Search in sources :

Example 21 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class ClientPublicKeyLoader method getSignatureValidationKey.

private static KeyWrapper getSignatureValidationKey(CertificateRepresentation certInfo) throws ModelException {
    KeyWrapper keyWrapper = new KeyWrapper();
    String encodedCertificate = certInfo.getCertificate();
    String encodedPublicKey = certInfo.getPublicKey();
    if (encodedCertificate == null && encodedPublicKey == null) {
        throw new ModelException("Client doesn't have certificate or publicKey configured");
    }
    if (encodedCertificate != null && encodedPublicKey != null) {
        throw new ModelException("Client has both publicKey and certificate configured");
    }
    keyWrapper.setAlgorithm(Algorithm.RS256);
    keyWrapper.setType(KeyType.RSA);
    keyWrapper.setUse(KeyUse.SIG);
    String kid = null;
    if (encodedCertificate != null) {
        X509Certificate clientCert = KeycloakModelUtils.getCertificate(encodedCertificate);
        // Check if we have kid in DB, generate otherwise
        kid = certInfo.getKid() != null ? certInfo.getKid() : KeyUtils.createKeyId(clientCert.getPublicKey());
        keyWrapper.setKid(kid);
        keyWrapper.setPublicKey(clientCert.getPublicKey());
        keyWrapper.setCertificate(clientCert);
    } else {
        PublicKey publicKey = KeycloakModelUtils.getPublicKey(encodedPublicKey);
        // Check if we have kid in DB, generate otherwise
        kid = certInfo.getKid() != null ? certInfo.getKid() : KeyUtils.createKeyId(publicKey);
        keyWrapper.setKid(kid);
        keyWrapper.setPublicKey(publicKey);
    }
    return keyWrapper;
}
Also used : KeyWrapper(org.keycloak.crypto.KeyWrapper) ModelException(org.keycloak.models.ModelException) PublicKey(java.security.PublicKey) X509Certificate(java.security.cert.X509Certificate)

Example 22 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class ClientStorageManager method getStorageProvider.

public static ClientStorageProvider getStorageProvider(KeycloakSession session, RealmModel realm, String componentId) {
    ComponentModel model = realm.getComponent(componentId);
    if (model == null)
        return null;
    ClientStorageProviderModel storageModel = new ClientStorageProviderModel(model);
    ClientStorageProviderFactory factory = (ClientStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(ClientStorageProvider.class, model.getProviderId());
    if (factory == null) {
        throw new ModelException("Could not find ClientStorageProviderFactory for: " + model.getProviderId());
    }
    return getStorageProviderInstance(session, storageModel, factory);
}
Also used : ClientStorageProvider(org.keycloak.storage.client.ClientStorageProvider) ModelException(org.keycloak.models.ModelException) ClientStorageProviderFactory(org.keycloak.storage.client.ClientStorageProviderFactory) ComponentModel(org.keycloak.component.ComponentModel) ClientStorageProviderModel(org.keycloak.storage.client.ClientStorageProviderModel)

Example 23 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class RoleStorageManager method getStorageProvider.

public static RoleStorageProvider getStorageProvider(KeycloakSession session, RealmModel realm, String componentId) {
    ComponentModel model = realm.getComponent(componentId);
    if (model == null)
        return null;
    RoleStorageProviderModel storageModel = new RoleStorageProviderModel(model);
    RoleStorageProviderFactory factory = (RoleStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(RoleStorageProvider.class, model.getProviderId());
    if (factory == null) {
        throw new ModelException("Could not find RoletStorageProviderFactory for: " + model.getProviderId());
    }
    return getStorageProviderInstance(session, storageModel, factory);
}
Also used : RoleStorageProviderFactory(org.keycloak.storage.role.RoleStorageProviderFactory) ModelException(org.keycloak.models.ModelException) ComponentModel(org.keycloak.component.ComponentModel) RoleStorageProvider(org.keycloak.storage.role.RoleStorageProvider) RoleStorageProviderModel(org.keycloak.storage.role.RoleStorageProviderModel)

Example 24 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class UserStorageManager method removeUser.

