use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project carbon-identity-framework by wso2.
the class JSONRequestParser method parse.
/**
* Static method that will convert a XACML JSON Request to a <code>{@link RequestCtx}</code> instance
*
* @param jsonRequest <code>String</code> with JSON request
* @return <code>{@link RequestCtx}</code> instance that can be used to evaluate on Balana
* @throws JsonParseException <code>{@link JsonParseException}</code>
* @throws RequestParseException <code>{@link RequestParseException}</code>
* @throws UnknownIdentifierException <code>{@link UnknownIdentifierException}</code>
*/
public static RequestCtx parse(String jsonRequest) throws JsonParseException, RequestParseException, UnknownIdentifierException {
JsonObject requestObject = null;
Set<Attributes> categories = new HashSet<>();
boolean returnPolicyIdList = false;
boolean combinedDecision = false;
MultiRequests multiRequests = null;
RequestDefaults requestDefaults = null;
try {
requestObject = gson.fromJson(jsonRequest, JsonObject.class);
requestObject = requestObject.get("Request").getAsJsonObject();
} catch (Exception e) {
throw new JsonParseException("Error in JSON Request String");
}
Set<Map.Entry<String, JsonElement>> jsonAttributes = requestObject.entrySet();
for (Map.Entry<String, JsonElement> jsonAttribute : jsonAttributes) {
if (jsonAttribute.getValue().isJsonPrimitive()) {
switch(jsonAttribute.getKey()) {
case XACMLConstants.RETURN_POLICY_LIST:
if (jsonAttribute.getValue().getAsBoolean() == true) {
returnPolicyIdList = true;
}
break;
case XACMLConstants.COMBINE_DECISION:
if (jsonAttribute.getValue().getAsBoolean() == true) {
combinedDecision = true;
}
break;
case EntitlementEndpointConstants.XPATH_VERSION:
String xPathVersion = jsonAttribute.getValue().getAsString();
requestDefaults = new RequestDefaults(xPathVersion);
break;
}
} else if (!jsonAttribute.getValue().isJsonNull()) {
JsonObject jsonCategory = null;
if (jsonAttribute.getValue().isJsonObject()) {
jsonCategory = jsonAttribute.getValue().getAsJsonObject();
jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
} else if (jsonAttribute.getValue().isJsonArray()) {
for (JsonElement jsonElement : jsonAttribute.getValue().getAsJsonArray()) {
jsonCategory = jsonElement.getAsJsonObject();
jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
}
} else if (EntitlementEndpointConstants.MULTI_REQUESTS.equals(jsonAttribute.getKey())) {
Set<Map.Entry<String, JsonElement>> jsonRequestReferences = jsonCategory.entrySet();
Set<RequestReference> requestReferences = new HashSet<>();
if (jsonRequestReferences.isEmpty()) {
throw new RequestParseException("MultiRequest should contain at least one Reference Request");
}
for (Map.Entry<String, JsonElement> jsonRequstReference : jsonRequestReferences) {
requestReferences.add(jsonObjectToRequestReference(jsonRequstReference.getValue().getAsJsonObject()));
}
multiRequests = new MultiRequests(requestReferences);
}
}
}
return new RequestCtx(null, categories, returnPolicyIdList, combinedDecision, multiRequests, requestDefaults);
}
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpointTest method provideRequestObject.
@DataProvider(name = "provideRequestObject")
public Object[][] provideRequestObject() {
List<String> claimValues = Arrays.asList("test", "test1", "test2");
String claimValue = "test";
RequestObject requestObjectWithValue = new RequestObject();
Map<String, List<RequestedClaim>> claimsforRequestParameter = new HashMap<>();
RequestedClaim requestedClaim = new RequestedClaim();
requestedClaim.setName(OAuthConstants.ACR);
requestedClaim.setValue(claimValue);
requestedClaim.setEssential(true);
claimsforRequestParameter.put(OIDCConstants.ID_TOKEN, Collections.singletonList(requestedClaim));
requestObjectWithValue.setRequestedClaims(claimsforRequestParameter);
RequestObject requestObjectWithValues = new RequestObject();
requestedClaim = new RequestedClaim();
requestedClaim.setName(OAuthConstants.ACR);
requestedClaim.setEssential(true);
claimsforRequestParameter = new HashMap<>();
requestedClaim.setValues(claimValues);
claimsforRequestParameter.put(OIDCConstants.ID_TOKEN, Collections.singletonList(requestedClaim));
requestObjectWithValues.setRequestedClaims(claimsforRequestParameter);
return new Object[][] { { null, null }, { new RequestObject(), null }, { requestObjectWithValue, Collections.singletonList(claimValue) }, { requestObjectWithValues, claimValues } };
}
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpointTest method testGetAcrValues.
