public class OAuthMappingExtUtils
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static class |
OAuthMappingExtUtils.OAuthMappingExtUtilsProperties |
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
OAuthMappingExtUtils_java_copyright |
Constructor and Description |
---|
OAuthMappingExtUtils() |
Modifier and Type | Method and Description |
---|---|
static boolean |
associate(java.lang.String stateID,
java.lang.String attrKey,
java.lang.String attrValue)
Associates the attribute key-value pair to authorization grant state ID.
|
static boolean |
associate(java.lang.String stateID,
java.lang.String attrKey,
java.lang.String attrValue,
boolean sensitive,
boolean readonly)
Associates the attribute key-value pair to authorization grant state ID.
|
static java.lang.String |
batchCreate(java.lang.String stateID,
java.util.Map<java.lang.String,java.lang.String> attributesToCreate)
Perform a batch creation of associated attributes.
|
static java.lang.String |
batchDelete(java.lang.String stateID,
java.util.List<java.lang.String> attributesToDelete)
Perform a batch removal of the associated attributes of a grant
This will remove the attributes with the provided names.
|
static java.lang.String |
batchUpdate(java.lang.String stateID,
java.util.Map<java.lang.String,java.lang.String> attributesToUpdate)
Perform a batch modification of associated attributes.
|
static boolean |
createClient(java.lang.String definitionName,
java.lang.String clientId,
java.lang.String clientName,
java.lang.String companyName,
java.lang.String clientSecret,
java.lang.String[] redirectUris,
java.lang.String companyUrl,
java.lang.String contactPerson,
java.lang.String emailAddress,
java.lang.String phoneNumber,
java.lang.String contactType,
java.lang.String otherInfo,
boolean requirePkce,
java.lang.String jwksUri,
java.lang.String encryptionDb,
java.lang.String encryptionCert)
Creates a client.
|
static org.w3c.dom.Element |
createTokenElement(java.lang.String token,
java.lang.String tokenType)
Generate the element object based on the token passed in
Supported token types are:
1. urn:ietf:params:oauth:token-type:jwt
|
static int |
deleteAllTokensForUser(java.lang.String username)
Delete all tokens owned by a user from the cache
|
static boolean |
deleteClient(java.lang.String clientId)
Remove a client by clientId.
|
static boolean |
deleteGrant(java.lang.String stateID)
Delete an OAuth grant from the cache.
|
static boolean |
deleteHashedToken(java.lang.String tokenID)
Delete a Hashed OAuth token from the cache.
|
static boolean |
deleteToken(java.lang.String tokenID)
Delete an OAuth token from the cache.
|
static int |
deleteTokens(java.lang.String username,
java.lang.String clientId)
Delete all tokens owned by a user for a specific client from the cache
|
static int |
deleteTokens(java.lang.String username,
java.lang.String clientId,
int batchSize)
Delete all tokens owned by a user for a specific client from the cache
|
static java.lang.String |
disassociate(java.lang.String stateID,
java.lang.String attrKey)
Disassociates the attribute key-value pair from the authorization grant
state ID.
|
static java.lang.String |
extractIssuer(java.lang.String token,
java.lang.String tokenType)
Extract issuer from the token based on different token type.
|
static java.lang.String |
generateRandomString(int length)
Generate a random string of specified length.
|
static Token |
getActiveToken(java.lang.String tokenId)
Retrieve a token based off its tokenId.
|
static Token[] |
getActiveTokens(java.lang.String stateId)
Get the tokens associated with the given stateId
Expired tokens will not be returned.
|
static Token[] |
getActiveTokens(java.lang.String clientId,
java.lang.String username)
Get the tokens associated with the given username and client ID
Expired tokens will not be returned.
|
static Token[] |
getAllActiveTokensForUser(java.lang.String username)
Get all the tokens for a given user
Expired tokens will not be returned.
|
static Token[] |
getAllTokensForUser(java.lang.String username)
Get all the tokens for a given user
Some of the tokens returned may have expired and not been cleaned up.
