Fix JITEnrollmentCallbackHandler bugs after httpclient update

remotes/1728937285237262521/tmp_refs/heads/master
Lasantha Dharmakeerthi 11 months ago
commit 55d9a735f8

@ -170,10 +170,7 @@
com.google.gson;version="[2.9,3)",
com.google.gson.reflect;version="[2.9,3)",
io.entgra.device.mgt.core.apimgt.annotations;version="[5.0,6)",
io.entgra.device.mgt.core.apimgt.extension.rest.api;version="[5.0,6)",
io.entgra.device.mgt.core.apimgt.extension.rest.api.dto;version="[5.0,6)",
io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo;version="[5.0,6)",
io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions;version="[5.0,6)",
io.entgra.device.mgt.core.apimgt.extension.rest.api.*,
io.entgra.device.mgt.core.apimgt.webapp.publisher.config,
io.entgra.device.mgt.core.apimgt.webapp.publisher.dto,
io.entgra.device.mgt.core.apimgt.webapp.publisher.exception,

@ -1,277 +1,298 @@
///*
// * Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
// *
// * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
// * Version 2.0 (the "License"); you may not use this file except
// * in compliance with the License.
// * You may obtain a copy of the License at
// *
// * http://www.apache.org/licenses/LICENSE-2.0
// *
// * Unless required by applicable law or agreed to in writing,
// * software distributed under the License is distributed on an
// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// * KIND, either express or implied. See the License for the
// * specific language governing permissions and limitations
// * under the License.
// */
//
//package io.entgra.device.mgt.core.ui.request.interceptor;
//
//import com.google.gson.JsonArray;
//import com.google.gson.JsonElement;
//import com.google.gson.JsonObject;
//import com.google.gson.JsonParser;
//import io.entgra.device.mgt.core.ui.request.interceptor.beans.AuthData;
//import io.entgra.device.mgt.core.ui.request.interceptor.beans.JITData;
//import io.entgra.device.mgt.core.ui.request.interceptor.beans.JITEnrollmentData;
//import io.entgra.device.mgt.core.ui.request.interceptor.beans.ProxyResponse;
//import io.entgra.device.mgt.core.ui.request.interceptor.exceptions.JITEnrollmentException;
//import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerConstants;
//import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerUtil;
//import org.apache.commons.httpclient.HttpStatus;
//import org.apache.commons.logging.Log;
//import org.apache.commons.logging.LogFactory;
//import org.apache.http.HttpHeaders;
//import org.apache.http.client.methods.HttpPost;
//import org.apache.http.entity.ContentType;
//import org.apache.http.entity.StringEntity;
//import org.w3c.dom.Document;
//import org.w3c.dom.Element;
//import org.w3c.dom.Node;
//import org.w3c.dom.NodeList;
//import org.wso2.carbon.utils.CarbonUtils;
//import org.xml.sax.SAXException;
//
//import javax.servlet.annotation.WebServlet;
//import javax.servlet.http.HttpServlet;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import javax.servlet.http.HttpSession;
//import javax.xml.parsers.DocumentBuilder;
//import javax.xml.parsers.DocumentBuilderFactory;
//import javax.xml.parsers.ParserConfigurationException;
//import java.io.File;
//import java.io.IOException;
//import java.util.Base64;
//import java.util.Objects;
//
//@WebServlet(
// name = "JIT Enrollment callback handler",
// description = "Call token endpoint and retrieve token",
// urlPatterns = {