@Test(dataProvider = "provideRequestObject", description = "This test case tests the flow when the request object" + " includes acr claims")
public void testGetAcrValues(Object requestObject, List<String> expectedAcrValues) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
Method method = authzEndpointObject.getClass().getDeclaredMethod("getAcrValues", RequestObject.class);
method.setAccessible(true);
Object acrValues = method.invoke(authzEndpointObject, requestObject);
Assert.assertEquals(acrValues, expectedAcrValues, "Actual ACR values does not match with expected ACR values");
}
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleRequestObject.
private void handleRequestObject(OAuthMessage oAuthMessage, OAuthAuthzRequest oauthRequest, OAuth2Parameters parameters) throws RequestObjectException, InvalidRequestException {
RequestObject requestObject = OIDCRequestObjectUtil.buildRequestObject(oauthRequest, parameters);
if (requestObject == null) {
throw new RequestObjectException(OAuth2ErrorCodes.INVALID_REQUEST, "Unable to build a valid Request " + "Object from the authorization request.");
}
/*
When the request parameter is used, the OpenID Connect request parameter values contained in the JWT
supersede those passed using the OAuth 2.0 request syntax
*/
overrideAuthzParameters(oAuthMessage, parameters, oauthRequest.getParam(REQUEST), oauthRequest.getParam(REQUEST_URI), requestObject);
// so validating if the registered redirect uri is a single uri that can be properly redirected.
if (StringUtils.isBlank(parameters.getRedirectURI()) || StringUtils.startsWith(parameters.getRedirectURI(), REGEX_PATTERN)) {
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, "Redirect URI is not present in the authorization request.", "validate-input-parameters", null);
throw new InvalidRequestException("Redirect URI is not present in the authorization request.", OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_REDIRECT_URI);
}
persistRequestObject(parameters, requestObject);
}
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2CibaEndpoint method validateAuthenticationRequest.
/**
* Validate whether Request JWT is in proper formatting.
*
* @param authRequest CIBA Authentication Request as a String.
* @throws CibaAuthFailureException CIBA Authentication Failed Exception.
*/
private void validateAuthenticationRequest(String authRequest, String clientId) throws CibaAuthFailureException {
// Validation for the proper formatting of signedJWT.
cibaAuthRequestValidator.validateRequest(authRequest);
// Validation for the client.
cibaAuthRequestValidator.validateClient(authRequest, clientId);
// Validation for the userHint.
cibaAuthRequestValidator.validateUserHint(authRequest);
// Validate Authentication request.
cibaAuthRequestValidator.validateAuthRequestParams(authRequest);
try {
RequestObject requestObject;
RequestObjectBuilder requestObjectBuilder;
requestObjectBuilder = OAuthServerConfiguration.getInstance().getRequestObjectBuilders().get(REQUEST_PARAM_VALUE_BUILDER);
OAuth2Parameters parameters = new OAuth2Parameters();
parameters.setClientId(clientId);
parameters.setTenantDomain(getSpTenantDomain(clientId));
if (requestObjectBuilder == null) {
String error = "Unable to build the OIDC Request Object";
throw new CibaAuthFailureException(OAuth2ErrorCodes.SERVER_ERROR, error);
}
requestObject = requestObjectBuilder.buildRequestObject(authRequest, parameters);
RequestObjectValidator requestObjectValidator = OAuthServerConfiguration.getInstance().getCIBARequestObjectValidator();
OIDCRequestObjectUtil.validateRequestObjectSignature(parameters, requestObject, requestObjectValidator);
if (!requestObjectValidator.validateRequestObject(requestObject, parameters)) {
throw new CibaAuthFailureException(OAuth2ErrorCodes.INVALID_REQUEST, "Invalid parameters " + "found in the Request Object.");
}
} catch (InvalidRequestException | RequestObjectException e) {
if (log.isDebugEnabled()) {
log.debug(OAuth2ErrorCodes.INVALID_REQUEST, e);
}
throw new CibaAuthFailureException(OAuth2ErrorCodes.INVALID_REQUEST, e.getMessage());
}
}
Aggregations