OpenAMClientRegistration.java revision af38905e8a5231702db169603d942d5d2e0c4332
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2015 ForgeRock AS.
*/
/**
* Models an OpenAM OAuth2 and OpenId Connect client registration in the OAuth2 provider.
*
* @since 12.0.0
*/
public class OpenAMClientRegistration implements OpenIdConnectClientRegistration {
private final AMIdentity amIdentity;
private final PEMDecoder pemDecoder;
private final OpenIdResolverService resolverService;
private final MessageDigest digest;
/**
* Constructs a new OpenAMClientRegistration.
*
* @param amIdentity The client's identity.
* @param pemDecoder A {@code PEMDecoder} instance.
*/
OpenAMClientRegistration(AMIdentity amIdentity, PEMDecoder pemDecoder, OpenIdResolverService resolverService)
throws InvalidClientException {
this.amIdentity = amIdentity;
this.pemDecoder = pemDecoder;
this.resolverService = resolverService;
try {
} catch (NoSuchAlgorithmException e) {
throw new InvalidClientException("SHA-256 algorithm MessageDigest not available");
}
}
/**
* {@inheritDoc}
*/
try {
Set<String> redirectionURIsSet = amIdentity.getAttribute(OAuth2Constants.OAuth2Client.REDIRECT_URI);
}
} catch (Exception e){
}
return redirectionURIs;
}
/**
* {@inheritDoc}
*/
try {
} catch (Exception e){
}
return convertAttributeValues(set);
}
/**
* {@inheritDoc}
*/
public String getClientSecret() {
try {
} catch (Exception e) {
}
}
/**
* {@inheritDoc}
*/
public String getClientId() {
return amIdentity.getName();
}
/**
* {@inheritDoc}
*/
public String getAccessTokenType() {
return "Bearer";
}
try {
} catch (Exception e){
}
}
}
}
return result;
}
/**
* {@inheritDoc}
*/
}
try {
} catch (Exception e){
}
}
/**
* {@inheritDoc}
*/
}
return value[1];
}
} else {
}
}
}
return defaultValue;
}
try {
} catch (Exception e) {
}
return convertAttributeValues(scopes);
}
for (int separator = localeString.lastIndexOf('_'); separator > -1; separator = localeString.lastIndexOf('_')) {
}
}
if (!localeString.isEmpty()) {
}
return strings;
}
/**
* {@inheritDoc}
*/
if (combinedScopes.isEmpty()) {
return descriptions;
}
while (i.hasNext()) {
//no description or locale
i.remove();
//no locale - default description
i.remove();
//locale and description
i.remove();
}
}
}
}
return descriptions;
}
try {
} catch (Exception e){
}
return convertAttributeValues(scopes);
}
/**
* {@inheritDoc}
*/
return parseScope(getDefaultGrantScopes());
}
for (String s : maximumScope) {
if (index == -1){
cleanScopes.add(s);
continue;
}
}
return cleanScopes;
}
/**
* {@inheritDoc}
*/
return parseScope(getAllowedGrantScopes());
}
/**
* {@inheritDoc}
*/
public boolean isConfidential() {
}
/**
* {@inheritDoc}
*/
public String getClientSessionURI() {
try {
} catch (Exception e) {
logger.error("Unable to get "+ OAuth2Constants.OAuth2Client.CLIENT_SESSION_URI +" from repository", e);
}
}
/**
* {@inheritDoc}
*/
public ClientType getClientType() {
final ClientType clientType;
try {
} else {
}
} catch (Exception e) {
}
return clientType;
}
if (idx != -1) {
}
}
}
return result;
}
/**
* {@inheritDoc}
*/
public String getIDTokenSignedResponseAlgorithm() {
try {
} catch (Exception e) {
logger.error("Unable to get "+ OAuth2Constants.OAuth2Client.IDTOKEN_SIGNED_RESPONSE_ALG +" from repository", e);
}
}
return null;
}
/**
* {@inheritDoc}
*/
public String getTokenEndpointAuthMethod() {
final String tokenEndpointAuthMethod;
try {
} catch (Exception e) {
logger.error("Unable to get "+ OAuth2Constants.OAuth2Client.TOKEN_ENDPOINT_AUTH_METHOD +" from repository", e);
}
} else { //default to client_secret_basic
}
return tokenEndpointAuthMethod;
}
/**
* {@inheritDoc}
*/
public String getSubjectType() {
final String subjectType;
try {
} catch (Exception e) {
}
} else { //default to public
}
return subjectType;
}
try {
switch (getClientPublicKeySelector()) {
case JWKS:
case JWKS_URI:
default:
}
} catch (Exception e) {
"Unable to get Client Bearer Jwt Public key from repository");
}
}
"No Client Bearer JWKs_URI set.");
}
}
private boolean byJWKsURI(OAuth2Jwt jwt) throws IdRepoException, SSOException, MalformedURLException {
"No Client Bearer JWKs_URI set.");
}
try {
boolean success =
if (!success) {
"Unable to configure internal JWK resolver service.");
}
}
} catch (OpenIdConnectVerificationException e) {
return false;
}
return jwt.isContentValid();
}
private boolean byX509Key(OAuth2Jwt jwt) throws IdRepoException, SSOException, CertificateException {
"No Client Bearer Jwt Public key certificate set");
}
}
/**
* Returns which of the possible selector types has been chosen by the client as
* the location for their public key.
*
* @return the client public key selector
*/
try {
} catch (SSOException e) {
logger.error("Unable to get " + OAuth2Constants.OAuth2Client.PUBLIC_KEY_SELECTOR + " from repository", e);
} catch (IdRepoException e) {
logger.error("Unable to get " + OAuth2Constants.OAuth2Client.PUBLIC_KEY_SELECTOR + " from repository", e);
}
}
/**
* {@inheritDoc}
*/
public URI getSectorIdentifierUri() {
try {
}
} catch (SSOException e) {
logger.error("Unable to get " + OAuth2Constants.OAuth2Client.SECTOR_IDENTIFIER_URI + " from repository", e);
} catch (IdRepoException e) {
logger.error("Unable to get " + OAuth2Constants.OAuth2Client.SECTOR_IDENTIFIER_URI + " from repository", e);
} catch (URISyntaxException e) {
logger.error("Unable to get " + OAuth2Constants.OAuth2Client.SECTOR_IDENTIFIER_URI + " from repository", e);
}
return null;
}
//get redirect_uris
if (getSectorIdentifierUri() != null) {
return null;
} else {
}
} else {
return id;
}
}
private String subValueFromHost(String host, String resourceOwnerId, OAuth2ProviderSettings providerSettings) {
try {
} catch (UnsupportedEncodingException e) {
return null;
} catch (ServerException e) {
return null;
}
}
return false;
}
}
return true;
}
}