.isEmpty() && fallback.getResponseTypes() != null && !fallback.getResponseTypes().isEmpty()) {
        responseTypes.addAll(fallback.getResponseTypes());
    }
    if (responseTypes.isEmpty()) {
        responseTypes.add("code");
    }
    params.setResponseTypes(responseTypes);
    // redirect_uris
    if (params.getRedirectUris() == null || params.getRedirectUris().isEmpty()) {
        params.setRedirectUris(fallback.getRedirectUris());
    }
    Set<String> redirectUris = Sets.newLinkedHashSet();
    if (params.getRedirectUris() != null && !params.getRedirectUris().isEmpty() && params.getRedirectUris().stream().allMatch(uri -> Utils.isValidUrl(uri))) {
        redirectUris.addAll(params.getRedirectUris());
    } else {
        throw new HttpException(ErrorResponseCode.INVALID_REDIRECT_URI);
    }
    final Boolean autoRegister = getConfigurationService().getConfiguration().getUma2AuthRegisterClaimsGatheringEndpointAsRedirectUriOfClient();
    if (autoRegister != null && autoRegister && !redirectUris.isEmpty()) {
        String first = redirectUris.iterator().next();
        if (first.contains(getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer())) {
            final UmaMetadata discovery = getDiscoveryService().getUmaDiscovery(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath());
            String autoRedirectUri = discovery.getClaimsInteractionEndpoint() + "?authentication=true";
            LOG.trace("Register claims interaction endpoint as redirect_uri: " + autoRedirectUri);
            redirectUris.add(autoRedirectUri);
        } else {
            LOG.trace("Skip auto registration of claims interaction endpoint as redirect_uri because OP host for different uri's is different which will not pass AS redirect_uri's validation (same host must be present).");
        }
    }
    params.setRedirectUris(Lists.newArrayList(redirectUris));
    // claims_redirect_uri
    if ((params.getClaimsRedirectUri() == null || params.getClaimsRedirectUri().isEmpty()) && (fallback.getClaimsRedirectUri() != null && !fallback.getClaimsRedirectUri().isEmpty())) {
        params.setClaimsRedirectUri(fallback.getClaimsRedirectUri());
    }
    Set<String> claimsRedirectUris = Sets.newHashSet();
    if (params.getClaimsRedirectUri() != null && !params.getClaimsRedirectUri().isEmpty()) {
        claimsRedirectUris.addAll(params.getClaimsRedirectUri());
    }
    params.setClaimsRedirectUri(Lists.newArrayList(claimsRedirectUris));
    // scope
    if (params.getScope() == null || params.getScope().isEmpty()) {
        params.setScope(fallback.getScope());
    }
    if (params.getScope() == null || params.getScope().isEmpty()) {
        throw new HttpException(ErrorResponseCode.INVALID_SCOPE);
    }
    // acr_values
    if (params.getAcrValues() == null || params.getAcrValues().isEmpty()) {
        params.setAcrValues(fallback.getAcrValues());
    }
    // client_jwks_uri
    if (Strings.isNullOrEmpty(params.getClientJwksUri()) && !Strings.isNullOrEmpty(fallback.getClientJwksUri())) {
        params.setClientJwksUri(fallback.getClientJwksUri());
    }
    // contacts
    if (params.getContacts() == null || params.getContacts().isEmpty()) {
        params.setContacts(fallback.getContacts());
    }
    // ui_locales
    if (params.getUiLocales() == null || params.getUiLocales().isEmpty()) {
        params.setUiLocales(fallback.getUiLocales());
    }
    // claims_locales
    if ((params.getClaimsLocales() == null || params.getClaimsLocales().isEmpty()) && (fallback.getClaimsLocales() != null && !fallback.getClaimsLocales().isEmpty())) {
        params.setClaimsLocales(fallback.getClaimsLocales());
    }
    // client_name
    if (StringUtils.isBlank(params.getClientName()) && StringUtils.isNotBlank(fallback.getClientName())) {
        params.setClientName(fallback.getClientName());
    }
    // client_jwks_uri
    if (StringUtils.isBlank(params.getClientJwksUri()) && StringUtils.isNotBlank(fallback.getClientJwksUri())) {
        params.setClientJwksUri(fallback.getClientJwksUri());
    }
    // token_endpoint_auth_method
    if (StringUtils.isBlank(params.getClientTokenEndpointAuthMethod()) && StringUtils.isNotBlank(fallback.getTokenEndpointAuthMethod())) {
        params.setClientTokenEndpointAuthMethod(fallback.getTokenEndpointAuthMethod());
    }
    // token_endpoint_auth_signing_alg
    if (StringUtils.isBlank(params.getClientTokenEndpointAuthSigningAlg()) && StringUtils.isNotBlank(fallback.getTokenEndpointAuthSigningAlg())) {
        params.setClientTokenEndpointAuthSigningAlg(fallback.getTokenEndpointAuthSigningAlg());
    }
    // request_uris
    if ((params.getClientRequestUris() == null || params.getClientRequestUris().isEmpty()) && (fallback.getRequestUris() != null && !fallback.getRequestUris().isEmpty())) {
