/** * This is used to handle the OAuthAdminService exceptions. This will log the error message and return an * IdentityOAuthAdminException exception * @param message error message * @param exception Exception. * @return */ public static IdentityOAuthAdminException handleError(String message, Exception exception) { log.error(message); if (exception == null) { return new IdentityOAuthAdminException(message); } else { if (log.isDebugEnabled()) { log.debug(exception); } return new IdentityOAuthAdminException(message, exception); } }
public void removeConsumerApplication(String consumerKey) throws IdentityOAuthAdminException { Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = null; try { prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.REMOVE_APPLICATION); prepStmt.setString(1, consumerKey); prepStmt.execute(); connection.commit(); } catch (SQLException e) {; throw new IdentityOAuthAdminException("Error when executing the SQL : " + SQLQueries.OAuthAppDAOSQLQueries.REMOVE_APPLICATION, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, null, prepStmt); } }
private String getCallbackURLOfApp(String consumerKey) throws IdentityOAuthAdminException { String callbackURL = null; Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = null; ResultSet resultSet = null; try { prepStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.GET_REGISTERED_CALLBACK_URL); prepStmt.setString(1, consumerKey); resultSet = prepStmt.executeQuery(); if (resultSet.next()) { callbackURL = resultSet.getString(1); } connection.commit(); } catch (SQLException e) { throw new IdentityOAuthAdminException("Error when reading the callback url for consumer key : " + consumerKey, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, resultSet, prepStmt); } return callbackURL; }
private String getCallbackURLOfReqToken(String oauthToken) throws IdentityOAuthAdminException { String callbackURL = null; Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = null; ResultSet resultSet = null; try { prepStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.GET_CALLBACK_URL_OF_REQ_TOKEN); prepStmt.setString(1, oauthToken); resultSet = prepStmt.executeQuery(); if (resultSet.next()) { callbackURL = resultSet.getString(1); } connection.commit(); } catch (SQLException e) { throw new IdentityOAuthAdminException("Error when reading the callback url for OAuth Token : " + oauthToken, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, resultSet, prepStmt); } return callbackURL; }
private String getCallbackURLOfReqToken(String oauthToken) throws IdentityOAuthAdminException { String callbackURL = null; Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = null; ResultSet resultSet = null; try { prepStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.GET_CALLBACK_URL_OF_REQ_TOKEN); prepStmt.setString(1, oauthToken); resultSet = prepStmt.executeQuery(); if (resultSet.next()) { callbackURL = resultSet.getString(1); } connection.commit(); } catch (SQLException e) { throw new IdentityOAuthAdminException("Error when reading the callback url for OAuth Token : " + oauthToken, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, resultSet, prepStmt); } return callbackURL; }
private String getCallbackURLOfApp(String consumerKey) throws IdentityOAuthAdminException { String callbackURL = null; Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = null; ResultSet resultSet = null; try { prepStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.GET_REGISTERED_CALLBACK_URL); prepStmt.setString(1, consumerKey); resultSet = prepStmt.executeQuery(); if (resultSet.next()) { callbackURL = resultSet.getString(1); } connection.commit(); } catch (SQLException e) { throw new IdentityOAuthAdminException("Error when reading the callback url for consumer key : " + consumerKey, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, resultSet, prepStmt); } return callbackURL; }
