Examples with NotFoundException org.forgerock.oauth2.core.exceptions.NotFoundException used on opensource projects

Example 11 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenIdConnectAuthorizeRequestValidatorTest method setUp.

@BeforeMethod
public void setUp() throws InvalidClientException, NotFoundException {
    ClientRegistrationStore clientRegistrationStore = mock(ClientRegistrationStore.class);
    clientRegistration = mock(ClientRegistration.class);
    given(clientRegistrationStore.get(anyString(), Matchers.<OAuth2Request>anyObject())).willReturn(clientRegistration);
    requestValidator = new OpenIdConnectAuthorizeRequestValidator(clientRegistrationStore);
}

Example 12 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class CodeVerifierValidator method validateRequest.

@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    if (!settings.isCodeVerifierRequired() || !isAuthCodeRequest(request)) {
        return;
    } else {
        Reject.ifTrue(isEmpty(request.<String>getParameter(OAuth2Constants.Custom.CODE_CHALLENGE)), "Missing parameter, '" + OAuth2Constants.Custom.CODE_CHALLENGE + "'");
        String codeChallengeMethod = request.getParameter(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
        if (codeChallengeMethod != null) {
            Reject.ifFalse(codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_S_256) || codeChallengeMethod.equals(OAuth2Constants.Custom.CODE_CHALLENGE_METHOD_PLAIN), "Invalid value for " + OAuth2Constants.Custom.CODE_CHALLENGE_METHOD);
        }
        return;
    }
}

Example 13 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenIDConnectProviderConfiguration method getConfiguration.

/**
     * Gets the OpenId configuration for the OpenId Connect provider.
     *
     * @param request The OAuth2 request.
     * @return A JsonValue representation of the OpenId configuration.
     * @throws UnsupportedResponseTypeException If the requested response type is not supported by either the client
     *          or the OAuth2 provider.
     * @throws ServerException If any internal server error occurs.
     */
public JsonValue getConfiguration(OAuth2Request request) throws OAuth2Exception {
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final OAuth2Uris uris = urisFactory.get(request);
    if (!providerSettings.exists() || providerSettings.getSupportedScopes() == null || !providerSettings.getSupportedScopes().contains("openid")) {
        throw new NotFoundException("Invalid URL");
    }
    final Map<String, Object> configuration = new HashMap<>();
    configuration.put("version", providerSettings.getOpenIDConnectVersion());
    configuration.put("issuer", uris.getIssuer());
    configuration.put("authorization_endpoint", uris.getAuthorizationEndpoint());
    configuration.put("token_endpoint", uris.getTokenEndpoint());
    configuration.put("userinfo_endpoint", uris.getUserInfoEndpoint());
    configuration.put("check_session_iframe", uris.getCheckSessionEndpoint());
    configuration.put("end_session_endpoint", uris.getEndSessionEndpoint());
    configuration.put("jwks_uri", uris.getJWKSUri());
    configuration.put("registration_endpoint", uris.getClientRegistrationEndpoint());
    configuration.put("claims_supported", providerSettings.getSupportedClaims());
    configuration.put("scopes_supported", providerSettings.getSupportedScopes());
    configuration.put("response_types_supported", getResponseTypes(providerSettings.getAllowedResponseTypes().keySet()));
    configuration.put("subject_types_supported", providerSettings.getSupportedSubjectTypes());
    configuration.put("id_token_signing_alg_values_supported", providerSettings.getSupportedIDTokenSigningAlgorithms());
    configuration.put("acr_values_supported", providerSettings.getAcrMapping().keySet());
    configuration.put("claims_parameter_supported", providerSettings.getClaimsParameterSupported());
    configuration.put("token_endpoint_auth_methods_supported", providerSettings.getEndpointAuthMethodsSupported());
    return new JsonValue(configuration);
}

Example 14 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class ClaimsParameterValidator method validateRequest.

