Class OAuthMappingExtUtils
- java.lang.Object
-
- com.tivoli.am.fim.trustserver.sts.utilities.OAuthMappingExtUtils
-
public class OAuthMappingExtUtils extends java.lang.Object
Implementation of STS Mapping Extension Functions for OAuth.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
OAuthMappingExtUtils.OAuthMappingExtUtilsProperties
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
OAuthMappingExtUtils_java_copyright
-
Constructor Summary
Constructors Constructor Description OAuthMappingExtUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
associate(java.lang.String stateID, java.lang.String attrKey, java.lang.String attrValue)
Associates the attribute key-value pair to authorization grant state ID.static boolean
associate(java.lang.String stateID, java.lang.String attrKey, java.lang.String attrValue, boolean sensitive, boolean readonly)
Associates the attribute key-value pair to authorization grant state ID.static java.lang.String
batchCreate(java.lang.String stateID, java.util.Map<java.lang.String,java.lang.String> attributesToCreate)
Perform a batch creation of associated attributes.static java.lang.String
batchDelete(java.lang.String stateID, java.util.List<java.lang.String> attributesToDelete)
Perform a batch removal of the associated attributes of a grant This will remove the attributes with the provided names.static java.lang.String
batchUpdate(java.lang.String stateID, java.util.Map<java.lang.String,java.lang.String> attributesToUpdate)
Perform a batch modification of associated attributes.static boolean
createClient(java.lang.String definitionName, java.lang.String clientId, java.lang.String clientName, java.lang.String companyName, java.lang.String clientSecret, java.lang.String[] redirectUris, java.lang.String companyUrl, java.lang.String contactPerson, java.lang.String emailAddress, java.lang.String phoneNumber, java.lang.String contactType, java.lang.String otherInfo, boolean requirePkce, java.lang.String jwksUri, java.lang.String encryptionDb, java.lang.String encryptionCert)
Creates a client.static org.w3c.dom.Element
createTokenElement(java.lang.String token, java.lang.String tokenType)
Generate the element object based on the token passed in Supported token types are: 1. urn:ietf:params:oauth:token-type:jwtstatic java.lang.String
createUUID()
Create a UUID Stringstatic int
deleteAllTokensForUser(java.lang.String username)
Delete all tokens owned by a user from the cachestatic boolean
deleteClient(java.lang.String clientId)
Remove a client by clientId.static boolean
deleteGrant(java.lang.String stateID)
Delete an OAuth grant from the cache.static boolean
deleteGrant(java.lang.String stateID, java.lang.Boolean cleanAttributes)
Delete an OAuth grant from the cache.static boolean
deleteHashedToken(java.lang.String tokenID)
Delete a Hashed OAuth token from the cache.static boolean
deleteToken(java.lang.String tokenID)
Delete an OAuth token from the cache.static int
deleteTokens(java.lang.String username, java.lang.String clientId)
Delete all tokens owned by a user for a specific client from the cachestatic int
deleteTokens(java.lang.String username, java.lang.String clientId, int batchSize)
Delete all tokens owned by a user for a specific client from the cachestatic java.lang.String
disassociate(java.lang.String stateID, java.lang.String attrKey)
Disassociates the attribute key-value pair from the authorization grant state ID.static java.lang.String
extractIssuer(java.lang.String token, java.lang.String tokenType)
Extract issuer from the token based on different token type.static java.lang.String
generateRandomString(int length)
Generate a random string of specified length.static Token
getActiveToken(java.lang.String tokenId)
Retrieve a token based off its tokenId.static Token[]
getActiveTokens(java.lang.String stateId)
Get the tokens associated with the given stateId Expired tokens will not be returned.static Token[]
getActiveTokens(java.lang.String clientId, java.lang.String username)
Get the tokens associated with the given username and client ID Expired tokens will not be returned.static Token[]
getAllActiveTokensForUser(java.lang.String username)
Get all the tokens for a given user Expired tokens will not be returned.static Token[]
getAllTokensForUser(java.lang.String username)
Get all the tokens for a given user Some of the tokens returned may have expired and not been cleaned up.static java.lang.String
getAssociation(java.lang.String stateID, java.lang.String attrKey)
Get an attribute value associated with the given state ID and attibute key.static java.lang.String[]
getAssociationKeys(java.lang.String stateID)
Get all the attribute keys associated with the given authorization grant state ID.static java.lang.String[]