        params.setClientRequestUris(fallback.getRequestUris());
    }
    // front_channel_logout_uris
    if (StringUtils.isBlank(params.getClientFrontchannelLogoutUri()) && StringUtils.isNotBlank(fallback.getFrontChannelLogoutUri())) {
        params.setClientFrontchannelLogoutUri(fallback.getFrontChannelLogoutUri());
    }
    // sector_identifier_uri
    if (StringUtils.isBlank(params.getClientSectorIdentifierUri()) && StringUtils.isNotBlank(fallback.getSectorIdentifierUri())) {
        params.setClientSectorIdentifierUri(fallback.getSectorIdentifierUri());
    }
    // client_id
    if (StringUtils.isBlank(params.getClientId()) && StringUtils.isNotBlank(fallback.getClientId())) {
        params.setClientId(fallback.getClientId());
    }
    // client_secret
    if (StringUtils.isBlank(params.getClientSecret()) && StringUtils.isNotBlank(fallback.getClientSecret())) {
        params.setClientSecret(fallback.getClientSecret());
    }
    // access_token_signing_alg
    if (StringUtils.isBlank(params.getAccessTokenSigningAlg()) && StringUtils.isNotBlank(fallback.getAccessTokenSigningAlg())) {
        params.setAccessTokenSigningAlg(fallback.getAccessTokenSigningAlg());
    }
    // logo_uri
    if (StringUtils.isBlank(params.getLogoUri()) && StringUtils.isNotBlank(fallback.getLogoUri())) {
        params.setLogoUri(fallback.getLogoUri());
    }
    // client_uri
    if (StringUtils.isBlank(params.getClientUri()) && StringUtils.isNotBlank(fallback.getClientUri())) {
        params.setClientUri(fallback.getClientUri());
    }
    // policy_uri
    if (StringUtils.isBlank(params.getPolicyUri()) && StringUtils.isNotBlank(fallback.getPolicyUri())) {
        params.setPolicyUri(fallback.getPolicyUri());
    }
    // tos_uri
    if (StringUtils.isBlank(params.getTosUri()) && StringUtils.isNotBlank(fallback.getTosUri())) {
        params.setTosUri(fallback.getTosUri());
    }
    // jwks
    if (StringUtils.isBlank(params.getJwks()) && StringUtils.isNotBlank(fallback.getJwks())) {
        params.setJwks(fallback.getJwks());
    }
    // id_token_binding_cnf
    if (StringUtils.isBlank(params.getIdTokenBindingCnf()) && StringUtils.isNotBlank(fallback.getIdTokenBindingCnf())) {
        params.setIdTokenBindingCnf(fallback.getIdTokenBindingCnf());
    }
    // tls_client_auth_subject_dn
    if (StringUtils.isBlank(params.getTlsClientAuthSubjectDn()) && StringUtils.isNotBlank(fallback.getTlsClientAuthSubjectDn())) {
        params.setTlsClientAuthSubjectDn(fallback.getTlsClientAuthSubjectDn());
    }
    // id_token_signed_response_alg
    if (StringUtils.isBlank(params.getIdTokenSignedResponseAlg()) && StringUtils.isNotBlank(fallback.getIdTokenSignedResponseAlg())) {
        params.setIdTokenSignedResponseAlg(fallback.getIdTokenSignedResponseAlg());
    }
    // id_token_encrypted_response_alg
    if (StringUtils.isBlank(params.getIdTokenEncryptedResponseAlg()) && StringUtils.isNotBlank(fallback.getIdTokenEncryptedResponseAlg())) {
        params.setIdTokenEncryptedResponseAlg(fallback.getIdTokenEncryptedResponseAlg());
    }
    // id_token_encrypted_response_enc
    if (StringUtils.isBlank(params.getIdTokenEncryptedResponseEnc()) && StringUtils.isNotBlank(fallback.getIdTokenEncryptedResponseEnc())) {
        params.setIdTokenEncryptedResponseEnc(fallback.getIdTokenEncryptedResponseEnc());
    }
    // user_info_signed_response_alg
    if (StringUtils.isBlank(params.getUserInfoSignedResponseAlg()) && StringUtils.isNotBlank(fallback.getUserInfoSignedResponseAlg())) {
        params.setUserInfoSignedResponseAlg(fallback.getUserInfoSignedResponseAlg());
    }
    // user_info_encrypted_response_alg
    if (StringUtils.isBlank(params.getUserInfoEncryptedResponseAlg()) && StringUtils.isNotBlank(fallback.getUserInfoEncryptedResponseAlg())) {
        params.setUserInfoEncryptedResponseAlg(fallback.getUserInfoEncryptedResponseAlg());
    }
    // user_info_encrypted_response_enc
    if (StringUtils.isBlank(params.getUserInfoEncryptedResponseEnc()) && StringUtils.isNotBlank(fallback.getUserInfoEncryptedResponseEnc())) {
        params.setUserInfoEncryptedResponseEnc(fallback.getUserInfoEncryptedResponseEnc());
    }
    // request_object_signing_alg
    if (StringUtils.isBlank(params.getRequestObjectSigningAlg()) && StringUtils.isNotBlank(fallback.getRequestObjectSigningAlg())) {
        params.setRequestObjectSigningAlg(fallback.getRequestObjectSigningAlg());
    }
    // request_object_encryption_alg
    if (StringUtils.isBlank(params.getRequestObjectEncryptionAlg()) && StringUtils.isNotBlank(fallback.getRequestObjectEncryptionAlg())) {
        params.setRequestObjectEncryptionAlg(fallback.getRequestObjectEncryptionAlg());
