/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2016 ForgeRock AS.
* Portions Copyrighted 2015 Nomura Research Institute, Ltd.
*/
/**
* Models all of the possible settings the OAuth2 provider can have and that can be configured.
* <br/>
* The actual implementation is responsible for providing the method in which these settings are configured. This
* interface only describes the API for other code to get the OAuth2 provider settings.
*
* @since 12.0.0
*/
/**
* Constructs a new OpenAMOAuth2ProviderSettings.
*
* @param settings OpenAM settings.
* @param realm The realm.
* @param resourceSetStore An instance of the ResourceSetStore for the current realm.
* @param serviceConfigManagerFactory Factory for creating {@code ServiceConfigManager} instances.
*/
public RealmOAuth2ProviderSettings(OpenAMSettings settings, String realm, ResourceSetStore resourceSetStore,
this.resourceSetStore = resourceSetStore;
}
private void addServiceListener() {
try {
"changes will not be dynamically updated for realm " + realm);
}
} catch (Exception e) {
}
}
private Set<String> getSetting(String realm, String attributeName) throws SSOException, SMSException {
synchronized (attributeCache) {
}
return value;
}
}
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
try {
} catch (SSOException | SMSException e) {
throw new ServerException(e);
}
}
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
public Map<String, ResponseTypeHandler> getAllowedResponseTypes() throws UnsupportedResponseTypeException,
try {
Set<String> responseTypeSet = getSetting(realm, OAuth2Constants.OAuth2ProviderService.RESPONSE_TYPE_LIST);
return Collections.emptyMap();
}
continue;
}
}
return responseTypes;
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
throws UnsupportedResponseTypeException {
logger.warning("Requested a response type that is not configured. response_type=" + responseTypeName);
throw new UnsupportedResponseTypeException("Response type is not supported");
return new NoneResponseTypeHandler();
}
try {
} catch (ClassNotFoundException e) {
throw new UnsupportedResponseTypeException("Response type is not supported");
}
}
public boolean isSaveConsentEnabled() {
try {
return settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.SAVED_CONSENT_ATTRIBUTE)!= null;
} catch (SMSException | SSOException e) {
}
return false;
}
try {
if (isSaveConsentEnabled()) {
consentAttribute = settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.SAVED_CONSENT_ATTRIBUTE);
if (attributeSet != null) {
if (logger.messageEnabled()) {
}
//check the values of the attribute set vs the scope and client requested
//attribute set is in the form of client_id|scope1 scope2 scope3
}
} else {
}
//if both the client and the scopes are identical to the saved consent then approve
return true;
}
}
} else {
if (logger.messageEnabled()) {
}
}
}
} else {
}
} catch (Exception e) {
}
return false;
}
if (scopeValidator == null) {
try {
final String scopeValidatorClassName = getStringSettingValue(OAuth2Constants.OAuth2ProviderService.SCOPE_PLUGIN_CLASS);
if (isEmpty(scopeValidatorClassName)) {
throw new ServerException("Scope Validator class not set.");
}
} catch (ClassNotFoundException e) {
throw new ServerException(e);
}
}
return scopeValidator;
}
public Set<String> validateAuthorizationScope(ClientRegistration clientRegistration, Set<String> scope,
}
public Set<String> validateAccessTokenScope(ClientRegistration clientRegistration, Set<String> scope,
}
public Set<String> validateRefreshTokenScope(ClientRegistration clientRegistration, Set<String> requestedScope,
return getScopeValidator().validateRefreshTokenScope(clientRegistration, requestedScope, tokenScope, request);
}
public UserInfoClaims getUserInfo(ClientRegistration clientRegistration, AccessToken token, OAuth2Request request)
}
}
}
}
try {
consentAttribute = settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.SAVED_CONSENT_ATTRIBUTE);
if (consentAttribute != null) {
//get the current set of consents and add our new consent to it if they exist.
