Search in sources :

Example 1 with UmaPCT

use of org.gluu.oxauth.uma.authorization.UmaPCT in project oxAuth by GluuFederation.

the class UmaRptIntrospectionWS method introspect.

private Response introspect(String authorization, String token, String tokenTypeHint, HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
    try {
        umaValidationService.assertHasProtectionScope(authorization);
        final UmaRPT rpt = rptService.getRPTByCode(token);
        if (!isValid(rpt)) {
            return Response.status(Response.Status.OK).entity(new RptIntrospectionResponse(false)).cacheControl(ServerUtil.cacheControl(true)).build();
        }
        final List<org.gluu.oxauth.model.uma.UmaPermission> permissions = buildStatusResponsePermissions(rpt);
        // active status
        final RptIntrospectionResponse statusResponse = new RptIntrospectionResponse();
        statusResponse.setActive(true);
        statusResponse.setExpiresAt(ServerUtil.dateToSeconds(rpt.getExpirationDate()));
        statusResponse.setIssuedAt(ServerUtil.dateToSeconds(rpt.getCreationDate()));
        statusResponse.setPermissions(permissions);
        statusResponse.setClientId(rpt.getClientId());
        statusResponse.setAud(rpt.getClientId());
        statusResponse.setSub(rpt.getUserId());
        final List<UmaPermission> rptPermissions = rptService.getRptPermissions(rpt);
        if (!rptPermissions.isEmpty()) {
            UmaPermission permission = rptPermissions.iterator().next();
            String pctCode = permission.getAttributes().get(UmaPermission.PCT);
            if (StringHelper.isNotEmpty(pctCode)) {
                UmaPCT pct = pctService.getByCode(pctCode);
                if (pct != null) {
                    statusResponse.setPctClaims(pct.getClaims().toMap());
                } else {
                    log.error("Failed to find PCT with code: " + pctCode + " which is taken from permission object: " + permission.getDn());
                }
            } else {
                log.trace("PCT code is blank for RPT: " + rpt.getCode());
            }
        }
        JSONObject rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
        ExternalUmaRptClaimsContext context = new ExternalUmaRptClaimsContext(clientService.getClient(rpt.getClientId()), httpRequest, httpResponse);
        if (externalUmaRptClaimsService.externalModify(rptAsJson, context)) {
            log.trace("Successfully run external RPT Claims script associated with {}", rpt.getClientId());
        } else {
            rptAsJson = new JSONObject(ServerUtil.asJson(statusResponse));
            log.trace("Canceled changes made by external RPT Claims script since method returned `false`.");
        }
        return Response.status(Response.Status.OK).entity(rptAsJson.toString()).type(MediaType.APPLICATION_JSON_TYPE).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        throw errorResponseFactory.createWebApplicationException(Response.Status.INTERNAL_SERVER_ERROR, UmaErrorResponseType.SERVER_ERROR, "Internal error.");
    }
}
Also used : UmaPCT(org.gluu.oxauth.uma.authorization.UmaPCT) ExternalUmaRptClaimsContext(org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext) RptIntrospectionResponse(org.gluu.oxauth.model.uma.RptIntrospectionResponse) UmaRPT(org.gluu.oxauth.uma.authorization.UmaRPT) JSONObject(org.json.JSONObject) UmaPermission(org.gluu.oxauth.model.uma.persistence.UmaPermission)

Example 2 with UmaPCT

use of org.gluu.oxauth.uma.authorization.UmaPCT in project oxAuth by GluuFederation.

the class UmaRptService method createRptJwt.

private String createRptJwt(ExecutionContext executionContext, List<UmaPermission> permissions, Date creationDate, Date expirationDate) throws Exception {
    Client client = executionContext.getClient();
    SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm());
    if (client.getAccessTokenSigningAlg() != null && SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg()) != null) {
        signatureAlgorithm = SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg());
    }
    final JwtSigner jwtSigner = new JwtSigner(appConfiguration, webKeysConfiguration, signatureAlgorithm, client.getClientId(), clientService.decryptSecret(client.getClientSecret()));
    final Jwt jwt = jwtSigner.newJwt();
    jwt.getClaims().setClaim("client_id", client.getClientId());
    jwt.getClaims().setExpirationTime(expirationDate);
    jwt.getClaims().setIssuedAt(creationDate);
    Audience.setAudience(jwt.getClaims(), client);
    if (permissions != null && !permissions.isEmpty()) {
        String pctCode = permissions.iterator().next().getAttributes().get(UmaPermission.PCT);
        if (StringHelper.isNotEmpty(pctCode)) {
            UmaPCT pct = pctService.getByCode(pctCode);
            if (pct != null) {
                jwt.getClaims().setClaim("pct_claims", pct.getClaims().toJsonObject());
            } else {
                log.error("Failed to find PCT with code: " + pctCode + " which is taken from permission object: " + permissions.iterator().next().getDn());
            }
        }
        jwt.getClaims().setClaim("permissions", buildPermissionsJSONObject(permissions));
    }
    runScriptAndInjectValuesIntoJwt(jwt, executionContext);
    return jwtSigner.sign().toString();
}
Also used : JwtSigner(org.gluu.oxauth.model.token.JwtSigner) UmaPCT(org.gluu.oxauth.uma.authorization.UmaPCT) Jwt(org.gluu.oxauth.model.jwt.Jwt) SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm) Client(org.gluu.oxauth.model.registration.Client)

