use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class GetAuthorizationCodeOperation method execute.
@Override
public IOpResponse execute(GetAuthorizationCodeParams params) {
final Rp rp = getRp();
String nonce = Strings.isNullOrEmpty(params.getNonce()) ? UUID.randomUUID().toString() : params.getNonce();
String state = Strings.isNullOrEmpty(params.getState()) ? UUID.randomUUID().toString() : params.getState();
final AuthorizationRequest request = new AuthorizationRequest(responseTypes(rp.getResponseTypes()), rp.getClientId(), rp.getScope(), rp.getRedirectUri(), nonce);
request.setState(state);
request.setAuthUsername(params.getUsername());
request.setAuthPassword(params.getPassword());
request.getPrompts().add(Prompt.NONE);
request.setAcrValues(acrValues(params, rp));
getStateService().putNonce(nonce);
getStateService().putState(state);
final AuthorizeClient authorizeClient = getOpClientFactory().createAuthorizeClient(getDiscoveryService().getConnectDiscoveryResponse(rp).getAuthorizationEndpoint());
authorizeClient.setRequest(request);
authorizeClient.setExecutor(getHttpService().getClientEngine());
final AuthorizationResponse response = authorizeClient.exec();
if (response != null) {
if (!getStateService().isExpiredObjectPresent(params.getState())) {
getStateService().putState(params.getState());
}
return new GetAuthorizationCodeResponse(response.getCode());
} else {
LOG.error("Failed to get response from oxauth client.");
}
return null;
}
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class GetLogoutUrlOperation method execute.
@Override
public IOpResponse execute(GetLogoutUrlParams params) throws Exception {
final Rp rp = getRp();
OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponse(rp);
String endSessionEndpoint = discoveryResponse.getEndSessionEndpoint();
String postLogoutRedirectUrl = params.getPostLogoutRedirectUri();
if (Strings.isNullOrEmpty(postLogoutRedirectUrl)) {
postLogoutRedirectUrl = rp.getPostLogoutRedirectUri();
}
if (Strings.isNullOrEmpty(postLogoutRedirectUrl)) {
postLogoutRedirectUrl = "";
}
if (Strings.isNullOrEmpty(endSessionEndpoint)) {
if (rp.getOpHost().startsWith(GOOGLE_OP_HOST) && getInstance(ConfigurationService.class).get().getSupportGoogleLogout()) {
String logoutUrl = "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=" + postLogoutRedirectUrl;
return new GetLogoutUriResponse(logoutUrl);
}
LOG.error("Failed to get end_session_endpoint at: " + getDiscoveryService().getConnectDiscoveryUrl(rp));
throw new HttpException(ErrorResponseCode.FAILED_TO_GET_END_SESSION_ENDPOINT);
}
String uri = endSessionEndpoint;
if (!Strings.isNullOrEmpty(postLogoutRedirectUrl)) {
uri += separator(uri) + "post_logout_redirect_uri=" + URLEncoder.encode(postLogoutRedirectUrl, "UTF-8");
}
if (!Strings.isNullOrEmpty(params.getState())) {
uri += separator(uri) + "state=" + getStateService().encodeExpiredObject(params.getState(), ExpiredObjectType.STATE);
}
if (!Strings.isNullOrEmpty(params.getSessionState())) {
uri += separator(uri) + "session_state=" + params.getSessionState();
}
if (!Strings.isNullOrEmpty(params.getIdTokenHint())) {
uri += separator(uri) + "id_token_hint=" + params.getIdTokenHint();
}
return new GetLogoutUriResponse(uri);
}
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RegisterResponseMapper method createRp.
public static Rp createRp(RegisterResponse response) {
Rp rpFromRegisterResponse = new Rp();
RegisterRequest request = RegisterRequest.fromJson(response.getEntity());
RegisterRequestMapper.fillRp(rpFromRegisterResponse, request);
rpFromRegisterResponse.setClientId(response.getClientId());
rpFromRegisterResponse.setClientSecret(response.getClientSecret());
rpFromRegisterResponse.setClientSecretExpiresAt(response.getClientSecretExpiresAt());
return rpFromRegisterResponse;
}
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RegisterResponseMapper method fillRp.