|
static java.lang.String |
getAssociation(java.lang.String stateID,
java.lang.String attrKey)
Get an attribute value associated with the given state ID and attibute
key.
|
static java.lang.String[] |
getAssociationKeys(java.lang.String stateID)
Get all the attribute keys associated with the given
authorization grant state ID.
|
static java.lang.String[] |
getCertificateChain(java.lang.String keystore,
java.lang.String alias)
Retrieving Certificate chain value based on
|
static java.lang.String |
getCertificateThumbprint_S256(java.lang.String keystore,
java.lang.String alias)
Retrieving Certificate Thumbprint(x5tS256) value based on
|
static java.lang.String |
getCertificateThumbprint(java.lang.String keystore,
java.lang.String alias)
Retrieving Certificate Thumbprint(x5t) value based on
|
static Client |
getClient(java.lang.String clientId)
Retrive a client with the given clientId.
|
static Client[] |
getClientsByCompanyName(java.lang.String companyName)
Gets a list of clients which have an company name which matches the
provided value
|
static Client[] |
getClientsByContactPerson(java.lang.String person)
Gets a list of clients which have an contact person which matches the
provided value
|
static Client[] |
getClientsByEmail(java.lang.String emailAddress)
Gets a list of clients which have an email address which matches the
provided value
|
static Definition |
getDefinition(java.lang.String definitionName)
Retrive a definition with the given definitionName.
|
static Definition |
getDefinitionByID(long definitionID)
Retrive a definition with the given definitionID.
|
static java.util.Map<java.lang.String,java.lang.String> |
getEmptyMap() |
static Grant[] |
getGrants(java.lang.String username)
Get the grants associated with the given username.
|
static Token |
getToken(java.lang.String tokenId)
Retrieve a token based off its tokenId.
|
static Token[] |
getTokens(java.lang.String stateId)
Get the tokens associated with the given stateId
Some of the tokens returned may have expired and not been cleaned up.
|
static Token[] |
getTokens(java.lang.String clientId,
java.lang.String username)
Get the tokens associated with the given username and client ID
Some of the tokens returned may have expired and not been cleaned up.
|
static HttpResponse |
httpGet(java.lang.String urlstr)
HTTP client GET method.
|
static HttpResponse |
httpGet(java.lang.String urlstr,
java.util.Map headers,
java.lang.String httpsTrustStore,
java.lang.String basicAuthUsername,
java.lang.String basicAuthPassword,
java.lang.String clientKeyStore,
java.lang.String clientKeyAlias)
HTTP client GET method.
|
static HttpResponse |
httpPost(java.lang.String urlstr,
java.util.Map params)
HTTP client POST method.
|
static HttpResponse |
httpPost(java.lang.String urlstr,
java.util.Map headers,
java.util.Map params,
java.lang.String httpsTrustStore,
java.lang.String basicAuthUsername,
java.lang.String basicAuthPassword,
java.lang.String clientKeyStore,
java.lang.String clientKeyAlias)
HTTP client POST method.
|
static boolean |
isFapiCompliantByDefinitionID(long definitionID)
Retrive fapiCompliant Flag with the given definitionID.
|
static boolean |
isOidcCompliantByDefinitionID(long definitionID)
Retrieve oidcCompliant Flag with the given definitionID.
|
static java.lang.String |
parseSTSUUToJson(STSUniversalUser sts,
java.lang.String tokenType,
java.lang.String universalNameMapJson)
Parse the attribute in STSUU object to a JSON.
|
static java.lang.String |
retrieveActor(java.lang.String stateId)
Retrieve the act claims from the OAuth Token extra attributes table.
|
static java.util.Map<java.lang.String,java.lang.String> |
retrieveAllAssociations(java.lang.String stateID)
retrieve all associations for a given grant/state-id this is to be as
performant as possible
|
static byte[] |
SHA256Sum(java.lang.String value)
Get a SHA-256 hash of the provided value.