private boolean isDuplicateConsumer(String consumerKey) throws IdentityOAuthAdminException { Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = null; ResultSet rSet = null; boolean isDuplicateConsumer = false; try { prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.CHECK_EXISTING_CONSUMER); prepStmt.setString(1, persistenceProcessor.getProcessedClientId(consumerKey)); rSet = prepStmt.executeQuery(); if (rSet.next()) { isDuplicateConsumer = true; } connection.commit(); } catch (IdentityOAuth2Exception e) { throw new IdentityOAuthAdminException("Error occurred while processing the client id by TokenPersistenceProcessor"); } catch (SQLException e) { throw new IdentityOAuthAdminException("Error when executing the SQL : " + SQLQueries .OAuthAppDAOSQLQueries.CHECK_EXISTING_CONSUMER, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, rSet, prepStmt); } return isDuplicateConsumer; }
/** * Get the scope validators registered by the user and filter the allowed ones. * * @param application Application user have registered. * @return List of scope validators. * @throws IdentityOAuthAdminException Identity OAuthAdmin exception. */ private String[] filterScopeValidators(OAuthConsumerAppDTO application) throws IdentityOAuthAdminException { List<String> scopeValidators = new ArrayList<>(Arrays.asList(getAllowedScopeValidators())); String[] requestedScopeValidators = application.getScopeValidators(); if (requestedScopeValidators == null) { requestedScopeValidators = new String[0]; } for (String requestedScopeValidator : requestedScopeValidators) { if (!scopeValidators.contains(requestedScopeValidator)) { throw new IdentityOAuthAdminException(requestedScopeValidator + " not allowed"); } } return requestedScopeValidators; }
/** * Generates a random number using two UUIDs and HMAC-SHA1 * * @return generated secure random number * @throws IdentityOAuthAdminException Invalid Algorithm or Invalid Key */ public static String getRandomNumber() throws IdentityOAuthAdminException { try { String secretKey = UUIDGenerator.generateUUID(); String baseString = UUIDGenerator.generateUUID(); SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(Charsets.UTF_8), ALGORITHM); Mac mac = Mac.getInstance(ALGORITHM); mac.init(key); byte[] rawHmac = mac.doFinal(baseString.getBytes(Charsets.UTF_8)); String random = Base64.encode(rawHmac); // Registry doesn't have support for these character. random = random.replace("/", "_"); random = random.replace("=", "a"); random = random.replace("+", "f"); return random; } catch (Exception e) { throw new IdentityOAuthAdminException("Error when generating a random number.", e); } }
public void issueAccessToken(String consumerKey, String accessToken, String accessTokenSecret, String requestToken, String authorizedUser, String scope) throws IdentityOAuthAdminException { Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement removeReqTokStmt = null; PreparedStatement issueAccessTokStmt = null; try { removeReqTokStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.REMOVE_REQUEST_TOKEN); removeReqTokStmt.setString(1, requestToken); removeReqTokStmt.execute(); issueAccessTokStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.ADD_ACCESS_TOKEN); issueAccessTokStmt.setString(1, accessToken); issueAccessTokStmt.setString(2, accessTokenSecret); issueAccessTokStmt.setString(3, consumerKey); issueAccessTokStmt.setString(4, scope); issueAccessTokStmt.setString(5, authorizedUser); issueAccessTokStmt.execute(); connection.commit(); } catch (SQLException e) { log.error(e.getMessage(), e); throw new IdentityOAuthAdminException("Error when creating the request token for consumer : " + consumerKey); } finally { IdentityDatabaseUtil.closeStatement(issueAccessTokStmt); IdentityDatabaseUtil.closeAllConnections(connection, null, removeReqTokStmt); } }
public void issueAccessToken(String consumerKey, String accessToken, String accessTokenSecret, String requestToken, String authorizedUser, String scope) throws IdentityOAuthAdminException { Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement removeReqTokStmt = null; PreparedStatement issueAccessTokStmt = null; try { removeReqTokStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.REMOVE_REQUEST_TOKEN); removeReqTokStmt.setString(1, requestToken); removeReqTokStmt.execute(); issueAccessTokStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.ADD_ACCESS_TOKEN); issueAccessTokStmt.setString(1, accessToken); issueAccessTokStmt.setString(2, accessTokenSecret); issueAccessTokStmt.setString(3, consumerKey); issueAccessTokStmt.setString(4, scope); issueAccessTokStmt.setString(5, authorizedUser); issueAccessTokStmt.execute(); connection.commit(); } catch (SQLException e) { log.error(e.getMessage(), e); throw new IdentityOAuthAdminException("Error when creating the request token for consumer : " + consumerKey); } finally { IdentityDatabaseUtil.closeStatement(issueAccessTokStmt); IdentityDatabaseUtil.closeAllConnections(connection, null, removeReqTokStmt); } }