getCertificateChain(java.lang.String keystore, java.lang.String alias)
Retrieving Certificate chain value based onstatic java.lang.String
getCertificateThumbprint(java.lang.String keystore, java.lang.String alias)
Retrieving Certificate Thumbprint(x5t) value based onstatic java.lang.String
getCertificateThumbprint_S256(java.lang.String keystore, java.lang.String alias)
Retrieving Certificate Thumbprint(x5tS256) value based onstatic Client
getClient(java.lang.String clientId)
Retrive a client with the given clientId.static Client[]
getClientsByCompanyName(java.lang.String companyName)
Gets a list of clients which have an company name which matches the provided valuestatic Client[]
getClientsByContactPerson(java.lang.String person)
Gets a list of clients which have an contact person which matches the provided valuestatic Client[]
getClientsByEmail(java.lang.String emailAddress)
Gets a list of clients which have an email address which matches the provided valuestatic Definition
getDefinition(java.lang.String definitionName)
Retrive a definition with the given definitionName.static Definition
getDefinitionByID(long definitionID)
Retrive a definition with the given definitionID.static java.util.Map<java.lang.String,java.lang.String>
getEmptyMap()
static Grant[]
getGrants(java.lang.String username)
Get the grants associated with the given username.static Token
getToken(java.lang.String tokenId)
Retrieve a token based off its tokenId.static Token[]
getTokens(java.lang.String stateId)
Get the tokens associated with the given stateId Some of the tokens returned may have expired and not been cleaned up.static Token[]
getTokens(java.lang.String clientId, java.lang.String username)
Get the tokens associated with the given username and client ID Some of the tokens returned may have expired and not been cleaned up.static HttpResponse
httpGet(java.lang.String urlstr)
HTTP client GET method.static HttpResponse
httpGet(java.lang.String urlstr, java.util.Map headers, java.lang.String httpsTrustStore, java.lang.String basicAuthUsername, java.lang.String basicAuthPassword, java.lang.String clientKeyStore, java.lang.String clientKeyAlias)
HTTP client GET method.static HttpResponse
httpPost(java.lang.String urlstr, java.util.Map params)
HTTP client POST method.static HttpResponse
httpPost(java.lang.String urlstr, java.util.Map headers, java.util.Map params, java.lang.String httpsTrustStore, java.lang.String basicAuthUsername, java.lang.String basicAuthPassword, java.lang.String clientKeyStore, java.lang.String clientKeyAlias)
HTTP client POST method.static boolean
isFapiCompliantByDefinitionID(long definitionID)
Retrive fapiCompliant Flag with the given definitionID.static boolean
isOidcCompliantByDefinitionID(long definitionID)
Retrieve oidcCompliant Flag with the given definitionID.static java.lang.String
parseSTSUUToJson(STSUniversalUser sts, java.lang.String tokenType, java.lang.String universalNameMapJson)
Parse the attribute in STSUU object to a JSON.static java.lang.String
retrieveActor(java.lang.String stateId)
Retrieve the act claims from the OAuth Token extra attributes table.static java.util.Map<java.lang.String,java.lang.String>
retrieveAllAssociations(java.lang.String stateID)
retrieve all associations for a given grant/state-id this is to be as performant as possiblestatic byte[]
SHA256Sum(java.lang.String value)
Get a SHA-256 hash of the provided value.static byte[]
SHA384Sum(java.lang.String value)
static byte[]
SHA512Sum(java.lang.String value)
Get a SHA-512 hash of the provided value.static void
storeJwtActor(java.lang.String act, java.lang.String stateId)
Store the JWT token "act" claims into OAuth Token extra attributes table.static void
throwSTSAccessDeniedMessageException(java.lang.String message)
Used to throw STS Messages from Javascript mapping rules and to return a 401.static void
throwSTSAccessDeniedMessageException(java.lang.String message, java.lang.String details)
Used to throw STS Messages from Javascript mapping rules and to return a 401.static void
throwSTSCustomUserMessageException(java.lang.String message, int statusCode)
Used to throw STS Messages with user-supplied status code from Javascript mapping rules.static void
throwSTSCustomUserMessageException(java.lang.String message, int statusCode, java.lang.String errorType)
Used to throw STS Messages with user-supplied status code and error type from Javascript mapping rules.static void
throwSTSCustomUserPageException(java.lang.String message, int statusCode, java.lang.String errorType)
Used to thrown an error page with user-supplied message, status code and error type from XLST/Javascript mapping rules.static void
