Search in sources :

Example 1 with OpenIDConnectConfiguration

use of org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration in project carbon-apimgt by wso2.

the class KeyManagerMappingUtil method fromOpenIdConnectConfigurationToKeyManagerConfiguration.

public static KeyManagerWellKnownResponseDTO fromOpenIdConnectConfigurationToKeyManagerConfiguration(OpenIdConnectConfiguration openIdConnectConfiguration) {
    KeyManagerWellKnownResponseDTO keyManagerWellKnownResponseDTO = new KeyManagerWellKnownResponseDTO();
    if (openIdConnectConfiguration != null) {
        keyManagerWellKnownResponseDTO.setValid(true);
        KeyManagerDTO keyManagerDto = new KeyManagerDTO();
        keyManagerDto.setIssuer(openIdConnectConfiguration.getIssuer());
        keyManagerDto.setIntrospectionEndpoint(openIdConnectConfiguration.getIntrospectionEndpoint());
        keyManagerDto.setClientRegistrationEndpoint(openIdConnectConfiguration.getRegistrationEndpoint());
        keyManagerDto.setAuthorizeEndpoint(openIdConnectConfiguration.getAuthorizeEndpoint());
        keyManagerDto.setTokenEndpoint(openIdConnectConfiguration.getTokenEndpoint());
        keyManagerDto.setRevokeEndpoint(openIdConnectConfiguration.getRevokeEndpoint());
        keyManagerDto.setEnabled(true);
        keyManagerDto.setEnableTokenGeneration(true);
        keyManagerDto.setEnableMapOAuthConsumerApps(true);
        keyManagerDto.setEnableOAuthAppCreation(true);
        keyManagerDto.setEnableSelfValidationJWT(true);
        keyManagerDto.setAvailableGrantTypes(openIdConnectConfiguration.getGrantTypesSupported());
        if (StringUtils.isNotEmpty(openIdConnectConfiguration.getJwksEndpoint())) {
            KeyManagerCertificatesDTO keyManagerCertificatesDTO = new KeyManagerCertificatesDTO();
            keyManagerCertificatesDTO.setType(KeyManagerCertificatesDTO.TypeEnum.JWKS);
            keyManagerCertificatesDTO.setValue(openIdConnectConfiguration.getJwksEndpoint());
            keyManagerDto.setCertificates(keyManagerCertificatesDTO);
        }
        keyManagerWellKnownResponseDTO.setValue(keyManagerDto);
    }
    return keyManagerWellKnownResponseDTO;
}
Also used : KeyManagerCertificatesDTO(org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerCertificatesDTO) KeyManagerWellKnownResponseDTO(org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO) KeyManagerDTO(org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO)

Example 2 with OpenIDConnectConfiguration

use of org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration in project carbon-apimgt by wso2.

the class KeyManagersApiServiceImpl method keyManagersDiscoverPost.

@Override
public Response keyManagersDiscoverPost(String url, String type, MessageContext messageContext) throws APIManagementException {
    if (StringUtils.isNotEmpty(url)) {
        Gson gson = new GsonBuilder().serializeNulls().create();
        OpenIDConnectDiscoveryClient openIDConnectDiscoveryClient = Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(url))).encoder(new GsonEncoder(gson)).decoder(new GsonDecoder(gson)).errorDecoder(new KMClientErrorDecoder()).target(OpenIDConnectDiscoveryClient.class, url);
        OpenIdConnectConfiguration openIdConnectConfiguration = openIDConnectDiscoveryClient.getOpenIdConnectConfiguration();
        if (openIdConnectConfiguration != null) {
            KeyManagerWellKnownResponseDTO keyManagerWellKnownResponseDTO = KeyManagerMappingUtil.fromOpenIdConnectConfigurationToKeyManagerConfiguration(openIdConnectConfiguration);
            keyManagerWellKnownResponseDTO.getValue().setWellKnownEndpoint(url);
            keyManagerWellKnownResponseDTO.getValue().setType(type);
            return Response.ok().entity(keyManagerWellKnownResponseDTO).build();
        }
    }
    return Response.ok(new KeyManagerWellKnownResponseDTO()).build();
}
Also used : KMClientErrorDecoder(org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder) GsonEncoder(feign.gson.GsonEncoder) OpenIdConnectConfiguration(org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration) OpenIDConnectDiscoveryClient(org.wso2.carbon.apimgt.impl.kmclient.model.OpenIDConnectDiscoveryClient) GsonBuilder(com.google.gson.GsonBuilder) KeyManagerWellKnownResponseDTO(org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO) GsonDecoder(feign.gson.GsonDecoder) Gson(com.google.gson.Gson) ApacheFeignHttpClient(org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient)

Example 3 with OpenIDConnectConfiguration

use of org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration in project carbon-apimgt by wso2.