|
static byte[] |
SHA384Sum(java.lang.String value) |
static byte[] |
SHA512Sum(java.lang.String value)
Get a SHA-512 hash of the provided value.
|
static void |
storeJwtActor(java.lang.String act,
java.lang.String stateId)
Store the JWT token "act" claims into OAuth Token extra attributes table.
|
static void |
throwSTSAccessDeniedMessageException(java.lang.String message)
Used to throw STS Messages from Javascript mapping rules and to
return a 401.
|
static void |
throwSTSAccessDeniedMessageException(java.lang.String message,
java.lang.String details)
Used to throw STS Messages from Javascript mapping rules and to
return a 401.
|
static void |
throwSTSCustomUserMessageException(java.lang.String message,
int statusCode)
Used to throw STS Messages with user-supplied status code from Javascript mapping rules.
|
static void |
throwSTSCustomUserMessageException(java.lang.String message,
int statusCode,
java.lang.String errorType)
Used to throw STS Messages with user-supplied status code and error type from Javascript mapping rules.
|
static void |
throwSTSCustomUserPageException(java.lang.String message,
int statusCode,
java.lang.String errorType)
Used to throw STS Messages with user-supplied status code and error type from XLST/Javascript mapping rules.
|
static void |
throwSTSException(java.lang.String message)
Used to throw STS Messages from Javascript mapping rules.
|
static void |
throwSTSInvalidGrantMessageException(java.lang.String message)
Used to throw STS Messages from Javascript mapping rules and to
return a 400 with the error "invalid_grant"
|
static void |
throwSTSInvalidGrantMessageException(java.lang.String message,
java.lang.String details)
Used to throw STS Messages from Javascript mapping rules and to
return a 400 with the error "invalid_grant"
|
static void |
throwSTSUserMessageException(java.lang.String message)
Used to throw STS Messages from Javascript mapping rules.
|
static void |
throwSTSUserMessageException(java.lang.String message,
java.lang.String details)
Used to throw STS Messages from Javascript mapping rules.
|
static boolean |
updateClient(java.lang.String clientId,
java.lang.String clientName,
java.lang.String clientSecret,
java.lang.String[] redirectUris,
boolean requirePkce)
Update a client.
|
static boolean |
updateToken(java.lang.String tokenId,
java.lang.Long newLifetime,
java.lang.Long newLastUsed,
java.lang.Boolean enabled)
Update a tokens lifetime lastused or enabled state
One of newLifetime, newLastUsed and enabled must not be null.
|
public static final java.lang.String OAuthMappingExtUtils_java_copyright
public static void throwSTSException(java.lang.String message) throws STSException
IDMappingExtUtils.throwSTSException(String)
insteadSTSException
public static java.lang.String generateRandomString(int length)
length
- of the string to create.public static void throwSTSUserMessageException(java.lang.String message) throws STSUserMessageException
IDMappingExtUtils.throwSTSException(String)
insteadSTSUserMessageException
public static void throwSTSCustomUserPageException(java.lang.String message, int statusCode, java.lang.String errorType) throws STSCustomUserPageException
message
- to include as error_descriptionstatusCode
- to return Http status codeerrorType
- to include as errorSTSCustomUserPageException
public static void throwSTSCustomUserMessageException(java.lang.String message, int statusCode) throws STSCustomUserMessageException
message
- to include as error_descriptionstatusCode
- to return Http status codeSTSCustomUserMessageException
public static void throwSTSCustomUserMessageException(java.lang.String message, int statusCode, java.lang.String errorType) throws STSCustomUserMessageException
message
- to include as error_descriptionstatusCode
- to return Http status codeerrorType
- to include as errorSTSCustomUserMessageException
public static void throwSTSUserMessageException(java.lang.String message, java.lang.String details) throws STSUserMessageException
details
- string of details to include. If valid json will be
parsed and included as a json object, otherwise will be presented as a string.
