org.xdi.oxauth.model.registration.RegisterParamsValidator クラス

org.xdi.oxauth.model.registration.RegisterParamsValidator 連携図

公開メンバ関数
boolean	validateParamsClientRegister (ApplicationType applicationType, SubjectType subjectType, List< String > redirectUris, String sectorIdentifierUrl)
boolean	validateParamsClientRead (String clientId, String accessToken)
boolean	validateRedirectUris (ApplicationType applicationType, SubjectType subjectType, List< String > redirectUris, String sectorIdentifierUrl)
void	validateLogoutUri (List< String > logoutUris, List< String > redirectUris, ErrorResponseFactory errorResponseFactory)
void	validateLogoutUri (String logoutUri, List< String > redirectUris, ErrorResponseFactory errorResponseFactory)

非公開メンバ関数
boolean	checkWhiteListRedirectUris (List< String > redirectUris)
boolean	checkBlackListRedirectUris (List< String > redirectUris)
void	throwInvalidLogoutUri (ErrorResponseFactory errorResponseFactory) throws WebApplicationException
Set< String >	collectUriHosts (List< String > uriList) throws URISyntaxException

非公開変数類
Logger	log
AppConfiguration	appConfiguration

静的非公開変数類
static final String	HTTP = "http"
static final String	HTTPS = "https"
static final String	LOCALHOST = "localhost"
static final String	LOOPBACK = "127.0.0.1"

詳解

Validates the parameters received for the register web service.

著者

Javier Rojas Blum

バージョン

April 19, 2017

関数詳解

checkBlackListRedirectUris()

boolean org.xdi.oxauth.model.registration.RegisterParamsValidator.checkBlackListRedirectUris ( List< String >  redirectUris )

inlineprivate

None of the Redirect Uris must match to return true.

                                                                          {
        boolean valid = true;
        List<String> blackList = appConfiguration.getClientBlackList();
        URLPatternList urlPatternList = new URLPatternList(blackList);

        for (String redirectUri : redirectUris) {
            valid &= !urlPatternList.isUrlListed(redirectUri);
        }

        return valid;
    }

checkWhiteListRedirectUris()

boolean org.xdi.oxauth.model.registration.RegisterParamsValidator.checkWhiteListRedirectUris ( List< String >  redirectUris )

inlineprivate

All the Redirect Uris must match to return true.

                                                                          {
        boolean valid = true;
        List<String> whiteList = appConfiguration.getClientWhiteList();
        URLPatternList urlPatternList = new URLPatternList(whiteList);

        for (String redirectUri : redirectUris) {
            valid &= urlPatternList.isUrlListed(redirectUri);
        }

        return valid;
    }

collectUriHosts()

Set<String> org.xdi.oxauth.model.registration.RegisterParamsValidator.collectUriHosts ( List< String >  uriList ) throws URISyntaxException

inlineprivate

                                                                                        {
        Set<String> hosts = new HashSet<String>();

        for (String redirectUri : uriList) {
            URI uri = new URI(redirectUri);
            hosts.add(uri.getHost());
        }
        return hosts;
    }

throwInvalidLogoutUri()

void org.xdi.oxauth.model.registration.RegisterParamsValidator.throwInvalidLogoutUri ( ErrorResponseFactory  errorResponseFactory ) throws WebApplicationException

inlineprivate

                                                                                                                 {
        throw new WebApplicationException(
                Response.status(Response.Status.BAD_REQUEST.getStatusCode()).
                        entity(errorResponseFactory.getErrorAsJson(RegisterErrorResponseType.INVALID_LOGOUT_URI)).
                        cacheControl(ServerUtil.cacheControl(true, false)).
                        header("Pragma", "no-cache").
                        build());
    }

validateLogoutUri() [1/2]

void org.xdi.oxauth.model.registration.RegisterParamsValidator.validateLogoutUri ( List< String >  logoutUris, List< String >  redirectUris, ErrorResponseFactory  errorResponseFactory  )

