Search in sources :

Example 1 with BadRequestException

use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.

the class OpenAMResourceSetStoreTest method shouldNotCreateDuplicateResourceSetWithSameId.

@Test(enabled = false, expectedExceptions = BadRequestException.class)
public void shouldNotCreateDuplicateResourceSetWithSameId() throws Exception {
    //Given
    OAuth2Request request = mock(OAuth2Request.class);
    ResourceSetDescription resourceSetDescription = new ResourceSetDescription("RESOURCE_SET_ID", "CLIENT_ID", "RESOURCE_OWNER_ID", Collections.<String, Object>singletonMap("name", "RESOURCE_SET_NAME"));
    resourceSetDescription.setRealm("REALM");
    given(dataStore.query(Matchers.<QueryFilter<String>>anyObject())).willReturn(Collections.singleton(resourceSetDescription));
    //When
    try {
        store.create(request, resourceSetDescription);
    } catch (BadRequestException e) {
        //Then
        assertThat(resourceSetDescription.getPolicyUri()).isNull();
        verify(dataStore, never()).create(any(ResourceSetDescription.class));
        throw e;
    }
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) Test(org.testng.annotations.Test)

Example 2 with BadRequestException

use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.

the class OpenIDConnectProviderDiscovery method discover.

/**
     * Returns the response to a request to discover the OpenId Connect provider.
     *
     * @param resource The resource.
     * @param rel The rel.
     * @param deploymentUrl The deployment url of the OpenId Connect provider.
     * @param request The OAuth2 request.
     * @return A {@code Map} of the OpenId Connect provider urls.
     * @throws BadRequestException If the request is malformed.
     * @throws NotFoundException If the user cannot be found.
     */
public Map<String, Object> discover(String resource, String rel, String deploymentUrl, OAuth2Request request) throws BadRequestException, NotFoundException {
    if (resource == null || resource.isEmpty()) {
        logger.error("No resource provided in discovery.");
        throw new BadRequestException("No resource provided in discovery.");
    }
    if (rel == null || rel.isEmpty() || !rel.equalsIgnoreCase("http://openid.net/specs/connect/1.0/issuer")) {
        logger.error("No or invalid rel provided in discovery.");
        throw new BadRequestException("No or invalid rel provided in discovery.");
    }
    String userid = null;
    //test if the resource is a uri
    try {
        final URI object = new URI(resource);
        if (object.getScheme().equalsIgnoreCase("https") || object.getScheme().equalsIgnoreCase("http")) {
            //resource is of the form of https://example.com/
            if (!object.getPath().isEmpty()) {
                //resource is of the form of https://example.com/joe
                userid = object.getPath();
                userid = userid.substring(1, userid.length());
            }
        } else if (object.getScheme().equalsIgnoreCase("acct")) {
            //resource is not uri so only option is it is an email of form acct:joe@example.com
            String s = new String(resource);
            s = s.replaceFirst("acct:", "");
            final int firstAt = s.indexOf('@');
            userid = s.substring(0, firstAt);
        } else {
            logger.error("Invalid parameters.");
            throw new BadRequestException("Invalid parameters.");
        }
    } catch (Exception e) {
        logger.error("Invalid parameters.", e);
        throw new BadRequestException("Invalid parameters.");
    }
    if (userid != null) {
        if (!openIDConnectProvider.isUserValid(userid, request)) {
            logger.error("Invalid parameters.");
            throw new NotFoundException("Invalid parameters.");
        }
    }
    final Map<String, Object> response = new HashMap<String, Object>();
    response.put("subject", resource);
    final Set<Object> set = new HashSet<Object>();
    final Map<String, Object> objectMap = new HashMap<String, Object>();
    objectMap.put("rel", rel);
    objectMap.put("href", deploymentUrl + "/oauth2");
    set.add(objectMap);
    response.put("links", set);
    return response;
}
Also used : HashMap(java.util.HashMap) BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) URI(java.net.URI) BadRequestException(org.forgerock.oauth2.core.exceptions.BadRequestException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) HashSet(java.util.HashSet)

Example 3 with BadRequestException

use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.

the class ClaimsParameterValidatorTest method shouldErrorValidatingJson.

@Test(expectedExceptions = BadRequestException.class)
public void shouldErrorValidatingJson() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
    //given
    OAuth2Request mockRequest = mock(OAuth2Request.class);
    OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
    String responseTypes = "id_token";
    given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
    given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
    given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(invalidClaimsString);
    given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
    //when
    claimsParameterValidator.validateRequest(mockRequest);
//then
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 4 with BadRequestException

use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.

the class ClaimsParameterValidatorTest method shouldErrorValidatingResponseType.

@Test(expectedExceptions = BadRequestException.class)
public void shouldErrorValidatingResponseType() throws NotFoundException, BadRequestException, RedirectUriMismatchException, InvalidScopeException, InvalidRequestException, InvalidClientException, ServerException, UnsupportedResponseTypeException {
    //given
    OAuth2Request mockRequest = mock(OAuth2Request.class);
    OAuth2ProviderSettings mockProviderSettings = mock(OAuth2ProviderSettings.class);
    String responseTypes = "id_token";
    given(mockProviderSettingsFactory.get(mockRequest)).willReturn(mockProviderSettings);
    given(mockProviderSettings.getClaimsParameterSupported()).willReturn(true);
    given(mockRequest.getParameter(OAuth2Constants.Custom.CLAIMS)).willReturn(validClaimsString);
    given(mockRequest.getParameter(OAuth2Constants.Params.RESPONSE_TYPE)).willReturn(responseTypes);
    //when
    claimsParameterValidator.validateRequest(mockRequest);
//then
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 5 with BadRequestException

use of org.forgerock.oauth2.core.exceptions.BadRequestException in project OpenAM by OpenRock.

the class CodeVerifierValidator method validateRequest.

@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    if (!settings.isCodeVerifierRequired() || !isAuthCodeRequest(request)) {
        return;
    } else {
        Reject.ifTrue(isEmpty(request.<String>getParameter(OAuth2Constants.Custom.CODE_CHALLENGE)), "Missing parameter, '" + OAuth2Constants.Custom.CODE_CHALLENGE + "'");
        String codeChallengeMethod = request.getParameter(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
        if (codeChallengeMethod != null) {
            Reject.ifFalse(codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_S_256) || codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_PLAIN), "Invalid value for " + OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
        }
        return;
    }
}
Also used : OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Aggregations

BadRequestException (org.forgerock.oauth2.core.exceptions.BadRequestException)8 JsonValue (org.forgerock.json.JsonValue)7 OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)7 OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)6 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)5 ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)5 HashMap (java.util.HashMap)4 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)4 Test (org.testng.annotations.Test)4 AMIdentity (com.sun.identity.idm.AMIdentity)3 ArrayList (java.util.ArrayList)3 Map (java.util.Map)3 BadRequestException (org.forgerock.json.resource.BadRequestException)3 ResourceException (org.forgerock.json.resource.ResourceException)3 InvalidRequestException (org.forgerock.oauth2.core.exceptions.InvalidRequestException)3 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)3 SSOException (com.iplanet.sso.SSOException)2 HashSet (java.util.HashSet)2 List (java.util.List)2 ResourceResponse (org.forgerock.json.resource.ResourceResponse)2