throwSTSException(java.lang.String message)
Used to throw STS Messages from Javascript mapping rules.static void
throwSTSInvalidGrantMessageException(java.lang.String message)
Used to throw STS Messages from Javascript mapping rules and to return a 400 with the error "invalid_grant"static void
throwSTSInvalidGrantMessageException(java.lang.String message, java.lang.String details)
Used to throw STS Messages from Javascript mapping rules and to return a 400 with the error "invalid_grant"static void
throwSTSUserMessageException(java.lang.String message)
Used to throw STS Messages from Javascript mapping rules.static void
throwSTSUserMessageException(java.lang.String message, java.lang.String details)
Used to throw STS Messages from Javascript mapping rules.static boolean
updateClient(java.lang.String clientId, java.lang.String clientName, java.lang.String clientSecret, java.lang.String[] redirectUris, boolean requirePkce)
Update a client.static boolean
updateToken(java.lang.String tokenId, java.lang.Long newLifetime, java.lang.Long newLastUsed, java.lang.Boolean enabled)
Update a tokens lifetime lastused or enabled state One of newLifetime, newLastUsed and enabled must not be null.
-
-
-
Method Detail
-
throwSTSException
public static void throwSTSException(java.lang.String message) throws STSException
Used to throw STS Messages from Javascript mapping rules. useIDMappingExtUtils.throwSTSException(String)
instead- Throws:
STSException
-
generateRandomString
public static java.lang.String generateRandomString(int length)
Generate a random string of specified length. Charset will include:- A-Z
- a-z
- 0-9
- Parameters:
length
- of the string to create.- Returns:
- a String of specified length
-
throwSTSUserMessageException
public static void throwSTSUserMessageException(java.lang.String message) throws STSUserMessageException
Used to throw STS Messages from Javascript mapping rules. useIDMappingExtUtils.throwSTSException(String)
instead- Throws:
STSUserMessageException
-
throwSTSCustomUserPageException
public static void throwSTSCustomUserPageException(java.lang.String message, int statusCode, java.lang.String errorType) throws STSCustomUserPageException
Used to thrown an error page with user-supplied message, status code and error type from XLST/Javascript mapping rules.- Parameters:
message
- to include as error_description in the error pagestatusCode
- to return Http status codeerrorType
- to include as error- Throws:
STSCustomUserPageException
-
throwSTSCustomUserMessageException
public static void throwSTSCustomUserMessageException(java.lang.String message, int statusCode) throws STSCustomUserMessageException
Used to throw STS Messages with user-supplied status code from Javascript mapping rules.- Parameters:
message
- to include as error_descriptionstatusCode
- to return Http status code- Throws:
STSCustomUserMessageException
-
throwSTSCustomUserMessageException
public static void throwSTSCustomUserMessageException(java.lang.String message, int statusCode, java.lang.String errorType) throws STSCustomUserMessageException
Used to throw STS Messages with user-supplied status code and error type from Javascript mapping rules.- Parameters:
message
- to include as error_descriptionstatusCode
- to return Http status codeerrorType
- to include as error- Throws:
STSCustomUserMessageException
-
throwSTSUserMessageException
public static void throwSTSUserMessageException(java.lang.String message, java.lang.String details) throws STSUserMessageException
Used to throw STS Messages from Javascript mapping rules.- Parameters:
details
- string of details to include. If valid json will be parsed and included as a json object, otherwise will be presented as a string. useIDMappingExtUtils.throwSTSException(String)
instead- Throws:
STSUserMessageException
-
throwSTSInvalidGrantMessageException
public static void throwSTSInvalidGrantMessageException(java.lang.String message) throws STSUserMessageException
Used to throw STS Messages from Javascript mapping rules and to return a 400 with the error "invalid_grant"- Parameters:
message
- to include as a error_description useIDMappingExtUtils.throwSTSException(String)
instead- Throws:
STSUserMessageException
-
throwSTSInvalidGrantMessageException
public static void throwSTSInvalidGrantMessageException(java.lang.String message, java.lang.String details) throws STSUserMessageException
Used to throw STS Messages from Javascript mapping rules and to return a 400 with the error "invalid_grant"- Parameters:
message
- to include as a error_descriptiondetails
- string or object useIDMappingExtUtils.throwSTSException(String)
instead- Throws:
STSUserMessageException
-
throwSTSAccessDeniedMessageException