    }
    // request_object_encryption_enc
    if (StringUtils.isBlank(params.getRequestObjectEncryptionEnc()) && StringUtils.isNotBlank(fallback.getRequestObjectEncryptionEnc())) {
        params.setRequestObjectEncryptionEnc(fallback.getRequestObjectEncryptionEnc());
    }
    // default_max_age
    if (params.getDefaultMaxAge() == null && fallback.getDefaultMaxAge() != null) {
        params.setDefaultMaxAge(fallback.getDefaultMaxAge());
    }
    // initiate_login_uri
    if (StringUtils.isBlank(params.getInitiateLoginUri()) && StringUtils.isNotBlank(fallback.getInitiateLoginUri())) {
        params.setInitiateLoginUri(fallback.getInitiateLoginUri());
    }
    // authorized_origins
    if ((params.getAuthorizedOrigins() == null || params.getAuthorizedOrigins().isEmpty()) && (fallback.getAuthorizedOrigins() != null && !fallback.getAuthorizedOrigins().isEmpty())) {
        params.setAuthorizedOrigins(fallback.getAuthorizedOrigins());
    }
    // access_token_lifetime
    if (params.getAccessTokenLifetime() == null && fallback.getAccessTokenLifetime() != null) {
        params.setAccessTokenLifetime(fallback.getAccessTokenLifetime());
    }
    // software_id
    if (StringUtils.isBlank(params.getSoftwareId()) && StringUtils.isNotBlank(fallback.getSoftwareId())) {
        params.setSoftwareId(fallback.getSoftwareId());
    }
    // software_version
    if (StringUtils.isBlank(params.getSoftwareVersion()) && StringUtils.isNotBlank(fallback.getSoftwareVersion())) {
        params.setSoftwareVersion(fallback.getSoftwareVersion());
    }
    // software_statement
    if (StringUtils.isBlank(params.getSoftwareStatement()) && StringUtils.isNotBlank(fallback.getSoftwareStatement())) {
        params.setSoftwareStatement(fallback.getSoftwareStatement());
    }
    // custom_attributes
    if ((params.getCustomAttributes() == null || params.getCustomAttributes().isEmpty()) && (fallback.getCustomAttributes() != null && !fallback.getCustomAttributes().isEmpty())) {
        params.setCustomAttributes(fallback.getCustomAttributes());
    }
    // access_token_as_jwt
    if (params.getAccessTokenAsJwt() == null) {
        params.setAccessTokenAsJwt(fallback.getAccessTokenAsJwt());
    }
    // rpt_as_jwt
    if (params.getRptAsJwt() == null) {
        params.setRptAsJwt(fallback.getRptAsJwt());
    }
    // front_channel_logout_session_required
    if (params.getFrontChannelLogoutSessionRequired() == null) {
        params.setFrontChannelLogoutSessionRequired(fallback.getFrontChannelLogoutSessionRequired());
    }
    // run_introspection_script_beforeaccess_token_as_jwt_creation_and_include_claims
    if (params.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims() == null) {
        params.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(fallback.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
    }
    // require_auth_time
    if (params.getRequireAuthTime() == null) {
        params.setRequireAuthTime(fallback.getRequireAuthTime());
    }
}
Also used : StringUtils(org.apache.commons.lang.StringUtils) SubjectType(io.jans.as.model.common.SubjectType) RegisterSiteParams(io.jans.ca.common.params.RegisterSiteParams) Utils(io.jans.ca.server.Utils) LoggerFactory(org.slf4j.LoggerFactory) RegisterRequestMapper(io.jans.ca.server.mapper.RegisterRequestMapper) BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm) NumberUtils(org.apache.commons.lang.math.NumberUtils) ArrayList(java.util.ArrayList) HttpException(io.jans.ca.server.HttpException) Strings(com.google.common.base.Strings) ApplicationType(io.jans.as.model.register.ApplicationType) ErrorResponseCode(io.jans.ca.common.ErrorResponseCode) IOpResponse(io.jans.ca.common.response.IOpResponse) Lists(com.google.common.collect.Lists) CollectionUtils(org.apache.commons.collections.CollectionUtils) RegisterClient(io.jans.as.client.RegisterClient) Command(io.jans.ca.common.Command) Logger(org.slf4j.Logger) Set(java.util.Set) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) UUID(java.util.UUID) RegisterRequest(io.jans.as.client.RegisterRequest) RegisterSiteResponse(io.jans.ca.common.response.RegisterSiteResponse) Sets(com.google.common.collect.Sets) Injector(com.google.inject.Injector) UmaMetadata(io.jans.as.model.uma.UmaMetadata) RegisterResponse(io.jans.as.client.RegisterResponse) List(java.util.List) AuthenticationMethod(io.jans.as.model.common.AuthenticationMethod) Preconditions(com.google.common.base.Preconditions) GrantType(io.jans.as.model.common.GrantType) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) Rp(io.jans.ca.server.service.Rp) UmaMetadata(io.jans.as.model.uma.UmaMetadata) HttpException(io.jans.ca.server.HttpException) Rp(io.jans.ca.server.service.Rp)

