Example 21 with Rp
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class CheckIdTokenOperation method execute.
@Override
public IOpResponse execute(CheckIdTokenParams params) {
try {
OpenIdConfigurationResponse discoveryResponse = getDiscoveryService().getConnectDiscoveryResponseByRpId(params.getRpId());
final Rp rp = getRp();
final String idToken = params.getIdToken();
final Jwt jwt = Jwt.parse(idToken);
final Validator validator = new Validator.Builder().discoveryResponse(discoveryResponse).idToken(jwt).keyService(getKeyService()).opClientFactory(getOpClientFactory()).rpServerConfiguration(getConfigurationService().getConfiguration()).rp(rp).build();
// validate at_hash in id_token
validator.validateAccessToken(params.getAccessToken(), atHashCheckRequired(rp.getResponseTypes()));
// validate c_hash in id_token
validator.validateAuthorizationCode(params.getCode());
// validate s_hash in id_token
validator.validateState(params.getState());
final CheckIdTokenResponse opResponse = new CheckIdTokenResponse();
opResponse.setActive(validator.isIdTokenValid(params.getNonce()));
opResponse.setIssuedAt(Utils.date(jwt.getClaims().getClaimAsDate(JwtClaimName.ISSUED_AT)));
opResponse.setExpiresAt(Utils.date(jwt.getClaims().getClaimAsDate(JwtClaimName.EXPIRATION_TIME)));
opResponse.setClaims(jwt.getClaims().toMap());
return opResponse;
} catch (HttpException e) {
throw e;
} catch (Exception e) {
LOG.error(e.getMessage(), e);
}
throw HttpException.internalError();
}
Also used :
Jwt(io.jans.as.model.jwt.Jwt)
OpenIdConfigurationResponse(io.jans.as.client.OpenIdConfigurationResponse)
HttpException(io.jans.ca.server.HttpException)
CheckIdTokenResponse(io.jans.ca.common.response.CheckIdTokenResponse)
Rp(io.jans.ca.server.service.Rp)
HttpException(io.jans.ca.server.HttpException)
Example 22 with Rp
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RegisterSiteOperation method createRp.
private Rp createRp(RegisterRequest registerRequest) {
final Rp rp = new Rp();
RegisterRequestMapper.fillRp(rp, registerRequest);
return rp;
}
Also used :
Rp(io.jans.ca.server.service.Rp)
Example 23 with Rp
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RpGetGetClaimsGatheringUrlOperation method execute.
@Override
public IOpResponse execute(RpGetClaimsGatheringUrlParams params) throws Exception {
validate(params);
final UmaMetadata metadata = getDiscoveryService().getUmaDiscoveryByRpId(params.getRpId());
final Rp rp = getRp();
final String state = StringUtils.isNotBlank(params.getState()) ? getStateService().putState(getStateService().encodeExpiredObject(params.getState(), ExpiredObjectType.STATE)) : getStateService().generateState();
String url = metadata.getClaimsInteractionEndpoint() + "?client_id=" + rp.getClientId() + "&ticket=" + params.getTicket() + "&claims_redirect_uri=" + params.getClaimsRedirectUri() + "&state=" + state;
if (params.getCustomParameters() != null && !params.getCustomParameters().isEmpty()) {
List<String> paramsList = Lists.newArrayList("rp_id", "client_id", "ticket", "state", "claims_redirect_uri");
Map<String, String> customParameterMap = params.getCustomParameters().entrySet().stream().filter(map -> !paramsList.contains(map.getKey())).collect(Collectors.toMap(map -> map.getKey(), map -> map.getValue()));
if (!customParameterMap.isEmpty()) {
url += "&" + Utils.mapAsStringWithEncodedValues(customParameterMap);
}
}
final RpGetClaimsGatheringUrlResponse r = new RpGetClaimsGatheringUrlResponse();
r.setUrl(url);
r.setState(state);
return r;
}
Also used :
StringUtils(org.apache.commons.lang.StringUtils)
Utils(io.jans.ca.server.Utils)
Collectors(java.util.stream.Collectors)
Injector(com.google.inject.Injector)
HttpException(io.jans.ca.server.HttpException)
UmaMetadata(io.jans.as.model.uma.UmaMetadata)
RpGetClaimsGatheringUrlParams(io.jans.ca.common.params.RpGetClaimsGatheringUrlParams)
ErrorResponseCode(io.jans.ca.common.ErrorResponseCode)
IOpResponse(io.jans.ca.common.response.IOpResponse)
List(java.util.List)
Lists(com.google.common.collect.Lists)
ExpiredObjectType(io.jans.ca.common.ExpiredObjectType)
Map(java.util.Map)
RpGetClaimsGatheringUrlResponse(io.jans.ca.common.response.RpGetClaimsGatheringUrlResponse)
Command(io.jans.ca.common.Command)
Rp(io.jans.ca.server.service.Rp)
UmaMetadata(io.jans.as.model.uma.UmaMetadata)
RpGetClaimsGatheringUrlResponse(io.jans.ca.common.response.RpGetClaimsGatheringUrlResponse)
Rp(io.jans.ca.server.service.Rp)
Example 24 with Rp
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RsCheckAccessOperation method execute.
