Skip to content

Commit

Permalink
address pr comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@SachiniSiriwardene
SachiniSiriwardene committed Oct 23, 2023
1 parent d030cee commit a418767
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 19 deletions.
2 changes: 1 addition & 1 deletion ...tity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ public static SubjectType fromValue(String text) {
public static final String ORG_ID = "org_id";
public static final String IS_FAPI_CONFORMANT_APP = "isFAPIConformant";
public static final String ENABLE_FAPI = "OAuth.OpenIDConnect.FAPI.EnableFAPIValidation";
public static final String ENABLE_FAPI_VALIDATION = "OAuth.DCRM.EnableFAPIEnforcement";
public static final String ENABLE_DCR_FAPI_VALIDATION = "OAuth.DCRM.EnableFAPIEnforcement";

public static final String IS_THIRD_PARTY_APP = "isThirdPartyApp";
public static final String PRIVATE_KEY_JWT = "private_key_jwt";
Expand Down
2 changes: 1 addition & 1 deletion ...ntity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -659,7 +659,7 @@ private ServiceProvider createServiceProvider(String applicationOwner, String te
boolean enableFAPI = Boolean.parseBoolean(IdentityUtil.getProperty(OAuthConstants.ENABLE_FAPI));
if (enableFAPI) {
boolean enableFAPIDCR = Boolean.parseBoolean(IdentityUtil.getProperty(
OAuthConstants.ENABLE_FAPI_VALIDATION));
OAuthConstants.ENABLE_DCR_FAPI_VALIDATION));
if (enableFAPIDCR) {
// Add FAPI conformant application nad isThirdParty property to the service provider.
spProperties.put(OAuthConstants.IS_FAPI_CONFORMANT_APP, true);
Expand Down
33 changes: 16 additions & 17 deletions ...on.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,6 @@ public class OAuthAdminServiceImpl {
protected static final Log LOG = LogFactory.getLog(OAuthAdminServiceImpl.class);
private static final String SCOPE_VALIDATION_REGEX = "^[^?#/()]*$";
private static final int MAX_RETRY_ATTEMPTS = 3;
private static final String IS_FAPI_VALIDATION_ENABLED = "OAuth.DCRM.EnableFAPIValidation";
private static final String FAPI_CLIENT_AUTH_METHOD_CONFIGURATION = "OAuth.OpenIDConnect.FAPI." +
"AllowedClientAuthenticationMethods.AllowedClientAuthenticationMethod";
private static final String FAPI_SIGNATURE_ALGORITHM_CONFIGURATION = "OAuth.OpenIDConnect.FAPI." +
Expand All @@ -134,8 +133,8 @@ public class OAuthAdminServiceImpl {
".SupportedIDTokenSigningAlgorithms.SupportedIDTokenSigningAlgorithm";
private static final String REQUEST_OBJECT_SIGNATURE_ALG_CONFIGURATION = "OAuth.OpenIDConnect" +
".SupportedRequestObjectSigningAlgorithms.SupportedRequestObjectSigningAlgorithm";
boolean validateFAPIDCR = Boolean.parseBoolean(IdentityUtil.getProperty(
OAuthConstants.ENABLE_FAPI_VALIDATION));
boolean enforceFAPIDCR = Boolean.parseBoolean(IdentityUtil.getProperty(
OAuthConstants.ENABLE_DCR_FAPI_VALIDATION));

/**
* Registers an consumer secret against the logged in user. A given user can only have a single
Expand Down Expand Up @@ -346,7 +345,7 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer
// Validate IdToken Encryption configurations.
app.setIdTokenEncryptionEnabled(application.isIdTokenEncryptionEnabled());
if (application.isIdTokenEncryptionEnabled()) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPIEncryptionAlgorithms(application.getIdTokenEncryptionAlgorithm());
}
app.setIdTokenEncryptionAlgorithm(
Expand All @@ -371,7 +370,7 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer
application.isTokenRevocationWithIDPSessionTerminationEnabled());
String tokenEndpointAuthMethod = application.getTokenEndpointAuthMethod();
if (StringUtils.isNotEmpty(tokenEndpointAuthMethod)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPITokenAuthMethods(tokenEndpointAuthMethod);
} else {
filterTokenEndpointAuthMethods(tokenEndpointAuthMethod);
Expand All @@ -380,7 +379,7 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer
}
String tokenEndpointAuthSigningAlgorithm = application.getTokenEndpointAuthSignatureAlgorithm();
if (StringUtils.isNotEmpty(tokenEndpointAuthSigningAlgorithm)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPISignatureAlgorithms(tokenEndpointAuthSigningAlgorithm);
} else {
filterSignatureAlgorithms(tokenEndpointAuthSigningAlgorithm,
Expand Down Expand Up @@ -418,7 +417,7 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer
}
String idTokenSignatureAlgorithm = application.getIdTokenSignatureAlgorithm();
if (StringUtils.isNotEmpty(idTokenSignatureAlgorithm)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPISignatureAlgorithms(idTokenSignatureAlgorithm);
} else {
filterSignatureAlgorithms(idTokenSignatureAlgorithm,
Expand All @@ -428,7 +427,7 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer
}
String requestObjectSignatureAlgorithm = application.getRequestObjectSignatureAlgorithm();
if (StringUtils.isNotEmpty(requestObjectSignatureAlgorithm)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPISignatureAlgorithms(requestObjectSignatureAlgorithm);
} else {
filterSignatureAlgorithms(requestObjectSignatureAlgorithm,
Expand All @@ -442,7 +441,7 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer

String requestObjectEncryptionAlgorithm = application.getRequestObjectEncryptionAlgorithm();
if (StringUtils.isNotEmpty(application.getRequestObjectEncryptionAlgorithm())) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPIEncryptionAlgorithms(
application.getRequestObjectEncryptionAlgorithm());
} else {
Expand Down Expand Up @@ -723,7 +722,7 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws
// Validate IdToken Encryption configurations.
oauthappdo.setIdTokenEncryptionEnabled(consumerAppDTO.isIdTokenEncryptionEnabled());
if (consumerAppDTO.isIdTokenEncryptionEnabled()) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPIEncryptionAlgorithms(consumerAppDTO.getIdTokenEncryptionAlgorithm());
}
oauthappdo.setIdTokenEncryptionAlgorithm(filterEncryptionAlgorithms(
Expand All @@ -743,7 +742,7 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws

String tokenEndpointAuthMethod = consumerAppDTO.getTokenEndpointAuthMethod();
if (StringUtils.isNotEmpty(tokenEndpointAuthMethod)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPITokenAuthMethods(tokenEndpointAuthMethod);
} else {
filterTokenEndpointAuthMethods(tokenEndpointAuthMethod);
Expand All @@ -753,7 +752,7 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws

String tokenEndpointAuthSignatureAlgorithm = consumerAppDTO.getTokenEndpointAuthSignatureAlgorithm();
if (StringUtils.isNotEmpty(tokenEndpointAuthSignatureAlgorithm)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPISignatureAlgorithms(tokenEndpointAuthSignatureAlgorithm);
} else {
filterSignatureAlgorithms(tokenEndpointAuthSignatureAlgorithm,
Expand Down Expand Up @@ -790,7 +789,7 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws

String idTokenSignatureAlgorithm = consumerAppDTO.getIdTokenSignatureAlgorithm();
if (StringUtils.isNotEmpty(idTokenSignatureAlgorithm)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPISignatureAlgorithms(idTokenSignatureAlgorithm);
} else {
filterSignatureAlgorithms(idTokenSignatureAlgorithm, ID_TOKEN_SIGNATURE_ALG_CONFIGURATION);
Expand All @@ -800,7 +799,7 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws

String requestObjectSignatureAlgorithm = consumerAppDTO.getRequestObjectSignatureAlgorithm();
if (StringUtils.isNotEmpty(requestObjectSignatureAlgorithm)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPISignatureAlgorithms(requestObjectSignatureAlgorithm);
} else {
filterSignatureAlgorithms(requestObjectSignatureAlgorithm,
Expand All @@ -815,7 +814,7 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws

String requestObjectEncryptionAlgorithm = consumerAppDTO.getRequestObjectEncryptionAlgorithm();
if (StringUtils.isNotEmpty(requestObjectEncryptionAlgorithm)) {
if (validateFAPIDCR) {
if (enforceFAPIDCR) {
filterAllowedFAPIEncryptionAlgorithms(requestObjectEncryptionAlgorithm);
}
oauthappdo.setRequestObjectEncryptionAlgorithm(filterEncryptionAlgorithms(
Expand Down Expand Up @@ -2432,7 +2431,7 @@ private List<String> getRedirectURIList(OAuthConsumerAppDTO application) {
public void filterSignatureAlgorithms(String algorithm, String configName) throws IdentityOAuthClientException {

List<String> allowedSignatureAlgorithms = IdentityUtil.getPropertyAsList(configName);
if (!(allowedSignatureAlgorithms.size() == 0)) {
if (!(allowedSignatureAlgorithms.isEmpty())) {
if (!allowedSignatureAlgorithms.contains(algorithm)) {
String msg = String.format("'%s' Signing Algorithm is not allowed.", algorithm);
throw handleClientError(INVALID_REQUEST, msg);
Expand All @@ -2448,7 +2447,7 @@ public void filterSignatureAlgorithms(String algorithm, String configName) throw
public void filterTokenEndpointAuthMethods(String authMethod) throws IdentityOAuthClientException {

List<String> authMethods = Arrays.asList(OAuth2Util.getSupportedClientAuthMethods());
if (!(authMethods.size() == 0)) {
if (!(authMethods.isEmpty())) {
if (!authMethods.contains(authMethod)) {
String msg = String.format("'%s' Token endpoint authentication method is not allowed.", authMethod);
throw handleClientError(INVALID_REQUEST, msg);
Expand Down

0 comments on commit a418767

Please sign in to comment.