// "/jit-enrollment-callback"
// }
//)
//public class JITEnrollmentCallbackHandler extends HttpServlet {
// private static final Log log = LogFactory.getLog(JITEnrollmentCallbackHandler.class);
// private String gatewayUrl;
// private String keyManagerUrl;
// private JITData JITInfo;
// private String encodedClientCredentials;
// private String applicationName;
// private String clientId;
// private String clientSecret;
// private String scope;
// private String JITConfigurationPath;
// private JITEnrollmentData JITEnrollmentInfo;
// @Override
// protected void doGet(HttpServletRequest request, HttpServletResponse response) {
// gatewayUrl = request.getScheme() + HandlerConstants.SCHEME_SEPARATOR
// + System.getProperty(HandlerConstants.IOT_GW_HOST_ENV_VAR)
// + HandlerConstants.COLON + HandlerUtil.getGatewayPort(request.getScheme());
// keyManagerUrl = request.getScheme() + HandlerConstants.SCHEME_SEPARATOR
// + System.getProperty(HandlerConstants.IOT_KM_HOST_ENV_VAR)
// + HandlerConstants.COLON + HandlerUtil.getKeyManagerPort(request.getScheme());
// JITConfigurationPath = CarbonUtils.getCarbonConfigDirPath() + File.separator + "jit-config.xml";
// HttpSession session = request.getSession(false);
// try {
// if (session == null) {
// response.sendError(HttpStatus.SC_UNAUTHORIZED);
// return;
// }
//
// JITInfo = (JITData) session.getAttribute(HandlerConstants.SESSION_JIT_DATA_KEY);
// if (JITInfo == null) {
// response.sendError(HttpStatus.SC_UNAUTHORIZED);
// return;
// }
//
// JITEnrollmentInfo = (JITEnrollmentData)
// session.getAttribute(HandlerConstants.SESSION_JIT_ENROLLMENT_DATA_KEY);
// if (JITEnrollmentInfo == null) {
// response.sendError(HttpStatus.SC_UNAUTHORIZED);
// return;
// }
// applicationName = request.getContextPath().substring(1,
// request.getContextPath().indexOf("-ui-request-handler"));
// initializeJITEnrollmentConfigurations();
// populateApplicationData(registerApplication());
// persistAuthData(session, getToken());
// response.sendRedirect(JITEnrollmentInfo.getRedirectUrl() + "?ownershipType=" +
// JITEnrollmentInfo.getOwnershipType() + "&os=" + JITEnrollmentInfo.getOs() + "&username=" +
// JITEnrollmentInfo.getUsername() + "&tenantDomain=" + JITEnrollmentInfo.getTenantDomain());
// } catch (JITEnrollmentException | IOException ex) {
// log.error("Error occurred while processing JIT provisioning callback request", ex);
// }
// }
//
// private void initializeJITEnrollmentConfigurations() throws JITEnrollmentException {
// try {
// File JITConfigurationFile = new File(JITConfigurationPath);
// DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
// DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
// Document JITConfigurationDoc = documentBuilder.parse(JITConfigurationFile);
// JITConfigurationDoc.getDocumentElement().normalize();
// Element enrollmentScopes;
// if (Objects.equals(JITEnrollmentInfo.getOs(), HandlerConstants.OS_ANDROID)) {
// enrollmentScopes = (Element) JITConfigurationDoc.
// getElementsByTagName(HandlerConstants.TAG_ANDROID_ENROLLMENT_SCOPES).item(0);
// } else if (Objects.equals(JITEnrollmentInfo.getOs(), HandlerConstants.OS_IOS)) {
// enrollmentScopes = (Element) JITConfigurationDoc.
// getElementsByTagName(HandlerConstants.TAG_IOS_ENROLLMENT_SCOPES).item(0);
// } else if (Objects.equals(JITEnrollmentInfo.getOs(), HandlerConstants.OS_WINDOWS)) {
// enrollmentScopes = (Element) JITConfigurationDoc.
