Search in sources :

Example 1 with InvalidClaimException

use of org.xdi.oxauth.model.exception.InvalidClaimException in project oxAuth by GluuFederation.

the class UserInfoRestWebServiceImpl method requestUserInfo.

public Response requestUserInfo(String accessToken, String authorization, HttpServletRequest request, SecurityContext securityContext) {
    if (authorization != null && !authorization.isEmpty() && authorization.startsWith("Bearer ")) {
        accessToken = authorization.substring(7);
    }
    log.debug("Attempting to request User Info, Access token = {}, Is Secure = {}", accessToken, securityContext.isSecure());
    Response.ResponseBuilder builder = Response.ok();
    OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(request), Action.USER_INFO);
    try {
        if (!UserInfoParamsValidator.validateParams(accessToken)) {
            builder = Response.status(400);
            builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INVALID_REQUEST));
        } else {
            AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
            if (authorizationGrant == null) {
                builder = Response.status(400);
                builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INVALID_TOKEN));
            } else if (authorizationGrant.getAuthorizationGrantType() == AuthorizationGrantType.CLIENT_CREDENTIALS) {
                builder = Response.status(403);
                builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
            } else if (!authorizationGrant.getScopes().contains(DefaultScope.OPEN_ID.toString()) && !authorizationGrant.getScopes().contains(DefaultScope.PROFILE.toString())) {
                builder = Response.status(403);
                builder.entity(errorResponseFactory.getErrorAsJson(UserInfoErrorResponseType.INSUFFICIENT_SCOPE));
                oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, false);
            } else {
                oAuth2AuditLog.updateOAuth2AuditLog(authorizationGrant, true);
                CacheControl cacheControl = new CacheControl();
                cacheControl.setPrivate(true);
                cacheControl.setNoTransform(false);
                cacheControl.setNoStore(true);
                builder.cacheControl(cacheControl);
                builder.header("Pragma", "no-cache");
                User currentUser = authorizationGrant.getUser();
                try {
                    currentUser = userService.getUserByDn(authorizationGrant.getUserDn());
                } catch (EntryPersistenceException ex) {
                    log.warn("Failed to reload user entry: '{}'", authorizationGrant.getUserDn());
                }
                if (authorizationGrant.getClient() != null && authorizationGrant.getClient().getUserInfoEncryptedResponseAlg() != null && authorizationGrant.getClient().getUserInfoEncryptedResponseEnc() != null) {
                    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(authorizationGrant.getClient().getUserInfoEncryptedResponseAlg());
                    BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.fromName(authorizationGrant.getClient().getUserInfoEncryptedResponseEnc());
                    builder.type("application/jwt");
                    builder.entity(getJweResponse(keyEncryptionAlgorithm, blockEncryptionAlgorithm, currentUser, authorizationGrant, authorizationGrant.getScopes()));
                } else if (authorizationGrant.getClient() != null && authorizationGrant.getClient().getUserInfoSignedResponseAlg() != null) {
                    SignatureAlgorithm algorithm = SignatureAlgorithm.fromString(authorizationGrant.getClient().getUserInfoSignedResponseAlg());
                    builder.type("application/jwt");
                    builder.entity(getJwtResponse(algorithm, currentUser, authorizationGrant, authorizationGrant.getScopes()));
                } else {
                    builder.type((MediaType.APPLICATION_JSON + ";charset=UTF-8"));
                    builder.entity(getJSonResponse(currentUser, authorizationGrant, authorizationGrant.getScopes()));
                }
            }
        }
    } catch (StringEncrypter.EncryptionException e) {
        // 500
        builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
        log.error(e.getMessage(), e);
    } catch (InvalidJwtException e) {
        // 500
        builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
        log.error(e.getMessage(), e);
    } catch (SignatureException e) {
        // 500
        builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
        log.error(e.getMessage(), e);
    } catch (InvalidClaimException e) {
        // 500
        builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
        log.error(e.getMessage(), e);
    } catch (Exception e) {
        // 500
        builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
        log.error(e.getMessage(), e);
    }
    applicationAuditLogger.sendMessage(oAuth2AuditLog);
    return builder.build();
}
Also used : InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException) OAuth2AuditLog(org.xdi.oxauth.model.audit.OAuth2AuditLog) EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException) SignatureAlgorithm(org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm) SignatureException(java.security.SignatureException) InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException) StringEncrypter(org.xdi.util.security.StringEncrypter) InvalidJwtException(org.xdi.oxauth.model.exception.InvalidJwtException) SignatureException(java.security.SignatureException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException) EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException) BlockEncryptionAlgorithm(org.xdi.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm) JsonWebResponse(org.xdi.oxauth.model.token.JsonWebResponse) Response(javax.ws.rs.core.Response) KeyEncryptionAlgorithm(org.xdi.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm) CacheControl(javax.ws.rs.core.CacheControl)

Example 2 with InvalidClaimException

use of org.xdi.oxauth.model.exception.InvalidClaimException in project oxAuth by GluuFederation.

the class SimpleUser method getAttribute.

public Object getAttribute(String userAttribute, boolean optional) throws InvalidClaimException {
    Object attribute = null;
    for (org.xdi.ldap.model.CustomAttribute customAttribute : customAttributes) {
        if (customAttribute.getName().equals(userAttribute)) {
            List<String> values = customAttribute.getValues();
            if (values != null) {
                if (values.size() == 1) {
                    attribute = values.get(0);
                } else {
                    JSONArray array = new JSONArray();
                    for (String v : values) {
                        array.put(v);
                    }
                    attribute = array;
                }
            }
            break;
        }
    }
    if (attribute != null) {
        return attribute;
    } else if (optional) {
        return attribute;
    } else {
        throw new InvalidClaimException("The claim " + userAttribute + " was not found.");
    }
}
Also used : JSONArray(org.codehaus.jettison.json.JSONArray) InvalidClaimException(org.xdi.oxauth.model.exception.InvalidClaimException)

Aggregations

InvalidClaimException (org.xdi.oxauth.model.exception.InvalidClaimException)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 SignatureException (java.security.SignatureException)1 CacheControl (javax.ws.rs.core.CacheControl)1 Response (javax.ws.rs.core.Response)1 JSONArray (org.codehaus.jettison.json.JSONArray)1 EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)1 OAuth2AuditLog (org.xdi.oxauth.model.audit.OAuth2AuditLog)1 BlockEncryptionAlgorithm (org.xdi.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)1 KeyEncryptionAlgorithm (org.xdi.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)1 SignatureAlgorithm (org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm)1 InvalidJweException (org.xdi.oxauth.model.exception.InvalidJweException)1 InvalidJwtException (org.xdi.oxauth.model.exception.InvalidJwtException)1 JsonWebResponse (org.xdi.oxauth.model.token.JsonWebResponse)1 StringEncrypter (org.xdi.util.security.StringEncrypter)1