Examples with Extension org.gluu.oxtrust.model.scim2.Extension used on opensource projects

Search in sources :

Example 71 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project oxTrust by GluuFederation.

the class ExtensionService method extensionOfAttribute.

public Extension extensionOfAttribute(Class<? extends BaseScimResource> cls, String attribute) {
    List<Extension> extensions = getResourceExtensions(cls);
    Extension belong = null;
    try {
        for (Extension ext : extensions) {
            if (attribute.startsWith(ext.getUrn() + ":")) {
                attribute = attribute.substring(ext.getUrn().length() + 1);
                for (String fieldName : ext.getFields().keySet()) if (attribute.equals(fieldName)) {
                    belong = ext;
                    break;
                }
            }
        }
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
    return belong;
}
Also used : Extension(org.gluu.oxtrust.model.scim2.extensions.Extension)

Example 72 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project oxTrust by GluuFederation.

the class Scim2PatchService method applyPatchOperation.

public BaseScimResource applyPatchOperation(BaseScimResource resource, PatchOperation operation) throws Exception {
    BaseScimResource result = null;
    Map<String, Object> genericMap = null;
    PatchOperationType opType = operation.getType();
    Class<? extends BaseScimResource> clazz = resource.getClass();
    String path = operation.getPath();
    log.debug("applyPatchOperation of type {}", opType);
    // Determine if operation is with value filter
    if (StringUtils.isNotEmpty(path) && !operation.getType().equals(PatchOperationType.ADD)) {
        Pair<Boolean, String> pair = validateBracketedPath(path);
        if (pair.getFirst()) {
            String valSelFilter = pair.getSecond();
            if (valSelFilter == null)
                throw new SCIMException("Unexpected syntax in value selection filter");
            else {
                int i = path.indexOf("[");
                String attribute = path.substring(0, i);
                i = path.lastIndexOf("].");
                String subAttribute = i == -1 ? "" : path.substring(i + 2);
                // Abort earlier
                return applyPatchOperationWithValueFilter(resource, operation, valSelFilter, attribute, subAttribute);
            }
        }
    }
    if (!opType.equals(PatchOperationType.REMOVE)) {
        Object value = operation.getValue();
        List<String> extensionUrns = extService.getUrnsOfExtensions(clazz);
        if (value instanceof Map)
            genericMap = IntrospectUtil.strObjMap(value);
        else {
            // It's an atomic value or an array
            if (StringUtils.isEmpty(path))
                throw new SCIMException("Value(s) supplied for resource not parseable");
            // Create a simple map and trim the last part of path
            String[] subPaths = ScimResourceUtil.splitPath(path, extensionUrns);
            genericMap = Collections.singletonMap(subPaths[subPaths.length - 1], value);
            if (subPaths.length == 1)
                path = "";
            else
                path = path.substring(0, path.lastIndexOf("."));
        }
        if (StringUtils.isNotEmpty(path)) {
            // Visit backwards creating a composite map
            String[] subPaths = ScimResourceUtil.splitPath(path, extensionUrns);
            for (int i = subPaths.length - 1; i >= 0; i--) {
                // Create a string consisting of all subpaths until the i-th
                StringBuilder sb = new StringBuilder();
                for (int j = 0; j <= i; j++) sb.append(subPaths[j]).append(".");
                Attribute annot = IntrospectUtil.getFieldAnnotation(sb.substring(0, sb.length() - 1), clazz, Attribute.class);
                boolean multivalued = !(annot == null || annot.multiValueClass().equals(NullType.class));
                Map<String, Object> genericBiggerMap = new HashMap<String, Object>();
                genericBiggerMap.put(subPaths[i], multivalued ? Collections.singletonList(genericMap) : genericMap);
                genericMap = genericBiggerMap;
            }
        }
        log.debug("applyPatchOperation. Generating a ScimResource from generic map: {}", genericMap.toString());
    }
    // Try parse genericMap as an instance of the resource
    ObjectMapper mapper = new ObjectMapper();
    BaseScimResource alter = opType.equals(PatchOperationType.REMOVE) ? resource : mapper.convertValue(genericMap, clazz);
    List<Extension> extensions = extService.getResourceExtensions(clazz);
    switch(operation.getType()) {
        case REPLACE:
            result = ScimResourceUtil.transferToResourceReplace(alter, resource, extensions);
            break;
        case ADD:
            result = ScimResourceUtil.transferToResourceAdd(alter, resource, extensions);
            break;
        case REMOVE:
            result = ScimResourceUtil.deleteFromResource(alter, operation.getPath(), extensions);
            break;
    }
    return result;
}
Also used : PatchOperationType(org.gluu.oxtrust.model.scim2.patch.PatchOperationType) Attribute(org.gluu.oxtrust.model.scim2.annotations.Attribute) Extension(org.gluu.oxtrust.model.scim2.extensions.Extension) SCIMException(org.gluu.oxtrust.model.exception.SCIMException) BaseScimResource(org.gluu.oxtrust.model.scim2.BaseScimResource) NullType(javax.lang.model.type.NullType) ObjectMapper(org.codehaus.jackson.map.ObjectMapper)

