Search in sources :

Example 21 with InboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListener method addClientSecret.

private void addClientSecret(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
    if (serviceProvider == null) {
        // if service provider is not present no need to add this information
        return;
    }
    try {
        InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
        if (inboundAuthenticationConfig != null) {
            InboundAuthenticationRequestConfig[] inboundRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
            if (inboundRequestConfigs != null) {
                for (InboundAuthenticationRequestConfig inboundRequestConfig : inboundRequestConfigs) {
                    if (inboundRequestConfig.getInboundAuthType().equals(OAUTH2)) {
                        Property[] props = inboundRequestConfig.getProperties();
                        Property property = new Property();
                        property.setName(OAUTH2_CONSUMER_SECRET);
                        String clientSecret = null;
                        try {
                            clientSecret = OAuth2Util.getClientSecret(inboundRequestConfig.getInboundAuthKey());
                        } catch (InvalidOAuthClientException e) {
                            log.warn("The OAuth application data not exists for " + inboundRequestConfig.getInboundAuthKey());
                        }
                        property.setValue(clientSecret);
                        props = (Property[]) ArrayUtils.add(props, property);
                        inboundRequestConfig.setProperties(props);
                        // we are interested only on oauth2 config. Only one will be present.
                        continue;
                    } else {
                    // ignore
                    }
                }
            } else {
            // ignore
            }
        } else {
        // nothing to do
        }
    } catch (IdentityOAuth2Exception e) {
        throw new IdentityApplicationManagementException("Injecting client secret failed.", e);
    }
    return;
}
Also used : IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) Property(org.wso2.carbon.identity.application.common.model.Property) InvalidOAuthClientException(org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException)

Example 22 with InboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListener method getOAuthAppsAssociatedWithApplication.

private Set<String> getOAuthAppsAssociatedWithApplication(ServiceProvider serviceProvider) {
    Set<String> oauthKeys = new HashSet<>();
    InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
    if (inboundAuthenticationConfig != null) {
        InboundAuthenticationRequestConfig[] inboundRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
        if (inboundRequestConfigs != null) {
            for (InboundAuthenticationRequestConfig inboundRequestConfig : inboundRequestConfigs) {
                if (StringUtils.equals(OAUTH2, inboundRequestConfig.getInboundAuthType()) || StringUtils.equals(inboundRequestConfig.getInboundAuthType(), OAUTH)) {
                    oauthKeys.add(inboundRequestConfig.getInboundAuthKey());
                }
            }
        }
    }
    return oauthKeys;
}
Also used : InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) HashSet(java.util.HashSet)

Example 23 with InboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListener method removeClientSecret.

private void removeClientSecret(ServiceProvider serviceProvider) {
    InboundAuthenticationConfig inboundAuthenticationConfig = serviceProvider.getInboundAuthenticationConfig();
    if (inboundAuthenticationConfig != null) {
        InboundAuthenticationRequestConfig[] inboundRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
        if (inboundRequestConfigs != null) {
            for (InboundAuthenticationRequestConfig inboundRequestConfig : inboundRequestConfigs) {
                if (inboundRequestConfig.getInboundAuthType().equals(OAUTH2)) {
                    Property[] props = inboundRequestConfig.getProperties();
                    for (Property prop : props) {
                        if (prop.getName().equalsIgnoreCase(OAUTH2_CONSUMER_SECRET)) {
                            props = (Property[]) ArrayUtils.removeElement(props, prop);
                            inboundRequestConfig.setProperties(props);
                            // we are interested only on this property
                            continue;
                        } else {
                        // ignore
                        }
                    }
                    // we are interested only on oauth2 config. Only one will be present.
                    continue;
                } else {
                // ignore
                }
            }
        } else {
        // ignore
        }
    } else {
    // nothing to do
    }
}
Also used : InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 24 with InboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListenerTest method createServiceProvider.

/**
 * Create service provider with required configurations.
 *
 * @param appId
 * @param hasAuthConfig
 * @param hasRequestConfig
 * @param authType
 * @param propName
 * @return
 */
private ServiceProvider createServiceProvider(int appId, boolean hasAuthConfig, boolean hasRequestConfig, String authType, String propName) {
    ServiceProvider serviceProvider = new ServiceProvider();
    serviceProvider.setApplicationID(appId);
    if (hasAuthConfig) {
        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
        if (hasRequestConfig) {
            InboundAuthenticationRequestConfig[] requestConfig = new InboundAuthenticationRequestConfig[1];
            requestConfig[0] = new InboundAuthenticationRequestConfig();
            requestConfig[0].setInboundAuthType(authType);
            requestConfig[0].setInboundAuthKey("authKey");
            Property[] properties = new Property[1];
            properties[0] = new Property();
            properties[0].setName(propName);
            requestConfig[0].setProperties(properties);
            inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(requestConfig);
        } else {
            inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(null);
        }
        serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
    }
    return serviceProvider;
}
Also used : InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) Property(org.wso2.carbon.identity.application.common.model.Property)

Example 25 with InboundAuthenticationConfig

use of org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig in project identity-inbound-auth-oauth by wso2-extensions.

the class DCRManagementService method createOAuthApplication.

