Search in sources :

Example 1 with RequestObject

use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project carbon-identity-framework by wso2.

the class JSONRequestParser method parse.

/**
 * Static method that will convert a XACML JSON Request to a <code>{@link RequestCtx}</code> instance
 *
 * @param jsonRequest <code>String</code> with JSON request
 * @return <code>{@link RequestCtx}</code> instance that can be used to evaluate on Balana
 * @throws JsonParseException         <code>{@link JsonParseException}</code>
 * @throws RequestParseException      <code>{@link RequestParseException}</code>
 * @throws UnknownIdentifierException <code>{@link UnknownIdentifierException}</code>
 */
public static RequestCtx parse(String jsonRequest) throws JsonParseException, RequestParseException, UnknownIdentifierException {
    JsonObject requestObject = null;
    Set<Attributes> categories = new HashSet<>();
    boolean returnPolicyIdList = false;
    boolean combinedDecision = false;
    MultiRequests multiRequests = null;
    RequestDefaults requestDefaults = null;
    try {
        requestObject = gson.fromJson(jsonRequest, JsonObject.class);
        requestObject = requestObject.get("Request").getAsJsonObject();
    } catch (Exception e) {
        throw new JsonParseException("Error in JSON Request String");
    }
    Set<Map.Entry<String, JsonElement>> jsonAttributes = requestObject.entrySet();
    for (Map.Entry<String, JsonElement> jsonAttribute : jsonAttributes) {
        if (jsonAttribute.getValue().isJsonPrimitive()) {
            switch(jsonAttribute.getKey()) {
                case XACMLConstants.RETURN_POLICY_LIST:
                    if (jsonAttribute.getValue().getAsBoolean() == true) {
                        returnPolicyIdList = true;
                    }
                    break;
                case XACMLConstants.COMBINE_DECISION:
                    if (jsonAttribute.getValue().getAsBoolean() == true) {
                        combinedDecision = true;
                    }
                    break;
                case EntitlementEndpointConstants.XPATH_VERSION:
                    String xPathVersion = jsonAttribute.getValue().getAsString();
                    requestDefaults = new RequestDefaults(xPathVersion);
                    break;
            }
        } else if (!jsonAttribute.getValue().isJsonNull()) {
            JsonObject jsonCategory = null;
            if (jsonAttribute.getValue().isJsonObject()) {
                jsonCategory = jsonAttribute.getValue().getAsJsonObject();
                jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
            } else if (jsonAttribute.getValue().isJsonArray()) {
                for (JsonElement jsonElement : jsonAttribute.getValue().getAsJsonArray()) {
                    jsonCategory = jsonElement.getAsJsonObject();
                    jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
                }
            } else if (EntitlementEndpointConstants.MULTI_REQUESTS.equals(jsonAttribute.getKey())) {
                Set<Map.Entry<String, JsonElement>> jsonRequestReferences = jsonCategory.entrySet();
                Set<RequestReference> requestReferences = new HashSet<>();
                if (jsonRequestReferences.isEmpty()) {
                    throw new RequestParseException("MultiRequest should contain at least one Reference Request");
                }
                for (Map.Entry<String, JsonElement> jsonRequstReference : jsonRequestReferences) {
                    requestReferences.add(jsonObjectToRequestReference(jsonRequstReference.getValue().getAsJsonObject()));
                }
                multiRequests = new MultiRequests(requestReferences);
            }
        }
    }
    return new RequestCtx(null, categories, returnPolicyIdList, combinedDecision, multiRequests, requestDefaults);
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) Attributes(org.wso2.balana.xacml3.Attributes) JsonObject(com.google.gson.JsonObject) MultiRequests(org.wso2.balana.xacml3.MultiRequests) RequestDefaults(org.wso2.balana.xacml3.RequestDefaults) JsonParseException(com.google.gson.JsonParseException) JsonParseException(com.google.gson.JsonParseException) RequestParseException(org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException) UnknownIdentifierException(org.wso2.balana.UnknownIdentifierException) RequestParseException(org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException) JsonElement(com.google.gson.JsonElement) Map(java.util.Map) HashSet(java.util.HashSet) RequestCtx(org.wso2.balana.ctx.xacml3.RequestCtx)

Example 2 with RequestObject

use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpointTest method provideRequestObject.

