Example 36 with AuthzCodeDO
use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationCodeDAOImpl method getLatestAuthorizationCodesByTenant.
@Override
public List<AuthzCodeDO> getLatestAuthorizationCodesByTenant(int tenantId) throws IdentityOAuth2Exception {
if (log.isDebugEnabled()) {
log.debug("Retrieving latest authorization codes of tenant id: " + tenantId);
}
// we do not support access token partitioning here
Connection connection = IdentityDatabaseUtil.getDBConnection(false);
PreparedStatement ps = null;
ResultSet rs = null;
List<AuthzCodeDO> latestAuthzCodes = new ArrayList<>();
try {
String sqlQuery;
if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
sqlQuery = SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_TENANT_IDP_NAME;
} else {
sqlQuery = SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_TENANT;
}
ps = connection.prepareStatement(sqlQuery);
ps.setInt(1, tenantId);
rs = ps.executeQuery();
while (rs.next()) {
String authzCodeId = rs.getString(1);
String authzCode = rs.getString(2);
String consumerKey = rs.getString(3);
String authzUser = rs.getString(4);
String[] scope = OAuth2Util.buildScopeArray(rs.getString(5));
Timestamp issuedTime = rs.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
long validityPeriodInMillis = rs.getLong(7);
String callbackUrl = rs.getString(8);
String userStoreDomain = rs.getString(9);
String authenticatedIDP = null;
if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
authenticatedIDP = rs.getString(10);
}
AuthenticatedUser user = OAuth2Util.createAuthenticatedUser(authzUser, userStoreDomain, OAuth2Util.getTenantDomain(tenantId), authenticatedIDP);
// for on demand scope migration.
if (ArrayUtils.isEmpty(scope)) {
List<String> authorizationCodeScopes = getAuthorizationCodeScopes(connection, authzCodeId, tenantId);
scope = authorizationCodeScopes.toArray(new String[0]);
}
latestAuthzCodes.add(new AuthzCodeDO(user, scope, issuedTime, validityPeriodInMillis, callbackUrl, consumerKey, authzCode, authzCodeId));
}
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(connection);
throw new IdentityOAuth2Exception("Error occurred while retrieving latest authorization codes of tenant " + ":" + tenantId, e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, rs, ps);
}
return latestAuthzCodes;
}
Also used :
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ArrayList(java.util.ArrayList)
PreparedStatement(java.sql.PreparedStatement)
Timestamp(java.sql.Timestamp)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
ResultSet(java.sql.ResultSet)
AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)
Example 37 with AuthzCodeDO
use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationCodeDAOImpl method getLatestAuthorizationCodesByUserStore.
@Override
public List<AuthzCodeDO> getLatestAuthorizationCodesByUserStore(int tenantId, String userStorDomain) throws IdentityOAuth2Exception {
if (log.isDebugEnabled()) {
log.debug("Retrieving latest authorization codes of userstore: " + userStorDomain + " tenant id: " + tenantId);
}
// we do not support access token partitioning here
Connection connection = IdentityDatabaseUtil.getDBConnection(false);
PreparedStatement ps = null;
ResultSet rs = null;
String userStoreDomain = OAuth2Util.getSanitizedUserStoreDomain(userStorDomain);
List<AuthzCodeDO> latestAuthzCodes = new ArrayList<>();
try {
String sqlQuery;
if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
sqlQuery = SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_USER_DOMAIN_IDP_NAME;
} else {
sqlQuery = SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_USER_DOMAIN;
}
ps = connection.prepareStatement(sqlQuery);
ps.setInt(1, tenantId);
ps.setString(2, userStoreDomain);
rs = ps.executeQuery();
while (rs.next()) {
String authzCodeId = rs.getString(1);
String authzCode = rs.getString(2);
String consumerKey = rs.getString(3);
String authzUser = rs.getString(4);
String[] scope = OAuth2Util.buildScopeArray(rs.getString(5));
Timestamp issuedTime = rs.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
long validityPeriodInMillis = rs.getLong(7);
String callbackUrl = rs.getString(8);
String authenticatedIDP = null;
if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
authenticatedIDP = rs.getString(9);
}
AuthenticatedUser user = OAuth2Util.createAuthenticatedUser(authzUser, userStoreDomain, OAuth2Util.getTenantDomain(tenantId), authenticatedIDP);
// for on demand scope migration.
if (ArrayUtils.isEmpty(scope)) {
List<String> scopes = getAuthorizationCodeScopes(connection, authzCodeId, tenantId);
scope = scopes.toArray(new String[0]);
}
latestAuthzCodes.add(new AuthzCodeDO(user, scope, issuedTime, validityPeriodInMillis, callbackUrl, consumerKey, authzCode, authzCodeId));
}
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(connection);
throw new IdentityOAuth2Exception("Error occurred while retrieving latest authorization codes of user " + "store : " + userStoreDomain + " in tenant :" + tenantId, e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, rs, ps);
}
return latestAuthzCodes;
}
Also used :
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ArrayList(java.util.ArrayList)
PreparedStatement(java.sql.PreparedStatement)
Timestamp(java.sql.Timestamp)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
ResultSet(java.sql.ResultSet)
AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)
Example 38 with AuthzCodeDO
use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationCodeDAOImpl method deactivateAuthorizationCodes.