public static void throwSTSAccessDeniedMessageException(java.lang.String message) throws STSUserMessageException
Used to throw STS Messages from Javascript mapping rules and to return a 401. useIDMappingExtUtils.throwSTSException(String)
instead- Throws:
STSUserMessageException
-
throwSTSAccessDeniedMessageException
public static void throwSTSAccessDeniedMessageException(java.lang.String message, java.lang.String details) throws STSUserMessageException
Used to throw STS Messages from Javascript mapping rules and to return a 401.- Parameters:
details
- string of details to include. If valid json will be parsed and included as a json object, otherwise will be presented as a string. useIDMappingExtUtils.throwSTSException(String)
instead- Throws:
STSUserMessageException
-
associate
public static boolean associate(java.lang.String stateID, java.lang.String attrKey, java.lang.String attrValue)
Associates the attribute key-value pair to authorization grant state ID. This method will set the sensitive and readonly properties to false.- Parameters:
stateID
- State ID of the authorization grantattrKey
- Attribute keyattrValue
- Attribute value- Returns:
- Whether or not it succeeded.
-
associate
public static boolean associate(java.lang.String stateID, java.lang.String attrKey, java.lang.String attrValue, boolean sensitive, boolean readonly)
Associates the attribute key-value pair to authorization grant state ID. When updating an existing property, this method does not allow changes to be made to the immutable sensitive and readonly properties. Will not mark a sensitive attributes as non-sensitive, or a non-sensitive attribute as sensitive. The same applies for readonly.- Parameters:
stateID
- State ID of the authorization grantattrKey
- Attribute keyattrValue
- Attribute valuesensitive
- If this value should be stored as a sensitive value. If the attribute already exists, its sensitive state will be preserved.readonly
- If this value should be stored as a readonly value. If this attribute already exists, its readonly state will be preserved.- Returns:
- Whether or not it succeeded.
-
updateToken
public static boolean updateToken(java.lang.String tokenId, java.lang.Long newLifetime, java.lang.Long newLastUsed, java.lang.Boolean enabled)
Update a tokens lifetime lastused or enabled state One of newLifetime, newLastUsed and enabled must not be null.- Parameters:
tokenId
- identifier of the token to update. Cannot be null.newLifetime
- the new lifetime of the token in seconds. If null the lifetime will not be changed.newLastUsed
- the new date last used of the token in milliseconds since the epoch (i.e. 01 January 1970 00:00:00 UTC). If null the date last used will not be changed.enabled
- whether or not the token is enabled.
-
disassociate
public static java.lang.String disassociate(java.lang.String stateID, java.lang.String attrKey)
Disassociates the attribute key-value pair from the authorization grant state ID.- Parameters:
stateID
- State ID of the authorization grantattrKey
- Attribute key- Returns:
- Attribute value of disassociated attribute. Null if attribute not found.
-
getToken
public static Token getToken(java.lang.String tokenId)
Retrieve a token based off its tokenId. If token hashing is enabled, the is function will handle hashing the token for the lookup. The token returned may have expired and not yet been cleaned up.- Parameters:
tokenId
- to lookup
-
getActiveToken
public static Token getActiveToken(java.lang.String tokenId)
Retrieve a token based off its tokenId. If token hashing is enabled, the is function will handle hashing the token for the lookup. Expired tokens will not be returned.- Parameters:
tokenId
- to lookup
-
getAllTokensForUser
public static Token[] getAllTokensForUser(java.lang.String username)
Get all the tokens for a given user Some of the tokens returned may have expired and not been cleaned up. Some of the tokens may not belong to this client.- Parameters:
username
- which identifies a grant- Returns:
- An array of tokens issued for the provided user
-
getAllActiveTokensForUser
public static Token[] getAllActiveTokensForUser(java.lang.String username)
Get all the tokens for a given user Expired tokens will not be returned. Some of the tokens may not belong to this client.- Parameters:
username
- which identifies a grant- Returns:
- An array of tokens issued for the provided user
-
getTokens
public static Token[] getTokens(java.lang.String stateId)
Get the tokens associated with the given stateId Some of the tokens returned may have expired and not been cleaned up.- Parameters:
StateId
- which identifies a grant- Returns:
- An array of tokens associated with the given stateId.
