private void deleteRequestObjectReferenceforCode(String tokenId) throws IdentityOAuthAdminException { try (Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.DELETE_REQ_OBJECT_TOKEN_FOR_CODE)) { prepStmt.setString(1, tokenId); prepStmt.execute(); connection.commit(); } catch (SQLException e) { throw handleError("Can not delete existing entry for the same token id" + tokenId, e); } }
public void deleteRequestObjectReferenceByTokenId(String tokenId) throws IdentityOAuthAdminException { try (Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.DELETE_REQ_OBJECT_BY_TOKEN_ID)) { prepStmt.setString(1, tokenId); prepStmt.execute(); connection.commit(); } catch (SQLException e) { throw handleError("Error when executing the SQL : " + SQLQueries.DELETE_REQ_OBJECT_BY_TOKEN_ID, e); } }
public void deleteRequestObjectReferenceByCode(String codeId) throws IdentityOAuthAdminException { try (Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.DELETE_REQ_OBJECT_BY_CODE_ID)) { prepStmt.setString(1, codeId); prepStmt.execute(); connection.commit(); } catch (SQLException e) { throw handleError("Error when executing the SQL : " + SQLQueries.DELETE_REQ_OBJECT_BY_CODE_ID, e); } } }
public boolean isDuplicateConsumer(String consumerKey) throws IdentityOAuthAdminException { boolean isDuplicateConsumer = false; try (Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.CHECK_EXISTING_CONSUMER)) { prepStmt.setString(1, persistenceProcessor.getProcessedClientId(consumerKey)); try (ResultSet rSet = prepStmt.executeQuery()) { if (rSet.next()) { isDuplicateConsumer = true; } connection.commit(); } } catch (IdentityOAuth2Exception e) { throw handleError("Error occurred while processing the client id by TokenPersistenceProcessor", null); } catch (SQLException e) { throw handleError("Error when executing the SQL: " + SQLQueries.OAuthAppDAOSQLQueries .CHECK_EXISTING_CONSUMER, e); } return isDuplicateConsumer; }
public String getConsumerAppState(String consumerKey) throws IdentityOAuthAdminException { String consumerAppState = null; try (Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.GET_APPLICATION_STATE)) { prepStmt.setString(1, consumerKey); try (ResultSet rSet = prepStmt.executeQuery()) { if (rSet.next()) { consumerAppState = rSet.getString(APP_STATE); } else { if (log.isDebugEnabled()) { log.debug("No App found for the consumerKey: " + consumerKey); } } connection.commit(); } } catch (SQLException e) { throw handleError("Error while executing the SQL prepStmt.", e); } return consumerAppState; }
public void removeConsumerApplication(String consumerKey) throws IdentityOAuthAdminException { try (Connection connection = IdentityDatabaseUtil.getDBConnection(); PreparedStatement prepStmt = connection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.REMOVE_APPLICATION)) { prepStmt.setString(1, consumerKey); prepStmt.execute(); if (isOIDCAudienceEnabled()) { String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); removeOauthOIDCPropertyTable(connection, tenantDomain, consumerKey); } connection.commit(); } catch (SQLException e) { throw handleError("Error when executing the SQL : " + SQLQueries.OAuthAppDAOSQLQueries .REMOVE_APPLICATION, e); } }
/** * To retrieve all persisted oidc scopes with mapped claims. * * @return all persisted scopes and claims * @throws IdentityOAuth2Exception if an error occurs when loading scopes and claims. */ public ScopeDTO[] getScopes() throws IdentityOAuthAdminException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { List<ScopeDTO> scopeDTOList = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO(). getScopes(tenantId); if (CollectionUtils.isNotEmpty(scopeDTOList)) { return scopeDTOList.toArray(new ScopeDTO[scopeDTOList.size()]); } else { if (log.isDebugEnabled()) { log.debug("Could not find scope claim mapping. Hence returning an empty array."); } return new ScopeDTO[0]; } } catch (IdentityOAuth2Exception e) { throw handleError("Error while loading OIDC scopes and claims for tenant: " + tenantId, e); } }
/** * To retrieve all persisted oidc scopes. * * @return list of scopes persisted. * @throws IdentityOAuth2Exception if an error occurs when loading oidc scopes. */ public String[] getScopeNames() throws IdentityOAuthAdminException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { List<String> scopeDTOList = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO(). getScopeNames(tenantId); if (CollectionUtils.isNotEmpty(scopeDTOList)) { return scopeDTOList.toArray(new String[scopeDTOList.size()]); } else { if (log.isDebugEnabled()) { log.debug("Could not load oidc scopes. Hence returning an empty array."); } return new String[0]; } } catch (IdentityOAuth2Exception e) { throw handleError("Error while loading OIDC scopes and claims for tenant: " + tenantId, e); } }