@Override
public void validateRequest(OAuth2Request request) throws InvalidClientException, InvalidRequestException, RedirectUriMismatchException, UnsupportedResponseTypeException, ServerException, BadRequestException, InvalidScopeException, NotFoundException {
    final OAuth2ProviderSettings settings = providerSettingsFactory.get(request);
    final String claims = request.getParameter(OAuth2Constants.Custom.CLAIMS);
    //if we aren't supporting this no need to validate
    if (!settings.getClaimsParameterSupported()) {
        return;
    }
    //if we support, but it's not requested, no need to validate
    if (claims == null) {
        return;
    }
    final JSONObject claimsJson;
    //convert claims into JSON object
    try {
        claimsJson = new JSONObject(claims);
    } catch (JSONException e) {
        throw new BadRequestException("Invalid JSON in supplied claims parameter.");
    }
    JSONObject userinfoClaims = null;
    try {
        userinfoClaims = claimsJson.getJSONObject(OAuth2Constants.UserinfoEndpoint.USERINFO);
    } catch (Exception e) {
    //fall through
    }
    //results in an Access Token being issued to the Client for use at the UserInfo Endpoint.
    if (userinfoClaims != null) {
        String responseType = request.getParameter(OAuth2Constants.Params.RESPONSE_TYPE);
        if (responseType != null && responseType.trim().equals(OAuth2Constants.JWTTokenParams.ID_TOKEN)) {
            throw new BadRequestException("Must request an access token when providing " + "userinfo in claims parameter.");
        }
    }
}

Example 15 with NotFoundException

use of org.forgerock.oauth2.core.exceptions.NotFoundException in project OpenAM by OpenRock.

the class OpenAMTokenStore method createDeviceCode.

/**
     * {@inheritDoc}
     */
public DeviceCode createDeviceCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String nonce, String responseType, String state, String acrValues, String prompt, String uiLocales, String loginHint, Integer maxAge, String claims, OAuth2Request request, String codeChallenge, String codeChallengeMethod) throws ServerException, NotFoundException {
    logger.message("DefaultOAuthTokenStoreImpl::Creating Authorization code");
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final String deviceCode = UUID.randomUUID().toString();
    final StringBuilder codeBuilder = new StringBuilder(CODE_LENGTH);
    String userCode = null;
    int i;
    for (i = 0; i < NUM_RETRIES; i++) {
        for (int k = 0; k < CODE_LENGTH; k++) {
            codeBuilder.append(ALPHABET.charAt(secureRandom.nextInt(ALPHABET.length())));
        }
        try {
            readDeviceCode(codeBuilder.toString(), request);
            codeBuilder.delete(0, codeBuilder.length());
        // code can be found - try again
        } catch (InvalidGrantException e) {
            // Good, it doesn't exist yet.
            userCode = codeBuilder.toString();
            break;
        } catch (ServerException e) {
            logger.message("Could not query CTS, assume duplicate to be safe", e);
        }
    }
    if (i == NUM_RETRIES) {
        throw new ServerException("Could not generate a unique user code");
    }
    long expiryTime = System.currentTimeMillis() + (1000 * providerSettings.getDeviceCodeLifetime());
    String resourceOwnerId = resourceOwner == null ? null : resourceOwner.getId();
    final DeviceCode code = new DeviceCode(deviceCode, userCode, resourceOwnerId, clientId, nonce, responseType, state, acrValues, prompt, uiLocales, loginHint, maxAge, claims, expiryTime, scope, realmNormaliser.normalise(request.<String>getParameter(REALM)), codeChallenge, codeChallengeMethod);
    // Store in CTS
    try {
        tokenStore.create(code);
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "CREATED_DEVICE_CODE", code.toString() };
            auditLogger.logAccessMessage("CREATED_DEVICE_CODE", obs, null);
        }
    } catch (CoreTokenException e) {
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_DEVICE_CODE", code.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_DEVICE_CODE", obs, null);
        }
        logger.error("Unable to create device code " + code, e);
        throw new ServerException("Could not create token in CTS");
    }
    request.setToken(DeviceCode.class, code);
    return code;
}