Search in sources :

Example 11 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListener method removeEntriesFromCache.

private void removeEntriesFromCache(Set<String> consumerKeys) throws IdentityOAuth2Exception {
    if (isNotEmpty(consumerKeys)) {
        Set<AccessTokenDO> accessTokenDOSet = new HashSet<>();
        Set<AuthzCodeDO> authzCodeDOSet = new HashSet<>();
        AppInfoCache appInfoCache = AppInfoCache.getInstance();
        for (String oauthKey : consumerKeys) {
            accessTokenDOSet.addAll(OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getActiveTokenSetWithTokenIdByConsumerKeyForOpenidScope(oauthKey));
            authzCodeDOSet.addAll(OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().getAuthorizationCodeDOSetByConsumerKeyForOpenidScope(oauthKey));
            // Remove client credential from AppInfoCache
            appInfoCache.clearCacheEntry(oauthKey);
            OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(oauthKey));
        }
        if (isNotEmpty(accessTokenDOSet)) {
            clearCacheEntriesAgainstToken(accessTokenDOSet);
        }
        if (isNotEmpty(authzCodeDOSet)) {
            clearCacheEntriesAgainstAuthzCode(authzCodeDOSet);
        }
    }
}
Also used : AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) AppInfoCache(org.wso2.carbon.identity.oauth.cache.AppInfoCache) OAuthCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthCacheKey) AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO) HashSet(java.util.HashSet)

Example 12 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthApplicationMgtListener method clearCacheEntriesAgainstAuthzCode.

private void clearCacheEntriesAgainstAuthzCode(Set<AuthzCodeDO> authzCodeDOSet) {
    for (AuthzCodeDO authzCodeDO : authzCodeDOSet) {
        // Remove authorization code from AuthorizationGrantCache
        AuthorizationGrantCacheKey grantCacheKey = new AuthorizationGrantCacheKey(authzCodeDO.getAuthorizationCode());
        AuthorizationGrantCache.getInstance().clearCacheEntryByCodeId(grantCacheKey, authzCodeDO.getAuthzCodeId());
        // Remove authorization code from OAuthCache
        OAuthCacheKey oauthCacheKey = new OAuthCacheKey(authzCodeDO.getAuthorizationCode());
        CacheEntry oauthCacheEntry = OAuthCache.getInstance().getValueFromCache(oauthCacheKey);
        if (oauthCacheEntry != null) {
            OAuthCache.getInstance().clearCacheEntry(oauthCacheKey);
        }
    }
}
Also used : OAuthCacheKey(org.wso2.carbon.identity.oauth.cache.OAuthCacheKey) AuthorizationGrantCacheKey(org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey) AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO) CacheEntry(org.wso2.carbon.identity.oauth.cache.CacheEntry)

Example 13 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthTenantMgtListenerImpl method clearTokenData.

private void clearTokenData(int tenantId) throws StratosException {
    try {
        Set<AccessTokenDO> accessTokenDOs = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokensByTenant(tenantId);
        Map<String, AccessTokenDO> latestAccessTokens = new HashMap<>();
        for (AccessTokenDO accessTokenDO : accessTokenDOs) {
            String keyString = accessTokenDO.getConsumerKey() + ":" + accessTokenDO.getAuthzUser() + ":" + OAuth2Util.buildScopeString(accessTokenDO.getScope()) + ":" + accessTokenDO.getAuthzUser().getFederatedIdPName();
            AccessTokenDO accessTokenDOFromMap = latestAccessTokens.get(keyString);
            if (accessTokenDOFromMap != null) {
                if (accessTokenDOFromMap.getIssuedTime().before(accessTokenDO.getIssuedTime())) {
                    latestAccessTokens.put(keyString, accessTokenDO);
                }
            } else {
                latestAccessTokens.put(keyString, accessTokenDO);
            }
            // Clear cache
            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()));
            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser());
            OAuthUtil.clearOAuthCache(accessTokenDO);
        }
        ArrayList<String> tokensToRevoke = new ArrayList<>();
        for (Map.Entry entry : latestAccessTokens.entrySet()) {
            tokensToRevoke.add(((AccessTokenDO) entry.getValue()).getAccessToken());
        }
        OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(tokensToRevoke.toArray(new String[tokensToRevoke.size()]), OAuth2Util.isHashEnabled());
        List<AuthzCodeDO> latestAuthzCodes = OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().getLatestAuthorizationCodesByTenant(tenantId);
        for (AuthzCodeDO authzCodeDO : latestAuthzCodes) {
            // remove the authorization code from the cache
            OAuthUtil.clearOAuthCache(authzCodeDO.getConsumerKey() + ":" + authzCodeDO.getAuthorizationCode());
        }
        OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().deactivateAuthorizationCodes(latestAuthzCodes);
    } catch (IdentityOAuth2Exception e) {
        throw new StratosException("Error occurred while revoking the access tokens in tenant " + tenantId, e);
    }
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) StratosException(org.wso2.carbon.stratos.common.exception.StratosException) AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO) HashMap(java.util.HashMap) Map(java.util.Map)