@DataProvider(name = "provideRequestObject")
public Object[][] provideRequestObject() {
    List<String> claimValues = Arrays.asList("test", "test1", "test2");
    String claimValue = "test";
    RequestObject requestObjectWithValue = new RequestObject();
    Map<String, List<RequestedClaim>> claimsforRequestParameter = new HashMap<>();
    RequestedClaim requestedClaim = new RequestedClaim();
    requestedClaim.setName(OAuthConstants.ACR);
    requestedClaim.setValue(claimValue);
    requestedClaim.setEssential(true);
    claimsforRequestParameter.put(OIDCConstants.ID_TOKEN, Collections.singletonList(requestedClaim));
    requestObjectWithValue.setRequestedClaims(claimsforRequestParameter);
    RequestObject requestObjectWithValues = new RequestObject();
    requestedClaim = new RequestedClaim();
    requestedClaim.setName(OAuthConstants.ACR);
    requestedClaim.setEssential(true);
    claimsforRequestParameter = new HashMap<>();
    requestedClaim.setValues(claimValues);
    claimsforRequestParameter.put(OIDCConstants.ID_TOKEN, Collections.singletonList(requestedClaim));
    requestObjectWithValues.setRequestedClaims(claimsforRequestParameter);
    return new Object[][] { { null, null }, { new RequestObject(), null }, { requestObjectWithValue, Collections.singletonList(claimValue) }, { requestObjectWithValues, claimValues } };
}
Also used : ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) RequestedClaim(org.wso2.carbon.identity.openidconnect.model.RequestedClaim) ArrayList(java.util.ArrayList) List(java.util.List) Matchers.anyList(org.mockito.Matchers.anyList) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) Matchers.anyString(org.mockito.Matchers.anyString) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) DataProvider(org.testng.annotations.DataProvider)

Example 3 with RequestObject

use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpointTest method testGetAcrValues.

@Test(dataProvider = "provideRequestObject", description = "This test case tests the flow when the request object" + " includes acr claims")
public void testGetAcrValues(Object requestObject, List<String> expectedAcrValues) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
    Method method = authzEndpointObject.getClass().getDeclaredMethod("getAcrValues", RequestObject.class);
    method.setAccessible(true);
    Object acrValues = method.invoke(authzEndpointObject, requestObject);
    Assert.assertEquals(acrValues, expectedAcrValues, "Actual ACR values does not match with expected ACR values");
}
Also used : RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) HttpMethod(javax.ws.rs.HttpMethod) Method(java.lang.reflect.Method) Test(org.testng.annotations.Test) AfterTest(org.testng.annotations.AfterTest) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 4 with RequestObject

use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2AuthzEndpoint method handleRequestObject.

private void handleRequestObject(OAuthMessage oAuthMessage, OAuthAuthzRequest oauthRequest, OAuth2Parameters parameters) throws RequestObjectException, InvalidRequestException {
    RequestObject requestObject = OIDCRequestObjectUtil.buildRequestObject(oauthRequest, parameters);
    if (requestObject == null) {
        throw new RequestObjectException(OAuth2ErrorCodes.INVALID_REQUEST, "Unable to build a valid Request " + "Object from the authorization request.");
    }
    /*
              When the request parameter is used, the OpenID Connect request parameter values contained in the JWT
              supersede those passed using the OAuth 2.0 request syntax
             */
    overrideAuthzParameters(oAuthMessage, parameters, oauthRequest.getParam(REQUEST), oauthRequest.getParam(REQUEST_URI), requestObject);
    // so validating if the registered redirect uri is a single uri that can be properly redirected.
    if (StringUtils.isBlank(parameters.getRedirectURI()) || StringUtils.startsWith(parameters.getRedirectURI(), REGEX_PATTERN)) {
        LoggerUtils.triggerDiagnosticLogEvent(OAuthConstants.LogConstants.OAUTH_INBOUND_SERVICE, null, OAuthConstants.LogConstants.FAILED, "Redirect URI is not present in the authorization request.", "validate-input-parameters", null);
        throw new InvalidRequestException("Redirect URI is not present in the authorization request.", OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ErrorCodes.OAuth2SubErrorCodes.INVALID_REDIRECT_URI);
    }
    persistRequestObject(parameters, requestObject);
}
Also used : RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException) InvalidRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)

