Example 1 with RequestObject
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project carbon-identity-framework by wso2.
the class JSONRequestParser method parse.
/**
* Static method that will convert a XACML JSON Request to a <code>{@link RequestCtx}</code> instance
*
* @param jsonRequest <code>String</code> with JSON request
* @return <code>{@link RequestCtx}</code> instance that can be used to evaluate on Balana
* @throws JsonParseException <code>{@link JsonParseException}</code>
* @throws RequestParseException <code>{@link RequestParseException}</code>
* @throws UnknownIdentifierException <code>{@link UnknownIdentifierException}</code>
*/
public static RequestCtx parse(String jsonRequest) throws JsonParseException, RequestParseException, UnknownIdentifierException {
JsonObject requestObject = null;
Set<Attributes> categories = new HashSet<>();
boolean returnPolicyIdList = false;
boolean combinedDecision = false;
MultiRequests multiRequests = null;
RequestDefaults requestDefaults = null;
try {
requestObject = gson.fromJson(jsonRequest, JsonObject.class);
requestObject = requestObject.get("Request").getAsJsonObject();
} catch (Exception e) {
throw new JsonParseException("Error in JSON Request String");
}
Set<Map.Entry<String, JsonElement>> jsonAttributes = requestObject.entrySet();
for (Map.Entry<String, JsonElement> jsonAttribute : jsonAttributes) {
if (jsonAttribute.getValue().isJsonPrimitive()) {
switch(jsonAttribute.getKey()) {
case XACMLConstants.RETURN_POLICY_LIST:
if (jsonAttribute.getValue().getAsBoolean() == true) {
returnPolicyIdList = true;
}
break;
case XACMLConstants.COMBINE_DECISION:
if (jsonAttribute.getValue().getAsBoolean() == true) {
combinedDecision = true;
}
break;
case EntitlementEndpointConstants.XPATH_VERSION:
String xPathVersion = jsonAttribute.getValue().getAsString();
requestDefaults = new RequestDefaults(xPathVersion);
break;
}
} else if (!jsonAttribute.getValue().isJsonNull()) {
JsonObject jsonCategory = null;
if (jsonAttribute.getValue().isJsonObject()) {
jsonCategory = jsonAttribute.getValue().getAsJsonObject();
jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
} else if (jsonAttribute.getValue().isJsonArray()) {
for (JsonElement jsonElement : jsonAttribute.getValue().getAsJsonArray()) {
jsonCategory = jsonElement.getAsJsonObject();
jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
}
} else if (EntitlementEndpointConstants.MULTI_REQUESTS.equals(jsonAttribute.getKey())) {
Set<Map.Entry<String, JsonElement>> jsonRequestReferences = jsonCategory.entrySet();
Set<RequestReference> requestReferences = new HashSet<>();
if (jsonRequestReferences.isEmpty()) {
throw new RequestParseException("MultiRequest should contain at least one Reference Request");
}
for (Map.Entry<String, JsonElement> jsonRequstReference : jsonRequestReferences) {
requestReferences.add(jsonObjectToRequestReference(jsonRequstReference.getValue().getAsJsonObject()));
}
multiRequests = new MultiRequests(requestReferences);
}
}
}
return new RequestCtx(null, categories, returnPolicyIdList, combinedDecision, multiRequests, requestDefaults);
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
Attributes(org.wso2.balana.xacml3.Attributes)
JsonObject(com.google.gson.JsonObject)
MultiRequests(org.wso2.balana.xacml3.MultiRequests)
RequestDefaults(org.wso2.balana.xacml3.RequestDefaults)
JsonParseException(com.google.gson.JsonParseException)
JsonParseException(com.google.gson.JsonParseException)
RequestParseException(org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException)
UnknownIdentifierException(org.wso2.balana.UnknownIdentifierException)
RequestParseException(org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException)
JsonElement(com.google.gson.JsonElement)
Map(java.util.Map)
HashSet(java.util.HashSet)
RequestCtx(org.wso2.balana.ctx.xacml3.RequestCtx)
Example 2 with RequestObject
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpointTest method provideRequestObject.
@DataProvider(name = "provideRequestObject")
public Object[][] provideRequestObject() {
List<String> claimValues = Arrays.asList("test", "test1", "test2");
String claimValue = "test";
RequestObject requestObjectWithValue = new RequestObject();
Map<String, List<RequestedClaim>> claimsforRequestParameter = new HashMap<>();
RequestedClaim requestedClaim = new RequestedClaim();
requestedClaim.setName(OAuthConstants.ACR);
requestedClaim.setValue(claimValue);
requestedClaim.setEssential(true);
claimsforRequestParameter.put(OIDCConstants.ID_TOKEN, Collections.singletonList(requestedClaim));
requestObjectWithValue.setRequestedClaims(claimsforRequestParameter);
RequestObject requestObjectWithValues = new RequestObject();
requestedClaim = new RequestedClaim();
requestedClaim.setName(OAuthConstants.ACR);
requestedClaim.setEssential(true);
claimsforRequestParameter = new HashMap<>();
requestedClaim.setValues(claimValues);
claimsforRequestParameter.put(OIDCConstants.ID_TOKEN, Collections.singletonList(requestedClaim));
requestObjectWithValues.setRequestedClaims(claimsforRequestParameter);
return new Object[][] { { null, null }, { new RequestObject(), null }, { requestObjectWithValue, Collections.singletonList(claimValue) }, { requestObjectWithValues, claimValues } };
}
Also used :
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
RequestedClaim(org.wso2.carbon.identity.openidconnect.model.RequestedClaim)
ArrayList(java.util.ArrayList)
List(java.util.List)
Matchers.anyList(org.mockito.Matchers.anyList)
RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)
Matchers.anyString(org.mockito.Matchers.anyString)
RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)
DataProvider(org.testng.annotations.DataProvider)
Example 3 with RequestObject
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpointTest method testGetAcrValues.
