Skip to content

Commit

Permalink
Fix par client assersion mandatory params validation issue
Browse files Browse the repository at this point in the history
  • Loading branch information
Akila94 committed Nov 13, 2024
1 parent 5d8cc6b commit 74aed04
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.openbanking.cds.identity.authenticator.util.CDSJWTValidator;
import org.wso2.openbanking.cds.identity.authenticator.util.Constants;
import org.wso2.openbanking.cds.identity.dcr.constants.CDSValidationConstants;

import java.text.ParseException;
import java.util.ArrayList;
Expand Down Expand Up @@ -182,13 +183,7 @@ private CDSJWTValidator createJWTValidator(String accessedEndpoint, boolean prev

private List<String> populateMandatoryClaims() {

List<String> mandatoryClaims = new ArrayList<>();
mandatoryClaims.add(Constants.ISSUER_CLAIM);
mandatoryClaims.add(Constants.SUBJECT_CLAIM);
mandatoryClaims.add(Constants.AUDIENCE_CLAIM);
mandatoryClaims.add(Constants.EXPIRATION_TIME_CLAIM);
mandatoryClaims.add(Constants.JWT_ID_CLAIM);
return mandatoryClaims;
return CDSValidationConstants.MANDATORY_ASSERTION_PARAMS_LIST;
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
*/
package org.wso2.openbanking.cds.identity.dcr.constants;

import org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt.Constants;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
Expand All @@ -35,6 +37,7 @@ public class CDSValidationConstants {
public static final String SSA_POLICY_URI = "policy_uri";
public static final String SSA_TOS_URI = "tos_uri";
public static final String SSA_CLIENT_URI = "client_uri";
public static final String CLIENT_ASSERTION = "client_assertion";
public static final String DATA_RECIPIENT_SOFTWARE_PRODUCT = "data-recipient-software-product";
public static final List<String> VALID_SSA_SCOPES = Collections.unmodifiableList(Arrays.asList(
"openid", "profile", "bank:accounts.basic:read", "bank:accounts.detail:read", "bank:transactions:read",
Expand All @@ -53,4 +56,6 @@ public class CDSValidationConstants {
public static final String DCR_VALIDATE_SECTOR_IDENTIFIER_URI = "DCR.EnableSectorIdentifierUriValidation";
public static final String JTI = "jti";
public static final String JTI_REPLAYED = "JTI value of the registration request has been replayed";
public static final List<String> MANDATORY_ASSERTION_PARAMS_LIST = List.of(Constants.ISSUER_CLAIM,
Constants.SUBJECT_CLAIM, Constants.AUDIENCE_CLAIM, Constants.EXPIRATION_TIME_CLAIM, Constants.JWT_ID_CLAIM);
}
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package org.wso2.openbanking.cds.identity.push.auth.extension.request.validator;

import com.wso2.openbanking.accelerator.common.exception.ConsentManagementException;
import com.wso2.openbanking.accelerator.common.util.JWTUtils;
import com.wso2.openbanking.accelerator.consent.mgt.dao.models.DetailedConsentResource;
import com.wso2.openbanking.accelerator.consent.mgt.service.impl.ConsentCoreServiceImpl;
import com.wso2.openbanking.accelerator.identity.push.auth.extension.request.validator.PushAuthRequestValidator;
Expand All @@ -29,8 +30,10 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpStatus;
import org.wso2.openbanking.cds.identity.dcr.constants.CDSValidationConstants;
import org.wso2.openbanking.cds.identity.utils.CDSIdentityConstants;

import java.text.ParseException;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.Map;
Expand Down Expand Up @@ -61,6 +64,27 @@ public CDSPushAuthRequestValidator(ConsentCoreServiceImpl consentCoreService) {
@Override
public void validateAdditionalParams(Map<String, Object> parameters) throws PushAuthRequestValidatorException {

// Validate client assertion
if (parameters.containsKey(CDSValidationConstants.CLIENT_ASSERTION)) {
JSONObject assertionClaims;
try {
assertionClaims = JWTUtils.decodeRequestJWT(parameters
.get(CDSValidationConstants.CLIENT_ASSERTION).toString(), "body");
} catch (ParseException e) {
log.error("Error while parsing JWT assertion", e);
throw new PushAuthRequestValidatorException(HttpStatus.SC_BAD_REQUEST,
PushAuthRequestConstants.INVALID_REQUEST_OBJECT,
CDSIdentityConstants.INVALID_PUSH_AUTH_REQUEST);
}
for (String key : CDSValidationConstants.MANDATORY_ASSERTION_PARAMS_LIST) {
if (!assertionClaims.containsKey(key)) {
throw new PushAuthRequestValidatorException(HttpStatus.SC_BAD_REQUEST,
PushAuthRequestConstants.INVALID_REQUEST, "Mandatory field :" + key
+ " is missing in the JWT assertion.");
}
}
}

JSONObject requestObjectJsonBody;
if (parameters.containsKey(PushAuthRequestConstants.DECODED_JWT_BODY) &&
parameters.get(PushAuthRequestConstants.DECODED_JWT_BODY) instanceof JSONObject) {
Expand Down

0 comments on commit 74aed04

Please sign in to comment.