Example 5 with RequestObject

use of org.wso2.carbon.identity.openidconnect.model.RequestObject in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2CibaEndpoint method validateAuthenticationRequest.

/**
 * Validate whether Request JWT is in proper formatting.
 *
 * @param authRequest CIBA Authentication Request as a String.
 * @throws CibaAuthFailureException CIBA Authentication Failed Exception.
 */
private void validateAuthenticationRequest(String authRequest, String clientId) throws CibaAuthFailureException {
    // Validation for the proper formatting of signedJWT.
    cibaAuthRequestValidator.validateRequest(authRequest);
    // Validation for the client.
    cibaAuthRequestValidator.validateClient(authRequest, clientId);
    // Validation for the userHint.
    cibaAuthRequestValidator.validateUserHint(authRequest);
    // Validate Authentication request.
    cibaAuthRequestValidator.validateAuthRequestParams(authRequest);
    try {
        RequestObject requestObject;
        RequestObjectBuilder requestObjectBuilder;
        requestObjectBuilder = OAuthServerConfiguration.getInstance().getRequestObjectBuilders().get(REQUEST_PARAM_VALUE_BUILDER);
        OAuth2Parameters parameters = new OAuth2Parameters();
        parameters.setClientId(clientId);
        parameters.setTenantDomain(getSpTenantDomain(clientId));
        if (requestObjectBuilder == null) {
            String error = "Unable to build the OIDC Request Object";
            throw new CibaAuthFailureException(OAuth2ErrorCodes.SERVER_ERROR, error);
        }
        requestObject = requestObjectBuilder.buildRequestObject(authRequest, parameters);
        RequestObjectValidator requestObjectValidator = OAuthServerConfiguration.getInstance().getCIBARequestObjectValidator();
        OIDCRequestObjectUtil.validateRequestObjectSignature(parameters, requestObject, requestObjectValidator);
        if (!requestObjectValidator.validateRequestObject(requestObject, parameters)) {
            throw new CibaAuthFailureException(OAuth2ErrorCodes.INVALID_REQUEST, "Invalid parameters " + "found in the Request Object.");
        }
    } catch (InvalidRequestException | RequestObjectException e) {
        if (log.isDebugEnabled()) {
            log.debug(OAuth2ErrorCodes.INVALID_REQUEST, e);
        }
        throw new CibaAuthFailureException(OAuth2ErrorCodes.INVALID_REQUEST, e.getMessage());
    }
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException) CibaAuthFailureException(org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException) RequestObjectBuilder(org.wso2.carbon.identity.openidconnect.RequestObjectBuilder) InvalidRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException) RequestObjectValidator(org.wso2.carbon.identity.openidconnect.RequestObjectValidator) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)

Aggregations

RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)11 RequestObjectException (org.wso2.carbon.identity.oauth2.RequestObjectException)8 HashMap (java.util.HashMap)5 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)4 BeforeTest (org.testng.annotations.BeforeTest)4 Test (org.testng.annotations.Test)4 OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)4 Map (java.util.Map)3 OAuthServerConfiguration (org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration)3 JsonObject (com.google.gson.JsonObject)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2 Matchers.anyString (org.mockito.Matchers.anyString)2 Property (org.wso2.carbon.identity.application.common.model.Property)2 InvalidRequestException (org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException)2 IdentityOAuth2Exception (org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception)2 JsonElement (com.google.gson.JsonElement)1 JsonParseException (com.google.gson.JsonParseException)1 JsonParser (com.google.gson.JsonParser)1