Example 14 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuthUserStoreConfigListenerImpl method revokeTokens.

private void revokeTokens(int tenantId, String userStoreName) throws UserStoreException {
    try {
        Set<AccessTokenDO> accessTokenDOs = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokensOfUserStore(tenantId, userStoreName);
        Map<String, AccessTokenDO> latestAccessTokens = new HashMap<>();
        for (AccessTokenDO accessTokenDO : accessTokenDOs) {
            String keyString = accessTokenDO.getConsumerKey() + ":" + accessTokenDO.getAuthzUser() + ":" + OAuth2Util.buildScopeString(accessTokenDO.getScope()) + ":" + accessTokenDO.getAuthzUser().getFederatedIdPName();
            AccessTokenDO accessTokenDOFromMap = latestAccessTokens.get(keyString);
            if (accessTokenDOFromMap != null) {
                if (accessTokenDOFromMap.getIssuedTime().before(accessTokenDO.getIssuedTime())) {
                    latestAccessTokens.put(keyString, accessTokenDO);
                }
            } else {
                latestAccessTokens.put(keyString, accessTokenDO);
            }
            // Clear cache
            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()));
            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser());
            OAuthUtil.clearOAuthCache(accessTokenDO);
        }
        ArrayList<String> tokensToRevoke = new ArrayList<>();
        for (Map.Entry entry : latestAccessTokens.entrySet()) {
            tokensToRevoke.add(((AccessTokenDO) entry.getValue()).getAccessToken());
        }
        if (!tokensToRevoke.isEmpty()) {
            OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(tokensToRevoke.toArray(new String[tokensToRevoke.size()]), OAuth2Util.isHashEnabled());
        }
        List<AuthzCodeDO> latestAuthzCodes = OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().getLatestAuthorizationCodesByUserStore(tenantId, userStoreName);
        if (!latestAuthzCodes.isEmpty()) {
            for (AuthzCodeDO authzCodeDO : latestAuthzCodes) {
                // remove the authorization code from the cache
                OAuthUtil.clearOAuthCache(authzCodeDO.getConsumerKey() + ":" + authzCodeDO.getAuthorizationCode());
            }
            OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().deactivateAuthorizationCodes(latestAuthzCodes);
        }
    } catch (IdentityOAuth2Exception e) {
        throw new UserStoreException("Error occurred while revoking Access Token of user store : " + userStoreName + " in tenant :" + tenantId, e);
    }
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) AccessTokenDO(org.wso2.carbon.identity.oauth2.model.AccessTokenDO) IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO) HashMap(java.util.HashMap) Map(java.util.Map)

Example 15 with AuthzCodeDO

use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.

the class AuthorizationCodeDAOImplTest method testGetAuthorizationCodeDOSetByConsumerKeyForOpenidScope.

@Test
public void testGetAuthorizationCodeDOSetByConsumerKeyForOpenidScope() throws Exception {
    String consumerKey1 = UUID.randomUUID().toString();
    String authzCodeID1 = UUID.randomUUID().toString();
    String authzCode1 = UUID.randomUUID().toString();
    String consumerKey2 = UUID.randomUUID().toString();
    String authzCodeID2 = UUID.randomUUID().toString();
    String authzCode2 = UUID.randomUUID().toString();
    mockStatic(OAuth2Util.class);
    when(getTenantId(anyString())).thenReturn(DEFAULT_TENANT_ID);
    persistAuthorizationCode(consumerKey1, authzCodeID1, authzCode1, OAuthConstants.AuthorizationCodeState.ACTIVE);
    String[] tempScope = new String[] { "sms", "email" };
    AuthzCodeDO authzCodeDO = persistAuthorizationCodeWithModifiedScope(consumerKey2, authzCodeID2, authzCode2, OAuthConstants.AuthorizationCodeState.ACTIVE, tempScope);
    Assert.assertTrue(authorizationCodeDAO.getAuthorizationCodeDOSetByConsumerKeyForOpenidScope(authzCodeDO.getConsumerKey()).isEmpty());
}
Also used : Matchers.anyString(org.mockito.Matchers.anyString) AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO) Test(org.testng.annotations.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) PowerMockIdentityBaseTest(org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)

Aggregations

AuthzCodeDO (org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)38 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)18 Test (org.testng.annotations.Test)11 Connection (java.sql.Connection)8 PreparedStatement (java.sql.PreparedStatement)8 SQLException (java.sql.SQLException)8 Timestamp (java.sql.Timestamp)8 Matchers.anyString (org.mockito.Matchers.anyString)8 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)8 AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)8 PowerMockIdentityBaseTest (org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)8 ArrayList (java.util.ArrayList)7 AccessTokenDO (org.wso2.carbon.identity.oauth2.model.AccessTokenDO)6 ResultSet (java.sql.ResultSet)5 HashMap (java.util.HashMap)5 OAuthCacheKey (org.wso2.carbon.identity.oauth.cache.OAuthCacheKey)5 HashSet (java.util.HashSet)4 OAuthTokenReqMessageContext (org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext)4 Map (java.util.Map)3 DataProvider (org.testng.annotations.DataProvider)3