private ErrorObject validateIdTokenClaims(
ReadOnlyJWTClaimsSet claimsSet, SessionManager.Entry entry) {
ErrorObject error = CommonValidator.validateBaseJwtClaims(claimsSet, TokenClass.ID_TOKEN);
if (error == null
&& !Objects.equals(this.tenantInfo.getIssuer().getValue(), claimsSet.getIssuer())) {
error = OAuth2Error.INVALID_REQUEST.setDescription("id_token has incorrect issuer");
}
if (error == null
&& entry != null
&& !Objects.equals(entry.getPersonUser().getSubject().getValue(), claimsSet.getSubject())) {
error =
OAuth2Error.INVALID_REQUEST.setDescription(
"id_token subject does not match the session user");
}
if (error == null && claimsSet.getAudience().size() != 1) {
error =
OAuth2Error.INVALID_REQUEST.setDescription(
"id_token must have a single audience value containing the client_id");
}
return error;
}
/**
* Validate uri.
*
* @return true, if successful
*/
@Override
public final boolean validateUri() {
LOG.trace("Start SessionResourceValidator#validateUri()");
boolean isValid = false;
setInvalidParameter(VtnServiceJsonConsts.URI + VtnServiceJsonConsts.SESSIONID);
if (resource instanceof SessionResource
&& ((SessionResource) resource).getSessionId() != null
&& !((SessionResource) resource).getSessionId().isEmpty()) {
/*
* if (Long.parseLong(((SessionResource) resource).getSessionId() )
* >= 0) { isValid = true; }
*/
isValid =
validator.isValidRange(
((SessionResource) resource).getSessionId(),
VtnServiceJsonConsts.LONG_VAL_1,
VtnServiceJsonConsts.LONG_VAL_4294967295);
setListOpFlag(false);
} else if (resource instanceof SessionsResource) {
isValid = true;
setListOpFlag(true);
}
LOG.trace("Complete SessionResourceValidator#validateUri()");
return isValid;
}
/**
* Validate get request Json for List Sessions API.
*
* @param requestBody the request Json object
* @return true, if successful
*/
private boolean validateGet(final JsonObject requestBody) {
LOG.trace("Start SessionResourceValidator#validateGet()");
boolean isValid = true;
// validation for key: op
setInvalidParameter(VtnServiceJsonConsts.OP);
if (requestBody.has(VtnServiceJsonConsts.OP)
&& requestBody.getAsJsonPrimitive(VtnServiceJsonConsts.OP).getAsString() != null
&& !requestBody.getAsJsonPrimitive(VtnServiceJsonConsts.OP).getAsString().isEmpty()) {
isValid = validator.isValidOperation(requestBody);
}
LOG.trace("Complete SessionResourceValidator#validateGet()");
return isValid;
}
/**
* Validate put request Json for Set Password API.
*
* @param requestBody the request Json object
* @return true, if successful
*/
private boolean validatePut(final JsonObject requestBody) {
LOG.trace("Start UserResourceValidator#validatePut()");
boolean isValid = false;
// validation for password
setInvalidParameter(VtnServiceJsonConsts.PASSWORD);
if (requestBody.has(VtnServiceJsonConsts.PASSWORD)
&& requestBody.get(VtnServiceJsonConsts.PASSWORD) instanceof JsonObject
&& requestBody
.get(VtnServiceJsonConsts.PASSWORD)
.getAsJsonObject()
.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD)
.getAsString()
!= null) {
final String password =
requestBody
.get(VtnServiceJsonConsts.PASSWORD)
.getAsJsonObject()
.get(VtnServiceJsonConsts.PASSWORD)
.getAsString();
requestBody.remove(VtnServiceJsonConsts.PASSWORD);
requestBody.addProperty(VtnServiceJsonConsts.PASSWORD, password);
}
if (requestBody.has(VtnServiceJsonConsts.PASSWORD)
&& requestBody.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString() != null
&& !requestBody
.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD)
.getAsString()
.trim()
.isEmpty()) {
isValid =
validator.isValidMaxLength(
requestBody.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString().trim(),
VtnServiceJsonConsts.LEN_72);
} else {
isValid = false;
}
LOG.trace("Complete UserResourceValidator#validatePut()");
return isValid;
}
/**
* Validate post request Json for Create Session API
*
