protected String createRegAccessToken(Client client) { String regAccessToken = OAuthUtils.generateRandomTokenKey(); client.getProperties().put(ClientRegistrationResponse.REG_ACCESS_TOKEN, regAccessToken); return regAccessToken; } protected void checkRegistrationAccessToken(Client c, String accessToken) {
protected void checkRegistrationAccessToken(Client c, String accessToken) { String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN); if (regAccessToken == null || !regAccessToken.equals(accessToken)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
protected void checkRegistrationAccessToken(Client c, String accessToken) { String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN); if (regAccessToken == null || !regAccessToken.equals(accessToken)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } }
protected String createRegAccessToken(Client client) { String regAccessToken = OAuthUtils.generateRandomTokenKey(); client.getProperties().put(ClientRegistrationResponse.REG_ACCESS_TOKEN, regAccessToken); return regAccessToken; } protected void checkRegistrationAccessToken(Client c, String accessToken) {
@Override protected ClientRegistration fromClientToClientRegistration(Client client) { ClientRegistration resp = super.fromClientToClientRegistration(client); String logoutUris = client.getProperties().get(POST_LOGOUT_LOGOUT_URIS); if (logoutUris != null) { List<String> list = new LinkedList<>(); for (String s : logoutUris.split(" ")) { list.add(s); } resp.setProperty(POST_LOGOUT_LOGOUT_URIS, list); } return resp; }
@Override protected Client createNewClient(ClientRegistration request) { Client client = super.createNewClient(request); List<String> postLogoutUris = request.getListStringProperty(POST_LOGOUT_LOGOUT_URIS); if (postLogoutUris != null) { client.getProperties().put(POST_LOGOUT_LOGOUT_URIS, String.join(" ", postLogoutUris)); } String backChannelLogoutUri = request.getStringProperty(BACK_CHANNEL_LOGOUT_URI); if (backChannelLogoutUri != null) { client.getProperties().put(BACK_CHANNEL_LOGOUT_URI, backChannelLogoutUri); } return client; }
@Override protected ClientRegistration fromClientToClientRegistration(Client client) { ClientRegistration resp = super.fromClientToClientRegistration(client); String logoutUris = client.getProperties().get(POST_LOGOUT_LOGOUT_URIS); if (logoutUris != null) { List<String> list = new LinkedList<>(); for (String s : logoutUris.split(" ")) { list.add(s); } resp.setProperty(POST_LOGOUT_LOGOUT_URIS, list); } return resp; }
@Override protected Client createNewClient(ClientRegistration request) { Client client = super.createNewClient(request); List<String> postLogoutUris = request.getListStringProperty(POST_LOGOUT_LOGOUT_URIS); if (postLogoutUris != null) { client.getProperties().put(POST_LOGOUT_LOGOUT_URIS, String.join(" ", postLogoutUris)); } String backChannelLogoutUri = request.getStringProperty(BACK_CHANNEL_LOGOUT_URI); if (backChannelLogoutUri != null) { client.getProperties().put(BACK_CHANNEL_LOGOUT_URI, backChannelLogoutUri); } return client; }
state.append(SEP); state.append(client.getProperties().toString()); state.append(SEP);
state.append(SEP); state.append(client.getProperties().toString()); state.append(SEP);
protected void checkCertificateBinding(Client client, TLSSessionInfo tlsSessionInfo) { String subjectDn = client.getProperties().get(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN); if (subjectDn == null && client.getApplicationCertificates().isEmpty()) { LOG.warning("Client \"" + client.getClientId() + "\" can not be bound to the TLS certificate"); reportInvalidClient(); } X509Certificate cert = OAuthUtils.getRootTLSCertificate(tlsSessionInfo); if (subjectDn != null && !subjectDn.equals(OAuthUtils.getSubjectDnFromTLSCertificates(cert))) { LOG.warning("Client \"" + client.getClientId() + "\" can not be bound to the TLS certificate"); reportInvalidClient(); } String issuerDn = client.getProperties().get(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN); if (issuerDn != null && !issuerDn.equals(OAuthUtils.getIssuerDnFromTLSCertificates(cert))) { LOG.warning("Client \"" + client.getClientId() + "\" can not be bound to the TLS certificate"); reportInvalidClient(); } if (!client.getApplicationCertificates().isEmpty()) { compareTlsCertificates(tlsSessionInfo, client.getApplicationCertificates()); } OAuthUtils.setCertificateThumbprintConfirmation(getMessageContext(), cert); }
protected void checkCertificateBinding(Client client, TLSSessionInfo tlsSessionInfo) { String subjectDn = client.getProperties().get(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN); if (subjectDn == null && client.getApplicationCertificates().isEmpty()) { LOG.warning("Client \"" + client.getClientId() + "\" can not be bound to the TLS certificate"); reportInvalidClient(); } X509Certificate cert = OAuthUtils.getRootTLSCertificate(tlsSessionInfo); if (subjectDn != null && !subjectDn.equals(OAuthUtils.getSubjectDnFromTLSCertificates(cert))) { LOG.warning("Client \"" + client.getClientId() + "\" can not be bound to the TLS certificate"); reportInvalidClient(); } String issuerDn = client.getProperties().get(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN); if (issuerDn != null && !issuerDn.equals(OAuthUtils.getIssuerDnFromTLSCertificates(cert))) { LOG.warning("Client \"" + client.getClientId() + "\" can not be bound to the TLS certificate"); reportInvalidClient(); } if (!client.getApplicationCertificates().isEmpty()) { compareTlsCertificates(tlsSessionInfo, client.getApplicationCertificates()); } OAuthUtils.setCertificateThumbprintConfirmation(getMessageContext(), cert); }