public static boolean fillRp(Rp rp, RegisterResponse response) throws IOException {
Rp rpFromOP = createRp(response);
boolean isRpChanged = false;
if (!StringUtils.equals(rpFromOP.getClientSecret(), rp.getClientSecret())) {
rp.setClientSecret(rpFromOP.getClientSecret());
isRpChanged = true;
}
if (!Objects.equal(rpFromOP.getClientSecretExpiresAt(), rp.getClientSecretExpiresAt())) {
rp.setClientSecretExpiresAt(rpFromOP.getClientSecretExpiresAt());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getClientName(), rp.getClientName())) {
rp.setClientName(rpFromOP.getClientName());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getTokenEndpointAuthSigningAlg(), rp.getTokenEndpointAuthSigningAlg())) {
rp.setTokenEndpointAuthSigningAlg(rpFromOP.getTokenEndpointAuthSigningAlg());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getGrantType(), rp.getGrantType())) {
rp.setGrantType(rpFromOP.getGrantType());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getFrontChannelLogoutUri(), rp.getFrontChannelLogoutUri())) {
rp.setFrontChannelLogoutUri(rpFromOP.getFrontChannelLogoutUri());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getTokenEndpointAuthMethod(), rp.getTokenEndpointAuthMethod())) {
rp.setTokenEndpointAuthMethod(rpFromOP.getTokenEndpointAuthMethod());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getRequestUris(), rp.getRequestUris())) {
rp.setRequestUris(rpFromOP.getRequestUris());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getSectorIdentifierUri(), rp.getSectorIdentifierUri())) {
rp.setSectorIdentifierUri(rpFromOP.getSectorIdentifierUri());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getRedirectUris(), rp.getRedirectUris())) {
rp.setRedirectUris(rpFromOP.getRedirectUris());
isRpChanged = true;
}
if (!Objects.equal(rpFromOP.getAccessTokenAsJwt(), rp.getAccessTokenAsJwt())) {
rp.setAccessTokenAsJwt(rpFromOP.getAccessTokenAsJwt());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getAccessTokenSigningAlg(), rp.getAccessTokenSigningAlg())) {
rp.setAccessTokenSigningAlg(rpFromOP.getAccessTokenSigningAlg());
isRpChanged = true;
}
if (!Objects.equal(rpFromOP.getRptAsJwt(), rp.getRptAsJwt())) {
rp.setRptAsJwt(rpFromOP.getRptAsJwt());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getResponseTypes(), rp.getResponseTypes())) {
rp.setResponseTypes(rpFromOP.getResponseTypes());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getAcrValues(), rp.getAcrValues())) {
rp.setAcrValues(rpFromOP.getAcrValues());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getContacts(), rp.getContacts())) {
rp.setContacts(rpFromOP.getContacts());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getPostLogoutRedirectUris(), rp.getPostLogoutRedirectUris())) {
rp.setPostLogoutRedirectUris(rpFromOP.getPostLogoutRedirectUris());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getScope(), rp.getScope())) {
rp.setScope(rpFromOP.getScope());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getLogoUri(), rp.getLogoUri())) {
rp.setLogoUri(rpFromOP.getLogoUri());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getClientUri(), rp.getClientUri())) {
rp.setClientUri(rpFromOP.getClientUri());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getPolicyUri(), rp.getPolicyUri())) {
rp.setPolicyUri(rpFromOP.getPolicyUri());
isRpChanged = true;
}
if (!Objects.equal(rpFromOP.getFrontChannelLogoutSessionRequired(), rp.getFrontChannelLogoutSessionRequired())) {
rp.setFrontChannelLogoutSessionRequired(rpFromOP.getFrontChannelLogoutSessionRequired());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getTosUri(), rp.getTosUri())) {
rp.setTosUri(rpFromOP.getTosUri());
isRpChanged = true;
}
if (!isJsonStringEqual(rpFromOP.getJwks(), rp.getJwks())) {
rp.setJwks(rpFromOP.getJwks());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getIdTokenBindingCnf(), rp.getIdTokenBindingCnf())) {
rp.setIdTokenBindingCnf(rpFromOP.getIdTokenBindingCnf());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getTlsClientAuthSubjectDn(), rp.getTlsClientAuthSubjectDn())) {
rp.setTlsClientAuthSubjectDn(rpFromOP.getTlsClientAuthSubjectDn());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getSubjectType(), rp.getSubjectType())) {
rp.setSubjectType(rpFromOP.getSubjectType());
isRpChanged = true;
}
if (!Objects.equal(rpFromOP.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(), rp.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims())) {
