Search in sources :

Example 1 with ApplicationException

use of org.owasp.oag.exception.ApplicationException in project Application-Gateway by gianlucafrei.

the class WiremockTest method makeLogin.

protected LoginResult makeLogin() {
    try {
        // ACT1: Start the login
        var loginResult = webClient.get().uri("/auth/local/login").exchange().expectStatus().isFound().returnResult(String.class);
        var redirectUriString = loginResult.getResponseHeaders().getFirst("Location");
        URI redirectUri = new URI(redirectUriString);
        AuthenticationRequest oidcRequest = AuthenticationRequest.parse(redirectUri);
        LoginProvider provider = config.getLoginProviders().get("local");
        assertTrue(redirectUriString.startsWith((String) provider.getWith().get("authEndpoint")));
        assertEquals(provider.getWith().get("clientId"), oidcRequest.getClientID().toString());
        var loginStateCookie = loginResult.getResponseCookies().getFirst(LoginStateCookie.NAME);
        // ACT 2: Call the callback url
        // Arrange
        String authorizationResponse = String.format("?state=%s&code=%s", oidcRequest.getState().getValue(), "authCode");
        var callbackResult = webClient.get().uri("/auth/local/callback" + authorizationResponse).cookie(loginStateCookie.getName(), loginStateCookie.getValue()).exchange().expectStatus().isFound().returnResult(String.class);
        var result = new LoginResult(callbackResult);
        // id from jwt token
        result.id = "248289761001";
        return result;
    } catch (Exception e) {
        throw new ApplicationException("Login Failed", e);
    }
}
Also used : ApplicationException(org.owasp.oag.exception.ApplicationException) AuthenticationRequest(com.nimbusds.openid.connect.sdk.AuthenticationRequest) LoginProvider(org.owasp.oag.config.configuration.LoginProvider) URI(java.net.URI) ApplicationException(org.owasp.oag.exception.ApplicationException)

Example 2 with ApplicationException

use of org.owasp.oag.exception.ApplicationException in project Application-Gateway by gianlucafrei.

the class GitHubDriver method loadUserInfo.

@Override
protected UserModel loadUserInfo(Tokens tokens) {
    AccessToken accessToken = tokens.getAccessToken();
    RefreshToken refreshToken = tokens.getRefreshToken();
    try {
        // Load data
        String email = loadUserEmail(accessToken);
        GitHubUserResponse profileResponse = makeGitHubApiRequest("https://api.github.com/user", accessToken.getValue(), GitHubUserResponse.class);
        // Create user model
        UserModel model = new UserModel(profileResponse.id);
        model.set("email", email);
        model.set("picture", profileResponse.avatar_url);
        model.set("preferred_username", profileResponse.login);
        model.set("email_verified", "true");
        model.set("sub", model.getId());
        model.set("name", profileResponse.name);
        model.set("profile", profileResponse.url);
        model.set("updated_at", profileResponse.updated_at);
        model.set("created_at", profileResponse.created_at);
        model.set("access-token", accessToken.toString());
        model.set("refreshToken", refreshToken != null ? refreshToken.toString() : null);
        return model;
    } catch (IOException | InterruptedException ex) {
        throw new ApplicationException("Could not load user profile data", ex);
    }
}
Also used : UserModel(org.owasp.oag.session.UserModel) RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken) ApplicationException(org.owasp.oag.exception.ApplicationException) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) IOException(java.io.IOException)

Example 3 with ApplicationException

use of org.owasp.oag.exception.ApplicationException in project Application-Gateway by gianlucafrei.

the class GitHubDriver method loadUserEmail.

protected String loadUserEmail(AccessToken accessToken) {
    try {
        GitHubEmailsResponse emailsResponse = makeGitHubApiRequest("https://api.github.com/user/emails", accessToken.getValue(), GitHubEmailsResponse.class);
        Optional<GitHubUserEmail> anyEmail = emailsResponse.stream().filter(e -> e.isVerified()).filter(e -> e.isPrimary()).findAny();
        if (anyEmail.isPresent())
            return anyEmail.get().getEmail();
        else
            return null;
    } catch (Exception e) {
        throw new ApplicationException("Could not load user profile info", e);
    }
}
Also used : RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) AuthorizationGrant(com.nimbusds.oauth2.sdk.AuthorizationGrant) UserModel(org.owasp.oag.session.UserModel) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Scope(com.nimbusds.oauth2.sdk.Scope) ClientAuthentication(com.nimbusds.oauth2.sdk.auth.ClientAuthentication) Tokens(com.nimbusds.oauth2.sdk.token.Tokens) AuthenticationException(org.owasp.oag.exception.AuthenticationException) Oauth2Driver(org.owasp.oag.services.login.drivers.oauth.Oauth2Driver) IOException(java.io.IOException) DeserializationFeature(com.fasterxml.jackson.databind.DeserializationFeature) HttpRequest(java.net.http.HttpRequest) List(java.util.List) LoginProviderSettings(org.owasp.oag.config.configuration.LoginProviderSettings) ApplicationException(org.owasp.oag.exception.ApplicationException) Optional(java.util.Optional) HttpClient(java.net.http.HttpClient) URI(java.net.URI) HttpResponse(java.net.http.HttpResponse) ApplicationException(org.owasp.oag.exception.ApplicationException) AuthenticationException(org.owasp.oag.exception.AuthenticationException) IOException(java.io.IOException) ApplicationException(org.owasp.oag.exception.ApplicationException)