public OAuthDataProviderImplJwt() throws Exception { super(DEFAULT_CONFIG_URL, BusFactory.getThreadDefaultBus(true), CLIENT_CACHE_KEY + "_" + Math.abs(new Random().nextInt()), CODE_GRANT_CACHE_KEY + "_" + Math.abs(new Random().nextInt()), ACCESS_TOKEN_CACHE_KEY + "_" + Math.abs(new Random().nextInt()), REFRESH_TOKEN_CACHE_KEY + "_" + Math.abs(new Random().nextInt()), true); Client client = new Client("boundJwt", null, true, null, null); client.getProperties().put(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN, "CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US"); client.getAllowedGrantTypes().add("custom_grant"); this.setClient(client); this.setUseJwtFormatForAccessTokens(true); }
protected ClientRegistrationResponse fromClientToRegistrationResponse(Client client) { ClientRegistrationResponse response = new ClientRegistrationResponse(); response.setClientId(client.getClientId()); if (client.getClientSecret() != null) { response.setClientSecret(client.getClientSecret()); // TODO: consider making Client secret time limited response.setClientSecretExpiresAt(Long.valueOf(0)); } response.setClientIdIssuedAt(client.getRegisteredAt()); UriBuilder ub = getMessageContext().getUriInfo().getAbsolutePathBuilder(); if (supportRegistrationAccessTokens) { // both registration access token and uri are either included or excluded response.setRegistrationClientUri( ub.path(client.getClientId()).build().toString()); response.setRegistrationAccessToken( client.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN)); } return response; }
protected ClientRegistrationResponse fromClientToRegistrationResponse(Client client) { ClientRegistrationResponse response = new ClientRegistrationResponse(); response.setClientId(client.getClientId()); if (client.getClientSecret() != null) { response.setClientSecret(client.getClientSecret()); // TODO: consider making Client secret time limited response.setClientSecretExpiresAt(Long.valueOf(0)); } response.setClientIdIssuedAt(client.getRegisteredAt()); UriBuilder ub = getMessageContext().getUriInfo().getAbsolutePathBuilder(); if (supportRegistrationAccessTokens) { // both registration access token and uri are either included or excluded response.setRegistrationClientUri( ub.path(client.getClientId()).build().toString()); response.setRegistrationAccessToken( client.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN)); } return response; }
secData.setApplicationLogoUri(client.getApplicationLogoUri()); secData.setApplicationCertificates(client.getApplicationCertificates()); Map<String, String> extraProperties = client.getProperties(); secData.setExtraApplicationProperties(extraProperties); secData.setApplicationRegisteredDynamically(client.isRegisteredDynamically());
reg.setTokenEndpointAuthMethod(c.getTokenEndpointAuthMethod()); if (OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS.equals(c.getTokenEndpointAuthMethod())) { String subjectDn = c.getProperties().get(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN); if (subjectDn != null) { reg.setProperty(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN, subjectDn); String issuerDn = c.getProperties().get(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN); if (issuerDn != null) { reg.setProperty(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN, issuerDn);
secData.setApplicationLogoUri(client.getApplicationLogoUri()); secData.setApplicationCertificates(client.getApplicationCertificates()); Map<String, String> extraProperties = client.getProperties(); secData.setExtraApplicationProperties(extraProperties); secData.setApplicationRegisteredDynamically(client.isRegisteredDynamically());
reg.setTokenEndpointAuthMethod(c.getTokenEndpointAuthMethod()); if (OAuthConstants.TOKEN_ENDPOINT_AUTH_TLS.equals(c.getTokenEndpointAuthMethod())) { String subjectDn = c.getProperties().get(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN); if (subjectDn != null) { reg.setProperty(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN, subjectDn); String issuerDn = c.getProperties().get(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN); if (issuerDn != null) { reg.setProperty(OAuthConstants.TLS_CLIENT_AUTH_ISSUER_DN, issuerDn);
public OAuthDataProviderImpl() throws Exception { Client client1 = new Client("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US", null, true, null, null); client1.getAllowedGrantTypes().add("custom_grant"); registerCert(client1); this.setClient(client1); Client client2 = new Client("bound", null, true, null, null); client2.getProperties().put(OAuthConstants.TLS_CLIENT_AUTH_SUBJECT_DN, "CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US"); client2.getAllowedGrantTypes().add("custom_grant"); this.setClient(client2); Client client3 = new Client("unbound", null, true, null, null); this.setClient(client3); }