Example 3 with UmaPCT

use of org.gluu.oxauth.uma.authorization.UmaPCT in project oxAuth by GluuFederation.

the class UmaPctService method getByCode.

public UmaPCT getByCode(String pctCode) {
    try {
        final Filter filter = Filter.createEqualityFilter("tknCde", pctCode);
        final List<UmaPCT> entries = ldapEntryManager.findEntries(branchBaseDn(), UmaPCT.class, filter);
        if (entries != null && !entries.isEmpty()) {
            return entries.get(0);
        } else {
            log.error("Failed to find PCT by code: " + pctCode);
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return null;
}
Also used : UmaPCT(org.gluu.oxauth.uma.authorization.UmaPCT) Filter(org.gluu.search.filter.Filter)

Example 4 with UmaPCT

use of org.gluu.oxauth.uma.authorization.UmaPCT in project oxAuth by GluuFederation.

the class UmaPctService method createPct.

public UmaPCT createPct(String clientId) {
    String code = generateCode();
    UmaPCT pct = new UmaPCT(pctLifetime());
    pct.setCode(code);
    pct.setDn(dn(pct.getCode()));
    pct.setClientId(clientId);
    return pct;
}
Also used : UmaPCT(org.gluu.oxauth.uma.authorization.UmaPCT)

Example 5 with UmaPCT

use of org.gluu.oxauth.uma.authorization.UmaPCT in project oxAuth by GluuFederation.

the class UmaPctService method updateClaims.

public UmaPCT updateClaims(UmaPCT pct, Jwt idToken, String clientId, List<UmaPermission> permissions) {
    try {
        String ticketPctCode = permissions.get(0).getAttributes().get("pct");
        UmaPCT ticketPct = StringUtils.isNotBlank(ticketPctCode) ? getByCode(ticketPctCode) : null;
        boolean hasPct = pct != null;
        if (!hasPct) {
            if (ticketPct != null) {
                pct = ticketPct;
            } else {
                pct = createPctAndPersist(clientId);
            }
        }
        // copy claims from pctTicket into normal pct
        JwtClaims pctClaims = pct.getClaims();
        if (ticketPct != null && hasPct) {
            JwtClaims ticketClaims = ticketPct.getClaims();
            for (String key : ticketClaims.keys()) {
                pctClaims.setClaimObject(key, ticketClaims.getClaim(key), false);
            }
            pct = ticketPct;
        }
        if (idToken != null && idToken.getClaims() != null) {
            for (String key : idToken.getClaims().keys()) {
                pctClaims.setClaimObject(key, idToken.getClaims().getClaim(key), false);
            }
        }
        pct.setClaims(pctClaims);
        log.trace("PCT code: " + pct.getCode() + ", claims: " + pct.getClaimValuesAsJson());
        pct.resetTtlFromExpirationDate();
        ldapEntryManager.merge(pct);
        return ldapEntryManager.find(UmaPCT.class, pct.getDn());
    } catch (Exception e) {
        log.error("Failed to update PCT claims. " + e.getMessage(), e);
    }
    return pct;
}
Also used : UmaPCT(org.gluu.oxauth.uma.authorization.UmaPCT) JwtClaims(org.gluu.oxauth.model.jwt.JwtClaims)

Aggregations

UmaPCT (org.gluu.oxauth.uma.authorization.UmaPCT)7 Client (org.gluu.oxauth.model.registration.Client)2 BaseComponentTest (org.gluu.oxauth.BaseComponentTest)1 SignatureAlgorithm (org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)1 Jwt (org.gluu.oxauth.model.jwt.Jwt)1 JwtClaims (org.gluu.oxauth.model.jwt.JwtClaims)1 JwtSigner (org.gluu.oxauth.model.token.JwtSigner)1 RptIntrospectionResponse (org.gluu.oxauth.model.uma.RptIntrospectionResponse)1 UmaPermission (org.gluu.oxauth.model.uma.persistence.UmaPermission)1 ExternalUmaRptClaimsContext (org.gluu.oxauth.service.external.context.ExternalUmaRptClaimsContext)1 UmaRPT (org.gluu.oxauth.uma.authorization.UmaRPT)1 Filter (org.gluu.search.filter.Filter)1 JSONObject (org.json.JSONObject)1 Test (org.testng.annotations.Test)1