private void triggerPreRevokeListeners(OAuthRevocationRequestDTO revokeRequestDTO) throws IdentityOAuthAdminException { OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance() .getOAuthEventInterceptorProxy(); if (oAuthEventInterceptorProxy != null && oAuthEventInterceptorProxy.isEnabled()) { try { Map<String, Object> paramMap = new HashMap<>(); oAuthEventInterceptorProxy.onPreTokenRevocationByResourceOwner(revokeRequestDTO, paramMap); } catch (IdentityOAuth2Exception e) { throw handleError("Error occurred with Oauth pre-revoke listener ", e); } } }
/** * To add new claims for an existing scope. * * @param scope scope name * @param addClaims list of oidc claims to be added * @param deleteClaims list of oidc claims to be deleted * @throws IdentityOAuth2Exception if an error occurs when adding a new claim for a scope. */ public void updateScope(String scope, String[] addClaims, String[] deleteClaims) throws IdentityOAuthAdminException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO(). updateScope(scope, tenantId, Arrays.asList(addClaims), Arrays.asList(deleteClaims)); } catch (IdentityOAuth2Exception e) { throw handleError("Error while updating OIDC claims for the scope: " + scope + " in tenant: " + tenantId, e); } }
/** * Get OAuth application data by the consumer key. * * @param consumerKey Consumer Key * @return <code>OAuthConsumerAppDTO</code> with application information * @throws IdentityOAuthAdminException Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationData(String consumerKey) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto; OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformation(consumerKey); if (app != null) { dto = buildConsumerAppDTO(app); if (log.isDebugEnabled()) { log.debug("Found App :" + dto.getApplicationName() + " for consumerKey: " + consumerKey); } } else { dto = new OAuthConsumerAppDTO(); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw handleError("Error while retrieving the app information using consumerKey: " + consumerKey, e); } }
/** * @param consumerKey * @param newState * @throws IdentityOAuthAdminException */ public void updateConsumerAppState(String consumerKey, String newState) throws IdentityOAuthAdminException { OAuthAppDAO oAuthAppDAO = new OAuthAppDAO(); try { OAuthAppDO oAuthAppDO = AppInfoCache.getInstance().getValueFromCache(consumerKey); if (oAuthAppDO == null) { oAuthAppDO = oAuthAppDAO.getAppInformation(consumerKey); } // change the state oAuthAppDO.setState(newState); Properties properties = new Properties(); properties.setProperty(OAuthConstants.OAUTH_APP_NEW_STATE, newState); properties.setProperty(OAuthConstants.ACTION_PROPERTY_KEY, OAuthConstants.ACTION_REVOKE); updateAppAndRevokeTokensAndAuthzCodes(consumerKey, properties); AppInfoCache.getInstance().addToCache(consumerKey, oAuthAppDO); if (log.isDebugEnabled()) { log.debug("App state is updated to:" + newState + " in the AppInfoCache for OAuth App with " + "consumerKey: " + consumerKey); } } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw handleError("Error while updating state of OAuth app with consumerKey: " + consumerKey, e); } }
/** * To remove persisted scopes and claims. * * @param scope oidc scope * @throws IdentityOAuthAdminException if an error occurs when deleting scopes and claims. */ public void deleteScope(String scope) throws IdentityOAuthAdminException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().deleteScope(scope, tenantId); } catch (IdentityOAuth2Exception e) { throw handleError("Error while deleting OIDC scope: " + scope, e); } }
/** * To insert oidc scopes and claims in the related db tables. * * @param scope an oidc scope * @throws IdentityOAuthAdminException if an error occurs when inserting scopes or claims. */ public void addScope(String scope, String[] claims) throws IdentityOAuthAdminException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { if (StringUtils.isNotEmpty(scope)) { OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().addScope(tenantId, scope, claims); } else { throw new IdentityOAuthAdminException("The scope can not be empty."); } } catch (IdentityOAuth2Exception e) { throw handleError("Error while inserting OIDC scopes and claims.", e); } }