the class APIUtil method getAndSetDefaultKeyManagerConfiguration.

public static KeyManagerConfigurationDTO getAndSetDefaultKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
    boolean clientSecretHashEnabled = ServiceReferenceHolder.getInstance().getOauthServerConfiguration().isClientSecretHashEnabled();
    Set<String> availableGrantTypes = ServiceReferenceHolder.getInstance().getOauthServerConfiguration().getSupportedGrantTypes().keySet();
    long validityPeriod = ServiceReferenceHolder.getInstance().getOauthServerConfiguration().getApplicationAccessTokenValidityPeriodInSeconds();
    APIManagerConfigurationService config = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService();
    String issuerIdentifier = OAuthServerConfiguration.getInstance().getOpenIDConnectIDTokenIssuerIdentifier();
    if (config != null) {
        OpenIdConnectConfiguration openIdConnectConfigurations = null;
        APIManagerConfiguration apiManagerConfiguration = config.getAPIManagerConfiguration();
        String keyManagerUrl;
        String enableTokenEncryption = apiManagerConfiguration.getFirstProperty(APIConstants.ENCRYPT_TOKENS_ON_PERSISTENCE);
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.AUTHSERVER_URL)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.AUTHSERVER_URL, apiManagerConfiguration.getFirstProperty(APIConstants.KEYMANAGER_SERVERURL));
        }
        keyManagerUrl = (String) keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.AUTHSERVER_URL);
        if (StringUtils.isNotEmpty(keyManagerUrl)) {
            openIdConnectConfigurations = APIUtil.getOpenIdConnectConfigurations(keyManagerUrl.split("/" + APIConstants.SERVICES_URL_RELATIVE_PATH)[0].concat(getTenantAwareContext(keyManagerConfigurationDTO.getOrganization())).concat(APIConstants.KeyManager.DEFAULT_KEY_MANAGER_OPENID_CONNECT_DISCOVERY_ENDPOINT));
        }
        if (keyManagerConfigurationDTO.getProperty(APIConstants.KeyManager.ENABLE_TOKEN_ENCRYPTION) == null) {
            keyManagerConfigurationDTO.addProperty(APIConstants.ENCRYPT_TOKENS_ON_PERSISTENCE, Boolean.parseBoolean(enableTokenEncryption));
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.REVOKE_URL)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.REVOKE_URL, keyManagerUrl.split("/" + APIConstants.SERVICES_URL_RELATIVE_PATH)[0].concat(APIConstants.IDENTITY_REVOKE_ENDPOINT));
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.TOKEN_URL)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.TOKEN_URL, keyManagerUrl.split("/" + APIConstants.SERVICES_URL_RELATIVE_PATH)[0].concat(APIConstants.IDENTITY_TOKEN_ENDPOINT_CONTEXT));
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.AVAILABLE_GRANT_TYPE)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.AVAILABLE_GRANT_TYPE, new ArrayList<>(availableGrantTypes));
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_TOKEN_HASH)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_TOKEN_HASH, clientSecretHashEnabled);
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_OAUTH_APP_CREATION)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_OAUTH_APP_CREATION, true);
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_MAP_OAUTH_CONSUMER_APPS)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_MAP_OAUTH_CONSUMER_APPS, isMapExistingAuthAppsEnabled());
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_TOKEN_GENERATION)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_TOKEN_GENERATION, true);
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.TOKEN_ENDPOINT)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.TOKEN_ENDPOINT, keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.TOKEN_URL));
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.REVOKE_ENDPOINT)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.REVOKE_ENDPOINT, keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.REVOKE_URL));
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.IDENTITY_OAUTH2_FIELD_VALIDITY_PERIOD)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.IDENTITY_OAUTH2_FIELD_VALIDITY_PERIOD, String.valueOf(validityPeriod));
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_TOKEN_VALIDATION)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_TOKEN_VALIDATION, true);
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.SELF_VALIDATE_JWT)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.SELF_VALIDATE_JWT, true);
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ISSUER)) {
            if (openIdConnectConfigurations == null) {
                throw new APIMgtInternalException("Error in fetching Open ID configuration.");
            }
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ISSUER, openIdConnectConfigurations.getIssuer());
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CLAIM_MAPPING)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CLAIM_MAPPING, getDefaultClaimMappings());
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CERTIFICATE_TYPE)) {
            keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_TYPE, APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT);
        }
        if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CERTIFICATE_VALUE)) {
            if (openIdConnectConfigurations != null) {
                keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_VALUE, openIdConnectConfigurations.getJwksEndpoint());
            } else {
                keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_VALUE, keyManagerUrl.split("/" + APIConstants.SERVICES_URL_RELATIVE_PATH)[0].concat(getTenantAwareContext(keyManagerConfigurationDTO.getOrganization())).concat(APIConstants.KeyManager.DEFAULT_JWKS_ENDPOINT));
            }
        }
        String defaultKeyManagerType = apiManagerConfiguration.getFirstProperty(APIConstants.DEFAULT_KEY_MANAGER_TYPE);
        if (StringUtils.isNotEmpty(defaultKeyManagerType)) {
            keyManagerConfigurationDTO.setType(defaultKeyManagerType);
        }
    }
    return keyManagerConfigurationDTO;
}
Also used : APIMgtInternalException(org.wso2.carbon.apimgt.api.APIMgtInternalException) OpenIdConnectConfiguration(org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration) APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration) APIManagerConfigurationService(org.wso2.carbon.apimgt.impl.APIManagerConfigurationService)