} else {
}
if (logger.messageEnabled()) {
}
} else {
}
} catch (Exception e) {
consentAttribute, realm, e);
}
}
try {
consentAttribute = settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.SAVED_CONSENT_ATTRIBUTE);
if (consentAttribute != null) {
return;
}
}
}
}
consentAttribute, realm, e);
}
}
private void updateConsentValues(String consentAttribute, AMIdentity id, Set<String> consents) throws IdRepoException, SSOException {
//update the user profile with our new consent settings
}
try {
return settings.getBooleanSetting(realm, OAuth2Constants.OAuth2ProviderService.ISSUE_REFRESH_TOKEN);
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
try {
return settings.getBooleanSetting(realm, OAuth2Constants.OAuth2ProviderService.ISSUE_REFRESH_TOKEN_ON_REFRESHING_TOKEN);
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
}
}
}
}
try {
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
}
return supportedClaimsWithoutTranslations = getWithoutTranslations(OAuth2Constants.OAuth2ProviderService.SUPPORTED_CLAIMS,
}
}
return supportedScopesWithoutTranslations = getWithoutTranslations(OAuth2Constants.OAuth2ProviderService.SUPPORTED_SCOPES,
}
}
return cached;
}
try {
synchronized (attributeCache) {
if (pipe > -1) {
} else {
}
}
return claims;
}
} catch (SMSException e) {
throw new ServerException(e);
} catch (SSOException e) {
throw new ServerException(e);
}
}
}
}
return getSettingStrings("supportedIDTokenEncryptionAlgorithms");
}
return getSettingStrings("supportedIDTokenEncryptionMethods");
}
}
synchronized (jwks) {
try {
} else {
}
continue;
}
continue;
}
key = settings.getSigningKeyPair(realm, JwsAlgorithm.valueOf(aliasSplit[0].toUpperCase())).getPublic();
continue;
}
} else {
+ algorithmAlias);
}
}
} catch (SMSException | SSOException e) {
throw new ServerException(e);
}
}
}
}
throws ServerException {
}
static Map<String, Object> createECJWK(String alias, ECPublicKey key, KeyUse use) throws ServerException {
String kid = Hash.hash(alias + ':' + curve.getStandardName() + ':' + x.toString() + ':' + y.toString());
}
try {
} catch (SSOException | SMSException e) {
throw new ServerException(e);
}
throw new ServerException("Alias of Token Signing Key not set.");
}
return alias;
}
return getStringSettingValue(OAuth2Constants.OAuth2ProviderService.CREATED_TIMESTAMP_ATTRIBUTE_NAME);
}
return getStringSettingValue(OAuth2Constants.OAuth2ProviderService.MODIFIED_TIMESTAMP_ATTRIBUTE_NAME);
}
}
try {
return settings.getBooleanSetting(realm, OAuth2Constants.OAuth2ProviderService.OPEN_DYNAMIC_REGISTRATION_ALLOWED);
} catch (SSOException e) {
throw new ServerException(e);
} catch (SMSException e) {
throw new ServerException(e);
}
}
try {
return settings.getBooleanSetting(realm, OAuth2Constants.OAuth2ProviderService.GENERATE_REGISTRATION_ACCESS_TOKENS);
} catch (SSOException e) {
throw new ServerException(e);
} catch (SMSException e) {
throw new ServerException(e);
}
}
try {
final Map<String, AuthenticationMethod> methods = new HashMap<String, AuthenticationMethod>(map.size());
}
return methods;
} catch (SSOException e) {
throw new ServerException(e);
} catch (SMSException e) {
throw new ServerException(e);
}
}
}
try {
} catch (SSOException | SMSException e) {
throw new ServerException(e);
}
}
try {
} catch (SSOException | SMSException e) {
throw new ServerException(e);
}
}
try {
} catch (SSOException e) {
throw new ServerException(e);
} catch (SMSException e) {
throw new ServerException(e);
}
}
public boolean exists() {
try {
} catch (Exception e) {
return false;
}
}
return resourceSetStore;
}
try {
return settings.getBooleanSetting(realm, OAuth2Constants.OAuth2ProviderService.CLAIMS_PARAMETER_SUPPORTED);
} catch (SSOException e) {
throw new ServerException(e);
} catch (SMSException e) {
}
return false;
}
public String validateRequestedClaims(String requestedClaims) throws InvalidRequestException, ServerException {
if (!getClaimsParameterSupported()) {
return null;
}
return null;
}
try {
}
}
}
}
} catch (JSONException e) {
throw new InvalidRequestException("Requested claims must be valid json.");
}
throw new InvalidRequestException("Requested claims must be allowed by the client's configuration");
}
return requestedClaims;
}
}
return supported;
}
try {
} catch (SSOException | SMSException e) {
throw new ServerException(e);
}
}
}
try {
return settings.getBooleanSetting(realm, OAuth2Constants.OAuth2ProviderService.ALWAYS_ADD_CLAIMS_TO_TOKEN);
} catch (SSOException | SMSException e) {
throw new ServerException(e);
}
}
}
}
try {
String loginUrlTemplateString = settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.RESOURCE_OWNER_CUSTOM_LOGIN_URL_TEMPLATE);
if (loginUrlTemplateString != null) {
new Configuration());
}
return loginUrlTemplate;
throw new ServerException(e);
}
}
}
}
}
}
return Boolean.parseBoolean(getStringSettingValue(OAuth2Constants.OAuth2ProviderService.STORE_OPS_TOKENS));
}
return Boolean.parseBoolean(getStringSettingValue(OAuth2Constants.OAuth2ProviderService.CLIENTS_CAN_SKIP_CONSENT));
}
}
/**
* ServiceListener implementation to clear cache when it changes.
*/
+ ". This is unexpected.");
}
public void globalConfigChanged(String serviceName, String version, String groupName, String serviceComponent,
int type) {
logger.warning("The globalConfigChanged ServiceListener method was invoked for service " + serviceName);
//if the global config changes, all organizationalConfig change listeners are invoked as well.
}
public void organizationConfigChanged(String serviceName, String version, String orgName, String groupName,
if (logger.messageEnabled()) {
}
synchronized (attributeCache) {
}
} else {
if (logger.messageEnabled()) {
}
}
}
/*
The listener receives updates for all changes for each service instance in a given realm. I want to be sure
that I only pull updates as necessary if the update pertains to this particular realm.
*/
private boolean currentRealmTargetedByOrganizationUpdate(String serviceName, String version, String orgName,
int type) {
}
}
}