Example 1 with SubjectType
use of org.xdi.oxauth.model.common.SubjectType in project oxAuth by GluuFederation.
the class RegisterRestWebServiceImpl method registerClientImpl.
private Response registerClientImpl(String requestParams, HttpServletRequest httpRequest, SecurityContext securityContext) {
Response.ResponseBuilder builder = Response.ok();
OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpRequest), Action.CLIENT_REGISTRATION);
try {
if (appConfiguration.getDynamicRegistrationEnabled()) {
final RegisterRequest r = RegisterRequest.fromJson(requestParams);
log.debug("Attempting to register client: applicationType = {}, clientName = {}, redirectUris = {}, isSecure = {}, sectorIdentifierUri = {}, params = {}", r.getApplicationType(), r.getClientName(), r.getRedirectUris(), securityContext.isSecure(), r.getSectorIdentifierUri(), requestParams);
if (r.getSubjectType() == null) {
SubjectType defaultSubjectType = SubjectType.fromString(appConfiguration.getDefaultSubjectType());
if (defaultSubjectType != null) {
r.setSubjectType(defaultSubjectType);
} else if (appConfiguration.getSubjectTypesSupported().contains(SubjectType.PUBLIC.toString())) {
r.setSubjectType(SubjectType.PUBLIC);
} else if (appConfiguration.getSubjectTypesSupported().contains(SubjectType.PAIRWISE.toString())) {
r.setSubjectType(SubjectType.PAIRWISE);
}
}
if (r.getIdTokenSignedResponseAlg() == null) {
r.setIdTokenSignedResponseAlg(SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm()));
}
if (r.getIdTokenSignedResponseAlg() != SignatureAlgorithm.NONE) {
if (registerParamsValidator.validateParamsClientRegister(r.getApplicationType(), r.getSubjectType(), r.getRedirectUris(), r.getSectorIdentifierUri())) {
if (!registerParamsValidator.validateRedirectUris(r.getApplicationType(), r.getSubjectType(), r.getRedirectUris(), r.getSectorIdentifierUri())) {
builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode());
builder.entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_REDIRECT_URI));
} else {
registerParamsValidator.validateLogoutUri(r.getFrontChannelLogoutUris(), r.getRedirectUris(), errorResponseFactory);
String clientsBaseDN = staticConfiguration.getBaseDn().getClients();
String inum = inumService.generateClientInum();
String generatedClientSecret = UUID.randomUUID().toString();
final Client client = new Client();
client.setDn("inum=" + inum + "," + clientsBaseDN);
client.setClientId(inum);
client.setClientSecret(clientService.encryptSecret(generatedClientSecret));
client.setRegistrationAccessToken(HandleTokenFactory.generateHandleToken());
final Calendar calendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
client.setClientIdIssuedAt(calendar.getTime());
if (appConfiguration.getDynamicRegistrationExpirationTime() > 0) {
calendar.add(Calendar.SECOND, appConfiguration.getDynamicRegistrationExpirationTime());
client.setClientSecretExpiresAt(calendar.getTime());
}
if (StringUtils.isBlank(r.getClientName()) && r.getRedirectUris() != null && !r.getRedirectUris().isEmpty()) {
try {
URI redUri = new URI(r.getRedirectUris().get(0));
client.setClientName(redUri.getHost());
} catch (Exception e) {
//ignore
log.error(e.getMessage(), e);
client.setClientName("Unknown");
}
}
updateClientFromRequestObject(client, r);
boolean registerClient = true;
if (externalDynamicClientRegistrationService.isEnabled()) {
registerClient = externalDynamicClientRegistrationService.executeExternalUpdateClientMethods(r, client);
}
if (registerClient) {
Date currentTime = Calendar.getInstance().getTime();
client.setLastAccessTime(currentTime);
client.setLastLogonTime(currentTime);
Boolean persistClientAuthorizations = appConfiguration.getDynamicRegistrationPersistClientAuthorizations();
client.setPersistClientAuthorizations(persistClientAuthorizations != null ? persistClientAuthorizations : false);
clientService.persist(client);
JSONObject jsonObject = getJSONObject(client);
builder.entity(jsonObject.toString(4).replace("\\/", "/"));
oAuth2AuditLog.setClientId(client.getClientId());
oAuth2AuditLog.setScope(clientScopesToString(client));
oAuth2AuditLog.setSuccess(true);
} else {