// getElementsByTagName(HandlerConstants.TAG_WINDOWS_ENROLLMENT_SCOPES).item(0);
// } else {
// String msg = "OS type not supported";
// if (log.isDebugEnabled()) {
// log.error(msg);
// }
// throw new JITEnrollmentException(msg);
// }
// NodeList scopeList = enrollmentScopes.getElementsByTagName("Scope");
// StringBuilder scopeStr = new StringBuilder();
// for (int idx = 0; idx < scopeList.getLength(); idx++) {
// Node scopeNode = scopeList.item(idx);
// if (scopeNode.getNodeType() == Node.ELEMENT_NODE) {
// Element scopeElement = (Element) scopeNode;
// scopeStr.append(" ").append(scopeElement.getTextContent());
// }
// }
// scope = scopeStr.toString();
// } catch (ParserConfigurationException ex) {
// String msg = "Error occurred when document builder creating the file configuration";
// throw new JITEnrollmentException(msg, ex);
// } catch (IOException ex) {
// String msg = "IO error occurred while parsing the JIT config file";
// throw new JITEnrollmentException(msg, ex);
// } catch (SAXException ex) {
// String msg = "Parse error occurred while parsing the JIT config document";
// throw new JITEnrollmentException(msg, ex);
// }
// }
//
// /***
// * Parse string data and build json object
// * @param data - Json string
// * @return {@link JsonObject} Json object corresponding to provided json string
// * @throws JITEnrollmentException throws when error occurred while parsing
// */
// private JsonObject parseResponseData(String data) throws JITEnrollmentException {
// JsonParser parser = new JsonParser();
// JsonElement responseData = parser.parse(data);
// if (responseData.isJsonObject()) {
// return responseData.getAsJsonObject();
// }
// throw new JITEnrollmentException("Unexpected response body return");
// }
//
// /***
// * Build application registration request
// * @return {@link HttpPost} Application registration request
// */
// private HttpPost buildApplicationRegistrationRequest() {
// HttpPost applicationRegistrationRequest = new HttpPost(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT);
// applicationRegistrationRequest.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC
// + JITInfo.getEncodedClientCredentials());
// applicationRegistrationRequest.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString());
// JsonArray tags = new JsonArray();
// tags.add("device_management");
// JsonObject payload = new JsonObject();
// payload.addProperty("applicationName", applicationName);
// payload.add("tags", tags);
// payload.addProperty("allowedToAllDomains", false);
// payload.addProperty("mappingAnExistingOAuthApp", false);
// applicationRegistrationRequest.setEntity(new StringEntity(payload.toString(), ContentType.APPLICATION_JSON));
// return applicationRegistrationRequest;
// }
//
// /***
// * Populate dynamic client's data
// * @param application - application data receiving from dcr request
// */
// private void populateApplicationData(JsonObject application) {
// clientId = application.get("client_id").getAsString();
// clientSecret = application.get("client_secret").getAsString();
// String headerValue = clientId+ ':' + clientSecret;
// encodedClientCredentials = Base64.getEncoder().encodeToString(headerValue.getBytes());
// }
//
// /***
// * Register client application
// * @return {@link JsonObject} Json object contain registered application data
// * @throws JITEnrollmentException throws when error occurred while application registration
// */
// private JsonObject registerApplication() throws JITEnrollmentException {
// try {
// ProxyResponse proxyResponse = HandlerUtil.execute(buildApplicationRegistrationRequest());
// if (proxyResponse.getCode() == HttpStatus.SC_CREATED ||
// proxyResponse.getCode() == HttpStatus.SC_OK) {
// return parseResponseData(proxyResponse.getData());
// }
// throw new JITEnrollmentException("Unexpected response status return for application registration request");
// } catch (IOException ex) {
// throw new JITEnrollmentException("Error occurred while executing application registration request", ex);
// }
// }
//
// /***
// * Acquire token
// * @return {@link JsonObject} Json object containing token data