Example 4 with ApplicationException

use of org.owasp.oag.exception.ApplicationException in project Application-Gateway by gianlucafrei.

the class OidcDriver method loadUserInfo.

@Override
protected UserModel loadUserInfo(Tokens tokens) {
    try {
        // Because we have overridden the loadTokens method we can safely convert the tokens object
        OIDCTokens oidcTokens = (OIDCTokens) tokens;
        JWT idToken = oidcTokens.getIDToken();
        JWTClaimsSet jwtClaims = idToken.getJWTClaimsSet();
        AccessToken accessToken = oidcTokens.getAccessToken();
        RefreshToken refreshToken = oidcTokens.getRefreshToken();
        UserModel model = new UserModel(jwtClaims.getSubject());
        model.set("original-id-token", idToken.getParsedString());
        model.set("original-access-token", accessToken.toString());
        for (String claimName : getMappedClaims()) {
            Object claim = jwtClaims.getClaim(claimName);
            if (claim != null) {
                model.set(claimName, claim.toString());
            }
        }
        return model;
    } catch (Exception e) {
        throw new ApplicationException("Could not extract user info", e);
    }
}
Also used : UserModel(org.owasp.oag.session.UserModel) RefreshToken(com.nimbusds.oauth2.sdk.token.RefreshToken) ApplicationException(org.owasp.oag.exception.ApplicationException) JWT(com.nimbusds.jwt.JWT) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) OIDCTokens(com.nimbusds.openid.connect.sdk.token.OIDCTokens) SystemException(org.owasp.oag.exception.SystemException) AuthenticationException(org.owasp.oag.exception.AuthenticationException) IOException(java.io.IOException) ApplicationException(org.owasp.oag.exception.ApplicationException)

Example 5 with ApplicationException

use of org.owasp.oag.exception.ApplicationException in project Application-Gateway by gianlucafrei.

the class JweEncrypter method loadFromFileOrCreateAndStoreNewKey.

public static JweEncrypter loadFromFileOrCreateAndStoreNewKey(String filename) throws IOException {
    if (filename == null)
        throw new ApplicationException("Filename must not be null", null);
    File keyFile = new File(filename);
    byte[] keyBytes;
    if (keyFile.exists()) {
        // Read key from file
        keyBytes = Files.toByteArray(keyFile);
    } else {
        // Create new secret key and store it in file
        KeyGenerator keyGen;
        try {
            keyGen = KeyGenerator.getInstance("AES");
            // for example
            keyGen.init(128);
            SecretKey secretKey = keyGen.generateKey();
            // Store key om file
            keyBytes = secretKey.getEncoded();
            Files.write(keyBytes, keyFile);
        } catch (NoSuchAlgorithmException e) {
            throw new ConsistencyException("Cloud not create AES key", e);
        }
    }
    return new JweEncrypter(keyBytes);
}
Also used : SecretKey(javax.crypto.SecretKey) ApplicationException(org.owasp.oag.exception.ApplicationException) ConsistencyException(org.owasp.oag.exception.ConsistencyException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) File(java.io.File) KeyGenerator(javax.crypto.KeyGenerator)

Aggregations

ApplicationException (org.owasp.oag.exception.ApplicationException)6 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)3 RefreshToken (com.nimbusds.oauth2.sdk.token.RefreshToken)3 IOException (java.io.IOException)3 UserModel (org.owasp.oag.session.UserModel)3 URI (java.net.URI)2 AuthenticationException (org.owasp.oag.exception.AuthenticationException)2 DeserializationFeature (com.fasterxml.jackson.databind.DeserializationFeature)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 JWK (com.nimbusds.jose.jwk.JWK)1 RSAKey (com.nimbusds.jose.jwk.RSAKey)1 JWT (com.nimbusds.jwt.JWT)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 AuthorizationGrant (com.nimbusds.oauth2.sdk.AuthorizationGrant)1 Scope (com.nimbusds.oauth2.sdk.Scope)1 ClientAuthentication (com.nimbusds.oauth2.sdk.auth.ClientAuthentication)1 Tokens (com.nimbusds.oauth2.sdk.token.Tokens)1 AuthenticationRequest (com.nimbusds.openid.connect.sdk.AuthenticationRequest)1 OIDCTokens (com.nimbusds.openid.connect.sdk.token.OIDCTokens)1 File (java.io.File)1