inline

                                                                                                                                 {
        if (logoutUris == null || logoutUris.isEmpty()) { // logout uri is optional so null or empty list is valid
            return;
        }
        for (String logoutUri : logoutUris) {
            validateLogoutUri(logoutUri, redirectUris, errorResponseFactory);
        }
    }

validateLogoutUri() [2/2]

void org.xdi.oxauth.model.registration.RegisterParamsValidator.validateLogoutUri ( String  logoutUri, List< String >  redirectUris, ErrorResponseFactory  errorResponseFactory  )

inline

                                                                                                                          {
        if (Util.isNullOrEmpty(logoutUri)) { // logout uri is optional so null or empty string is valid
            return;
        }

        // preconditions
        if (redirectUris == null || redirectUris.isEmpty()) {
            log.error("Preconditions of logout uri validation are failed.");
            throwInvalidLogoutUri(errorResponseFactory);
            return;
        }

        try {
            Set<String> redirectUriHosts = collectUriHosts(redirectUris);

            URI uri = new URI(logoutUri);

            if (!redirectUriHosts.contains(uri.getHost())) {
                log.error("logout uri host is not within redirect_uris, logout_uri: {}, redirect_uris: {}", logoutUri, redirectUris);
                throwInvalidLogoutUri(errorResponseFactory);
                return;
            }

            if (!HTTPS.equalsIgnoreCase(uri.getScheme())) {
                log.error("logout uri schema is not https, logout_uri: {}", logoutUri);
                throwInvalidLogoutUri(errorResponseFactory);
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throwInvalidLogoutUri(errorResponseFactory);
        }
    }

validateParamsClientRead()

boolean org.xdi.oxauth.model.registration.RegisterParamsValidator.validateParamsClientRead ( String  clientId, String  accessToken  )

inline

Validates the parameters for a client read request.

引数

clientId	Unique Client identifier.
accessToken	Access Token obtained out of band to authorize the registrant.

戻り値

Whether the parameters of client read is valid or not.

                                                                                 {
        return StringUtils.isNotBlank(clientId) && StringUtils.isNotBlank(accessToken);
    }

validateParamsClientRegister()

boolean org.xdi.oxauth.model.registration.RegisterParamsValidator.validateParamsClientRegister ( ApplicationType  applicationType, SubjectType  subjectType, List< String >  redirectUris, String  sectorIdentifierUrl  )

inline

Validates the parameters for a register request.

引数

applicationType	The Application Type: native or web.
subjectType	The subject_type requested for responses to this Client.
redirectUris	Space-separated list of redirect URIs.
sectorIdentifierUrl	A HTTPS scheme URL to be used in calculating Pseudonymous Identifiers by the OP. The URL contains a file with a single JSON array of redirect_uri values.

戻り値

Whether the parameters of client register is valid or not.

                                                                                                       {
        boolean valid = applicationType != null && redirectUris != null && !redirectUris.isEmpty();

        if (subjectType == null || !appConfiguration.getSubjectTypesSupported().contains(subjectType.toString())) {
            log.debug("Parameter subject_type is not valid.");
            valid = false;
        }

        return valid;
    }

validateRedirectUris()

boolean org.xdi.oxauth.model.registration.RegisterParamsValidator.validateRedirectUris ( ApplicationType  applicationType, SubjectType  subjectType, List< String >  redirectUris, String  sectorIdentifierUrl  )

inline

引数

applicationType	The Application Type: native or web.
subjectType	Subject Type requested for responses to this Client.
redirectUris	Redirection URI values used by the Client.
sectorIdentifierUrl	A HTTPS scheme URL to be used in calculating Pseudonymous Identifiers by the OP. The URL contains a file with a single JSON array of redirect_uri values.

戻り値

Whether the Redirect URI parameters are valid or not.