Example 3 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class RegisterSiteOperation method persistRp.

private void persistRp(String rpId, RegisterSiteParams params) {
    try {
        final RegisterRequest registerRequest = createRegisterClientRequest(params, rpId);
        rp = createRp(registerRequest);
        rp.setRpId(rpId);
        rp.setApplicationType("web");
        rp.setOpHost(getDiscoveryService().getConnectDiscoveryResponse(params.getOpConfigurationEndpoint(), params.getOpHost(), params.getOpDiscoveryPath()).getIssuer());
        rp.setOpDiscoveryPath(params.getOpDiscoveryPath());
        rp.setOpConfigurationEndpoint(params.getOpConfigurationEndpoint());
        rp.setUiLocales(params.getUiLocales());
        rp.setSyncClientFromOp(params.getSyncClientFromOp());
        rp.setSyncClientPeriodInSeconds(params.getSyncClientPeriodInSeconds());
        if (!hasClient(params)) {
            final RegisterResponse registerResponse = registerClient(params, registerRequest);
            rp.setClientId(registerResponse.getClientId());
            rp.setClientSecret(registerResponse.getClientSecret());
            rp.setClientRegistrationAccessToken(registerResponse.getRegistrationAccessToken());
            rp.setClientRegistrationClientUri(registerResponse.getRegistrationClientUri());
            rp.setClientIdIssuedAt(registerResponse.getClientIdIssuedAt());
            rp.setClientSecretExpiresAt(registerResponse.getClientSecretExpiresAt());
        } else {
            rp.setClientId(params.getClientId());
            rp.setClientSecret(params.getClientSecret());
        }
        getRpService().create(rp);
    } catch (HttpException e) {
        throw e;
    } catch (Exception e) {
        LOG.error("Failed to persist site configuration, params: " + params, e);
        throw new RuntimeException(e);
    }
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) HttpException(io.jans.ca.server.HttpException) HttpException(io.jans.ca.server.HttpException)