use IDMappingExtUtils.throwSTSException(String)
insteadSTSUserMessageException
public static void throwSTSInvalidGrantMessageException(java.lang.String message) throws STSUserMessageException
message
- to include as a error_description
use IDMappingExtUtils.throwSTSException(String)
insteadSTSUserMessageException
public static void throwSTSInvalidGrantMessageException(java.lang.String message, java.lang.String details) throws STSUserMessageException
message
- to include as a error_descriptiondetails
- string or object
use IDMappingExtUtils.throwSTSException(String)
insteadSTSUserMessageException
public static void throwSTSAccessDeniedMessageException(java.lang.String message) throws STSUserMessageException
IDMappingExtUtils.throwSTSException(String)
insteadSTSUserMessageException
public static void throwSTSAccessDeniedMessageException(java.lang.String message, java.lang.String details) throws STSUserMessageException
details
- string of details to include. If valid json will be
parsed and included as a json object, otherwise will be presented as a string.
use IDMappingExtUtils.throwSTSException(String)
insteadSTSUserMessageException
public static boolean associate(java.lang.String stateID, java.lang.String attrKey, java.lang.String attrValue)
stateID
- State ID of the authorization grantattrKey
- Attribute keyattrValue
- Attribute valuepublic static boolean associate(java.lang.String stateID, java.lang.String attrKey, java.lang.String attrValue, boolean sensitive, boolean readonly)
stateID
- State ID of the authorization grantattrKey
- Attribute keyattrValue
- Attribute valuesensitive
- If this value should be stored as a sensitive value. If the
attribute already exists, its sensitive state will be
preserved.readonly
- If this value should be stored as a readonly value. If this
attribute already exists, its readonly state will be
preserved.public static boolean updateToken(java.lang.String tokenId, java.lang.Long newLifetime, java.lang.Long newLastUsed, java.lang.Boolean enabled)
tokenId
- identifier of the token to update. Cannot be null.newLifetime
- the new lifetime of the token in seconds. If null the lifetime
will not be changed.newLastUsed
- the new date last used of the token in milliseconds since the epoch
(i.e. 01 January 1970 00:00:00 UTC). If null the date last used will not be changed.enabled
- whether or not the token is enabled.public static java.lang.String disassociate(java.lang.String stateID, java.lang.String attrKey)
stateID
- State ID of the authorization grantattrKey
- Attribute keypublic static Token getToken(java.lang.String tokenId)
tokenId
- to lookuppublic static Token getActiveToken(java.lang.String tokenId)
tokenId
- to lookuppublic static Token[] getAllTokensForUser(java.lang.String username)
username
- which identifies a grantpublic static Token[] getAllActiveTokensForUser(java.lang.String username)
username
- which identifies a grantpublic static Token[] getTokens(java.lang.String stateId)
StateId
- which identifies a grantpublic static Token[] getActiveTokens(java.lang.String stateId)
StateId
- which identifies a grantpublic static Token[] getTokens(java.lang.String clientId, java.lang.String username)
clientId
- The client id of the token. This parameter cannot be null or empty.username
- The user name of the token. This parameter cannot be null or empty.public static Token[] getActiveTokens(java.lang.String clientId, java.lang.String username)
clientId
- The client id of the token. This parameter cannot be null or empty.username
- The user name of the token. This parameter cannot be null or empty.public static int deleteAllTokensForUser(java.lang.String username)
username
- username of the OAuth tokens to be deleted. This cannot be null or empty.public static int deleteTokens(java.lang.String username, java.lang.String clientId)
username
- username of the OAuth tokens to be deleted. This cannot be null or empty.clientId
- clientId of the OAuth tokens to be deleted. This cannot be null or empty.public static int deleteTokens(java.lang.String username, java.lang.String clientId, int batchSize)
username
- username of the OAuth tokens to be deleted. This cannot be null or empty.clientId