-
getActiveTokens
public static Token[] getActiveTokens(java.lang.String stateId)
Get the tokens associated with the given stateId Expired tokens will not be returned.- Parameters:
StateId
- which identifies a grant- Returns:
- An array of tokens associated with the given stateId.
-
getTokens
public static Token[] getTokens(java.lang.String clientId, java.lang.String username)
Get the tokens associated with the given username and client ID Some of the tokens returned may have expired and not been cleaned up.- Parameters:
clientId
- The client id of the token. This parameter cannot be null or empty.username
- The user name of the token. This parameter cannot be null or empty.- Returns:
- An array of tokens associated with the given username and client ID. Null if no tokens found.
-
getActiveTokens
public static Token[] getActiveTokens(java.lang.String clientId, java.lang.String username)
Get the tokens associated with the given username and client ID Expired tokens will not be returned.- Parameters:
clientId
- The client id of the token. This parameter cannot be null or empty.username
- The user name of the token. This parameter cannot be null or empty.- Returns:
- An array of tokens associated with the given username and client ID. Null if no tokens found.
-
deleteAllTokensForUser
public static int deleteAllTokensForUser(java.lang.String username)
Delete all tokens owned by a user from the cache- Parameters:
username
- username of the OAuth tokens to be deleted. This cannot be null or empty.- Returns:
- false- No tokens deleted true- Tokens deleted
-
deleteTokens
public static int deleteTokens(java.lang.String username, java.lang.String clientId)
Delete all tokens owned by a user for a specific client from the cache- Parameters:
username
- username of the OAuth tokens to be deleted. This cannot be null or empty.clientId
- clientId of the OAuth tokens to be deleted. This cannot be null or empty.- Returns:
- false- No tokens deleted true- Tokens deleted
-
deleteTokens
public static int deleteTokens(java.lang.String username, java.lang.String clientId, int batchSize)
Delete all tokens owned by a user for a specific client from the cache- Parameters:
username
- username of the OAuth tokens to be deleted. This cannot be null or empty.clientId
- clientId of the OAuth tokens to be deleted. This cannot be null or empty.batchSize
- The number of tokens to delete in a single batch.- Returns:
- false- No tokens deleted true- Tokens deleted
-
deleteToken
public static boolean deleteToken(java.lang.String tokenID)
Delete an OAuth token from the cache.- Parameters:
tokenID
- ID of the OAuth token to be deleted. This cannot be null or empty.- Returns:
- false- No token deleted true- Token deleted
-
deleteHashedToken
public static boolean deleteHashedToken(java.lang.String tokenID)
Delete a Hashed OAuth token from the cache.- Parameters:
tokenID
- ID of the OAuth token to be deleted. This cannot be null or empty.- Returns:
- false- No token deleted true- Token deleted
-
getGrants
public static Grant[] getGrants(java.lang.String username)
Get the grants associated with the given username.- Parameters:
username
- The username of the grant. This parameter cannot be null or empty.- Returns:
- An array of grants associated with the given username. Null if no grants found.
-
deleteGrant
public static boolean deleteGrant(java.lang.String stateID)
Delete an OAuth grant from the cache.- Parameters:
stateID
- ID of the OAuth grant to be deleted. This cannot be null or empty.- Returns:
- false- No grant deleted true- Grant deleted
-
deleteGrant
public static boolean deleteGrant(java.lang.String stateID, java.lang.Boolean cleanAttributes)
Delete an OAuth grant from the cache.- Parameters:
stateID
- ID of the OAuth grant to be deleted. This cannot be null or empty.cleanAttributes
- Flag to clean the extra attributes associated.- Returns:
- false- No grant deleted true- Grant deleted
-
getAssociationKeys
public static java.lang.String[] getAssociationKeys(java.lang.String stateID)
Get all the attribute keys associated with the given authorization grant state ID.- Parameters:
stateID
- State ID of the authorization grant- Returns:
- A String array of all attribute keys associated with the authorization grant state ID. Returns null if state ID is invalid, problem retrieving from token cache, or no associated attributes.
