use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class OpenAMResourceSetStoreTest method shouldNotCreateDuplicateResourceSetWithSameId.
@Test(enabled = false, expectedExceptions = BadRequestException.class)
public void shouldNotCreateDuplicateResourceSetWithSameId() throws Exception {
//Given
OAuth2Request request = mock(OAuth2Request.class);
ResourceSetDescription resourceSetDescription = new ResourceSetDescription("RESOURCE_SET_ID", "CLIENT_ID", "RESOURCE_OWNER_ID", Collections.<String, Object>singletonMap("name", "RESOURCE_SET_NAME"));
resourceSetDescription.setRealm("REALM");
given(dataStore.query(Matchers.<QueryFilter<String>>anyObject())).willReturn(Collections.singleton(resourceSetDescription));
//When
try {
store.create(request, resourceSetDescription);
} catch (BadRequestException e) {
//Then
assertThat(resourceSetDescription.getPolicyUri()).isNull();
verify(dataStore, never()).create(any(ResourceSetDescription.class));
throw e;
}
}
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class OpenIDConnectProviderDiscovery method discover.
/**
* Returns the response to a request to discover the OpenId Connect provider.
*
* @param resource The resource.
* @param rel The rel.
* @param deploymentUrl The deployment url of the OpenId Connect provider.
* @param request The OAuth2 request.
* @return A {@code Map} of the OpenId Connect provider urls.
* @throws BadRequestException If the request is malformed.
* @throws NotFoundException If the user cannot be found.
*/
public Map<String, Object> discover(String resource, String rel, String deploymentUrl, OAuth2Request request) throws BadRequestException, NotFoundException {
if (resource == null || resource.isEmpty()) {
logger.error("No resource provided in discovery.");
throw new BadRequestException("No resource provided in discovery.");
}
if (rel == null || rel.isEmpty() || !rel.equalsIgnoreCase("http://openid.net/specs/connect/1.0/issuer")) {
logger.error("No or invalid rel provided in discovery.");
throw new BadRequestException("No or invalid rel provided in discovery.");
}
String userid = null;
//test if the resource is a uri
try {
final URI object = new URI(resource);
if (object.getScheme().equalsIgnoreCase("https") || object.getScheme().equalsIgnoreCase("http")) {
//resource is of the form of https://example.com/
if (!object.getPath().isEmpty()) {
//resource is of the form of https://example.com/joe
userid = object.getPath();
userid = userid.substring(1, userid.length());
}
} else if (object.getScheme().equalsIgnoreCase("acct")) {
//resource is not uri so only option is it is an email of form acct:joe@example.com
String s = new String(resource);
s = s.replaceFirst("acct:", "");
final int firstAt = s.indexOf('@');
userid = s.substring(0, firstAt);
} else {
logger.error("Invalid parameters.");
throw new BadRequestException("Invalid parameters.");
}
} catch (Exception e) {
logger.error("Invalid parameters.", e);
throw new BadRequestException("Invalid parameters.");
}
if (userid != null) {
if (!openIDConnectProvider.isUserValid(userid, request)) {
logger.error("Invalid parameters.");
throw new NotFoundException("Invalid parameters.");
}
}
final Map<String, Object> response = new HashMap<String, Object>();
response.put("subject", resource);
final Set<Object> set = new HashSet<Object>();
final Map<String, Object> objectMap = new HashMap<String, Object>();
objectMap.put("rel", rel);
objectMap.put("href", deploymentUrl + "/oauth2");
set.add(objectMap);
response.put("links", set);
return response;
}
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class ClaimsParameterValidatorTest method shouldErrorValidatingJson.
@Test(expectedExceptions = BadRequestException.class)
public void shouldErrorValidatingJson() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
//given
OAuth2Request mockRequest = mock(OAuth2Request.class);
OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
String responseTypes = "id_token";
given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(invalidClaimsString);
given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
//when
claimsParameterValidator.validateRequest(mockRequest);
//then
}
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class ClaimsParameterValidatorTest method shouldErrorValidatingResponseType.
@Test(expectedExceptions = BadRequestException.class)
public void shouldErrorValidatingResponseType() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
//given
OAuth2Request mockRequest = mock(OAuth2Request.class);
OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
String responseTypes = "id_token";
given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(validClaimsString);
given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
//when
claimsParameterValidator.validateRequest(mockRequest);
//then
}
use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.
the class CodeVerifierValidator method validateRequest.
@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
if (!settings.isCodeVerifierRequired() || !isAuthCodeRequest(request)) {
return;
} else {
Reject.ifTrue(isEmpty(request.<String>getParameter(OAuth2Constants.Custom.CODE_CHALLENGE)), "Missing parameter, '" + OAuth2Constants.Custom.CODE_CHALLENGE + "'");
String codeChallengeMethod = request.getParameter(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
if (codeChallengeMethod != null) {
Reject.ifFalse(codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_S_256) || codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_PLAIN), "Invalid value for " + OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
}
return;
}
}
Aggregations