// * @throws JITEnrollmentException throws when error occurred while acquiring token
// */
// private JsonObject getToken() throws JITEnrollmentException {
// try {
// ProxyResponse proxyResponse = HandlerUtil.execute(buildTokenAcquireRequest());
// if (proxyResponse.getCode() == org.apache.http.HttpStatus.SC_CREATED ||
// proxyResponse.getCode() == org.apache.http.HttpStatus.SC_OK) {
// return parseResponseData(proxyResponse.getData().toString());
// }
// throw new JITEnrollmentException("Unexpected response status return for token acquiring request");
// } catch (IOException ex) {
// throw new JITEnrollmentException("Error occurred while executing token acquiring request", ex);
// }
// }
//
// /***
// * Build token acquire request
// * @return {@link HttpPost} Token acquire request
// */
// private HttpPost buildTokenAcquireRequest() {
// HttpPost tokenAcquiringRequest = new HttpPost(keyManagerUrl + HandlerConstants.OAUTH2_TOKEN_ENDPOINT);
// tokenAcquiringRequest.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
// tokenAcquiringRequest.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC
// + encodedClientCredentials);
// StringEntity payload = new StringEntity(
// "grant_type=" + HandlerConstants.CLIENT_CREDENTIAL_GRANT_TYPE + "&scope=" + scope,
// ContentType.APPLICATION_FORM_URLENCODED);
// tokenAcquiringRequest.setEntity(payload);
// return tokenAcquiringRequest;
// }
//
// /***
// * Persists auth data in session
// * @param session - {@link HttpSession}
// * @param token - Json object containing token data
// */
// private void persistAuthData(HttpSession session, JsonObject token) {
// AuthData authData = new AuthData();
// authData.setAccessToken(token.get("access_token").getAsString());
// authData.setClientId(clientId);
// authData.setClientSecret(clientSecret);
// authData.setEncodedClientApp(encodedClientCredentials);
// authData.setScope(token.get("scope").getAsString());
// session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData);
// }
//}
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.ui.request.interceptor;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import io.entgra.device.mgt.core.ui.request.interceptor.beans.AuthData;
import io.entgra.device.mgt.core.ui.request.interceptor.beans.JITData;
import io.entgra.device.mgt.core.ui.request.interceptor.beans.JITEnrollmentData;
import io.entgra.device.mgt.core.ui.request.interceptor.beans.ProxyResponse;
import io.entgra.device.mgt.core.ui.request.interceptor.exceptions.JITEnrollmentException;
import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerConstants;
import io.entgra.device.mgt.core.ui.request.interceptor.util.HandlerUtil;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hc.client5.http.entity.UrlEncodedFormEntity;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.NameValuePair;
import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
import org.apache.hc.core5.http.message.BasicNameValuePair;
import org.apache.http.HttpHeaders;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.wso2.carbon.utils.CarbonUtils;
import org.xml.sax.SAXException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.File;
import java.io.IOException;
import java.util.*;
@WebServlet(
name = "JIT Enrollment callback handler",
description = "Call token endpoint and retrieve token",
urlPatterns = {
"/jit-enrollment-callback"
}
)
public class JITEnrollmentCallbackHandler extends HttpServlet {
private static final Log log = LogFactory.getLog(JITEnrollmentCallbackHandler.class);
private String gatewayUrl;
private String keyManagerUrl;
private JITData JITInfo;
private String encodedClientCredentials;
private String applicationName;
private String clientId;
private String clientSecret;
private String scope;
private String JITConfigurationPath;
private JITEnrollmentData JITEnrollmentInfo;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) {
gatewayUrl = request.getScheme() + HandlerConstants.SCHEME_SEPARATOR
+ System.getProperty(HandlerConstants.IOT_GW_HOST_ENV_VAR)
+ HandlerConstants.COLON + HandlerUtil.getGatewayPort(request.getScheme());
keyManagerUrl = request.getScheme() + HandlerConstants.SCHEME_SEPARATOR
+ System.getProperty(HandlerConstants.IOT_KM_HOST_ENV_VAR)
+ HandlerConstants.COLON + HandlerUtil.getKeyManagerPort(request.getScheme());
JITConfigurationPath = CarbonUtils.getCarbonConfigDirPath() + File.separator + "jit-config.xml";
HttpSession session = request.getSession(false);
try {
if (session == null) {
response.sendError(HttpStatus.SC_UNAUTHORIZED);
return;
}
JITInfo = (JITData) session.getAttribute(HandlerConstants.SESSION_JIT_DATA_KEY);
if (JITInfo == null) {
response.sendError(HttpStatus.SC_UNAUTHORIZED);
return;
}
JITEnrollmentInfo = (JITEnrollmentData)
session.getAttribute(HandlerConstants.SESSION_JIT_ENROLLMENT_DATA_KEY);
if (JITEnrollmentInfo == null) {
response.sendError(HttpStatus.SC_UNAUTHORIZED);
return;
}
applicationName = request.getContextPath().substring(1,
request.getContextPath().indexOf("-ui-request-handler"));
initializeJITEnrollmentConfigurations();
populateApplicationData(registerApplication());
persistAuthData(session, getToken());
response.sendRedirect(JITEnrollmentInfo.getRedirectUrl() + "?ownershipType=" +
JITEnrollmentInfo.getOwnershipType() + "&os=" + JITEnrollmentInfo.getOs() + "&username=" +
JITEnrollmentInfo.getUsername() + "&tenantDomain=" + JITEnrollmentInfo.getTenantDomain());
} catch (JITEnrollmentException | IOException ex) {
log.error("Error occurred while processing JIT provisioning callback request", ex);
}
}
private void initializeJITEnrollmentConfigurations() throws JITEnrollmentException {
try {
File JITConfigurationFile = new File(JITConfigurationPath);
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
Document JITConfigurationDoc = documentBuilder.parse(JITConfigurationFile);
JITConfigurationDoc.getDocumentElement().normalize();
Element enrollmentScopes;
if (Objects.equals(JITEnrollmentInfo.getOs(), HandlerConstants.OS_ANDROID)) {
enrollmentScopes = (Element) JITConfigurationDoc.
getElementsByTagName(HandlerConstants.TAG_ANDROID_ENROLLMENT_SCOPES).item(0);
} else if (Objects.equals(JITEnrollmentInfo.getOs(), HandlerConstants.OS_IOS)) {
enrollmentScopes = (Element) JITConfigurationDoc.
getElementsByTagName(HandlerConstants.TAG_IOS_ENROLLMENT_SCOPES).item(0);
} else if (Objects.equals(JITEnrollmentInfo.getOs(), HandlerConstants.OS_WINDOWS)) {
enrollmentScopes = (Element) JITConfigurationDoc.
getElementsByTagName(HandlerConstants.TAG_WINDOWS_ENROLLMENT_SCOPES).item(0);
} else {
String msg = "OS type not supported";
if (log.isDebugEnabled()) {
log.error(msg);
}
throw new JITEnrollmentException(msg);
}
NodeList scopeList = enrollmentScopes.getElementsByTagName("Scope");
StringBuilder scopeStr = new StringBuilder();
for (int idx = 0; idx < scopeList.getLength(); idx++) {
Node scopeNode = scopeList.item(idx);
if (scopeNode.getNodeType() == Node.ELEMENT_NODE) {
Element scopeElement = (Element) scopeNode;
scopeStr.append(" ").append(scopeElement.getTextContent());
}
}
scope = scopeStr.toString();
} catch (ParserConfigurationException ex) {
String msg = "Error occurred when document builder creating the file configuration";
throw new JITEnrollmentException(msg, ex);
} catch (IOException ex) {
String msg = "IO error occurred while parsing the JIT config file";
throw new JITEnrollmentException(msg, ex);
} catch (SAXException ex) {
String msg = "Parse error occurred while parsing the JIT config document";
throw new JITEnrollmentException(msg, ex);
}
}
/***
* Parse string data and build json object
* @param data - Json string
* @return {@link JsonObject} Json object corresponding to provided json string
* @throws JITEnrollmentException throws when error occurred while parsing
*/
private JsonNode parseResponseData(String data) throws JITEnrollmentException {
JsonFactory jsonFactory = new JsonFactory();
ObjectMapper objectMapper = new ObjectMapper(jsonFactory);
try {
return objectMapper.readTree(data);
} catch (JsonProcessingException e) {
throw new JITEnrollmentException("Unexpected response body return");
}
}
/***
* Build application registration request
* @return {@link HttpPost} Application registration request
*/
private ClassicHttpRequest buildApplicationRegistrationRequest() {
JsonArray tags = new JsonArray();
tags.add("device_management");
ObjectMapper objectMapper = new ObjectMapper();