@Override
public void deactivateAuthorizationCodes(List<AuthzCodeDO> authzCodeDOs) throws IdentityOAuth2Exception {
Connection connection = IdentityDatabaseUtil.getDBConnection();
PreparedStatement prepStmt = null;
boolean deactivateAuthorizationCode;
if (log.isDebugEnabled()) {
if (IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.AUTHORIZATION_CODE)) {
StringBuilder stringBuilder = new StringBuilder();
for (AuthzCodeDO authzCodeDO : authzCodeDOs) {
stringBuilder.append("Deactivating authorization code(hashed): ").append(DigestUtils.sha256Hex(authzCodeDO.getAuthorizationCode())).append(" client: ").append(authzCodeDO.getConsumerKey()).append(" user: ").append(authzCodeDO.getAuthorizedUser().getLoggableUserId()).append("\n");
}
log.debug(stringBuilder.toString());
} else {
StringBuilder stringBuilder = new StringBuilder();
for (AuthzCodeDO authzCodeDO : authzCodeDOs) {
stringBuilder.append("Deactivating authorization code client: ").append(authzCodeDO.getConsumerKey()).append(" user: ").append(authzCodeDO.getAuthorizedUser().getLoggableUserId()).append("\n");
}
log.debug(stringBuilder.toString());
}
}
try {
prepStmt = connection.prepareStatement(SQLQueries.DEACTIVATE_AUTHZ_CODE_AND_INSERT_CURRENT_TOKEN);
for (AuthzCodeDO authzCodeDO : authzCodeDOs) {
prepStmt.setString(1, authzCodeDO.getOauthTokenId());
prepStmt.setString(2, getHashingPersistenceProcessor().getProcessedAuthzCode(authzCodeDO.getAuthorizationCode()));
prepStmt.addBatch();
}
prepStmt.executeBatch();
IdentityDatabaseUtil.commitTransaction(connection);
deactivateAuthorizationCode = true;
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(connection);
throw new IdentityOAuth2Exception("Error when deactivating authorization code", e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, null, prepStmt);
}
if (deactivateAuthorizationCode) {
// To revoke request objects which are persisted against the code.
OAuth2TokenUtil.postRevokeCodes(authzCodeDOs, OAuthConstants.AuthorizationCodeState.INACTIVE);
}
}
Also used :
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
PreparedStatement(java.sql.PreparedStatement)
AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)
Example 39 with AuthzCodeDO
use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationCodeDAOImpl method getAuthorizationCodeDOSetByConsumerKeyForOpenidScope.
/**
* This method will retrieve the authorization code and code id from the IDN_OAUTH2_AUTHORIZATION_CODE table and
* return as a dataobject.
* @param consumerKey client id
* @return authorization code data object
* @throws IdentityOAuth2Exception
*/
public Set<AuthzCodeDO> getAuthorizationCodeDOSetByConsumerKeyForOpenidScope(String consumerKey) throws IdentityOAuth2Exception {
if (log.isDebugEnabled()) {
log.debug("Retrieving active authorization code data objects for client: " + consumerKey);
}
Connection connection = IdentityDatabaseUtil.getDBConnection();
PreparedStatement ps = null;
ResultSet rs = null;
Set<AuthzCodeDO> authzCodeDOs = new HashSet<>();
String sqlQuery = SQLQueries.GET_DETAILED_ACTIVE_AUTHORIZATION_CODES_FOR_CONSUMER_KEY;
try {
ps = connection.prepareStatement(sqlQuery);
ps.setString(1, consumerKey);
ps.setString(2, OAuthConstants.AuthorizationCodeState.ACTIVE);
rs = ps.executeQuery();
while (rs.next()) {
AuthzCodeDO authzCodeDO = new AuthzCodeDO();
String authzCode = getPersistenceProcessor().getPreprocessedAuthzCode(rs.getString(1));
String codeId = rs.getString(2);
Timestamp timeCreated = rs.getTimestamp(3, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
long issuedTimeInMillis = timeCreated.getTime();
long validityPeriodInMillis = rs.getLong(4);
String[] scope = OAuth2Util.buildScopeArray(rs.getString(5));
authzCodeDO.setAuthorizationCode(authzCode);
authzCodeDO.setAuthzCodeId(codeId);
if (isActiveAuthzCodeIssuedForOidcFlow(scope, issuedTimeInMillis, validityPeriodInMillis)) {
if (isHashDisabled) {
authzCodeDOs.add(authzCodeDO);
}
}
}
connection.commit();
} catch (SQLException e) {
IdentityDatabaseUtil.rollBack(connection);
throw new IdentityOAuth2Exception("Error occurred while getting authorization codes and code ids from " + "authorization code " + "table for the application with consumer key : " + consumerKey, e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, rs, ps);
}
return authzCodeDOs;
}
Also used :
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)
Timestamp(java.sql.Timestamp)
HashSet(java.util.HashSet)
Example 40 with AuthzCodeDO
use of org.wso2.carbon.identity.oauth2.model.AuthzCodeDO in project identity-inbound-auth-oauth by wso2-extensions.
the class AuthorizationCodeDAOImpl method getAuthorizationCodesByUserForOpenidScope.
