Example 61 with GluuAttribute
use of org.xdi.model.GluuAttribute in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceImpl method getJweResponse.
public String getJweResponse(KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
Jwe jwe = new Jwe();
// Header
jwe.getHeader().setType(JwtType.JWT);
jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
// Claims
List<Scope> dynamicScopes = new ArrayList<Scope>();
for (String scopeName : scopes) {
Scope scope = scopeService.getScopeByDisplayName(scopeName);
if (org.xdi.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType()) {
dynamicScopes.add(scope);
continue;
}
if (scope.getOxAuthClaims() != null) {
for (String claimDn : scope.getOxAuthClaims()) {
GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
String claimName = gluuAttribute.getOxAuthClaimName();
String ldapName = gluuAttribute.getName();
String attributeValue = null;
if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
if (ldapName.equals("uid")) {
attributeValue = user.getUserId();
} else {
attributeValue = user.getAttribute(gluuAttribute.getName());
}
jwe.getClaims().setClaim(claimName, attributeValue);
}
}
}
}
if (authorizationGrant.getJwtAuthorizationRequest() != null && authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember() != null) {
for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getUserInfoMember().getClaims()) {
// ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
boolean optional = true;
GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
if (gluuAttribute != null) {
String ldapClaimName = gluuAttribute.getName();
Object attribute = user.getAttribute(ldapClaimName, optional);
if (attribute != null) {
if (attribute instanceof JSONArray) {
JSONArray jsonArray = (JSONArray) attribute;
List<String> values = new ArrayList<String>();
for (int i = 0; i < jsonArray.length(); i++) {
String value = jsonArray.optString(i);
if (value != null) {
values.add(value);
}
}
jwe.getClaims().setClaim(claim.getName(), values);
} else {
String value = (String) attribute;
jwe.getClaims().setClaim(claim.getName(), value);
}
}
}
}
}
// Check for Subject Identifier Type
if (authorizationGrant.getClient().getSubjectType() != null && SubjectType.fromString(authorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
String sectorIdentifierUri = null;
if (StringUtils.isNotBlank(authorizationGrant.getClient().getSectorIdentifierUri())) {
sectorIdentifierUri = authorizationGrant.getClient().getSectorIdentifierUri();
} else {
sectorIdentifierUri = authorizationGrant.getClient().getRedirectUris()[0];
}
String userInum = authorizationGrant.getUser().getAttribute("inum");
PairwiseIdentifier pairwiseIdentifier = pairwiseIdentifierService.findPairWiseIdentifier(userInum, sectorIdentifierUri);
if (pairwiseIdentifier == null) {
pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri);
pairwiseIdentifier.setId(UUID.randomUUID().toString());
pairwiseIdentifier.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(pairwiseIdentifier.getId(), userInum));
pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseIdentifier);
}
jwe.getClaims().setSubjectIdentifier(pairwiseIdentifier.getId());
} else {
String openidSubAttribute = appConfiguration.getOpenidSubAttribute();
jwe.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute(openidSubAttribute));
}
if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwe, unmodifiableAuthorizationGrant);
externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
}
// Encryption
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(authorizationGrant.getClient().getJwksUri());
AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
String keyId = cryptoProvider.getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), SignatureAlgorithm.RS256);
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys);
if (publicKey != null) {
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
jwe = jweEncrypter.encrypt(jwe);
} else {
throw new InvalidJweException("The public key is not valid");
}
} else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
try {
byte[] sharedSymmetricKey = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret()).getBytes(Util.UTF8_STRING_ENCODING);
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
jwe = jweEncrypter.encrypt(jwe);
} catch (UnsupportedEncodingException e) {
throw new InvalidJweException(e);
} catch (StringEncrypter.EncryptionException e) {
throw new InvalidJweException(e);
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
return jwe.toString();
}
Also used :
PublicKey(java.security.PublicKey)
JSONArray(org.codehaus.jettison.json.JSONArray)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
DynamicScopeExternalContext(org.xdi.oxauth.service.external.context.DynamicScopeExternalContext)
InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException)
SignatureException(java.security.SignatureException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)
GluuAttribute(org.xdi.model.GluuAttribute)
PairwiseIdentifier(org.xdi.oxauth.model.ldap.PairwiseIdentifier)
JSONObject(org.codehaus.jettison.json.JSONObject)
Jwe(org.xdi.oxauth.model.jwe.Jwe)
JwtSubClaimObject(org.xdi.oxauth.model.jwt.JwtSubClaimObject)
JSONObject(org.codehaus.jettison.json.JSONObject)
AbstractCryptoProvider(org.xdi.oxauth.model.crypto.AbstractCryptoProvider)
JweEncrypterImpl(org.xdi.oxauth.model.jwe.JweEncrypterImpl)
Claim(org.xdi.oxauth.model.authorize.Claim)
JweEncrypter(org.xdi.oxauth.model.jwe.JweEncrypter)
InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)
Example 62 with GluuAttribute
use of org.xdi.model.GluuAttribute in project oxTrust by GluuFederation.