Example 73 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project oxTrust by GluuFederation.

the class SchemaWebService method setup.

@PostConstruct
public void setup() {
    // Do not use getClass() here... a typical weld issue...
    endpointUrl = appConfiguration.getBaseEndpoint() + SchemaWebService.class.getAnnotation(Path.class).value();
    List<Class<? extends BaseScimResource>> excludedResources = Arrays.asList(SchemaResource.class, ResourceType.class, ServiceProviderConfig.class);
    resourceSchemas = new HashMap<String, Class<? extends BaseScimResource>>();
    // Fill map with urn vs. resource
    for (Class<? extends BaseScimResource> cls : IntrospectUtil.allAttrs.keySet()) {
        if (!excludedResources.contains(cls)) {
            resourceSchemas.put(ScimResourceUtil.getDefaultSchemaUrn(cls), cls);
            for (Extension extension : extService.getResourceExtensions(cls)) resourceSchemas.put(extension.getUrn(), cls);
        }
    }
}
Also used : Extension(org.gluu.oxtrust.model.scim2.extensions.Extension) BaseScimResource(org.gluu.oxtrust.model.scim2.BaseScimResource) PostConstruct(javax.annotation.PostConstruct)

Example 74 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project nifi by apache.

the class OcspCertificateValidator method getOcspStatus.