@Override
public IOpResponse execute(final RsCheckAccessParams params) throws Exception {
validate(params);
Rp rp = getRp();
UmaResource resource = rp.umaResource(params.getPath(), params.getHttpMethod());
if (resource == null) {
final ErrorResponse error = new ErrorResponse("invalid_request");
error.setErrorDescription("Resource is not protected with path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Please protect your resource first with uma_rs_protect command. Check details on " + CoreUtils.DOC_URL);
LOG.error(error.getErrorDescription());
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(Jackson2.asJson(error)).build());
}
PatProvider patProvider = new PatProvider() {
@Override
public String getPatToken() {
return getUmaTokenService().getPat(params.getRpId()).getToken();
}
@Override
public void clearPat() {
// do nothing
}
};
List<String> requiredScopes = getRequiredScopes(params, resource);
CorrectRptIntrospectionResponse status = getIntrospectionService().introspectRpt(params.getRpId(), params.getRpt());
LOG.trace("RPT: " + params.getRpt() + ", status: " + status);
if (!Strings.isNullOrEmpty(params.getRpt()) && status != null && status.getActive() && status.getPermissions() != null) {
for (CorrectUmaPermission permission : status.getPermissions()) {
boolean containsAny = !Collections.disjoint(requiredScopes, permission.getScopes());
LOG.trace("containsAny: " + containsAny + ", requiredScopes: " + requiredScopes + ", permissionScopes: " + permission.getScopes());
if (containsAny) {
if ((permission.getResourceId() != null && permission.getResourceId().equals(resource.getId()))) {
// normal UMA
LOG.debug("RPT has enough permissions, access GRANTED. Path: " + params.getPath() + ", httpMethod:" + params.getHttpMethod() + ", site: " + rp);
return new RsCheckAccessResponse("granted");
}
}
}
}
if (CollectionUtils.isEmpty(params.getScopes()) && !CollectionUtils.isEmpty(resource.getTicketScopes())) {
requiredScopes = resource.getTicketScopes();
}
final RptPreProcessInterceptor rptInterceptor = getOpClientFactory().createRptPreProcessInterceptor(new ResourceRegistrar(patProvider, new ServiceProvider(rp.getOpHost())));
Response response = null;
try {
LOG.trace("Try to register ticket, scopes: " + requiredScopes + ", resourceId: " + resource.getId());
response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
} catch (ClientErrorException e) {
LOG.debug("Failed to register ticket. Entity: " + e.getResponse().readEntity(String.class) + ", status: " + e.getResponse().getStatus(), e);
if (e.getResponse().getStatus() == 400 || e.getResponse().getStatus() == 401) {
LOG.debug("Try maybe PAT is lost on AS, force refresh PAT and request ticket again ...");
// force to refresh PAT
getUmaTokenService().obtainPat(params.getRpId());
response = rptInterceptor.registerTicketResponse(requiredScopes, resource.getId());
} else {
throw e;
}
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw e;
}
RsCheckAccessResponse opResponse = new RsCheckAccessResponse("denied");
opResponse.setWwwAuthenticateHeader((String) response.getMetadata().getFirst("WWW-Authenticate"));
opResponse.setTicket(((PermissionTicket) response.getEntity()).getTicket());
LOG.debug("Access denied for path: " + params.getPath() + " and httpMethod: " + params.getHttpMethod() + ". Ticket is registered: " + opResponse);
