fix(config-api): fixes for client creation, enum handling (#2854)

* fix(config-api): client creation exception

* fix(config-api): client creations exception

* fix(config-api): issues fixed 2743, 2755 and 2689

* fix(config-api): change to use fido2 app config model

* fix(config-api): change to use fido2 app config model

jans-config-api/docs/jans-config-api-swagger-auto.yaml

@@ -7178,20 +7178,20 @@ components:
           $ref: '#/components/schemas/AttributeValidation'
         tooltip:
           type: string
-        whitePagesCanView:
-          type: boolean
         adminCanEdit:
           type: boolean
-        adminCanView:
-          type: boolean
         userCanView:
           type: boolean
-        userCanAccess:
-          type: boolean
         adminCanAccess:
           type: boolean
         userCanEdit:
           type: boolean
+        adminCanView:
+          type: boolean
+        userCanAccess:
+          type: boolean
+        whitePagesCanView:
+          type: boolean
         baseDn:
           type: string
     PatchRequest:
@@ -7355,6 +7355,7 @@ components:
             - client_credentials
             - refresh_token
             - urn:ietf:params:oauth:grant-type:uma-ticket
+            - urn:ietf:params:oauth:grant-type:token-exchange
             - urn:openid:params:grant-type:ciba
             - urn:ietf:params:oauth:grant-type:device_code
         applicationType:
@@ -7517,8 +7518,6 @@ components:
           format: int32
         displayName:
           type: string
-        tokenBindingSupported:
-          type: boolean
         authenticationMethod:
           type: string
           enum:
@@ -7530,6 +7529,8 @@ components:
           - tls_client_auth
           - self_signed_tls_client_auth
           - none
+        tokenBindingSupported:
+          type: boolean
         baseDn:
           type: string
         inum:
@@ -7796,6 +7797,7 @@ components:
             - client_credentials
             - refresh_token
             - urn:ietf:params:oauth:grant-type:uma-ticket
+            - urn:ietf:params:oauth:grant-type:token-exchange
             - urn:openid:params:grant-type:ciba
             - urn:ietf:params:oauth:grant-type:device_code
         subjectTypesSupported:
@@ -8056,6 +8058,7 @@ components:
             - client_credentials
             - refresh_token
             - urn:ietf:params:oauth:grant-type:uma-ticket
+            - urn:ietf:params:oauth:grant-type:token-exchange
             - urn:openid:params:grant-type:ciba
             - urn:ietf:params:oauth:grant-type:device_code
         cssLocation:
@@ -8171,6 +8174,10 @@ components:
           type: boolean
         disableU2fEndpoint:
           type: boolean
+        rotateDeviceSecret:
+          type: boolean
+        returnDeviceSecretFromAuthzEndpoint:
+          type: boolean
         dcrSignatureValidationEnabled:
           type: boolean
         dcrSignatureValidationSharedSecret:
@@ -8328,15 +8335,6 @@ components:
           $ref: '#/components/schemas/SsaConfiguration'
         fapi:
           type: boolean
-        allResponseTypesSupported:
-          uniqueItems: true
-          type: array
-          items:
-            type: string
-            enum:
-            - code
-            - token
-            - id_token
         enabledFeatureFlags:
           uniqueItems: true
           type: array
@@ -8364,6 +8362,15 @@ components:
             - STAT
             - PAR
             - SSA
+        allResponseTypesSupported:
+          uniqueItems: true
+          type: array
+          items:
+            type: string
+            enum:
+            - code
+            - token
+            - id_token
     AuthenticationFilter:
       required:
       - baseDn
@@ -8620,13 +8627,13 @@ components:
           type: boolean
         internal:
           type: boolean
-        locationPath:
-          type: string
         locationType:
           type: string
           enum:
           - ldap
           - file
+        locationPath:
+          type: string
         baseDn:
           type: string
     ScriptError:
@@ -9028,6 +9035,10 @@ components:
           type: object
           additionalProperties:
             type: string
+        deviceSecrets:
+          type: array
+          items:
+            type: string
         expirationDate:
           type: string
           format: date-time

jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/user/UserManagementService.java