* @param requestBody the request Json object
* @return true, if successful
*/
private boolean validatePost(final JsonObject requestBody) {
LOG.trace("Start SessionResourceValidator#validatePost()");
boolean isValid = false;
setInvalidParameter(VtnServiceJsonConsts.SESSION);
if (requestBody.has(VtnServiceJsonConsts.SESSION)
&& requestBody.get(VtnServiceJsonConsts.SESSION).isJsonObject()) {
final JsonObject session = requestBody.getAsJsonObject(VtnServiceJsonConsts.SESSION);
// validation for mandatory key: password
setInvalidParameter(VtnServiceJsonConsts.PASSWORD);
if (session.has(VtnServiceJsonConsts.PASSWORD)
&& session.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString() != null
&& !session.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString().isEmpty()) {
isValid =
validator.isValidMaxLength(
session.getAsJsonPrimitive(VtnServiceJsonConsts.PASSWORD).getAsString(),
VtnServiceJsonConsts.LEN_72);
}
// validation for mandatory key: ipaddr
if (isValid) {
setInvalidParameter(VtnServiceJsonConsts.IPADDR);
if (session.has(VtnServiceJsonConsts.IPADDR)
&& session.getAsJsonPrimitive(VtnServiceJsonConsts.IPADDR).getAsString() != null
&& !session.getAsJsonPrimitive(VtnServiceJsonConsts.IPADDR).getAsString().isEmpty()) {
isValid =
validator.isValidIpV4(
session.getAsJsonPrimitive(VtnServiceJsonConsts.IPADDR).getAsString());
} else {
isValid = false;
}
}
// validation for key: login_name
if (isValid) {
setInvalidParameter(VtnServiceJsonConsts.LOGIN_NAME);
if (session.has(VtnServiceJsonConsts.LOGIN_NAME)
&& session.getAsJsonPrimitive(VtnServiceJsonConsts.LOGIN_NAME).getAsString() != null
&& !session
.getAsJsonPrimitive(VtnServiceJsonConsts.LOGIN_NAME)
.getAsString()
.isEmpty()) {
isValid =
validator.isValidMaxLength(
session.getAsJsonPrimitive(VtnServiceJsonConsts.LOGIN_NAME).getAsString(),
VtnServiceJsonConsts.LEN_32);
}
}
// validation for key: username
if (isValid) {
setInvalidParameter(VtnServiceJsonConsts.USERNAME);
if (session.has(VtnServiceJsonConsts.USERNAME)
&& session.getAsJsonPrimitive(VtnServiceJsonConsts.USERNAME).getAsString() != null
&& !session.getAsJsonPrimitive(VtnServiceJsonConsts.USERNAME).getAsString().isEmpty()) {
isValid =
validator.isValidMaxLength(
session.getAsJsonPrimitive(VtnServiceJsonConsts.USERNAME).getAsString(),
VtnServiceJsonConsts.LEN_32);
} else {
requestBody
.getAsJsonObject(VtnServiceJsonConsts.SESSION)
.remove(VtnServiceJsonConsts.USERNAME);
requestBody
.getAsJsonObject(VtnServiceJsonConsts.SESSION)
.addProperty(VtnServiceJsonConsts.USERNAME, VtnServiceJsonConsts.OPER);
}
}
// validation for key: type
if (isValid) {
setInvalidParameter(VtnServiceJsonConsts.TYPE);
if (session.has(VtnServiceJsonConsts.TYPE)
&& session.getAsJsonPrimitive(VtnServiceJsonConsts.TYPE).getAsString() != null
&& !session.getAsJsonPrimitive(VtnServiceJsonConsts.TYPE).getAsString().isEmpty()) {
isValid =
session
.getAsJsonPrimitive(VtnServiceJsonConsts.TYPE)
.getAsString()
.equalsIgnoreCase(VtnServiceJsonConsts.WEBAPI)
|| session
.getAsJsonPrimitive(VtnServiceJsonConsts.TYPE)
.getAsString()
.equalsIgnoreCase(VtnServiceJsonConsts.WEBUI);
} else {
requestBody
.getAsJsonObject(VtnServiceJsonConsts.SESSION)
.remove(VtnServiceJsonConsts.TYPE);
requestBody
.getAsJsonObject(VtnServiceJsonConsts.SESSION)
.addProperty(VtnServiceJsonConsts.TYPE, VtnServiceJsonConsts.WEBUI);
}
}
// validation for key: info
if (isValid) {
setInvalidParameter(VtnServiceJsonConsts.INFO);
if (session.has(VtnServiceJsonConsts.INFO)
&& session.getAsJsonPrimitive(VtnServiceJsonConsts.INFO).getAsString() != null
&& !session.getAsJsonPrimitive(VtnServiceJsonConsts.INFO).getAsString().isEmpty()) {
isValid =
validator.isValidMaxLength(
session.getAsJsonPrimitive(VtnServiceJsonConsts.INFO).getAsString(),
VtnServiceJsonConsts.LEN_63);
}
}
}
LOG.trace("Complete SessionResourceValidator#validatePost()");
return isValid;
}