-
getAssociation
public static java.lang.String getAssociation(java.lang.String stateID, java.lang.String attrKey)
Get an attribute value associated with the given state ID and attibute key.- Parameters:
stateID
- State ID of the authorization grant- Returns:
- Attribute value. Null if not found.
-
retrieveAllAssociations
public static java.util.Map<java.lang.String,java.lang.String> retrieveAllAssociations(java.lang.String stateID)
retrieve all associations for a given grant/state-id this is to be as performant as possible- Parameters:
stateID
- of the grant/token to retireve
-
batchDelete
public static java.lang.String batchDelete(java.lang.String stateID, java.util.List<java.lang.String> attributesToDelete)
Perform a batch removal of the associated attributes of a grant This will remove the attributes with the provided names. If an error occurs, the database connection is rolled back.- Parameters:
stateId
- the token/grant to update.attributesToDelete
- list of attribute names to be deleted from the token/grants extra attributes- Returns:
- null if all processing was successful / A string containing any SQL error output.
-
getEmptyMap
public static java.util.Map<java.lang.String,java.lang.String> getEmptyMap()
-
batchCreate
public static java.lang.String batchCreate(java.lang.String stateID, java.util.Map<java.lang.String,java.lang.String> attributesToCreate)
Perform a batch creation of associated attributes. This will create attributes as provided by the input parameters via a single SQL statement to be as performant as possible. If an error occurs, the connection is rolled back.- Parameters:
stateId
- the token/grant to update.attributesToCreate
- map of key/value attributes to create. The key will not be checked prior to insertion, thus primary key violations may occur if an attempt to create an attribute which exists are made.attributesToUpdate
- map of key/value attributes to update. The key will not be checked prior to update, so no update will occur on a key which does not exist- Returns:
- null if all processing was successful / A string containing any SQL error output.
-
batchUpdate
public static java.lang.String batchUpdate(java.lang.String stateID, java.util.Map<java.lang.String,java.lang.String> attributesToUpdate)
Perform a batch modification of associated attributes. This will create attributes as provided by the input parameters via a single SQL statement to be as performant as possible. If an error occurs, the connection is rolled back.- Parameters:
stateId
- the token/grant to update.attributesToUpdate
- map of key/value attributes to update. The key will not be checked prior to update, so no update will occur on a key which does not exist- Returns:
- null if all processing was successful / A string containing any SQL error output.
-
httpGet
public static HttpResponse httpGet(java.lang.String urlstr)
HTTP client GET method.- Parameters:
urlstr
- URL- Returns:
- The HTTP response. Null if invalid URL or no response.
-
httpGet
public static HttpResponse httpGet(java.lang.String urlstr, java.util.Map headers, java.lang.String httpsTrustStore, java.lang.String basicAuthUsername, java.lang.String basicAuthPassword, java.lang.String clientKeyStore, java.lang.String clientKeyAlias)
HTTP client GET method.- Parameters:
urlstr
- URLheaders
- A Map (String,String) to be added to the request header.httpsTrustStore
- The name of the trust store to use. If a HTTPS connection is required and this is set to NULL, the default trust store specified in the override configs will be used.basicAuthUsername
- Basic-auth username. If null, basic-auth will be disabled.basicAuthPassword
- Basic-auth password. If null, basic-auth will be disabled.clientKeyStore
- Client key store. If null, client cert auth will be disabled.clientKeyAlias
- Client key alias. If null, client cert auth will be disabled.- Returns:
- The HTTP response. Null if invalid URL or no response.
-
httpPost
public static HttpResponse httpPost(java.lang.String urlstr, java.util.Map params)
HTTP client POST method.- Parameters:
urlstr
- URLparams
- A Map (String,String) to be added to the request body.- Returns:
- The HTTP response. Null if invalid URL or no response.
-
httpPost
public static HttpResponse httpPost(java.lang.String urlstr, java.util.Map headers, java.util.Map params, java.lang.String httpsTrustStore, java.lang.String basicAuthUsername, java.lang.String basicAuthPassword, java.lang.String clientKeyStore, java.lang.String clientKeyAlias)
HTTP client POST method.- Parameters:
urlstr
- URLheaders
- A Map (String,String) to be added to the request header.params
- A Map (String,String) to be added to the request body.httpsTrustStore
- The trust store to use. If a HTTPS connection is required and this is set to NULL, the default trust store specified in the override configs will be used.basicAuthUsername
- Basic-auth username. If null, basic-auth will be disabled.basicAuthPassword
- Basic-auth password. If null, basic-auth will be disabled.clientKeyStore
- Client key store. If null, client cert auth will be disabled.clientKeyAlias
- Client key alias. If null, client cert auth will be disabled.- Returns:
- The HTTP response. Null if invalid URL or no response.