/** * Generates a random number using two UUIDs and HMAC-SHA1 * * @return generated secure random number * @throws IdentityOAuthAdminException Invalid Algorithm or Invalid Key */ public static String getRandomNumber() throws IdentityOAuthAdminException { try { String secretKey = UUIDGenerator.generateUUID(); String baseString = UUIDGenerator.generateUUID(); SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(Charsets.UTF_8), ALGORITHM); Mac mac = Mac.getInstance(ALGORITHM); mac.init(key); byte[] rawHmac = mac.doFinal(baseString.getBytes(Charsets.UTF_8)); String random = Base64.encode(rawHmac); // Registry doesn't have support for these character. random = random.replace("/", "_"); random = random.replace("=", "a"); random = random.replace("+", "f"); return random; } catch (Exception e) { throw new IdentityOAuthAdminException("Error when generating a random number.", e); } }
public String[] addOAuthConsumer(String username, int tenantId, String userDomain) throws IdentityOAuthAdminException { Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = null; String sqlStmt = null; String consumerKey; String consumerSecret = OAuthUtil.getRandomNumber(); do { consumerKey = OAuthUtil.getRandomNumber(); } while (isDuplicateConsumer(consumerKey)); try { sqlStmt = SQLQueries.OAuthAppDAOSQLQueries.ADD_OAUTH_CONSUMER; prepStmt = connection.prepareStatement(sqlStmt); prepStmt.setString(1, consumerKey); prepStmt.setString(2, consumerSecret); prepStmt.setString(3, username); prepStmt.setInt(4, tenantId); prepStmt.setString(5, userDomain); // it is assumed that the OAuth version is 1.0a because this is required with OAuth 1.0a prepStmt.setString(6, OAuthConstants.OAuthVersions.VERSION_1A); prepStmt.execute(); connection.commit(); } catch (SQLException e) { throw new IdentityOAuthAdminException("Error when executing the SQL : " + sqlStmt, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, null, prepStmt); } return new String[]{consumerKey, consumerSecret}; }
/** * Authorizes the OAuth request token. * * @param oauthToken Authorized OAuth token * @param userName The name of the user who authorized the token. * @param oauthVerifier oauth_verifier - an unique identifier * @throws IdentityException */ public Parameters authorizeOAuthToken(String oauthToken, String userName, String oauthVerifier) throws IdentityException { Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = null; try { prepStmt = connection.prepareStatement(SQLQueries.OAuthConsumerDAOSQLQueries.AUTHORIZE_REQ_TOKEN); prepStmt.setString(1, Boolean.toString(true)); prepStmt.setString(2, oauthVerifier); prepStmt.setString(3, userName); prepStmt.setString(4, oauthToken); prepStmt.execute(); connection.commit(); } catch (SQLException e) { throw new IdentityOAuthAdminException("Error when authorizing the request token : " + oauthToken); } finally { IdentityDatabaseUtil.closeAllConnections(connection, null, prepStmt); } Parameters params = new Parameters(); params.setOauthCallback(getCallbackURLOfReqToken(oauthToken)); return params; }
private void triggerPreRevokeListeners(OAuthRevocationRequestDTO revokeRequestDTO) throws IdentityOAuthAdminException { OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance() .getOAuthEventInterceptorProxy(); if (oAuthEventInterceptorProxy != null && oAuthEventInterceptorProxy.isEnabled()) { try { oAuthEventInterceptorProxy.onPreTokenRevocationByResourceOwner(revokeRequestDTO); } catch (IdentityOAuth2Exception e) { throw new IdentityOAuthAdminException("Error occurred with Oauth pre-revoke listener ", e); } } }
