diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 70ea645031..0de8b58dcb 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -230,6 +230,15 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.FAILED_TO_GET_SP, appDTO.getApplicationName(), null); } + // Validate software statement assertion signature. + if (StringUtils.isNotEmpty(updateRequest.getSoftwareStatement())) { + try { + validateSSASignature(updateRequest.getSoftwareStatement()); + } catch (IdentityOAuth2Exception e) { + throw new DCRMClientException(DCRMConstants.ErrorCodes.INVALID_SOFTWARE_STATEMENT, + DCRMConstants.ErrorMessages.SIGNATURE_VALIDATION_FAILED.getMessage(), e); + } + } // Update the service provider properties list with the display name property. updateServiceProviderPropertyList(sp, updateRequest.getExtApplicationDisplayName()); // Update jwksURI. diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index eedffb6528..d8027f9bfe 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -388,20 +388,22 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer application.setSubjectType(OIDCClaimUtil.getDefaultSubjectType().toString()); } if (OAuthConstants.SubjectType.PAIRWISE.getValue().equals(application.getSubjectType())) { - List callBackURIList = new ArrayList<>(); - // Need to split the redirect uris for validating the host names since it is combined - // into one regular expression. - if (application.getCallbackUrl().startsWith( - OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) { - callBackURIList = getRedirectURIList(application); - } else { - callBackURIList.add(application.getCallbackUrl()); - } - if (StringUtils.isNotEmpty(application.getSectorIdentifierURI())) { - validateSectorIdentifierURI(application.getSectorIdentifierURI(), callBackURIList); - app.setSectorIdentifierURI(application.getSectorIdentifierURI()); - } else { - validateRedirectURIForPPID(callBackURIList); + if (StringUtils.isNotEmpty(application.getCallbackUrl())) { + List callBackURIList = new ArrayList<>(); + // Need to split the redirect uris for validating the host names since it is combined + // into one regular expression. + if (application.getCallbackUrl().startsWith( + OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) { + callBackURIList = getRedirectURIList(application); + } else { + callBackURIList.add(application.getCallbackUrl()); + } + if (StringUtils.isNotEmpty(application.getSectorIdentifierURI())) { + validateSectorIdentifierURI(application.getSectorIdentifierURI(), callBackURIList); + app.setSectorIdentifierURI(application.getSectorIdentifierURI()); + } else { + validateRedirectURIForPPID(callBackURIList); + } } } app.setSubjectType(application.getSubjectType()); @@ -767,19 +769,21 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws consumerAppDTO.setSubjectType(OIDCClaimUtil.getDefaultSubjectType().toString()); } if (OAuthConstants.SubjectType.PAIRWISE.getValue().equals(consumerAppDTO.getSubjectType())) { - List callBackURIList = new ArrayList<>(); - // Need to split the redirect uris for validating the host names since it is combined - // into one regular expression. - if (consumerAppDTO.getCallbackUrl().startsWith(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) { - callBackURIList = getRedirectURIList(consumerAppDTO); - } else { - callBackURIList.add(consumerAppDTO.getCallbackUrl()); - } - if (StringUtils.isNotEmpty(consumerAppDTO.getSectorIdentifierURI())) { - validateSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI(), callBackURIList); - oauthappdo.setSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI()); - } else { - validateRedirectURIForPPID(callBackURIList); + if (StringUtils.isNotEmpty(consumerAppDTO.getCallbackUrl())) { + List callBackURIList = new ArrayList<>(); + // Need to split the redirect uris for validating the host names since it is combined + // into one regular expression. + if (consumerAppDTO.getCallbackUrl().startsWith(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) { + callBackURIList = getRedirectURIList(consumerAppDTO); + } else { + callBackURIList.add(consumerAppDTO.getCallbackUrl()); + } + if (StringUtils.isNotEmpty(consumerAppDTO.getSectorIdentifierURI())) { + validateSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI(), callBackURIList); + oauthappdo.setSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI()); + } else { + validateRedirectURIForPPID(callBackURIList); + } } } oauthappdo.setSubjectType(consumerAppDTO.getSubjectType());