@Test(dataProvider = "provideRequestObject", description = "This test case tests the flow when the request object" + " includes acr claims")
public void testGetAcrValues(Object requestObject, List<String> expectedAcrValues) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
Method method = authzEndpointObject.getClass().getDeclaredMethod("getAcrValues", RequestObject.class);
method.setAccessible(true);
Object acrValues = method.invoke(authzEndpointObject, requestObject);
Assert.assertEquals(acrValues, expectedAcrValues, "Actual ACR values does not match with expected ACR values");
}
Also used :
RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)
HttpMethod(javax.ws.rs.HttpMethod)
Method(java.lang.reflect.Method)
Test(org.testng.annotations.Test)
AfterTest(org.testng.annotations.AfterTest)
BeforeTest(org.testng.annotations.BeforeTest)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 4 with RequestObject
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2AuthzEndpoint method handleRequestObject.
private void handleRequestObject(OAuthMessage oAuthMessage, OAuthAuthzRequest oauthRequest, OAuth2Parameters parameters) throws RequestObjectException, InvalidRequestException {
RequestObject requestObject = OIDCRequestObjectUtil.buildRequestObject(oauthRequest, parameters);
if (requestObject == null) {
throw new RequestObjectException(OAuth2ErrorCodes.INVALID_REQUEST, "Unable to build a valid Request " + "Object from the authorization request.");
}
/*
When the request parameter is used, the OpenID Connect request parameter values contained in the JWT
supersede those passed using the OAuth 2.0 request syntax
*/
overrideAuthzParameters(oAuthMessage, parameters, oauthRequest.getParam(REQUEST), oauthRequest.getParam(REQUEST_URI), requestObject);
// so validating if the registered redirect uri is a single uri that can be properly redirected.
if (StringUtils.isBlank(parameters.getRedirectURI()) || StringUtils.startsWith(parameters.getRedirectURI(), REGEX_PATTERN)) {
LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, "Redirect URI is not present in the authorization request.", "validate-input-parameters", null);
throw new InvalidRequestException("Redirect URI is not present in the authorization request.", OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_REDIRECT_URI);
}
persistRequestObject(parameters, requestObject);
}
Also used :
RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException)
InvalidRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException)
RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)
Example 5 with RequestObject
use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.
the class OAuth2CibaEndpoint method validateAuthenticationRequest.
/**
* Validate whether Request JWT is in proper formatting.
*
* @param authRequest CIBA Authentication Request as a String.
* @throws CibaAuthFailureException CIBA Authentication Failed Exception.
*/
private void validateAuthenticationRequest(String authRequest, String clientId) throws CibaAuthFailureException {
// Validation for the proper formatting of signedJWT.
cibaAuthRequestValidator.validateRequest(authRequest);
// Validation for the client.
cibaAuthRequestValidator.validateClient(authRequest, clientId);
// Validation for the userHint.
cibaAuthRequestValidator.validateUserHint(authRequest);
// Validate Authentication request.
cibaAuthRequestValidator.validateAuthRequestParams(authRequest);
try {
RequestObject requestObject;
RequestObjectBuilder requestObjectBuilder;
requestObjectBuilder = OAuthServerConfiguration.getInstance().getRequestObjectBuilders().get(REQUEST_PARAM_VALUE_BUILDER);
OAuth2Parameters parameters = new OAuth2Parameters();
parameters.setClientId(clientId);
parameters.setTenantDomain(getSpTenantDomain(clientId));
if (requestObjectBuilder == null) {
String error = "Unable to build the OIDC Request Object";
throw new CibaAuthFailureException(OAuth2ErrorCodes.SERVER_ERROR, error);
}
requestObject = requestObjectBuilder.buildRequestObject(authRequest, parameters);
RequestObjectValidator requestObjectValidator = OAuthServerConfiguration.getInstance().getCIBARequestObjectValidator();
OIDCRequestObjectUtil.validateRequestObjectSignature(parameters, requestObject, requestObjectValidator);
if (!requestObjectValidator.validateRequestObject(requestObject, parameters)) {
throw new CibaAuthFailureException(OAuth2ErrorCodes.INVALID_REQUEST, "Invalid parameters " + "found in the Request Object.");
}
} catch (InvalidRequestException | RequestObjectException e) {
if (log.isDebugEnabled()) {
log.debug(OAuth2ErrorCodes.INVALID_REQUEST, e);
}
throw new CibaAuthFailureException(OAuth2ErrorCodes.INVALID_REQUEST, e.getMessage());
}
}
Also used :
OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)
RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException)
CibaAuthFailureException(org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException)
RequestObjectBuilder(org.wso2.carbon.identity.openidconnect.RequestObjectBuilder)
InvalidRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException)
RequestObjectValidator(org.wso2.carbon.identity.openidconnect.RequestObjectValidator)
RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)
Aggregations
RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)11
RequestObjectException (org.wso2.carbon.identity.oauth2.RequestObjectException)8
HashMap (java.util.HashMap)5
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)4
BeforeTest (org.testng.annotations.BeforeTest)4
Test (org.testng.annotations.Test)4
OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)4
Map (java.util.Map)3
OAuthServerConfiguration (org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration)3
JsonObject (com.google.gson.JsonObject)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2
Matchers.anyString (org.mockito.Matchers.anyString)2
Property (org.wso2.carbon.identity.application.common.model.Property)2
InvalidRequestException (org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException)2
IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)2
JsonElement (com.google.gson.JsonElement)1
JsonParseException (com.google.gson.JsonParseException)1
JsonParser (com.google.gson.JsonParser)1