/** * Remove Oauth consumer app related properties. * * @param tenantDomain application tenant domain * @param consumerKey client ID * @throws IdentityOAuthAdminException */ public void removeOIDCProperties(String tenantDomain, String consumerKey) throws IdentityOAuthAdminException { Connection connection = IdentityDatabaseUtil.getDBConnection(); try { removeOauthOIDCPropertyTable(connection, tenantDomain, consumerKey); connection.commit(); } catch (SQLException e) { String errorMsg = "Error removing OIDC properties for client ID: " + consumerKey + " and tenant domain: " + tenantDomain; IdentityDatabaseUtil.rollBack(connection); throw new IdentityOAuthAdminException(errorMsg, e); } finally { IdentityDatabaseUtil.closeAllConnections(connection, null, null); } }
/** * To insert oidc scopes and claims in the related db tables. * * @param scope an oidc scope * @throws IdentityOAuthAdminException if an error occurs when inserting scopes or claims. */ public void addScope(String scope, String[] claims) throws IdentityOAuthAdminException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { if (StringUtils.isNotEmpty(scope)) { OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().addScope(tenantId, scope, claims); } else { throw new IdentityOAuthAdminException("The scope can not be empty."); } } catch (IdentityOAuth2Exception e) { throw handleError("Error while inserting OIDC scopes and claims.", e); } }
private boolean validateUserForOwnerUpdate(OAuthAppDO oAuthAppDO) throws IdentityOAuthAdminException { try { String userName = null; String usernameWithDomain = null; if (oAuthAppDO.getAppOwner() != null) { userName = oAuthAppDO.getAppOwner().getUserName(); if (StringUtils.isEmpty(userName) || CarbonConstants.REGISTRY_SYSTEM_USERNAME.equals(userName)) { return false; } String domainName = oAuthAppDO.getAppOwner().getUserStoreDomain(); usernameWithDomain = UserCoreUtil.addDomainToName(userName, domainName); } UserRealm realm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm(); if (realm == null || StringUtils.isEmpty(usernameWithDomain)) { return false; } boolean isUserExist = realm.getUserStoreManager().isExistingUser(usernameWithDomain); if (!isUserExist) { throw new IdentityOAuthAdminException("User validation failed for owner update in the application: " + oAuthAppDO.getApplicationName() + " as user is not existing."); } } catch (UserStoreException e) { throw handleError("User validation failed for owner update in the application: " + oAuthAppDO.getApplicationName(), e); } return true; }
/** * Get OAuth application data by the consumer key. * * @param consumerKey Consumer Key * @return <code>OAuthConsumerAppDTO</code> with application information * @throws Exception Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO(); OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformation(consumerKey); if (app != null) { dto.setApplicationName(app.getApplicationName()); dto.setCallbackUrl(app.getCallbackUrl()); dto.setOauthConsumerKey(app.getOauthConsumerKey()); dto.setOauthConsumerSecret(app.getOauthConsumerSecret()); dto.setOAuthVersion(app.getOauthVersion()); dto.setGrantTypes(app.getGrantTypes()); dto.setPkceMandatory(app.isPkceMandatory()); dto.setPkceSupportPlain(app.isPkceSupportPlain()); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw new IdentityOAuthAdminException("Error while retrieving the app information using consumer key", e); } }
/** * Get OAuth application data by the application name. * * @param appName OAuth application name * @return <code>OAuthConsumerAppDTO</code> with application information * @throws Exception Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String appName) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto = new OAuthConsumerAppDTO(); OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformationByAppName(appName); if (app != null) { dto.setApplicationName(app.getApplicationName()); dto.setCallbackUrl(app.getCallbackUrl()); dto.setOauthConsumerKey(app.getOauthConsumerKey()); dto.setOauthConsumerSecret(app.getOauthConsumerSecret()); dto.setOAuthVersion(app.getOauthVersion()); dto.setGrantTypes(app.getGrantTypes()); dto.setPkceMandatory(app.isPkceMandatory()); dto.setPkceSupportPlain(app.isPkceSupportPlain()); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw new IdentityOAuthAdminException("Error while retrieving the app information by app name", e); } }