/** * Get OAuth application data by the application name. * * @param appName OAuth application name * @return <code>OAuthConsumerAppDTO</code> with application information * @throws IdentityOAuthAdminException Error when reading application information from persistence store. */ public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String appName) throws IdentityOAuthAdminException { OAuthConsumerAppDTO dto; OAuthAppDAO dao = new OAuthAppDAO(); try { OAuthAppDO app = dao.getAppInformationByAppName(appName); if (app != null) { dto = buildConsumerAppDTO(app); } else { dto = new OAuthConsumerAppDTO(); } return dto; } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) { throw handleError("Error while retrieving the app information by app name: " + appName, e); } }
throw handleError("Error when updating OAuth application", e); } catch (IdentityOAuth2Exception e) { throw handleError("Error occurred while processing client id and client secret by " + "TokenPersistenceProcessor", e);
/** * To load id of the scope table. * * @param scope scope name * @return id of the given scope * @throws IdentityOAuth2Exception if an error occurs when loading scope id. */ public boolean isScopeExist(String scope) throws IdentityOAuthAdminException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { return OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO().isScopeExist(scope, tenantId); } catch (IdentityOAuth2Exception e) { throw handleError("Error while inserting the scopes.", e); } }
/** * To retrieve oidc claims mapped to an oidc scope. * * @param scope scope * @return list of claims which are mapped to the oidc scope. * @throws IdentityOAuth2Exception if an error occurs when lading oidc claims. */ public String[] getClaims(String scope) throws IdentityOAuthAdminException { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { ScopeDTO scopeDTO = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO(). getClaims(scope, tenantId); if (scopeDTO != null && ArrayUtils.isNotEmpty(scopeDTO.getClaim())) { return scopeDTO.getClaim(); } else { if (log.isDebugEnabled()) { log.debug("Could not load oidc claims. Hence returning an empty array."); } return new String[0]; } } catch (IdentityOAuth2Exception e) { throw handleError("Error while loading OIDC claims for the scope: " + scope + " in tenant: " + tenantId, e); } }
private AuthenticatedUser getAppOwner(OAuthConsumerAppDTO application, String tenantAwareLoggedInUser, String tenantDomain) throws IdentityOAuthAdminException { // We first set the logged in user as the owner. AuthenticatedUser appOwner = buildAuthenticatedUser(tenantAwareLoggedInUser, tenantDomain); String applicationOwnerInRequest = application.getUsername(); if (StringUtils.isNotBlank(applicationOwnerInRequest)) { String tenantAwareAppOwnerInRequest = MultitenantUtils.getTenantAwareUsername(applicationOwnerInRequest); try { if (CarbonContext.getThreadLocalCarbonContext().getUserRealm(). getUserStoreManager().isExistingUser(tenantAwareAppOwnerInRequest)) { // Since the app owner sent in OAuthConsumerAppDTO is a valid one we set the appOwner to be // the one sent in the OAuthConsumerAppDTO. appOwner = buildAuthenticatedUser(tenantAwareAppOwnerInRequest, tenantDomain); } else { log.warn("OAuth application owner user name " + applicationOwnerInRequest + " does not exist in the user store. Using logged-in user name " + tenantAwareLoggedInUser + " as app owner name"); } } catch (UserStoreException e) { throw handleError("Error while retrieving the user store manager for user: " + applicationOwnerInRequest, e); } } return appOwner; } }
private boolean validateUserForOwnerUpdate(OAuthAppDO oAuthAppDO) throws IdentityOAuthAdminException { try { String userName = null; String usernameWithDomain = null; if (oAuthAppDO.getAppOwner() != null) { userName = oAuthAppDO.getAppOwner().getUserName(); if (StringUtils.isEmpty(userName) || CarbonConstants.REGISTRY_SYSTEM_USERNAME.equals(userName)) { return false; } String domainName = oAuthAppDO.getAppOwner().getUserStoreDomain(); usernameWithDomain = UserCoreUtil.addDomainToName(userName, domainName); } UserRealm realm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm(); if (realm == null || StringUtils.isEmpty(usernameWithDomain)) { return false; } boolean isUserExist = realm.getUserStoreManager().isExistingUser(usernameWithDomain); if (!isUserExist) { throw new IdentityOAuthAdminException("User validation failed for owner update in the application: " + oAuthAppDO.getApplicationName() + " as user is not existing."); } } catch (UserStoreException e) { throw handleError("User validation failed for owner update in the application: " + oAuthAppDO.getApplicationName(), e); } return true; }