- clientId of the OAuth tokens to be deleted. This cannot be null or empty.batchSize
- The number of tokens to delete in a single batch.public static boolean deleteToken(java.lang.String tokenID)
tokenID
- ID of the OAuth token to be deleted. This cannot be null or empty.public static boolean deleteHashedToken(java.lang.String tokenID)
tokenID
- ID of the OAuth token to be deleted. This cannot be null or empty.public static Grant[] getGrants(java.lang.String username)
username
- The username of the grant. This parameter cannot be null or empty.public static boolean deleteGrant(java.lang.String stateID)
stateID
- ID of the OAuth grant to be deleted. This cannot be null or empty.public static java.lang.String[] getAssociationKeys(java.lang.String stateID)
stateID
- State ID of the authorization grantpublic static java.lang.String getAssociation(java.lang.String stateID, java.lang.String attrKey)
stateID
- State ID of the authorization grantpublic static java.util.Map<java.lang.String,java.lang.String> retrieveAllAssociations(java.lang.String stateID)
stateID
- of the grant/token to retirevepublic static java.lang.String batchDelete(java.lang.String stateID, java.util.List<java.lang.String> attributesToDelete)
stateId
- the token/grant to update.attributesToDelete
- list of attribute names to be deleted from the token/grants
extra attributespublic static java.util.Map<java.lang.String,java.lang.String> getEmptyMap()
public static java.lang.String batchCreate(java.lang.String stateID, java.util.Map<java.lang.String,java.lang.String> attributesToCreate)
stateId
- the token/grant to update.attributesToCreate
- map of key/value attributes to create. The key will not be
checked prior to insertion, thus primary key violations may
occur if an attempt to create an attribute which exists are
made.attributesToUpdate
- map of key/value attributes to update. The key will not be
checked prior to update, so no update will occur on a key
which does not existpublic static java.lang.String batchUpdate(java.lang.String stateID, java.util.Map<java.lang.String,java.lang.String> attributesToUpdate)
stateId
- the token/grant to update.attributesToUpdate
- map of key/value attributes to update. The key will not be
checked prior to update, so no update will occur on a key
which does not existpublic static HttpResponse httpGet(java.lang.String urlstr)
urlstr
- URLpublic static HttpResponse httpGet(java.lang.String urlstr, java.util.Map headers, java.lang.String httpsTrustStore, java.lang.String basicAuthUsername, java.lang.String basicAuthPassword, java.lang.String clientKeyStore, java.lang.String clientKeyAlias)
urlstr
- URLheaders
- A Map (String,String) to be added to the request header.httpsTrustStore
- The name of the trust store to use. If a HTTPS connection is
required and this is set to NULL, the default trust store
specified in the override configs will be used.basicAuthUsername
- Basic-auth username. If null, basic-auth will be disabled.basicAuthPassword
- Basic-auth password. If null, basic-auth will be disabled.clientKeyStore
- Client key store. If null, client cert auth will be disabled.clientKeyAlias
- Client key alias. If null, client cert auth will be disabled.public static HttpResponse httpPost(java.lang.String urlstr, java.util.Map params)
urlstr
- URLparams
- A Map (String,String) to be added to the request body.public static HttpResponse httpPost(java.lang.String urlstr, java.util.Map headers, java.util.Map params, java.lang.String httpsTrustStore, java.lang.String basicAuthUsername, java.lang.String basicAuthPassword, java.lang.String clientKeyStore, java.lang.String clientKeyAlias)
urlstr
- URLheaders
- A Map (String,String) to be added to the request header.params
- A Map (String,String) to be added to the request body.httpsTrustStore
- The trust store to use. If a HTTPS connection is required and
this is set to NULL, the default trust store specified in the
override configs will be used.basicAuthUsername
- Basic-auth username. If null, basic-auth will be disabled.basicAuthPassword
- Basic-auth password. If null, basic-auth will be disabled.clientKeyStore
- Client key store. If null, client cert auth will be disabled.clientKeyAlias