/**
 * Gets the OCSP status for the specified subject and issuer certificates.
 *
 * @param ocspStatusKey status key
 * @return ocsp status
 */
private OcspStatus getOcspStatus(final OcspRequest ocspStatusKey) {
    final X509Certificate subjectCertificate = ocspStatusKey.getSubjectCertificate();
    final X509Certificate issuerCertificate = ocspStatusKey.getIssuerCertificate();
    // initialize the default status
    final OcspStatus ocspStatus = new OcspStatus();
    ocspStatus.setVerificationStatus(VerificationStatus.Unknown);
    ocspStatus.setValidationStatus(ValidationStatus.Unknown);
    try {
        // prepare the request
        final BigInteger subjectSerialNumber = subjectCertificate.getSerialNumber();
        final DigestCalculatorProvider calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
        final CertificateID certificateId = new CertificateID(calculatorProviderBuilder.get(CertificateID.HASH_SHA1), new X509CertificateHolder(issuerCertificate.getEncoded()), subjectSerialNumber);
        // generate the request
        final OCSPReqBuilder requestGenerator = new OCSPReqBuilder();
        requestGenerator.addRequest(certificateId);
        // Create a nonce to avoid replay attack
        BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
        Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray()));
        requestGenerator.setRequestExtensions(new Extensions(new Extension[] { ext }));
        final OCSPReq ocspRequest = requestGenerator.build();
        // perform the request
        final Response response = getClientResponse(ocspRequest);
        // ensure the request was completed successfully
        if (Response.Status.OK.getStatusCode() != response.getStatusInfo().getStatusCode()) {
            logger.warn(String.format("OCSP request was unsuccessful (%s).", response.getStatus()));
            return ocspStatus;
        }
        // interpret the response
        OCSPResp ocspResponse = new OCSPResp(response.readEntity(InputStream.class));
        // verify the response status
        switch(ocspResponse.getStatus()) {
            case OCSPRespBuilder.SUCCESSFUL:
                ocspStatus.setResponseStatus(OcspStatus.ResponseStatus.Successful);
                break;
            case OCSPRespBuilder.INTERNAL_ERROR:
                ocspStatus.setResponseStatus(OcspStatus.ResponseStatus.InternalError);
                break;
            case OCSPRespBuilder.MALFORMED_REQUEST:
                ocspStatus.setResponseStatus(OcspStatus.ResponseStatus.MalformedRequest);
                break;
            case OCSPRespBuilder.SIG_REQUIRED:
                ocspStatus.setResponseStatus(OcspStatus.ResponseStatus.SignatureRequired);
                break;
            case OCSPRespBuilder.TRY_LATER:
                ocspStatus.setResponseStatus(OcspStatus.ResponseStatus.TryLater);
                break;
            case OCSPRespBuilder.UNAUTHORIZED:
                ocspStatus.setResponseStatus(OcspStatus.ResponseStatus.Unauthorized);
                break;
            default:
                ocspStatus.setResponseStatus(OcspStatus.ResponseStatus.Unknown);
                break;
        }
        // only proceed if the response was successful
        if (ocspResponse.getStatus() != OCSPRespBuilder.SUCCESSFUL) {
            logger.warn(String.format("OCSP request was unsuccessful (%s).", ocspStatus.getResponseStatus().toString()));
            return ocspStatus;
        }
        // ensure the appropriate response object
        final Object ocspResponseObject = ocspResponse.getResponseObject();
        if (ocspResponseObject == null || !(ocspResponseObject instanceof BasicOCSPResp)) {
            logger.warn(String.format("Unexpected OCSP response object: %s", ocspResponseObject));
            return ocspStatus;
        }
        // get the response object
        final BasicOCSPResp basicOcspResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
        // attempt to locate the responder certificate
        final X509CertificateHolder[] responderCertificates = basicOcspResponse.getCerts();
        if (responderCertificates.length != 1) {
            logger.warn(String.format("Unexpected number of OCSP responder certificates: %s", responderCertificates.length));
            return ocspStatus;
        }
        // get the responder certificate
        final X509Certificate trustedResponderCertificate = getTrustedResponderCertificate(responderCertificates[0], issuerCertificate);
        if (trustedResponderCertificate != null) {
            // verify the response
            if (basicOcspResponse.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(trustedResponderCertificate.getPublicKey()))) {
                ocspStatus.setVerificationStatus(VerificationStatus.Verified);
            } else {
                ocspStatus.setVerificationStatus(VerificationStatus.Unverified);
            }
        } else {
            ocspStatus.setVerificationStatus(VerificationStatus.Unverified);
        }
        // validate the response
        final SingleResp[] responses = basicOcspResponse.getResponses();
        for (SingleResp singleResponse : responses) {
            final CertificateID responseCertificateId = singleResponse.getCertID();
            final BigInteger responseSerialNumber = responseCertificateId.getSerialNumber();
            if (responseSerialNumber.equals(subjectSerialNumber)) {
                Object certStatus = singleResponse.getCertStatus();
                // interpret the certificate status
                if (CertificateStatus.GOOD == certStatus) {
                    ocspStatus.setValidationStatus(ValidationStatus.Good);
                } else if (certStatus instanceof RevokedStatus) {
                    ocspStatus.setValidationStatus(ValidationStatus.Revoked);
                } else {
                    ocspStatus.setValidationStatus(ValidationStatus.Unknown);
                }
            }
        }
    } catch (final OCSPException | IOException | ProcessingException | OperatorCreationException e) {
        logger.error(e.getMessage(), e);
    } catch (CertificateException e) {
        e.printStackTrace();
    }
    return ocspStatus;
}
Also used : CertificateException(java.security.cert.CertificateException) Extensions(org.bouncycastle.asn1.x509.Extensions) DEROctetString(org.bouncycastle.asn1.DEROctetString) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) OCSPException(org.bouncycastle.cert.ocsp.OCSPException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder) SingleResp(org.bouncycastle.cert.ocsp.SingleResp) ProcessingException(javax.ws.rs.ProcessingException) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) Extension(org.bouncycastle.asn1.x509.Extension) Response(javax.ws.rs.core.Response) JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder) RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) OCSPReq(org.bouncycastle.cert.ocsp.OCSPReq) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) BigInteger(java.math.BigInteger) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)

