OpenIDConnectDiscovery.java revision 073875d677d0cc89aa2cc1187c975225a2ead9d3
678N/A/*
3982N/A * DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
678N/A *
678N/A * Copyright (c) 2013 ForgeRock Inc. All rights reserved.
678N/A *
678N/A * The contents of this file are subject to the terms
678N/A * of the Common Development and Distribution License
678N/A * (the License). You may not use this file except in
678N/A * compliance with the License.
678N/A *
678N/A * You can obtain a copy of the License at
678N/A * http://forgerock.org/license/CDDLv1.0.html
678N/A * See the License for the specific language governing
678N/A * permission and limitations under the License.
678N/A *
678N/A * When distributing Covered Code, include this CDDL
678N/A * Header Notice in each file and include the License file
678N/A * at http://forgerock.org/license/CDDLv1.0.html
2362N/A * If applicable, add the following below the CDDL Header,
2362N/A * with the fields enclosed by brackets [] replaced by
2362N/A * your own identifying information:
678N/A * "Portions copyright [year] [name of copyright owner]"
678N/A */
678N/Apackage org.forgerock.openam.oauth2.openid;
678N/A
678N/Aimport com.sun.identity.idm.AMIdentity;
678N/Aimport org.forgerock.openam.oauth2.exceptions.OAuthProblemException;
678N/Aimport org.forgerock.openam.oauth2.OAuth2Utils;
678N/Aimport org.restlet.ext.json.JsonRepresentation;
678N/Aimport org.restlet.representation.Representation;
678N/Aimport org.restlet.resource.Get;
678N/Aimport org.restlet.resource.ServerResource;
1300N/A
1300N/Aimport java.net.URI;
678N/Aimport java.util.HashMap;
678N/Aimport java.util.HashSet;
704N/Aimport java.util.Map;
678N/Aimport java.util.Set;
678N/A
678N/Apublic class OpenIDConnectDiscovery extends ServerResource {
678N/A
678N/A @Get
678N/A public Representation discovery(){
678N/A
678N/A String resource = OAuth2Utils.getRequestParameter(getRequest(), "resource", String.class);
678N/A String rel = OAuth2Utils.getRequestParameter(getRequest(), "rel", String.class);
678N/A String realm = OAuth2Utils.getRealm(getRequest());
678N/A
678N/A if (resource == null || resource.isEmpty()){
678N/A OAuth2Utils.DEBUG.error("OpenIDConnectDiscovery.discover()::No resource provided in discovery.");
678N/A throw OAuthProblemException.OAuthError.BAD_REQUEST.handle(null,
678N/A "OpenIDConnectDiscovery.discover()::No resource provided in discovery.");
678N/A }
678N/A
678N/A if (rel == null || rel.isEmpty() || !rel.equalsIgnoreCase("http://openid.net/specs/connect/1.0/issuer")){
678N/A OAuth2Utils.DEBUG.error("OpenIDConnectDiscovery.discover()::No or invalid rel provided in discovery.");
678N/A throw OAuthProblemException.OAuthError.BAD_REQUEST.handle(null,
678N/A "OpenIDConnectDiscovery.discover()::No or invalid rel provided in discovery.");
678N/A }
678N/A
678N/A /*
678N/A Response format
678N/A {
678N/A "subject": "https://example.com:8080/",
678N/A "links":
1941N/A [
1941N/A {
1941N/A "rel": "http://openid.net/specs/connect/1.0/issuer",
1941N/A "href": "https://server.example.com"
1941N/A }
1941N/A ]
1941N/A }
1941N/A */
678N/A
678N/A String userid = null;
678N/A
678N/A //test if the resource is a uri
678N/A try {
678N/A URI object = new URI(resource);
678N/A if (object.getScheme().equalsIgnoreCase("https") ||
678N/A object.getScheme().equalsIgnoreCase("http")){
678N/A //resource is of the form of https://example.com/
678N/A if (object.getPath().isEmpty()){
678N/A } else {
678N/A //resource is of the form of https://example.com/joe
678N/A userid = object.getPath();
678N/A userid = userid.substring(1,userid.length());
678N/A }
678N/A } else if (object.getScheme().equalsIgnoreCase("acct")) {
678N/A //resource is not uri so only option is it is an email of form acct:joe@example.com
678N/A String s = new String(resource);
678N/A s = s.replaceFirst("acct:", "");
678N/A int firstAt = s.indexOf('@');
678N/A userid = s.substring(0,firstAt);
678N/A } else {
678N/A OAuth2Utils.DEBUG.error("OpenIDConnectDiscovery.discover()::Invalid parameters.");
678N/A throw OAuthProblemException.OAuthError.BAD_REQUEST.handle(null,
678N/A "OpenIDConnectDiscovery.discover()::Invalid parameters.");
678N/A }
678N/A } catch (Exception e){
678N/A OAuth2Utils.DEBUG.error("OpenIDConnectDiscovery.discover()::Invalid parameters.", e);
678N/A throw OAuthProblemException.OAuthError.BAD_REQUEST.handle(null,
678N/A "OpenIDConnectDiscovery.discover()::Invalid parameters.");
678N/A }
678N/A
678N/A if (userid != null){
678N/A //check if user exists on the server.
678N/A AMIdentity id = null;
678N/A try {
678N/A id = OAuth2Utils.getIdentity(userid, realm);
678N/A } catch (Exception e){
678N/A OAuth2Utils.DEBUG.error("OpenIDConnectDiscovery.discover()::Invalid parameters.", e);
678N/A throw OAuthProblemException.OAuthError.NOT_FOUND.handle(null,
678N/A "OpenIDConnectDiscovery.discover()::Invalid parameters.");
678N/A }
678N/A if (id == null){
678N/A OAuth2Utils.DEBUG.error("OpenIDConnectDiscovery.discover()::Invalid parameters.");
678N/A throw OAuthProblemException.OAuthError.NOT_FOUND.handle(null,
678N/A "OpenIDConnectDiscovery.discover()::Invalid parameters.");
678N/A }
678N/A }
678N/A
678N/A Map<String, Object> response = new HashMap<String, Object>();
678N/A response.put("subject", resource);
678N/A Set<Object> set = new HashSet<Object>();
678N/A Map<String, Object> objectMap = new HashMap<String, Object>();
678N/A objectMap.put("rel", rel);
678N/A objectMap.put("href", OAuth2Utils.getDeploymentURL(getRequest()));
678N/A set.add(objectMap);
678N/A response.put("links",set);
3054N/A
3054N/A return new JsonRepresentation(response);
3054N/A }
3054N/A}
3388N/A