Example 4 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class RsProtectOperation method validate.

private void validate(RsProtectParams params) {
    if (params.getResources() == null || params.getResources().isEmpty()) {
        throw new HttpException(ErrorResponseCode.NO_UMA_RESOURCES_TO_PROTECT);
    }
    if (!ResourceValidator.isHttpMethodUniqueInPath(params.getResources())) {
        throw new HttpException(ErrorResponseCode.UMA_HTTP_METHOD_NOT_UNIQUE);
    }
    if (params.getResources() != null) {
        for (RsResource resource : params.getResources()) {
            if (resource.getConditions() != null) {
                for (Condition condition : resource.getConditions()) {
                    if (condition.getScopeExpression() != null) {
                        String json = condition.getScopeExpression().toString();
                        if (StringUtils.isNotBlank(json) && !json.equalsIgnoreCase("null")) {
                            boolean nodeValid = JsonLogicNodeParser.isNodeValid(json);
                            LOG.trace("Scope expression validator - Valid: " + nodeValid + ", expression: " + json);
                            if (!nodeValid) {
                                throw new HttpException(ErrorResponseCode.UMA_FAILED_TO_VALIDATE_SCOPE_EXPRESSION);
                            }
                            validateScopeExpression(json);
                        }
                    }
                }
            }
        }
    }
    Rp rp = getRp();
    List<UmaResource> existingUmaResources = rp.getUmaProtectedResources();
    if (existingUmaResources != null && !existingUmaResources.isEmpty()) {
        if (params.getOverwrite() == null || !params.getOverwrite()) {
            throw new HttpException(ErrorResponseCode.UMA_PROTECTION_FAILED_BECAUSE_RESOURCES_ALREADY_EXISTS);
        } else {
            // remove existing resources, overwrite=true
            UmaMetadata discovery = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId());
            String pat = getUmaTokenService().getPat(params.getRpId()).getToken();
            UmaResourceService resourceService = UmaClientFactory.instance().createResourceService(discovery, getHttpService().getClientEngine());
            for (UmaResource resource : existingUmaResources) {
                LOG.trace("Removing existing resource " + resource.getId() + " ...");
                resourceService.deleteResource("Bearer " + pat, resource.getId());
                LOG.trace("Removed existing resource " + resource.getId() + ".");
            }
            rp.getUmaProtectedResources().clear();
            getRpService().updateSilently(rp);
        }
    }
}
Also used : Condition(io.jans.ca.rs.protect.Condition) UmaMetadata(io.jans.as.model.uma.UmaMetadata) RsResource(io.jans.ca.rs.protect.RsResource) UmaResourceService(io.jans.as.client.uma.UmaResourceService) HttpException(io.jans.ca.server.HttpException) Rp(io.jans.ca.server.service.Rp) UmaResource(io.jans.ca.server.model.UmaResource)

Example 5 with HttpException

use of io.jans.ca.server.HttpException in project jans by JanssenProject.

the class DiscoveryService method getUmaDiscovery.

public UmaMetadata getUmaDiscovery(String opConfigurationEndpoint) {
    validationService.validateOpConfigurationEndpoint(opConfigurationEndpoint);
    try {
        final UmaMetadata r = umaMap.get(opConfigurationEndpoint);
        if (r != null) {
            validationService.isOpHostAllowed(r.getIssuer());
            return r;
        }
        final UmaMetadata response = opClientFactory.createUmaClientFactory().createMetadataService(getUmaDiscoveryUrl(opConfigurationEndpoint), httpService.getClientEngine()).getMetadata();
        LOG.trace("Uma discovery response: {} ", response);
        umaMap.put(opConfigurationEndpoint, response);
        validationService.isOpHostAllowed(response.getIssuer());
        return response;
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
    }
    LOG.error("Unable to fetch UMA discovery information for op_configuration_endpoint: {}", opConfigurationEndpoint);
    throw new HttpException(ErrorResponseCode.NO_UMA_DISCOVERY_RESPONSE);
}
Also used : UmaMetadata(io.jans.as.model.uma.UmaMetadata) HttpException(io.jans.ca.server.HttpException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) IOException(java.io.IOException) HttpException(io.jans.ca.server.HttpException) WebApplicationException(javax.ws.rs.WebApplicationException)

Aggregations

HttpException (io.jans.ca.server.HttpException)34 Jwt (io.jans.as.model.jwt.Jwt)10 Rp (io.jans.ca.server.service.Rp)9 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)8 OpenIdConfigurationResponse (io.jans.as.client.OpenIdConfigurationResponse)6 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)6 Test (org.testng.annotations.Test)6 RegisterResponse (io.jans.as.client.RegisterResponse)5 RegisterClient (io.jans.as.client.RegisterClient)4 RegisterRequest (io.jans.as.client.RegisterRequest)4 AuthenticationMethod (io.jans.as.model.common.AuthenticationMethod)4 UmaMetadata (io.jans.as.model.uma.UmaMetadata)4 IOException (java.io.IOException)4 TokenClient (io.jans.as.client.TokenClient)3 TokenResponse (io.jans.as.client.TokenResponse)3 GrantType (io.jans.as.model.common.GrantType)3 SubjectType (io.jans.as.model.common.SubjectType)3 BlockEncryptionAlgorithm (io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)3 KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)3 Strings (com.google.common.base.Strings)2