return opResponse;
}
Also used :
CorrectRptIntrospectionResponse(io.jans.ca.common.introspection.CorrectRptIntrospectionResponse)
WebApplicationException(javax.ws.rs.WebApplicationException)
RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse)
ResourceRegistrar(io.jans.ca.rs.protect.resteasy.ResourceRegistrar)
CorrectUmaPermission(io.jans.ca.common.introspection.CorrectUmaPermission)
ClientErrorException(javax.ws.rs.ClientErrorException)
HttpException(io.jans.ca.server.HttpException)
WebApplicationException(javax.ws.rs.WebApplicationException)
CorrectRptIntrospectionResponse(io.jans.ca.common.introspection.CorrectRptIntrospectionResponse)
IOpResponse(io.jans.ca.common.response.IOpResponse)
RsCheckAccessResponse(io.jans.ca.common.response.RsCheckAccessResponse)
Response(javax.ws.rs.core.Response)
ServiceProvider(io.jans.ca.rs.protect.resteasy.ServiceProvider)
PatProvider(io.jans.ca.rs.protect.resteasy.PatProvider)
ClientErrorException(javax.ws.rs.ClientErrorException)
RptPreProcessInterceptor(io.jans.ca.rs.protect.resteasy.RptPreProcessInterceptor)
Rp(io.jans.ca.server.service.Rp)
UmaResource(io.jans.ca.server.model.UmaResource)
Example 25 with Rp
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class JansPersistenceService method getRps.
public Set<Rp> getRps() {
try {
List<RpObject> rpObjects = this.persistenceEntryManager.findEntries(String.format("%s,%s", new Object[] { getRpOu(), getClientApiDn() }), RpObject.class, null);
Set<Rp> result = new HashSet();
for (RpObject ele : rpObjects) {
Rp rp = MigrationService.parseRp(ele.getData());
if (rp != null) {
result.add(rp);
} else {
LOG.error("Failed to parse rp, id: {}, dn: {} ", ele.getId(), ele.getDn());
}
}
return result;
} catch (Exception e) {
if (((e instanceof EntryPersistenceException)) && (e.getMessage().contains("Failed to find entries"))) {
LOG.warn("Failed to fetch RpObjects. {} ", e.getMessage());
return null;
}
LOG.error("Failed to fetch rps. Error: {} ", e.getMessage(), e);
}
return null;
}
Also used :
RpObject(io.jans.ca.server.persistence.modal.RpObject)
EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException)
RpObject(io.jans.ca.server.persistence.modal.RpObject)
ExpiredObject(io.jans.ca.common.ExpiredObject)
Rp(io.jans.ca.server.service.Rp)
SQLException(java.sql.SQLException)
EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException)
Aggregations
Rp (io.jans.ca.server.service.Rp)28
HttpException (io.jans.ca.server.HttpException)13
Injector (com.google.inject.Injector)4
OpenIdConfigurationResponse (io.jans.as.client.OpenIdConfigurationResponse)4
RegisterRequest (io.jans.as.client.RegisterRequest)4
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)4
Jwt (io.jans.as.model.jwt.Jwt)4
UmaMetadata (io.jans.as.model.uma.UmaMetadata)4
IOpResponse (io.jans.ca.common.response.IOpResponse)4
Lists (com.google.common.collect.Lists)3
Command (io.jans.ca.common.Command)3
ErrorResponseCode (io.jans.ca.common.ErrorResponseCode)3
RegisterSiteResponse (io.jans.ca.common.response.RegisterSiteResponse)3
Utils (io.jans.ca.server.Utils)3
List (java.util.List)3
StringUtils (org.apache.commons.lang.StringUtils)3
Test (org.testng.annotations.Test)3
Strings (com.google.common.base.Strings)2
Sets (com.google.common.collect.Sets)2
RegisterClient (io.jans.as.client.RegisterClient)2