/**
 * @param profile - RegistrationRequestProfile of the OAuth application to be created.
 * @return RegistrationResponseProfile object which holds the necessary data of created OAuth app.
 * @throws DCRException
 * @throws IdentityException
 */
private RegistrationResponseProfile createOAuthApplication(RegistrationRequestProfile profile) throws DCRException {
    // Subscriber's name should be passed as a parameter, since it's under the subscriber
    // the OAuth App is created.
    String owner = profile.getOwner();
    // Replace all unsupported characters
    String ownerName = owner.replaceAll(String.valueOf(DCRConstants.UNSUPPORTED_CHARACTERS_IN_REGISTRY), "_");
    String applicationName = ownerName + "_" + profile.getClientName();
    // Regex validation of the application name.
    if (!DCRMUtils.isRegexValidated(applicationName)) {
        throw new DCRException("The Application name: " + applicationName + " is not valid! It is not adhering to" + " the regex: " + DCRMUtils.getSPValidatorRegex());
    }
    String grantType = StringUtils.join(profile.getGrantTypes(), " ");
    String baseUser = CarbonContext.getThreadLocalCarbonContext().getUsername();
    String userName = MultitenantUtils.getTenantAwareUsername(profile.getOwner());
    PrivilegedCarbonContext.startTenantFlow();
    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(profile.getTenantDomain(), true);
    // Acting as the provided user. When creating Service Provider/OAuth App,
    // username is fetched from CarbonContext
    PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(userName);
    try {
        // Create the Service Provider
        ServiceProvider serviceProvider = new ServiceProvider();
        serviceProvider.setApplicationName(applicationName);
        User user = new User();
        user.setUserName(UserCoreUtil.removeDomainFromName(userName));
        user.setUserStoreDomain(UserCoreUtil.extractDomainFromName(userName));
        user.setTenantDomain(profile.getTenantDomain());
        serviceProvider.setOwner(user);
        serviceProvider.setDescription("Service Provider for application " + applicationName);
        ApplicationManagementService appMgtService = DCRDataHolder.getInstance().getApplicationManagementService();
        ServiceProvider existingServiceProvider = null;
        ServiceProvider createdServiceProvider = null;
        try {
            existingServiceProvider = appMgtService.getServiceProvider(applicationName, profile.getTenantDomain());
            if (existingServiceProvider == null) {
                appMgtService.createApplication(serviceProvider, profile.getTenantDomain(), userName);
                createdServiceProvider = appMgtService.getServiceProvider(applicationName, profile.getTenantDomain());
            } else {
                String errorMessage = "Service Provider with name: " + applicationName + " already registered";
                throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
            }
        } catch (IdentityApplicationManagementException e) {
            String errorMessage = "Error occurred while reading service provider, " + applicationName;
            throw IdentityException.error(DCRException.class, ErrorCodes.BAD_REQUEST.toString(), errorMessage, e);
        }
        if (createdServiceProvider == null) {
            String errorMessage = "Couldn't create Service Provider Application " + applicationName;
            throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
        }
        // Set SaaS app option
        createdServiceProvider.setSaasApp(false);
        // Then Create OAuthApp
        OAuthAdminService oAuthAdminService = new OAuthAdminService();
        OAuthConsumerAppDTO oAuthConsumerApp = new OAuthConsumerAppDTO();
        oAuthConsumerApp.setApplicationName(applicationName);
        // TODO: After implement multi-urls to the oAuth application, we have to change this API call
        if (profile.getRedirectUris().size() == 0 && (profile.getGrantTypes().contains(DCRConstants.GrantTypes.AUTHORIZATION_CODE) || profile.getGrantTypes().contains(DCRConstants.GrantTypes.IMPLICIT))) {
            String errorMessage = "RedirectUris property must have at least one URI value.";
            throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), errorMessage);
        } else if (profile.getRedirectUris().size() == 1) {
            String redirectUri = profile.getRedirectUris().get(0);
            try {
                // validate the redirect uri
                IdentityValidationUtil.getValidInputOverWhiteListPatterns(redirectUri, new String[] { IdentityValidationUtil.ValidatorPattern.URL_WITHOUT_FRAGMENT.name() });
                oAuthConsumerApp.setCallbackUrl(redirectUri);
            } catch (IdentityValidationException e) {
                // TODO: need to add error code
                throw IdentityException.error(DCRException.class, "Redirect URI: " + redirectUri + ", is invalid", e);
            }
        } else if (profile.getRedirectUris().size() > 1) {
            oAuthConsumerApp.setCallbackUrl(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX + createRegexPattern(profile.getRedirectUris()));
        }
        oAuthConsumerApp.setGrantTypes(grantType);
        oAuthConsumerApp.setOAuthVersion(OAUTH_VERSION);
        if (log.isDebugEnabled()) {