@@ -45,7 +45,7 @@ public AdminRole getRoleObjByName(String role) throws ApplicationException {
             List<AdminRole> roles = adminConf.getDynamic().getRoles().stream().filter(ele -> ele.getRole().equals(role)).collect(Collectors.toList());
             if (roles.isEmpty()) {
                 log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
-                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
+                throw new ApplicationException(Response.Status.NOT_FOUND.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
             }
             return roles.stream().findFirst().get();
         } catch (ApplicationException e) {
@@ -160,7 +160,7 @@ public AdminPermission getPermissionObjByName(String permission) throws Applicat
             List<AdminPermission> permissions = adminConf.getDynamic().getPermissions().stream().filter(ele -> ele.getPermission().equals(permission)).collect(Collectors.toList());
             if (permissions.isEmpty()) {
                 log.error(ErrorResponse.ROLE_NOT_FOUND.getDescription());
-                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_NOT_FOUND.getDescription());
+                throw new ApplicationException(Response.Status.NOT_FOUND.getStatusCode(), ErrorResponse.PERMISSION_NOT_FOUND.getDescription());
             }
             return permissions.stream().findFirst().get();
         } catch (ApplicationException e) {
@@ -336,9 +336,12 @@ public RolePermissionMapping getAdminUIRolePermissionsMapping(String role) throw
 
             if (roleScopeMapping.isEmpty()) {
                 log.error(ErrorResponse.ROLE_PERMISSION_MAP_NOT_FOUND.getDescription());
-                throw new ApplicationException(Response.Status.BAD_REQUEST.getStatusCode(), ErrorResponse.ROLE_PERMISSION_MAP_NOT_FOUND.getDescription());
+                throw new ApplicationException(Response.Status.NOT_FOUND.getStatusCode(), ErrorResponse.ROLE_PERMISSION_MAP_NOT_FOUND.getDescription());
             }
             return roleScopeMapping.stream().findFirst().get();
+        } catch (ApplicationException e) {
+            log.error(ErrorResponse.GET_ADMIUI_PERMISSIONS_ERROR.getDescription());
+            throw e;
         } catch (Exception e) {
             log.error(ErrorResponse.ERROR_READING_ROLE_PERMISSION_MAP.getDescription(), e);
             throw new ApplicationException(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), ErrorResponse.ERROR_READING_ROLE_PERMISSION_MAP.getDescription());

jans-config-api/plugins/docs/fido2-plugin-swagger.yaml

@@ -29,7 +29,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/DbApplicationConfiguration'
+                $ref: '#/components/schemas/AppConfiguration'
         "401":
           description: Unauthorized
         "500":
@@ -48,14 +48,14 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/DbApplicationConfiguration'
+              $ref: '#/components/schemas/AppConfiguration'
       responses:
         "200":
           description: Fido2Config
           content:
             application/json:
               schema:
-                type: string
+                $ref: '#/components/schemas/AppConfiguration'
         "401":
           description: Unauthorized
         "500":
@@ -94,16 +94,83 @@ paths:
         - https://jans.io/oauth/config/fido2.readonly
 components:
   schemas:
-    DbApplicationConfiguration:
+    AppConfiguration:
       type: object
       properties:
-        dn:
+        issuer:
           type: string
-        dynamicConf:
+        baseEndpoint:
           type: string
-        revision:
+        cleanServiceInterval:
+          type: integer
+          format: int32
+        cleanServiceBatchChunkSize:
           type: integer
-          format: int64
+          format: int32
+        useLocalCache:
+          type: boolean
+        disableJdkLogger:
+          type: boolean
+        loggingLevel:
+          type: string
+        loggingLayout:
+          type: string
+        externalLoggerConfiguration:
+          type: string
+        metricReporterInterval:
+          type: integer
+          format: int32
+        metricReporterKeepDataDays:
+          type: integer
+          format: int32
+        metricReporterEnabled:
+          type: boolean
+        personCustomObjectClassList:
+          type: array
+          items:
+            type: string
+        fido2Configuration:
+          $ref: '#/components/schemas/Fido2Configuration'
+    Fido2Configuration:
+      type: object
+      properties:
+        authenticatorCertsFolder:
+          type: string
+        mdsAccessToken:
+          type: string
+        mdsCertsFolder:
+          type: string
+        mdsTocsFolder:
+          type: string
+        checkU2fAttestations:
+          type: boolean
+        userAutoEnrollment:
+          type: boolean
+        unfinishedRequestExpiration:
+          type: integer
+          format: int32
+        authenticationHistoryExpiration:
+          type: integer
+          format: int32
+        serverMetadataFolder:
+          type: string
+        requestedCredentialTypes:
+          type: array
+          items:
+            type: string
+        requestedParties:
+          type: array
+          items:
+            $ref: '#/components/schemas/RequestedParty'
+    RequestedParty:
+      type: object
+      properties:
+        name:
+          type: string
+        domains:
+          type: array
+          items:
+            type: string
     Fido2RegistrationData:
       type: object
       properties:

jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2ConfigResource.java

@@ -6,16 +6,13 @@
 
 package io.jans.configapi.plugin.fido2.rest;
 
