Example 1 with AuthorizationCodeValidationResult
use of org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeValidationResult in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationCodeDAOImpl method validateAuthorizationCode.
@Override
public AuthorizationCodeValidationResult validateAuthorizationCode(String consumerKey, String authorizationKey) throws IdentityOAuth2Exception {
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) {
log.debug("Validating authorization code(hashed): " + DigestUtils.sha256Hex(authorizationKey) + " for client: " + consumerKey);
} else {
log.debug("Validating authorization code for client: " + consumerKey);
}
}
Connection connection = IdentityDatabaseUtil.getDBConnection(false);
PreparedStatement prepStmt = null;
ResultSet resultSet = null;
AuthorizationCodeValidationResult result = null;
try {
AuthenticatedUser user = null;
String codeState = null;
String authorizedUser = null;
String userstoreDomain = null;
String scopeString = null;
String callbackUrl = null;
String tenantDomain = null;
String codeId = null;
String subjectIdentifier = null;
String pkceCodeChallenge = null;
String pkceCodeChallengeMethod = null;
Timestamp issuedTime = null;
long validityPeriod = 0;
int tenantId;
String sql;
if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
sql = SQLQueries.VALIDATE_AUTHZ_CODE_WITH_PKCE_IDP_NAME;
} else {
sql = SQLQueries.VALIDATE_AUTHZ_CODE_WITH_PKCE;
}
prepStmt = connection.prepareStatement(sql);
prepStmt.setString(1, getPersistenceProcessor().getProcessedClientId(consumerKey));
// use hash value for search
prepStmt.setString(2, getHashingPersistenceProcessor().getProcessedAuthzCode(authorizationKey));
resultSet = prepStmt.executeQuery();
if (resultSet.next()) {
codeState = resultSet.getString(8);
authorizedUser = resultSet.getString(1);
userstoreDomain = resultSet.getString(2);
tenantId = resultSet.getInt(3);
tenantDomain = OAuth2Util.getTenantDomain(tenantId);
scopeString = resultSet.getString(4);
callbackUrl = resultSet.getString(5);
issuedTime = resultSet.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
validityPeriod = resultSet.getLong(7);
codeId = resultSet.getString(11);
subjectIdentifier = resultSet.getString(12);
pkceCodeChallenge = resultSet.getString(13);
pkceCodeChallengeMethod = resultSet.getString(14);
String authenticatedIDP = null;
if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
authenticatedIDP = resultSet.getString(15);
}
user = OAuth2Util.createAuthenticatedUser(authorizedUser, userstoreDomain, tenantDomain, authenticatedIDP);
ServiceProvider serviceProvider;
try {
serviceProvider = OAuth2ServiceComponentHolder.getApplicationMgtService().getServiceProviderByClientId(consumerKey, OAuthConstants.Scope.OAUTH2, tenantDomain);
} catch (IdentityApplicationManagementException e) {
throw new IdentityOAuth2Exception("Error occurred while retrieving OAuth2 application data " + "for client id " + consumerKey, e);
}
user.setAuthenticatedSubjectIdentifier(subjectIdentifier, serviceProvider);
String tokenId = resultSet.getString(9);
String tokenBindingReference = NONE;
if (StringUtils.isNotBlank(tokenId)) {
tokenBindingReference = getTokenBindingReference(connection, tokenId, tenantId);
}
// for on demand scope migration.
if (StringUtils.isBlank(scopeString)) {
List<String> scopes = getAuthorizationCodeScopes(connection, codeId, tenantId);
scopeString = OAuth2Util.buildScopeString(scopes.toArray(new String[0]));
}
AuthzCodeDO codeDo = createAuthzCodeDo(consumerKey, authorizationKey, user, codeState, scopeString, callbackUrl, codeId, pkceCodeChallenge, pkceCodeChallengeMethod, issuedTime, validityPeriod, tokenBindingReference);
result = new AuthorizationCodeValidationResult(codeDo, tokenId);
}
return result;
} catch (SQLException e) {
throw new IdentityOAuth2Exception("Error when validating an authorization code", e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, resultSet, prepStmt);
}
}
Also used :
SQLException(java.sql.SQLException)
IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)
Connection(java.sql.Connection)
PreparedStatement(java.sql.PreparedStatement)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
Timestamp(java.sql.Timestamp)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider)
ResultSet(java.sql.ResultSet)
AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)
Example 2 with AuthorizationCodeValidationResult
use of org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeValidationResult in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationCodeGrantHandler method getPersistedAuthzCode.
/**
* Provides authorization code request details saved in cache or DB
* @param tokenReqDTO
* @return
* @throws IdentityOAuth2Exception
*/
private AuthzCodeDO getPersistedAuthzCode(OAuth2AccessTokenReqDTO tokenReqDTO) throws IdentityOAuth2Exception {
AuthzCodeDO authzCodeDO;
// If cache is enabled, check in the cache first.
if (cacheEnabled) {
OAuthCacheKey cacheKey = new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForAuthzCode(tokenReqDTO.getClientId(), tokenReqDTO.getAuthorizationCode()));
authzCodeDO = (AuthzCodeDO) OAuthCache.getInstance().getValueFromCache(cacheKey);
if (authzCodeDO != null) {
return authzCodeDO;
} else {
if (log.isDebugEnabled()) {
log.debug("Authorization Code Info was not available in cache for client id : " + tokenReqDTO.getClientId());
}
}
}
if (log.isDebugEnabled()) {
log.debug("Retrieving authorization code information from db for client id : " + tokenReqDTO.getClientId());
}
AuthorizationCodeValidationResult validationResult = OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().validateAuthorizationCode(tokenReqDTO.getClientId(), tokenReqDTO.getAuthorizationCode());
if (validationResult != null) {
if (!validationResult.isActiveCode()) {
String tokenAlias = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokenByTokenId(validationResult.getTokenId());
// revoking access token issued for authorization code as per RFC 6749 Section 4.1.2
revokeExistingAccessTokens(validationResult.getTokenId(), validationResult.getAuthzCodeDO());
clearTokenCache(tokenAlias, validationResult.getTokenId());
String scope = OAuth2Util.buildScopeString(validationResult.getAuthzCodeDO().getScope());
OAuthUtil.clearOAuthCache(tokenReqDTO.getClientId(), validationResult.getAuthzCodeDO().getAuthorizedUser(), scope);
}
return validationResult.getAuthzCodeDO();
} else {
// layers expect a null value for an invalid authorization code.
return null;
}
}
Also used :
OAuthCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthCacheKey)
AuthorizationCodeValidationResult(org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeValidationResult)
AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)
Aggregations
AuthzCodeDO (org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)2
Connection (java.sql.Connection)1
PreparedStatement (java.sql.PreparedStatement)1
ResultSet (java.sql.ResultSet)1
SQLException (java.sql.SQLException)1
Timestamp (java.sql.Timestamp)1
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)1
IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)1
ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)1
OAuthCacheKey (org.wso2.carbon.identity.oauth.cache.OAuthCacheKey)1
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)1
AuthorizationCodeValidationResult (org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeValidationResult)1