                                                                                               {
        boolean valid = true;
        Set<String> redirectUriHosts = new HashSet<String>();

        try {
            if (redirectUris != null && !redirectUris.isEmpty()) {
                for (String redirectUri : redirectUris) {
                    if (redirectUri == null || redirectUri.contains("#")) {
                        valid = false;
                    } else {
                        URI uri = new URI(redirectUri);
                        redirectUriHosts.add(uri.getHost());
                        switch (applicationType) {
                            case WEB:
                                if (HTTP.equalsIgnoreCase(uri.getScheme())) {
                                    if (!LOCALHOST.equalsIgnoreCase(uri.getHost()) && !LOOPBACK.equalsIgnoreCase(uri.getHost())) {
                                        log.error("Invalid protocol for redirect_uri: " +
                                                redirectUri +
                                                " (only https protocol is allowed for application_type=web or localhost/127.0.0.1 for http)");
                                        valid = false;
                                    }
                                }
                                break;
                            case NATIVE:
                                // to conform "OAuth 2.0 for Native Apps" https://tools.ietf.org/html/draft-wdenniss-oauth-native-apps-00
                                // we allow registration with custom schema for native apps.
//                                if (!HTTP.equalsIgnoreCase(uri.getScheme())) {
//                                    valid = false;
//                                } else if (!LOCALHOST.equalsIgnoreCase(uri.getHost())) {
//                                    valid = false;
//                                }
                                break;
                        }
                    }
                }
            } else {
                valid = false;
            }
        } catch (URISyntaxException e) {
            valid = false;
        }

        /*
         * Providers that use pairwise sub (subject) values SHOULD utilize the sector_identifier_uri value
         * provided in the Subject Identifier calculation for pairwise identifiers.
         *
         * If the Client has not provided a value for sector_identifier_uri in Dynamic Client Registration,
         * the Sector Identifier used for pairwise identifier calculation is the host component of the
         * registered redirect_uri.
         *
         * If there are multiple hostnames in the registered redirect_uris, the Client MUST register a
         * sector_identifier_uri.
         */
        if (subjectType != null && subjectType.equals(SubjectType.PAIRWISE) && StringUtils.isBlank(sectorIdentifierUrl)) {
            if (redirectUriHosts.size() > 1) {
                valid = false;
            }
        }

        // Validate Sector Identifier URL
        if (valid && StringUtils.isNotBlank(sectorIdentifierUrl)) {
            try {
                URI uri = new URI(sectorIdentifierUrl);
                if (!HTTPS.equalsIgnoreCase(uri.getScheme())) {
                    valid = false;
                }

                ClientRequest clientRequest = new ClientRequest(sectorIdentifierUrl);
                clientRequest.setHttpMethod(HttpMethod.GET);

                ClientResponse<String> clientResponse = clientRequest.get(String.class);
                int status = clientResponse.getStatus();

                if (status == 200) {
                    String entity = clientResponse.getEntity(String.class);

                    JSONArray sectorIdentifierJsonArray = new JSONArray(entity);
                    valid = Util.asList(sectorIdentifierJsonArray).containsAll(redirectUris);
                }
            } catch (Exception e) {
                log.trace(e.getMessage(), e);
                valid = false;
            }
        }

        // Validate Redirect Uris checking the white list and black list
        if (valid) {
            valid = checkWhiteListRedirectUris(redirectUris) && checkBlackListRedirectUris(redirectUris);
        }

        return valid;
    }

メンバ詳解

appConfiguration

AppConfiguration org.xdi.oxauth.model.registration.RegisterParamsValidator.appConfiguration

private

HTTP

final String org.xdi.oxauth.model.registration.RegisterParamsValidator.HTTP = "http"

staticprivate

HTTPS

final String org.xdi.oxauth.model.registration.RegisterParamsValidator.HTTPS = "https"

staticprivate

LOCALHOST

final String org.xdi.oxauth.model.registration.RegisterParamsValidator.LOCALHOST = "localhost"

staticprivate

log

Logger org.xdi.oxauth.model.registration.RegisterParamsValidator.log

private

LOOPBACK

final String org.xdi.oxauth.model.registration.RegisterParamsValidator.LOOPBACK = "127.0.0.1"

staticprivate

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/model/registration/RegisterParamsValidator.java