log.trace("Client parameters are invalid, returns invalid_request error.");
builder = Response.status(Response.Status.BAD_REQUEST).entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_CLIENT_METADATA));
}
}
} else {
log.trace("Client parameters are invalid, returns invalid_request error.");
builder = Response.status(Response.Status.BAD_REQUEST).entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_CLIENT_METADATA));
}
} else {
log.debug("The signature algorithm for id_token cannot be none.");
builder = Response.status(Response.Status.BAD_REQUEST).entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_CLIENT_METADATA));
}
} else {
log.debug("Dynamic client registration is disabled.");
builder = Response.status(Response.Status.BAD_REQUEST).entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.ACCESS_DENIED));
}
} catch (StringEncrypter.EncryptionException e) {
builder = internalErrorResponse();
log.error(e.getMessage(), e);
} catch (JSONException e) {
builder = internalErrorResponse();
log.error(e.getMessage(), e);
} catch (WebApplicationException e) {
log.error(e.getMessage(), e);
throw e;
} catch (Exception e) {
builder = internalErrorResponse();
log.error(e.getMessage(), e);
}
builder.cacheControl(ServerUtil.cacheControl(true, false));
builder.header("Pragma", "no-cache");
applicationAuditLogger.sendMessage(oAuth2AuditLog);
return builder.build();
}
Also used :
RegisterRequest(org.xdi.oxauth.client.RegisterRequest)
WebApplicationException(javax.ws.rs.WebApplicationException)
OAuth2AuditLog(org.xdi.oxauth.model.audit.OAuth2AuditLog)
GregorianCalendar(java.util.GregorianCalendar)
Calendar(java.util.Calendar)
GregorianCalendar(java.util.GregorianCalendar)
JSONException(org.codehaus.jettison.json.JSONException)
POLICY_URI(org.xdi.oxauth.model.register.RegisterRequestParam.POLICY_URI)
REGISTRATION_CLIENT_URI(org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI)
SECTOR_IDENTIFIER_URI(org.xdi.oxauth.model.register.RegisterRequestParam.SECTOR_IDENTIFIER_URI)
CLIENT_URI(org.xdi.oxauth.model.register.RegisterRequestParam.CLIENT_URI)
URI(java.net.URI)
JWKS_URI(org.xdi.oxauth.model.register.RegisterRequestParam.JWKS_URI)
INITIATE_LOGIN_URI(org.xdi.oxauth.model.register.RegisterRequestParam.INITIATE_LOGIN_URI)
FRONT_CHANNEL_LOGOUT_URI(org.xdi.oxauth.model.register.RegisterRequestParam.FRONT_CHANNEL_LOGOUT_URI)
TOS_URI(org.xdi.oxauth.model.register.RegisterRequestParam.TOS_URI)
LOGO_URI(org.xdi.oxauth.model.register.RegisterRequestParam.LOGO_URI)
StringEncrypter(org.xdi.util.security.StringEncrypter)
WebApplicationException(javax.ws.rs.WebApplicationException)
JSONException(org.codehaus.jettison.json.JSONException)
Date(java.util.Date)
Response(javax.ws.rs.core.Response)
SubjectType(org.xdi.oxauth.model.common.SubjectType)
JSONObject(org.codehaus.jettison.json.JSONObject)
Client(org.xdi.oxauth.model.registration.Client)
Aggregations
URI (java.net.URI)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
GregorianCalendar (java.util.GregorianCalendar)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
Response (javax.ws.rs.core.Response)1
JSONException (org.codehaus.jettison.json.JSONException)1
JSONObject (org.codehaus.jettison.json.JSONObject)1
RegisterRequest (org.xdi.oxauth.client.RegisterRequest)1
OAuth2AuditLog (org.xdi.oxauth.model.audit.OAuth2AuditLog)1
SubjectType (org.xdi.oxauth.model.common.SubjectType)1
CLIENT_URI (org.xdi.oxauth.model.register.RegisterRequestParam.CLIENT_URI)1
FRONT_CHANNEL_LOGOUT_URI (org.xdi.oxauth.model.register.RegisterRequestParam.FRONT_CHANNEL_LOGOUT_URI)1
INITIATE_LOGIN_URI (org.xdi.oxauth.model.register.RegisterRequestParam.INITIATE_LOGIN_URI)1
JWKS_URI (org.xdi.oxauth.model.register.RegisterRequestParam.JWKS_URI)1
LOGO_URI (org.xdi.oxauth.model.register.RegisterRequestParam.LOGO_URI)1
POLICY_URI (org.xdi.oxauth.model.register.RegisterRequestParam.POLICY_URI)1
SECTOR_IDENTIFIER_URI (org.xdi.oxauth.model.register.RegisterRequestParam.SECTOR_IDENTIFIER_URI)1
TOS_URI (org.xdi.oxauth.model.register.RegisterRequestParam.TOS_URI)1
REGISTRATION_CLIENT_URI (org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI)1