the class CustomAttributeAction method selectCustomAttributes.
private void selectCustomAttributes(List<GluuCustomAttribute> customAttributes) {
for (GluuCustomAttribute customAttribute : this.customAttributes) {
GluuAttribute tmpAttribute = attributeInums.get(customAttribute.getMetadata().getInum());
if ((tmpAttribute == null) || containsCustomAttribute(tmpAttribute)) {
continue;
}
String id = this.attributeIds.get(tmpAttribute);
this.availableAttributeIds.remove(id);
}
}
Also used :
GluuCustomAttribute(org.gluu.oxtrust.model.GluuCustomAttribute)
GluuAttribute(org.xdi.model.GluuAttribute)
Example 63 with GluuAttribute
use of org.xdi.model.GluuAttribute in project oxTrust by GluuFederation.
the class AttributeInventoryAction method submit.
public void submit() {
FacesContext facesContext = FacesContext.getCurrentInstance();
List<String> checkedItems = new ArrayList<String>();
for (GluuAttribute item : activeAttributeList) {
if (checked.get(item.getInum())) {
checkedItems.add(item.getInum());
}
}
log.info("the selections are : {}", checkedItems.size());
HttpServletResponse response = (HttpServletResponse) facesContext.getExternalContext().getResponse();
response.setContentType("text/plain");
response.addHeader("Content-disposition", "attachment; filename=\"attributes.ldif\"");
try {
ServletOutputStream os = response.getOutputStream();
ldifService.exportLDIFFile(checkedItems, os);
os.flush();
os.close();
facesContext.responseComplete();
} catch (Exception e) {
log.error("\nFailure : " + e.toString() + "\n");
}
checked.clear();
}
Also used :
FacesContext(javax.faces.context.FacesContext)
ServletOutputStream(javax.servlet.ServletOutputStream)
ArrayList(java.util.ArrayList)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
LdapMappingException(org.gluu.site.ldap.persistence.exception.LdapMappingException)
GluuAttribute(org.xdi.model.GluuAttribute)
Example 64 with GluuAttribute
use of org.xdi.model.GluuAttribute in project oxTrust by GluuFederation.
the class ExtensionDeserializer method deserialize.
@Override
public Extension deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
log.info(" deserialize() ");
try {
if (id == null || id.isEmpty()) {
throw new IllegalArgumentException("The URN cannot be null or empty");
}
JsonNode rootNode = jsonParser.readValueAsTree();
if (!rootNode.isObject()) {
throw new IllegalArgumentException("Extension is of wrong JSON type");
}
Extension.Builder extensionBuilder = new Extension.Builder(id);
Iterator<Map.Entry<String, JsonNode>> fieldIterator = rootNode.getFields();
while (fieldIterator.hasNext()) {
Map.Entry<String, JsonNode> entry = fieldIterator.next();
GluuAttribute gluuAttribute = attributeService.getAttributeByName(entry.getKey());
if (gluuAttribute != null) {
if (!(gluuAttribute.getOxSCIMCustomAttribute() != null && gluuAttribute.getOxSCIMCustomAttribute().equals(ScimCustomAtribute.TRUE))) {
log.info(" NOT A CUSTOM ATTRIBUTE: " + gluuAttribute.getName());
throw new IllegalArgumentException("NOT A CUSTOM ATTRIBUTE: " + gluuAttribute.getName());
}
GluuAttributeDataType attributeDataType = gluuAttribute.getDataType();
if ((gluuAttribute.getOxMultivaluedAttribute() != null) && gluuAttribute.getOxMultivaluedAttribute().equals(OxMultivalued.TRUE)) {
if (entry.getValue() instanceof ArrayNode) {
ArrayNode arrayNode = (ArrayNode) entry.getValue();
ObjectMapper mapper = new ObjectMapper();
mapper.disable(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES);
if (attributeDataType.equals(GluuAttributeDataType.STRING) || attributeDataType.equals(GluuAttributeDataType.PHOTO)) {