rp.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(rpFromOP.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getIdTokenSignedResponseAlg(), rp.getIdTokenSignedResponseAlg())) {
rp.setIdTokenSignedResponseAlg(rpFromOP.getIdTokenSignedResponseAlg());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getIdTokenEncryptedResponseAlg(), rp.getIdTokenEncryptedResponseAlg())) {
rp.setIdTokenEncryptedResponseAlg(rpFromOP.getIdTokenEncryptedResponseAlg());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getIdTokenEncryptedResponseEnc(), rp.getIdTokenEncryptedResponseEnc())) {
rp.setIdTokenEncryptedResponseEnc(rpFromOP.getIdTokenEncryptedResponseEnc());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getUserInfoSignedResponseAlg(), rp.getUserInfoSignedResponseAlg())) {
rp.setUserInfoSignedResponseAlg(rpFromOP.getUserInfoSignedResponseAlg());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getUserInfoEncryptedResponseAlg(), rp.getUserInfoEncryptedResponseAlg())) {
rp.setUserInfoEncryptedResponseAlg(rpFromOP.getUserInfoEncryptedResponseAlg());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getUserInfoEncryptedResponseEnc(), rp.getUserInfoEncryptedResponseEnc())) {
rp.setUserInfoEncryptedResponseEnc(rpFromOP.getUserInfoEncryptedResponseEnc());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getRequestObjectSigningAlg(), rp.getRequestObjectSigningAlg())) {
rp.setRequestObjectSigningAlg(rpFromOP.getRequestObjectSigningAlg());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getRequestObjectSigningAlg(), rp.getRequestObjectSigningAlg())) {
rp.setRequestObjectSigningAlg(rpFromOP.getRequestObjectSigningAlg());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getRequestObjectEncryptionAlg(), rp.getRequestObjectEncryptionAlg())) {
rp.setRequestObjectEncryptionAlg(rpFromOP.getRequestObjectEncryptionAlg());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getRequestObjectEncryptionEnc(), rp.getRequestObjectEncryptionEnc())) {
rp.setRequestObjectEncryptionEnc(rpFromOP.getRequestObjectEncryptionEnc());
isRpChanged = true;
}
if (!Objects.equal(rpFromOP.getDefaultMaxAge(), rp.getDefaultMaxAge())) {
rp.setDefaultMaxAge(rpFromOP.getDefaultMaxAge());
isRpChanged = true;
}
if (!Objects.equal(rpFromOP.getRequireAuthTime(), rp.getRequireAuthTime())) {
rp.setRequireAuthTime(rpFromOP.getRequireAuthTime());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getInitiateLoginUri(), rp.getInitiateLoginUri())) {
rp.setInitiateLoginUri(rpFromOP.getInitiateLoginUri());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getAuthorizedOrigins(), rp.getAuthorizedOrigins())) {
rp.setAuthorizedOrigins(rpFromOP.getAuthorizedOrigins());
isRpChanged = true;
}
if (!Objects.equal(rpFromOP.getAccessTokenLifetime(), rp.getAccessTokenLifetime())) {
rp.setAccessTokenLifetime(rpFromOP.getAccessTokenLifetime());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getSoftwareId(), rp.getSoftwareId())) {
rp.setSoftwareId(rpFromOP.getSoftwareId());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getSoftwareVersion(), rp.getSoftwareVersion())) {
rp.setSoftwareVersion(rpFromOP.getSoftwareVersion());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getSoftwareStatement(), rp.getSoftwareStatement())) {
rp.setSoftwareStatement(rpFromOP.getSoftwareStatement());
isRpChanged = true;
}
if (!StringUtils.equals(rpFromOP.getClientJwksUri(), rp.getClientJwksUri())) {
rp.setClientJwksUri(rpFromOP.getClientJwksUri());
isRpChanged = true;
}
if (!isListsEqualIgnoringOrder(rpFromOP.getClaimsRedirectUri(), rp.getClaimsRedirectUri())) {
rp.setClaimsRedirectUri(rpFromOP.getClaimsRedirectUri());
isRpChanged = true;
}
return isRpChanged;
}
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class ValidateOperation method execute.
@Override
public IOpResponse execute(ValidateParams params) throws Exception {
validateParams(params);
Rp rp = getRp();
OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId());
final Jwt idToken = Jwt.parse(params.getIdToken());
final Validator validator = new Validator.Builder().discoveryResponse(discoveryResponse).idToken(idToken).keyService(getKeyService()).opClientFactory(getOpClientFactory()).rpServerConfiguration(getConfigurationService().getConfiguration()).rp(rp).build();
validator.validateNonce(getStateService());
validator.validateIdToken(rp.getClientId());
validator.validateAccessToken(params.getAccessToken());
validator.validateAuthorizationCode(params.getCode());
return new POJOResponse("");
}
Aggregations