-import com.fasterxml.jackson.core.JsonProcessingException;
-
-import io.jans.config.oxtrust.DbApplicationConfiguration;
 import io.jans.configapi.core.rest.BaseResource;
 import io.jans.configapi.core.rest.ProtectedApi;
 import io.jans.configapi.plugin.fido2.service.Fido2Service;
 import io.jans.configapi.plugin.fido2.util.Fido2Util;
 import io.jans.configapi.util.ApiAccessConstants;
 import io.jans.configapi.plugin.fido2.util.Constants;
-import io.jans.configapi.core.util.Jackson;
+import io.jans.fido2.model.conf.AppConfiguration;
 
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
@@ -53,33 +50,33 @@ public class Fido2ConfigResource extends BaseResource {
             "Fido2 - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = {
                     ApiAccessConstants.FIDO2_CONFIG_READ_ACCESS }))
     @ApiResponses(value = {
-            @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = DbApplicationConfiguration.class))),
+            @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AppConfiguration.class))),
             @ApiResponse(responseCode = "401", description = "Unauthorized"),
             @ApiResponse(responseCode = "500", description = "InternalServerError") })
     @GET
     @ProtectedApi(scopes = { ApiAccessConstants.FIDO2_CONFIG_READ_ACCESS })
-    public Response getFido2Configuration() throws JsonProcessingException {
-        DbApplicationConfiguration dbApplicationConfiguration = this.fido2Service.find();
-        logger.debug("FIDO2 details dbApplicationConfiguration.getDynamicConf():{}",
-                dbApplicationConfiguration.getDynamicConf());
-        return Response.ok(Jackson.asJsonNode(dbApplicationConfiguration.getDynamicConf())).build();
+    public Response getFido2Configuration() {
+        AppConfiguration appConfiguration = this.fido2Service.find();
+        logger.debug("FIDO2 details appConfiguration():{}", appConfiguration);
+        return Response.ok(appConfiguration).build();
     }
 
     @Operation(summary = "Updates Fido2 configuration properties", description = "Updates Fido2 configuration properties", operationId = "put-properties-fido2", tags = {
             "Fido2 - Configuration" }, security = @SecurityRequirement(name = "oauth2", scopes = {
                     ApiAccessConstants.FIDO2_CONFIG_WRITE_ACCESS }))
-    @RequestBody(description = "Fido2Config", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = DbApplicationConfiguration.class)))
+    @RequestBody(description = "Fido2Config", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AppConfiguration.class)))
     @ApiResponses(value = {
-            @ApiResponse(responseCode = "200", description = "Fido2Config", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = String.class))),
+            @ApiResponse(responseCode = "200", description = "Fido2Config", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = AppConfiguration.class))),
             @ApiResponse(responseCode = "401", description = "Unauthorized"),
             @ApiResponse(responseCode = "500", description = "InternalServerError") })
     @PUT
     @ProtectedApi(scopes = { ApiAccessConstants.FIDO2_CONFIG_WRITE_ACCESS })
-    public Response updateFido2Configuration(@NotNull String fido2ConfigJson) {
-        logger.debug("FIDO2 details to be updated - fido2ConfigJson:{} ", fido2ConfigJson);
-        checkResourceNotNull(fido2ConfigJson, FIDO2_CONFIGURATION);
-        this.fido2Service.merge(fido2ConfigJson);
-        return Response.ok(fido2ConfigJson).build();
+    public Response updateFido2Configuration(@NotNull AppConfiguration appConfiguration) {
+        logger.debug("FIDO2 details to be updated - appConfiguration:{} ", appConfiguration);
+        checkResourceNotNull(appConfiguration, FIDO2_CONFIGURATION);
+        this.fido2Service.merge(appConfiguration);
+        appConfiguration = this.fido2Service.find();
+        return Response.ok(appConfiguration).build();
     }
 
 }