Example 4 with OpenIDConnectConfiguration

use of org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration in project identity-api-server by wso2.

the class ApiModelToOAuthConsumerApp method apply.

@Override
public OAuthConsumerAppDTO apply(String appName, OpenIDConnectConfiguration oidcModel) {
    OAuthConsumerAppDTO consumerAppDTO = new OAuthConsumerAppDTO();
    consumerAppDTO.setApplicationName(appName);
    consumerAppDTO.setOauthConsumerKey(oidcModel.getClientId());
    consumerAppDTO.setOauthConsumerSecret(oidcModel.getClientSecret());
    consumerAppDTO.setCallbackUrl(getCallbackUrl(oidcModel.getCallbackURLs()));
    consumerAppDTO.setOAuthVersion(OAuthConstants.OAuthVersions.VERSION_2);
    consumerAppDTO.setGrantTypes(getGrantTypes(oidcModel));
    consumerAppDTO.setScopeValidators(getScopeValidators(oidcModel));
    consumerAppDTO.setBypassClientCredentials(oidcModel.getPublicClient());
    consumerAppDTO.setRequestObjectSignatureValidationEnabled(oidcModel.getValidateRequestObjectSignature());
    updateAllowedOrigins(consumerAppDTO, oidcModel.getAllowedOrigins());
    updatePkceConfigurations(consumerAppDTO, oidcModel.getPkce());
    updateAccessTokenConfiguration(consumerAppDTO, oidcModel.getAccessToken());
    updateRefreshTokenConfiguration(consumerAppDTO, oidcModel.getRefreshToken());
    updateIdTokenConfiguration(consumerAppDTO, oidcModel.getIdToken());
    updateOidcLogoutConfiguration(consumerAppDTO, oidcModel.getLogout());
    return consumerAppDTO;
}
Also used : OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO)

Example 5 with OpenIDConnectConfiguration

use of org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration in project identity-api-server by wso2.

the class ServerApplicationManagementService method regenerateOAuthApplicationSecret.

public OpenIDConnectConfiguration regenerateOAuthApplicationSecret(String applicationId) {
    InboundAuthenticationRequestConfig oauthInbound = getInboundAuthRequestConfig(applicationId, OAUTH2);
    String clientId = oauthInbound.getInboundAuthKey();
    return OAuthInboundFunctions.regenerateClientSecret(clientId);
}
Also used : InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) InboundFunctions.getInboundAuthenticationRequestConfig(org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.InboundFunctions.getInboundAuthenticationRequestConfig)

Aggregations

OAuthConsumerAppDTO (org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO)3 OpenIdConnectConfiguration (org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration)2 KeyManagerWellKnownResponseDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO)2 CORSManagementServiceException (org.wso2.carbon.identity.cors.mgt.core.exception.CORSManagementServiceException)2 CORSOrigin (org.wso2.carbon.identity.cors.mgt.core.model.CORSOrigin)2 IdentityOAuthAdminException (org.wso2.carbon.identity.oauth.IdentityOAuthAdminException)2 Gson (com.google.gson.Gson)1 GsonBuilder (com.google.gson.GsonBuilder)1 GsonDecoder (feign.gson.GsonDecoder)1 GsonEncoder (feign.gson.GsonEncoder)1 APIMgtInternalException (org.wso2.carbon.apimgt.api.APIMgtInternalException)1 APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)1 APIManagerConfigurationService (org.wso2.carbon.apimgt.impl.APIManagerConfigurationService)1 ApacheFeignHttpClient (org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient)1 KMClientErrorDecoder (org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder)1 OpenIDConnectDiscoveryClient (org.wso2.carbon.apimgt.impl.kmclient.model.OpenIDConnectDiscoveryClient)1 KeyManagerCertificatesDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerCertificatesDTO)1 KeyManagerDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO)1 OpenIDConnectConfiguration (org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration)1 InboundFunctions.getInboundAuthenticationRequestConfig (org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.InboundFunctions.getInboundAuthenticationRequestConfig)1