/**
* Returns the set of Authorization codes issued for the user.
*
* @param authenticatedUser Authenticated user object.
* @return Authorization Codes as a list of AuthzCodeDO.
* @throws IdentityOAuth2Exception If any errors occurred.
*/
@Override
public List<AuthzCodeDO> getAuthorizationCodesByUserForOpenidScope(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
if (log.isDebugEnabled()) {
log.debug("Retrieving authorization codes of user: " + authenticatedUser.toString());
}
Connection connection = IdentityDatabaseUtil.getDBConnection();
PreparedStatement ps = null;
ResultSet rs;
List<AuthzCodeDO> authorizationCodes = new ArrayList<>();
String authzUser = authenticatedUser.getUserName();
String tenantDomain = authenticatedUser.getTenantDomain();
String userStoreDomain = authenticatedUser.getUserStoreDomain();
boolean isUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
try {
String sqlQuery = SQLQueries.GET_OPEN_ID_AUTHORIZATION_CODE_DATA_BY_AUTHZUSER;
if (!isUsernameCaseSensitive) {
sqlQuery = sqlQuery.replace(AUTHZ_USER, LOWER_AUTHZ_USER);
}
ps = connection.prepareStatement(sqlQuery);
if (isUsernameCaseSensitive) {
ps.setString(1, authzUser);
} else {
ps.setString(1, authzUser.toLowerCase());
}
ps.setInt(2, OAuth2Util.getTenantId(tenantDomain));
ps.setString(3, userStoreDomain);
ps.setString(4, OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE);
rs = ps.executeQuery();
while (rs.next()) {
long validityPeriodInMillis = rs.getLong(3);
Timestamp timeCreated = rs.getTimestamp(2, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
long issuedTimeInMillis = timeCreated.getTime();
String authorizationCode = rs.getString(1);
String authzCodeId = rs.getString(4);
String[] scope = OAuth2Util.buildScopeArray(rs.getString(5));
String callbackUrl = rs.getString(6);
String consumerKey = rs.getString(7);
String idpName = rs.getString(8);
AuthenticatedUser user = OAuth2Util.createAuthenticatedUser(authzUser, userStoreDomain, tenantDomain, idpName);
// Authorization codes issued for openid scope can contain cached claims against them.
if (isAuthorizationCodeIssuedForOpenidScope(scope)) {
// Authorization codes that are in ACTIVE state and not expired should be removed from the cache.
if (OAuth2Util.getTimeToExpire(issuedTimeInMillis, validityPeriodInMillis) > 0) {
if (isHashDisabled) {
authorizationCodes.add(new AuthzCodeDO(user, scope, timeCreated, validityPeriodInMillis, callbackUrl, consumerKey, authorizationCode, authzCodeId));
}
}
}
}
connection.commit();
} catch (SQLException e) {
IdentityDatabaseUtil.rollbackTransaction(connection);
throw new IdentityOAuth2Exception("Error occurred while revoking authorization code with username : " + authenticatedUser.getUserName() + " tenant ID : " + OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()), e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, null, ps);
}
return authorizationCodes;
}
Also used :
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ArrayList(java.util.ArrayList)
PreparedStatement(java.sql.PreparedStatement)
Timestamp(java.sql.Timestamp)
AuthenticatedUser(org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)
IdentityOAuth2Exception(org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)
ResultSet(java.sql.ResultSet)
AuthzCodeDO(org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)
Aggregations
AuthzCodeDO (org.wso2.carbon.identity.oauth2.model.AuthzCodeDO)38
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)18
Test (org.testng.annotations.Test)11
Connection (java.sql.Connection)8
PreparedStatement (java.sql.PreparedStatement)8
SQLException (java.sql.SQLException)8
Timestamp (java.sql.Timestamp)8
Matchers.anyString (org.mockito.Matchers.anyString)8
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)8
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)8
PowerMockIdentityBaseTest (org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest)8
ArrayList (java.util.ArrayList)7
AccessTokenDO (org.wso2.carbon.identity.oauth2.model.AccessTokenDO)6
ResultSet (java.sql.ResultSet)5
HashMap (java.util.HashMap)5
OAuthCacheKey (org.wso2.carbon.identity.oauth.cache.OAuthCacheKey)5
HashSet (java.util.HashSet)4
OAuthTokenReqMessageContext (org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext)4
Map (java.util.Map)3
DataProvider (org.testng.annotations.DataProvider)3