-
getClient
public static Client getClient(java.lang.String clientId)
Retrive a client with the given clientId. Client IDs are unique across all definitions, there is a guarantee that only one client is returned.- Parameters:
clientId
- to lookup- Returns:
- a Client object on success / null on error or no client found
-
getClientsByEmail
public static Client[] getClientsByEmail(java.lang.String emailAddress)
Gets a list of clients which have an email address which matches the provided value- Parameters:
emailAddress
- to search for clients with- Returns:
- Array of clients, may be empty. null on error.
-
getClientsByContactPerson
public static Client[] getClientsByContactPerson(java.lang.String person)
Gets a list of clients which have an contact person which matches the provided value- Parameters:
person
- to search for clients with- Returns:
- Array of clients, may be empty. null on error.
-
getClientsByCompanyName
public static Client[] getClientsByCompanyName(java.lang.String companyName)
Gets a list of clients which have an company name which matches the provided value- Parameters:
companyName
- to search for clients with- Returns:
- Array of clients, may be empty. null on error.
-
createClient
public static boolean createClient(java.lang.String definitionName, java.lang.String clientId, java.lang.String clientName, java.lang.String companyName, java.lang.String clientSecret, java.lang.String[] redirectUris, java.lang.String companyUrl, java.lang.String contactPerson, java.lang.String emailAddress, java.lang.String phoneNumber, java.lang.String contactType, java.lang.String otherInfo, boolean requirePkce, java.lang.String jwksUri, java.lang.String encryptionDb, java.lang.String encryptionCert)
Creates a client. This client will be available for use as soon as this function is called.
Null and empty string are OK for some values.
Required values are:- definitionName
- clientId
- clientName
- companyName
RedirectUri and companyUrl if provided must be valid URIs.
If client secret is null the client will be considered non-confidential
Contact type must be one of:- ADMINISTRATIVE
- BILLING
- OTHER
- SUPPORT
- TECHNICAL
- Parameters:
definitionName
- of the definition to add this client toclientId
- identifier of this client.clientName
- friendly name of the client.companyName
- to identify which entity this client belongs toclientSecret
- OPTIONAL secret for confidential clientsredirectUri
-companyUrl
-contactPerson
-emailAddress
-phoneNumber
-contactType
-otherInfo
-- Returns:
- true on successful create / false if the client was not created.
-
deleteClient
public static boolean deleteClient(java.lang.String clientId)
Remove a client by clientId.- Parameters:
clientId
- to identify the client to remove.- Returns:
- true if a client was removed / false if the client didn't exist or an error occurred.
-
updateClient
public static boolean updateClient(java.lang.String clientId, java.lang.String clientName, java.lang.String clientSecret, java.lang.String[] redirectUris, boolean requirePkce)
Update a client. No update will be performed if a value is null. This means to update a client to be non-confidential "" should be used.- Parameters:
clientId
- to identify the client to update.clientName
- new name of the client. Cannot be empty.clientSecret
- new client secret.redirectUri
- new redirectUri- Returns:
- true if a client was update / false if the client didn't exist or an error occurred.
-
SHA512Sum
public static byte[] SHA512Sum(java.lang.String value)
Get a SHA-512 hash of the provided value. This byte array can be converted to a base64 encoded string using the Base64Utility. Example:Base64Utility.encode(SHA512Sum(myValue));
- Parameters:
value
- to sum.
-
SHA384Sum
public static byte[] SHA384Sum(java.lang.String value)
-
SHA256Sum
public static byte[] SHA256Sum(java.lang.String value)
Get a SHA-256 hash of the provided value. This byte array can be converted to a base64 encoded string using the Base64Utility. Example:Base64Utility.encode(SHA256Sum(myValue));
- Parameters:
value
- to sum.
