diff options
Diffstat (limited to 'id/server/modules/moa-id-module-openID')
7 files changed, 73 insertions, 69 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java index b0736ff2e..cc987bfe7 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -56,7 +56,8 @@ public final class OAuth20Constants { public static final String PARAM_SCOPE = "scope"; public static final String PARAM_MOA_MOD = "mod"; public static final String PARAM_MOA_ACTION = "action"; - + public static final String PARAM_OPENID_CODE = "openid_code"; + // reponse parameters public static final String RESPONSE_CODE = "code"; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 19fdb3fee..9779b0cf4 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -44,16 +44,20 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; +import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; +import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; @@ -95,8 +99,9 @@ public final class OAuth20AttributeBuilder { private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>(); private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>(); private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>(); - private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>(); - private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>(); + private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>(); + @Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>(); + static { // openId buildersOpenId.add(new OpenIdIssuerAttribute()); @@ -120,11 +125,14 @@ public final class OAuth20AttributeBuilder { buildersEID.add(new EIDAuthBlock()); buildersEID.add(new EIDSignerCertificate()); buildersEID.add(new BPKAttributeBuilder()); + buildersEID.add(new BPKListAttributeBuilder()); + buildersEID.add(new EncryptedBPKAttributeBuilder()); // eID_gov buildersEIDGov.add(new EIDSourcePIN()); buildersEIDGov.add(new EIDSourcePINType()); buildersEIDGov.add(new EIDIdentityLinkBuilder()); + buildersEIDGov.add(new BPKListAttributeBuilder()); // mandate buildersMandate.add(new MandateTypeAttributeBuilder()); @@ -133,6 +141,8 @@ public final class OAuth20AttributeBuilder { buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder()); + buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder()); buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b00675e7c..3b300c824 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20AuthAction") -class OAuth20AuthAction implements IAction { +public class OAuth20AuthAction implements IAction { @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; @@ -131,7 +131,7 @@ class OAuth20AuthAction implements IAction { } - private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, + public Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException { // create response diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 0350a113c..4dc99262e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -24,19 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.logging.Logger; @@ -160,7 +161,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oAuthConfig) throws OAuth20Exception { this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true)); this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); @@ -178,25 +179,23 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE); } - // check if client id and redirect uri are ok - try { - // OAOAUTH20 cannot be null at this point. check was done in base request - ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); - - - if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) - || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { - throw new OAuth20AccessDeniedException(); - } - - this.setOnlineApplicationConfiguration(oAuthConfig); - Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); + // OAOAUTH20 cannot be null at this point. check was done in base request + if (StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) + || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { + throw new OAuth20OANotSupportedException(); + } + + if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) + || !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { + throw new OAuth20AccessDeniedException(); - } catch (EAAFConfigurationException e) { - throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } + this.setOnlineApplicationConfiguration(oAuthConfig); + Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); + } // /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 118de861c..9cceea7d5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -35,10 +35,8 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -77,21 +75,17 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) - || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) - || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) { - throw new OAuth20OANotSupportedException(); - } + // oAuth + this.populateSpecialParameters(request, authConfig, oaParam); + + // cleanup parameters + this.checkAllowedParameters(request); + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - - // oAuth - this.populateSpecialParameters(request, authConfig); - - // cleanup parameters - this.checkAllowedParameters(request); + } private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException { @@ -112,6 +106,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { } - protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception; + protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 9f4174bf0..0952ba0a6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -21,10 +22,12 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; @@ -47,7 +50,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.BPK_NAME }); - + + @Autowired(required=true) AuthConfiguration moaAuthConfig; + public String getName() { return NAME; } @@ -68,12 +73,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { -// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { -// Logger.info("OpenID-Connect is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); -// -// } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException { + if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { @@ -102,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { -// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { -// Logger.info("OpenID-Connect is deaktivated!"); -// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); -// -// } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException { + if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 89e4252b1..9a3613ea1 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -24,20 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.logging.Logger; @Component("OAuth20TokenRequest") @@ -125,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception { this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true)); this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true)); this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); @@ -136,26 +136,21 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { throw new OAuth20InvalidGrantException(); } - // check if client id and secret are ok - try { - // OAOAUTH20 cannot be null at this point. check was done in base request - ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); - - if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { - throw new OAuth20AccessDeniedException(); - } - - if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) { - throw new OAuth20AccessDeniedException(); - } - - this.setOnlineApplicationConfiguration(oaParam); - + // OAOAUTH20 cannot be null at this point. check was done in base request + if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) + || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) + throw new OAuth20OANotSupportedException(); + + if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { + throw new OAuth20AccessDeniedException(); } - catch (EAAFConfigurationException e) { - throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); + + if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) { + throw new OAuth20AccessDeniedException(); } + this.setOnlineApplicationConfiguration(oaParam); + Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID); //add valid parameters |