- Client key alias. If null, client cert auth will be disabled.public static Client getClient(java.lang.String clientId)
clientId
- to lookuppublic static Client[] getClientsByEmail(java.lang.String emailAddress)
emailAddress
- to search for clients withpublic static Client[] getClientsByContactPerson(java.lang.String person)
person
- to search for clients withpublic static Client[] getClientsByCompanyName(java.lang.String companyName)
companyName
- to search for clients withpublic static boolean createClient(java.lang.String definitionName, java.lang.String clientId, java.lang.String clientName, java.lang.String companyName, java.lang.String clientSecret, java.lang.String[] redirectUris, java.lang.String companyUrl, java.lang.String contactPerson, java.lang.String emailAddress, java.lang.String phoneNumber, java.lang.String contactType, java.lang.String otherInfo, boolean requirePkce, java.lang.String jwksUri, java.lang.String encryptionDb, java.lang.String encryptionCert)
definitionName
- of the definition to add this client toclientId
- identifier of this client.clientName
- friendly name of the client.companyName
- to identify which entity this client belongs toclientSecret
- OPTIONAL secret for confidential clientsredirectUri
- companyUrl
- contactPerson
- emailAddress
- phoneNumber
- contactType
- otherInfo
- public static boolean deleteClient(java.lang.String clientId)
clientId
- to identify the client to remove.public static boolean updateClient(java.lang.String clientId, java.lang.String clientName, java.lang.String clientSecret, java.lang.String[] redirectUris, boolean requirePkce)
clientId
- to identify the client to update.clientName
- new name of the client. Cannot be empty.clientSecret
- new client secret.redirectUri
- new redirectUripublic static byte[] SHA512Sum(java.lang.String value)
Base64Utility.encode(SHA512Sum(myValue));
value
- to sum.public static byte[] SHA384Sum(java.lang.String value)
public static byte[] SHA256Sum(java.lang.String value)
Base64Utility.encode(SHA256Sum(myValue));
value
- to sum.public static java.lang.String getCertificateThumbprint(java.lang.String keystore, java.lang.String alias) throws java.lang.Exception
value
- to certificate thumbprint in sha-1.java.lang.Exception
public static java.lang.String getCertificateThumbprint_S256(java.lang.String keystore, java.lang.String alias) throws java.lang.Exception
value
- to certificate thumbprint in sha-256.java.lang.Exception
public static java.lang.String[] getCertificateChain(java.lang.String keystore, java.lang.String alias) throws java.lang.Exception
value
- to certificate chainjava.lang.Exception
public static Definition getDefinition(java.lang.String definitionName)
definitionName
- to lookuppublic static Definition getDefinitionByID(long definitionID)
definitionID
- to lookuppublic static boolean isOidcCompliantByDefinitionID(long definitionID)
DefinitionName
- to lookuppublic static boolean isFapiCompliantByDefinitionID(long definitionID)
DefinitionName
- to lookuppublic static java.lang.String extractIssuer(java.lang.String token, java.lang.String tokenType) throws java.lang.Exception
token
- to be analyzed to get the issuer.tokenType
- is the type of the token.java.lang.Exception
public static org.w3c.dom.Element createTokenElement(java.lang.String token, java.lang.String tokenType) throws java.lang.Exception
token
- to be used to generate the Element Object.tokenType
- is the type of the token.java.lang.Exception
public static java.lang.String parseSTSUUToJson(STSUniversalUser sts, java.lang.String tokenType, java.lang.String universalNameMapJson) throws java.lang.Exception
sts
- is the STSUU object which contains the attribute.tokenType
- is the type of the token.universalNameMapJson
- is the JSON string which contains the universal and original name mapping.java.lang.Exception
public static void storeJwtActor(java.lang.String act, java.lang.String stateId) throws java.lang.Exception
act
- is the "act" claims in the jwt token.stateId
- is the State ID of the authorization grant.java.lang.Exception
public static java.lang.String retrieveActor(java.lang.String stateId)
stateId
- is State ID of the authorization grant.