-
getCertificateThumbprint
public static java.lang.String getCertificateThumbprint(java.lang.String keystore, java.lang.String alias) throws java.lang.Exception
Retrieving Certificate Thumbprint(x5t) value based on- Parameters:
value
- to certificate thumbprint in sha-1.- Throws:
java.lang.Exception
-
getCertificateThumbprint_S256
public static java.lang.String getCertificateThumbprint_S256(java.lang.String keystore, java.lang.String alias) throws java.lang.Exception
Retrieving Certificate Thumbprint(x5tS256) value based on- Parameters:
value
- to certificate thumbprint in sha-256.- Throws:
java.lang.Exception
-
getCertificateChain
public static java.lang.String[] getCertificateChain(java.lang.String keystore, java.lang.String alias) throws java.lang.Exception
Retrieving Certificate chain value based on- Parameters:
value
- to certificate chain- Throws:
java.lang.Exception
-
getDefinition
public static Definition getDefinition(java.lang.String definitionName)
Retrive a definition with the given definitionName. DefinitionNames are unique across all definitions, there is a guarantee that only one definition is returned.- Parameters:
definitionName
- to lookup- Returns:
- a Definition object on success / null on error or no client found
-
getDefinitionByID
public static Definition getDefinitionByID(long definitionID)
Retrive a definition with the given definitionID. DefinitionID are unique across all definitions, there is a guarantee that only one definition is returned.- Parameters:
definitionID
- to lookup- Returns:
- a Definition object on success / null on error or no client found
-
isOidcCompliantByDefinitionID
public static boolean isOidcCompliantByDefinitionID(long definitionID)
Retrieve oidcCompliant Flag with the given definitionID. DefinitionName are unique across all definitions, there is a guarantee that only one definition is returned.- Parameters:
DefinitionName
- to lookup- Returns:
- a boolean result will be returned, True if Definition has been configured to be OIDC Compliant and False otherwise.
-
isFapiCompliantByDefinitionID
public static boolean isFapiCompliantByDefinitionID(long definitionID)
Retrive fapiCompliant Flag with the given definitionID. DefinitionName are unique across all definitions, there is a guarantee that only one definition is returned.- Parameters:
DefinitionName
- to lookup- Returns:
- a boolean result will be returned, True if Definition has been configured to be OIDC Compliant and False otherwise.
-
extractIssuer
public static java.lang.String extractIssuer(java.lang.String token, java.lang.String tokenType) throws java.lang.Exception
Extract issuer from the token based on different token type. This method is being used prior to STS callouts. Issuer will be extraced and used to verify which chain to call. Supported token types are: 1. urn:ietf:params:oauth:token-type:jwt 2. urn:ietf:params:oauth:token-type:saml1 3. urn:ietf:params:oauth:token-type:saml2- Parameters:
token
- to be analyzed to get the issuer.tokenType
- is the type of the token.- Returns:
- issuer string
- Throws:
java.lang.Exception
-
createTokenElement
public static org.w3c.dom.Element createTokenElement(java.lang.String token, java.lang.String tokenType) throws java.lang.Exception
Generate the element object based on the token passed in Supported token types are: 1. urn:ietf:params:oauth:token-type:jwt- Parameters:
token
- to be used to generate the Element Object.tokenType
- is the type of the token.- Returns:
- Element object
- Throws:
java.lang.Exception
-
parseSTSUUToJson
public static java.lang.String parseSTSUUToJson(STSUniversalUser sts, java.lang.String tokenType, java.lang.String universalNameMapJson) throws java.lang.Exception
Parse the attribute in STSUU object to a JSON.- Parameters:
sts
- is the STSUU object which contains the attribute.tokenType
- is the type of the token.universalNameMapJson
- is the JSON string which contains the universal and original name mapping.- Returns:
- JSON String
- Throws:
java.lang.Exception
-
storeJwtActor
public static void storeJwtActor(java.lang.String act, java.lang.String stateId) throws java.lang.Exception
Store the JWT token "act" claims into OAuth Token extra attributes table.- Parameters:
act
- is the "act" claims in the jwt token.stateId
- is the State ID of the authorization grant.- Throws:
java.lang.Exception
-
retrieveActor
public static java.lang.String retrieveActor(java.lang.String stateId)
Retrieve the act claims from the OAuth Token extra attributes table.- Parameters:
stateId
- is State ID of the authorization grant.- Returns:
- JSON String
-
createUUID
public static java.lang.String createUUID()
Create a UUID String- Returns:
- UUID string
-
-