feat(jans-auth-server): added sector_identifier_uri content validatio…

…n (certification) #3639 (#3641)
JanssenProject · Jan 17, 2023 · 2583e53 · 2583e53
1 parent 15f0dd4
commit 2583e53
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 1 deletion.
diff --git a/...er/server/src/main/java/io/jans/as/server/model/registration/RegisterParamsValidator.java b/...er/server/src/main/java/io/jans/as/server/model/registration/RegisterParamsValidator.java
@@ -312,6 +312,7 @@ public boolean validateRedirectUris(List<GrantType> grantTypes, List<ResponseTyp
         }
 
         // Validate Sector Identifier URL
+        boolean noRedirectUriInSectorIdentifierUri = false;
         if (valid && StringUtils.isNotBlank(sectorIdentifierUrl)) {
             try {
                 URI uri = new URI(sectorIdentifierUrl);
@@ -337,6 +338,10 @@ public boolean validateRedirectUris(List<GrantType> grantTypes, List<ResponseTyp
             } catch (Exception e) {
                 log.debug(e.getMessage(), e);
                 valid = false;
+            } finally {
+                if (!valid) {
+                    noRedirectUriInSectorIdentifierUri = true;
+                }
             }
         }
 
@@ -345,6 +350,10 @@ public boolean validateRedirectUris(List<GrantType> grantTypes, List<ResponseTyp
             valid = checkWhiteListRedirectUris(redirectUris) && checkBlackListRedirectUris(redirectUris);
         }
 
+        if (noRedirectUriInSectorIdentifierUri) {
+            throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Failed to validate redirect uris. No redirect_uri in sector_identifier_uri content.");
+        }
+
         return valid;
     }
 

diff --git a/...erver/src/test/java/io/jans/as/server/model/registration/RegisterParamsValidatorTest.java b/...erver/src/test/java/io/jans/as/server/model/registration/RegisterParamsValidatorTest.java
@@ -2,10 +2,16 @@
 
 import com.beust.jcommander.internal.Lists;
 import io.jans.as.client.RegisterRequest;
+import io.jans.as.model.common.GrantType;
+import io.jans.as.model.common.ResponseType;
+import io.jans.as.model.common.SubjectType;
 import io.jans.as.model.configuration.AppConfiguration;
 import io.jans.as.model.crypto.signature.SignatureAlgorithm;
 import io.jans.as.model.error.ErrorResponseFactory;
+import io.jans.as.model.register.ApplicationType;
+import io.jans.as.model.register.RegisterErrorResponseType;
 import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.Response;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.testng.MockitoTestNGListener;
@@ -14,7 +20,7 @@
 import org.testng.annotations.Test;
 
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;
 
 /**
  * @author Yuriy Z
@@ -34,6 +40,22 @@ public class RegisterParamsValidatorTest {
     @Mock
     private ErrorResponseFactory errorResponseFactory;
 
+    @Test
+    public void validateRedirectUris_whenSectorIdentifierDoesNotHostValidRedirectUri_shouldThrowInvalidClientMetadataError() {
+        try {
+            when(errorResponseFactory.createWebApplicationException(any(), any(), any())).thenCallRealMethod();
+            registerParamsValidator.validateRedirectUris(
+                    Lists.newArrayList(GrantType.AUTHORIZATION_CODE),
+                    Lists.newArrayList(ResponseType.CODE),
+                    ApplicationType.WEB,
+                    SubjectType.PAIRWISE,
+                    Lists.newArrayList("https://someuri.com"),
+                    "https://invaliduri.com");
+        } catch (WebApplicationException e) {
+            verify(errorResponseFactory, times(1)).createWebApplicationException(eq(Response.Status.BAD_REQUEST), eq(RegisterErrorResponseType.INVALID_CLIENT_METADATA), any());
+        }
+    }
+
     @Test
     public void validateAlgorithms_whenAlgIsAmoungSupported_shouldNotRaiseException() {
         RegisterRequest request = new RegisterRequest();