List<String> stringList = Arrays.asList(mapper.readValue(arrayNode, String[].class));
extensionBuilder.setFieldAsList(entry.getKey(), stringList);
} else if (attributeDataType.equals(GluuAttributeDataType.DATE)) {
// For validation
List<Date> dateList = Arrays.asList(mapper.readValue(arrayNode, Date[].class));
extensionBuilder.setFieldAsList(entry.getKey(), Arrays.asList(mapper.readValue(arrayNode, String[].class)));
} else if (attributeDataType.equals(GluuAttributeDataType.NUMERIC)) {
List<BigDecimal> numberList = Arrays.asList(mapper.readValue(arrayNode, BigDecimal[].class));
extensionBuilder.setFieldAsList(entry.getKey(), numberList);
} else {
log.info(" NO MATCH: attributeDataType.getDisplayName() = " + attributeDataType.getDisplayName());
throw new IllegalArgumentException("JSON type not supported: " + entry.getValue().toString());
}
} else {
throw new IllegalArgumentException("Attribute \"" + entry.getKey() + "\" is multi-valued but passed value is not of array type.");
}
} else {
if (entry.getValue() instanceof ArrayNode) {
throw new IllegalArgumentException("Attribute \"" + entry.getKey() + "\" is not multi-valued but passed value is of array type.");
} else {
if (attributeDataType.equals(GluuAttributeDataType.STRING) || attributeDataType.equals(GluuAttributeDataType.PHOTO)) {
handleString(extensionBuilder, entry);
} else if (attributeDataType.equals(GluuAttributeDataType.DATE)) {
handleDateTime(extensionBuilder, entry);
} else if (attributeDataType.equals(GluuAttributeDataType.NUMERIC)) {
handleNumber(extensionBuilder, entry);
} else {
log.info(" NO MATCH: attributeDataType.getDisplayName() = " + attributeDataType.getDisplayName());
throw new IllegalArgumentException("JSON type not supported: " + entry.getValue().toString());
}
}
}
} else {
throw new IllegalArgumentException("NOT FOUND: custom attribute = " + entry.getKey());
}
}
return extensionBuilder.build();
} catch (Exception e) {
e.printStackTrace();
throw new IOException(INTERNAL_SERVER_ERROR_MESSAGE);
}
}
Also used :
JsonNode(org.codehaus.jackson.JsonNode)
GluuAttributeDataType(org.xdi.model.GluuAttributeDataType)
IOException(java.io.IOException)
Date(java.util.Date)
BigDecimal(java.math.BigDecimal)
IOException(java.io.IOException)
GluuAttribute(org.xdi.model.GluuAttribute)
Extension(org.gluu.oxtrust.model.scim2.Extension)
List(java.util.List)
ArrayNode(org.codehaus.jackson.node.ArrayNode)
Map(java.util.Map)
ObjectMapper(org.codehaus.jackson.map.ObjectMapper)
Aggregations
GluuAttribute (org.xdi.model.GluuAttribute)64
ArrayList (java.util.ArrayList)24
GluuCustomAttribute (org.gluu.oxtrust.model.GluuCustomAttribute)15
JSONObject (org.codehaus.jettison.json.JSONObject)9
JSONArray (org.codehaus.jettison.json.JSONArray)8
GluuAttributeDataType (org.xdi.model.GluuAttributeDataType)6
IOException (java.io.IOException)5
BigDecimal (java.math.BigDecimal)5
Date (java.util.Date)5
HashMap (java.util.HashMap)5
GluuCustomPerson (org.gluu.oxtrust.model.GluuCustomPerson)5
Extension (org.gluu.oxtrust.model.scim2.Extension)5
JwtSubClaimObject (org.xdi.oxauth.model.jwt.JwtSubClaimObject)5
Filter (com.unboundid.ldap.sdk.Filter)4
List (java.util.List)4
GluuSAMLTrustRelationship (org.gluu.oxtrust.model.GluuSAMLTrustRelationship)4
Claim (org.xdi.oxauth.model.authorize.Claim)4
Scope (org.xdi.oxauth.model.common.Scope)4
PairwiseIdentifier (org.xdi.oxauth.model.ldap.PairwiseIdentifier)4
DynamicScopeExternalContext (org.xdi.oxauth.service.external.context.DynamicScopeExternalContext)4