            log.debug("Creating OAuth App " + applicationName);
        }
        OAuthConsumerAppDTO createdApp;
        try {
            createdApp = oAuthAdminService.registerAndRetrieveOAuthApplicationData(oAuthConsumerApp);
        } catch (IdentityOAuthAdminException e) {
            throw IdentityException.error(DCRException.class, ErrorCodes.META_DATA_VALIDATION_FAILED.toString(), e.getMessage());
        }
        if (log.isDebugEnabled()) {
            log.debug("Created OAuth App " + applicationName);
            log.debug("Retrieved Details for OAuth App " + createdApp.getApplicationName());
        }
        // Set the OAuthApp in InboundAuthenticationConfig
        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
        List<InboundAuthenticationRequestConfig> inboundAuthenticationRequestConfigs = new ArrayList<>();
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthKey(createdApp.getOauthConsumerKey());
        inboundAuthenticationRequestConfig.setInboundAuthType(AUTH_TYPE_OAUTH_2);
        String oauthConsumerSecret = createdApp.getOauthConsumerSecret();
        if (oauthConsumerSecret != null && !oauthConsumerSecret.isEmpty()) {
            Property property = new Property();
            property.setName(OAUTH_CONSUMER_SECRET);
            property.setValue(oauthConsumerSecret);
            Property[] properties = { property };
            inboundAuthenticationRequestConfig.setProperties(properties);
        }
        inboundAuthenticationRequestConfigs.add(inboundAuthenticationRequestConfig);
        inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(inboundAuthenticationRequestConfigs.toArray(new InboundAuthenticationRequestConfig[inboundAuthenticationRequestConfigs.size()]));
        createdServiceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
        // Update the Service Provider app to add OAuthApp as an Inbound Authentication Config
        try {
            appMgtService.updateApplication(createdServiceProvider, profile.getTenantDomain(), userName);
        } catch (IdentityApplicationManagementException e) {
            throw IdentityException.error(DCRException.class, ErrorCodes.BAD_REQUEST.toString(), e.getMessage());
        }
        RegistrationResponseProfile registrationResponseProfile = new RegistrationResponseProfile();
        registrationResponseProfile.setClientId(createdApp.getOauthConsumerKey());
        registrationResponseProfile.getRedirectUrls().add(createdApp.getCallbackUrl());
        registrationResponseProfile.setClientSecret(oauthConsumerSecret);
        registrationResponseProfile.setClientName(createdApp.getApplicationName());
        registrationResponseProfile.setClientSecretExpiresAt(DEFAULT_CLIENT_SECRET_EXPIRY_TIME);
        if (StringUtils.isNotBlank(createdApp.getGrantTypes())) {
            String[] split = createdApp.getGrantTypes().split(" ");
            registrationResponseProfile.setGrantTypes(Arrays.asList(split));
        }
        return registrationResponseProfile;
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(baseUser);
    }
}
Also used : IdentityOAuthAdminException(org.wso2.carbon.identity.oauth.IdentityOAuthAdminException) User(org.wso2.carbon.identity.application.common.model.User) InboundAuthenticationConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig) OAuthAdminService(org.wso2.carbon.identity.oauth.OAuthAdminService) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) OAuthConsumerAppDTO(org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO) ArrayList(java.util.ArrayList) RegistrationResponseProfile(org.wso2.carbon.identity.oauth.dcr.model.RegistrationResponseProfile) IdentityValidationException(org.wso2.carbon.identity.base.IdentityValidationException) InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig) DCRException(org.wso2.carbon.identity.oauth.dcr.DCRException) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) ApplicationManagementService(org.wso2.carbon.identity.application.mgt.ApplicationManagementService) Property(org.wso2.carbon.identity.application.common.model.Property)

Aggregations

InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationConfig)21 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)21 ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)19 InboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig)16 InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig)15 Property (org.wso2.carbon.identity.application.common.model.xsd.Property)15 ArrayList (java.util.ArrayList)9 Property (org.wso2.carbon.identity.application.common.model.Property)7 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)6 RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.xsd.RequestPathAuthenticatorConfig)5 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)4 LocalAndOutboundAuthenticationConfig (org.wso2.carbon.identity.application.common.model.xsd.LocalAndOutboundAuthenticationConfig)4 PreparedStatement (java.sql.PreparedStatement)3 SQLException (java.sql.SQLException)3 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)3 ServiceProviderProperty (org.wso2.carbon.identity.application.common.model.ServiceProviderProperty)3 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 APIError (org.wso2.carbon.identity.api.server.common.error.APIError)2 AuthenticationStep (org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)2