@Override
public boolean removeUser(RealmModel realm, UserModel user) {
    if (getFederatedStorage() != null)
        getFederatedStorage().preRemove(realm, user);
    StorageId storageId = new StorageId(user.getId());
    if (storageId.getProviderId() == null) {
        String federationLink = user.getFederationLink();
        boolean linkRemoved = federationLink == null || Optional.ofNullable(getStorageProviderInstance(realm, federationLink, UserRegistrationProvider.class)).map(provider -> provider.removeUser(realm, user)).orElse(false);
        return localStorage().removeUser(realm, user) && linkRemoved;
    }
    UserRegistrationProvider registry = getStorageProviderInstance(realm, storageId.getProviderId(), UserRegistrationProvider.class);
    if (registry == null) {
        throw new ModelException("Could not resolve UserRegistrationProvider: " + storageId.getProviderId());
    }
    return registry.removeUser(realm, user);
}
Also used : ModelException(org.keycloak.models.ModelException) UserRegistrationProvider(org.keycloak.storage.user.UserRegistrationProvider)

Example 25 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class UserConsentModelTest method setupEnv.

public static void setupEnv(KeycloakSession session) {
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionEnv) -> {
        KeycloakSession currentSession = sessionEnv;
        RealmManager realmManager = new RealmManager(currentSession);
        RealmModel realm = realmManager.createRealm("original");
        ClientModel fooClient = realm.addClient("foo-client");
        ClientModel barClient = realm.addClient("bar-client");
        ClientScopeModel fooScope = realm.addClientScope("foo");
        fooScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
        ClientScopeModel barScope = realm.addClientScope("bar");
        fooScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
        UserModel john = currentSession.users().addUser(realm, "john");
        UserModel mary = currentSession.users().addUser(realm, "mary");
        UserConsentModel johnFooGrant = new UserConsentModel(fooClient);
        johnFooGrant.addGrantedClientScope(fooScope);
        realmManager.getSession().users().addConsent(realm, john.getId(), johnFooGrant);
        UserConsentModel johnBarGrant = new UserConsentModel(barClient);
        johnBarGrant.addGrantedClientScope(barScope);
        // Update should fail as grant doesn't yet exists
        try {
            realmManager.getSession().users().updateConsent(realm, john.getId(), johnBarGrant);
            Assert.fail("Not expected to end here");
        } catch (ModelException expected) {
        }
        realmManager.getSession().users().addConsent(realm, john.getId(), johnBarGrant);
        UserConsentModel maryFooGrant = new UserConsentModel(fooClient);
        maryFooGrant.addGrantedClientScope(fooScope);
        realmManager.getSession().users().addConsent(realm, mary.getId(), maryFooGrant);
        ClientStorageProviderModel clientStorage = new ClientStorageProviderModel();
        clientStorage.setProviderId(HardcodedClientStorageProviderFactory.PROVIDER_ID);
        clientStorage.getConfig().putSingle(HardcodedClientStorageProviderFactory.CLIENT_ID, "hardcoded-client");
        clientStorage.getConfig().putSingle(HardcodedClientStorageProviderFactory.REDIRECT_URI, "http://localhost:8081/*");
        clientStorage.getConfig().putSingle(HardcodedClientStorageProviderFactory.CONSENT, "true");
        clientStorage.setParentId(realm.getId());
        clientStorageComponent = realm.addComponentModel(clientStorage);
        ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
        Assert.assertNotNull(hardcodedClient);
        UserConsentModel maryHardcodedGrant = new UserConsentModel(hardcodedClient);
        realmManager.getSession().users().addConsent(realm, mary.getId(), maryHardcodedGrant);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ModelException(org.keycloak.models.ModelException) KeycloakSession(org.keycloak.models.KeycloakSession) ClientScopeModel(org.keycloak.models.ClientScopeModel) RealmManager(org.keycloak.services.managers.RealmManager) ClientStorageProviderModel(org.keycloak.storage.client.ClientStorageProviderModel) UserConsentModel(org.keycloak.models.UserConsentModel)

Aggregations

ModelException (org.keycloak.models.ModelException)74 RealmModel (org.keycloak.models.RealmModel)20 NamingException (javax.naming.NamingException)13 UserModel (org.keycloak.models.UserModel)13 ClientModel (org.keycloak.models.ClientModel)11 ComponentModel (org.keycloak.component.ComponentModel)10 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)10 IOException (java.io.IOException)9 Consumes (javax.ws.rs.Consumes)9 NotFoundException (javax.ws.rs.NotFoundException)8 BasicAttribute (javax.naming.directory.BasicAttribute)7 KeycloakSession (org.keycloak.models.KeycloakSession)7 RoleModel (org.keycloak.models.RoleModel)7 ErrorResponseException (org.keycloak.services.ErrorResponseException)7 ReadOnlyException (org.keycloak.storage.ReadOnlyException)7 POST (javax.ws.rs.POST)6 Path (javax.ws.rs.Path)6 Test (org.junit.Test)6 ArrayList (java.util.ArrayList)5 AttributeInUseException (javax.naming.directory.AttributeInUseException)5