Example 75 with Extension

use of org.gluu.oxtrust.model.scim2.Extension in project xipki by xipki.

the class OcspBenchRequestor method buildRequest.

// method ask
private byte[] buildRequest(BigInteger[] serialNumbers) throws OcspRequestorException {
    boolean canCache = (serialNumbers.length == 1) && !requestOptions.isUseNonce();
    if (canCache) {
        byte[] request = requests.get(serialNumbers[0]);
        if (request != null) {
            return request;
        }
    }
    OCSPReqBuilder reqBuilder = new OCSPReqBuilder();
    if (requestOptions.isUseNonce() || extensions != null) {
        List<Extension> extns = new ArrayList<>(2);
        if (requestOptions.isUseNonce()) {
            Extension extn = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nextNonce(requestOptions.getNonceLen())));
            extns.add(extn);
        }
        if (extensions != null) {
            for (Extension extn : extensions) {
                extns.add(extn);
            }
        }
        reqBuilder.setRequestExtensions(new Extensions(extns.toArray(extnType)));
    }
    try {
        for (BigInteger serialNumber : serialNumbers) {
            CertID certId = new CertID(issuerhashAlg, issuerNameHash, issuerKeyHash, new ASN1Integer(serialNumber));
            reqBuilder.addRequest(new CertificateID(certId));
        }
        byte[] request = reqBuilder.build().getEncoded();
        if (canCache) {
            requests.put(serialNumbers[0], request);
        }
        return request;
    } catch (OCSPException | IOException ex) {
        throw new OcspRequestorException(ex.getMessage(), ex);
    }
}
Also used : OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) CertID(org.bouncycastle.asn1.ocsp.CertID) CertificateID(org.bouncycastle.cert.ocsp.CertificateID) ArrayList(java.util.ArrayList) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) DEROctetString(org.bouncycastle.asn1.DEROctetString) Extension(org.bouncycastle.asn1.x509.Extension) OCSPException(org.bouncycastle.cert.ocsp.OCSPException) BigInteger(java.math.BigInteger) OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)

Aggregations

Extension (org.bouncycastle.asn1.x509.Extension)83 Extensions (org.bouncycastle.asn1.x509.Extensions)42 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)35 IOException (java.io.IOException)30 DEROctetString (org.bouncycastle.asn1.DEROctetString)30 Enumeration (java.util.Enumeration)22 Date (java.util.Date)21 HashSet (java.util.HashSet)21 X500Name (org.bouncycastle.asn1.x500.X500Name)19 BigInteger (java.math.BigInteger)18 ArrayList (java.util.ArrayList)15 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)14 Extension (org.gluu.oxtrust.model.scim2.extensions.Extension)14 X509Certificate (java.security.cert.X509Certificate)13 Set (java.util.Set)13 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)13 LinkedList (java.util.LinkedList)12 DERIA5String (org.bouncycastle.asn1.DERIA5String)12 DERSequence (org.bouncycastle.asn1.DERSequence)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial