Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ssa validation for dcr update #2245

Merged
merged 2 commits into from
Nov 6, 2023
Merged

Add ssa validation for dcr update #2245

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
54c82ce
add ssa validation for dcr update
SachiniSiriwardene Nov 5, 2023
7b1a473
add null check for callback uri validation for PPID
SachiniSiriwardene Nov 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions ...ntity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,15 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str
throw DCRMUtils.generateClientException(DCRMConstants.ErrorMessages.FAILED_TO_GET_SP,
appDTO.getApplicationName(), null);
}
// Validate software statement assertion signature.
if (StringUtils.isNotEmpty(updateRequest.getSoftwareStatement())) {
try {
validateSSASignature(updateRequest.getSoftwareStatement());
} catch (IdentityOAuth2Exception e) {
throw new DCRMClientException(DCRMConstants.ErrorCodes.INVALID_SOFTWARE_STATEMENT,
DCRMConstants.ErrorMessages.SIGNATURE_VALIDATION_FAILED.getMessage(), e);
}
}
// Update the service provider properties list with the display name property.
updateServiceProviderPropertyList(sp, updateRequest.getExtApplicationDisplayName());
// Update jwksURI.
Expand Down
58 changes: 31 additions & 27 deletions ...on.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -388,20 +388,22 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer
application.setSubjectType(OIDCClaimUtil.getDefaultSubjectType().toString());
}
if (OAuthConstants.SubjectType.PAIRWISE.getValue().equals(application.getSubjectType())) {
List<String> callBackURIList = new ArrayList<>();
// Need to split the redirect uris for validating the host names since it is combined
// into one regular expression.
if (application.getCallbackUrl().startsWith(
OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) {
callBackURIList = getRedirectURIList(application);
} else {
callBackURIList.add(application.getCallbackUrl());
}
if (StringUtils.isNotEmpty(application.getSectorIdentifierURI())) {
validateSectorIdentifierURI(application.getSectorIdentifierURI(), callBackURIList);
app.setSectorIdentifierURI(application.getSectorIdentifierURI());
} else {
validateRedirectURIForPPID(callBackURIList);
if (StringUtils.isNotEmpty(application.getCallbackUrl())) {
List<String> callBackURIList = new ArrayList<>();
// Need to split the redirect uris for validating the host names since it is combined
// into one regular expression.
if (application.getCallbackUrl().startsWith(
OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) {
callBackURIList = getRedirectURIList(application);
} else {
callBackURIList.add(application.getCallbackUrl());
}
if (StringUtils.isNotEmpty(application.getSectorIdentifierURI())) {
validateSectorIdentifierURI(application.getSectorIdentifierURI(), callBackURIList);
app.setSectorIdentifierURI(application.getSectorIdentifierURI());
} else {
validateRedirectURIForPPID(callBackURIList);
}
}
}
app.setSubjectType(application.getSubjectType());
Expand Down Expand Up @@ -767,19 +769,21 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws
consumerAppDTO.setSubjectType(OIDCClaimUtil.getDefaultSubjectType().toString());
}
if (OAuthConstants.SubjectType.PAIRWISE.getValue().equals(consumerAppDTO.getSubjectType())) {
List<String> callBackURIList = new ArrayList<>();
// Need to split the redirect uris for validating the host names since it is combined
// into one regular expression.
if (consumerAppDTO.getCallbackUrl().startsWith(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) {
callBackURIList = getRedirectURIList(consumerAppDTO);
} else {
callBackURIList.add(consumerAppDTO.getCallbackUrl());
}
if (StringUtils.isNotEmpty(consumerAppDTO.getSectorIdentifierURI())) {
validateSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI(), callBackURIList);
oauthappdo.setSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI());
} else {
validateRedirectURIForPPID(callBackURIList);
if (StringUtils.isNotEmpty(consumerAppDTO.getCallbackUrl())) {
List<String> callBackURIList = new ArrayList<>();
// Need to split the redirect uris for validating the host names since it is combined
// into one regular expression.
if (consumerAppDTO.getCallbackUrl().startsWith(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) {
callBackURIList = getRedirectURIList(consumerAppDTO);
} else {
callBackURIList.add(consumerAppDTO.getCallbackUrl());
}
if (StringUtils.isNotEmpty(consumerAppDTO.getSectorIdentifierURI())) {
validateSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI(), callBackURIList);
oauthappdo.setSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI());
} else {
validateRedirectURIForPPID(callBackURIList);
}
}
}
oauthappdo.setSubjectType(consumerAppDTO.getSubjectType());
Expand Down