Map<String, Object> payload = new HashMap<>();
payload.put("applicationName", applicationName);
payload.put("tags", tags);
payload.put("allowedToAllDomains", false);
payload.put("mappingAnExistingOAuthApp", false);
ClassicHttpRequest applicationRegistrationRequest = ClassicRequestBuilder.post(gatewayUrl + HandlerConstants.APP_REG_ENDPOINT)
.setEntity(new org.apache.hc.core5.http.io.entity.StringEntity(objectMapper.valueToTree(payload).toString(),
org.apache.hc.core5.http.ContentType.APPLICATION_JSON))
.setHeader(org.apache.hc.core5.http.HttpHeaders.CONTENT_TYPE,
org.apache.hc.core5.http.ContentType.APPLICATION_JSON.toString())
.setHeader(org.apache.hc.core5.http.HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC +
JITInfo.getEncodedClientCredentials())
.build();
return applicationRegistrationRequest;
}
/***
* Populate dynamic client's data
* @param application - application data receiving from dcr request
*/
private void populateApplicationData(JsonNode application) {
clientId = application.get("client_id").asText();
clientSecret = application.get("client_secret").asText();
String headerValue = clientId + ':' + clientSecret;
encodedClientCredentials = Base64.getEncoder().encodeToString(headerValue.getBytes());
}
/***
* Register client application
* @return {@link JsonObject} Json object contain registered application data
* @throws JITEnrollmentException throws when error occurred while application registration
*/
private JsonNode registerApplication() throws JITEnrollmentException {
try {
ProxyResponse proxyResponse = HandlerUtil.execute(buildApplicationRegistrationRequest());
if (proxyResponse.getCode() == HttpStatus.SC_CREATED ||
proxyResponse.getCode() == HttpStatus.SC_OK) {
return parseResponseData(proxyResponse.getData().toString());
}
throw new JITEnrollmentException("Unexpected response status return for application registration request");
} catch (IOException ex) {
throw new JITEnrollmentException("Error occurred while executing application registration request", ex);
}
}
/***
* Acquire token
* @return {@link JsonObject} Json object containing token data
* @throws JITEnrollmentException throws when error occurred while acquiring token
*/
private JsonNode getToken() throws JITEnrollmentException {
try {
ProxyResponse proxyResponse = HandlerUtil.execute(buildTokenAcquireRequest());
if (proxyResponse.getCode() == org.apache.http.HttpStatus.SC_CREATED ||
proxyResponse.getCode() == org.apache.http.HttpStatus.SC_OK) {
return parseResponseData(proxyResponse.getData().toString());
}
throw new JITEnrollmentException("Unexpected response status return for token acquiring request");
} catch (IOException ex) {
throw new JITEnrollmentException("Error occurred while executing token acquiring request", ex);
}
}
/***
* Build token acquire request
* @return {@link HttpPost} Token acquire request
*/
private ClassicHttpRequest buildTokenAcquireRequest() {
StringEntity payload = new StringEntity(
"grant_type=" + HandlerConstants.CLIENT_CREDENTIAL_GRANT_TYPE + "&scope=" + scope,
ContentType.APPLICATION_FORM_URLENCODED);
ClassicHttpRequest tokenAcquiringRequest = ClassicRequestBuilder.post(keyManagerUrl + HandlerConstants.OAUTH2_TOKEN_ENDPOINT)
.setHeader(org.apache.hc.core5.http.HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString())
.setHeader(org.apache.hc.core5.http.HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientCredentials)
.setEntity(new org.apache.hc.core5.http.io.entity.StringEntity(payload.toString(), org.apache.hc.core5.http.ContentType.APPLICATION_JSON))
.build();
return tokenAcquiringRequest;
}
/***
* Persists auth data in session
* @param session - {@link HttpSession}
* @param token - Json object containing token data
*/
private void persistAuthData(HttpSession session, JsonNode token) {
AuthData authData = new AuthData();
authData.setAccessToken(token.get("access_token").asText());
authData.setClientId(clientId);
authData.setClientSecret(clientSecret);
authData.setEncodedClientApp(encodedClientCredentials);
authData.setScope(token.get("scope"));
session.setAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY, authData);
}
}

Loading…
Cancel
Save