From f8d1ef3d83520291bcd72a3815510db4ba2fbce8 Mon Sep 17 00:00:00 2001
From: YuriyZ <yzabrovarniy@gmail.com>
Date: Wed, 26 Jan 2022 11:50:58 +0200
Subject: [PATCH] fix(jans-auth-server): don't fail registration without custom
 script

If there no any custom script for dynamic registration we should not fail entire call (avoid npe).

https://github.com/JanssenProject/jans/issues/710
---
 ...ernalDynamicClientRegistrationService.java | 44 ++++++++--
 ...lDynamicClientRegistrationServiceTest.java | 85 +++++++++++++++++++
 2 files changed, 123 insertions(+), 6 deletions(-)
 create mode 100644 jans-auth-server/server/src/test/java/io/jans/as/server/service/external/ExternalDynamicClientRegistrationServiceTest.java

diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalDynamicClientRegistrationService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalDynamicClientRegistrationService.java
index 0e4d1275e10..f01bf78e8f2 100644
--- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalDynamicClientRegistrationService.java
+++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalDynamicClientRegistrationService.java
@@ -127,8 +127,12 @@ public boolean executeExternalUpdateClientMethods(HttpServletRequest httpRequest
     }
 
     public JSONObject getSoftwareStatementJwks(HttpServletRequest httpRequest, JSONObject registerRequest, Jwt softwareStatement) {
+        if (defaultExternalCustomScript == null) {
+            return null;
+        }
+
         try {
-            log.info("Executing python 'getSoftwareStatementJwks' method, script name:" + defaultExternalCustomScript.getName());
+            log.info("Executing python 'getSoftwareStatementJwks' method, script name: {}", defaultExternalCustomScript.getName());
 
             DynamicClientRegistrationContext context = new DynamicClientRegistrationContext(httpRequest, registerRequest, defaultExternalCustomScript);
             context.setSoftwareStatement(softwareStatement);
@@ -137,7 +141,7 @@ public JSONObject getSoftwareStatementJwks(HttpServletRequest httpRequest, JSONO
             ClientRegistrationType externalType = (ClientRegistrationType) defaultExternalCustomScript.getExternalType();
             final String result = externalType.getSoftwareStatementJwks(context);
             context.throwWebApplicationExceptionIfSet();
-            log.info("Result of python 'getSoftwareStatementJwks' method: " + result);
+            log.info("Result of python 'getSoftwareStatementJwks' method: {}", result);
             return new JSONObject(result);
         } catch (WebApplicationException e) {
             throw e;
@@ -149,6 +153,10 @@ public JSONObject getSoftwareStatementJwks(HttpServletRequest httpRequest, JSONO
     }
 
     public String getSoftwareStatementHmacSecret(HttpServletRequest httpRequest, JSONObject registerRequest, Jwt softwareStatement) {
+        if (defaultExternalCustomScript == null) {
+            return "";
+        }
+
         try {
             log.trace("Executing python 'getSoftwareStatementHmacSecret' method");
 
@@ -159,7 +167,7 @@ public String getSoftwareStatementHmacSecret(HttpServletRequest httpRequest, JSO
             ClientRegistrationType externalType = (ClientRegistrationType) defaultExternalCustomScript.getExternalType();
             final String result = externalType.getSoftwareStatementHmacSecret(context);
             context.throwWebApplicationExceptionIfSet();
-            log.trace("Result of python 'getSoftwareStatementHmacSecret' method: " + result);
+            log.trace("Result of python 'getSoftwareStatementHmacSecret' method: {}", result);
             return result;
         } catch (WebApplicationException e) {
             throw e;
@@ -171,6 +179,10 @@ public String getSoftwareStatementHmacSecret(HttpServletRequest httpRequest, JSO
     }
 
     public JSONObject getDcrJwks(HttpServletRequest httpRequest, Jwt dcr) {
+        if (defaultExternalCustomScript == null) {
+            return null;
+        }
+
         try {
             log.trace("Executing python 'getDcrJwks' method");
 
@@ -181,7 +193,7 @@ public JSONObject getDcrJwks(HttpServletRequest httpRequest, Jwt dcr) {
             ClientRegistrationType externalType = (ClientRegistrationType) defaultExternalCustomScript.getExternalType();
             final String result = externalType.getDcrJwks(context);
             context.throwWebApplicationExceptionIfSet();
-            log.trace("Result of python 'getDcrJwks' method: " + result);
+            log.trace("Result of python 'getDcrJwks' method: {}", result);
             return new JSONObject(result);
         } catch (WebApplicationException e) {
             throw e;
@@ -193,6 +205,10 @@ public JSONObject getDcrJwks(HttpServletRequest httpRequest, Jwt dcr) {
     }
 
     public String getDcrHmacSecret(HttpServletRequest httpRequest, Jwt dcr) {
+        if (defaultExternalCustomScript == null) {
+            return "";
+        }
+
         try {
             log.trace("Executing python 'getDcrHmacSecret' method");
 
@@ -203,7 +219,7 @@ public String getDcrHmacSecret(HttpServletRequest httpRequest, Jwt dcr) {
             ClientRegistrationType externalType = (ClientRegistrationType) defaultExternalCustomScript.getExternalType();
             final String result = externalType.getDcrHmacSecret(context);
             context.throwWebApplicationExceptionIfSet();
-            log.trace("Result of python 'getDcrHmacSecret' method: " + result);
+            log.trace("Result of python 'getDcrHmacSecret' method: {}", result);
             return result;
         } catch (WebApplicationException e) {
             throw e;
@@ -215,6 +231,10 @@ public String getDcrHmacSecret(HttpServletRequest httpRequest, Jwt dcr) {
     }
 
     public boolean isCertValidForClient(X509Certificate cert, DynamicClientRegistrationContext context) {
+        if (defaultExternalCustomScript == null) {
+            return true;
+        }
+
         try {
             log.trace("Executing python 'isCertValidForClient' method");
             context.setScript(defaultExternalCustomScript);
@@ -222,7 +242,7 @@ public boolean isCertValidForClient(X509Certificate cert, DynamicClientRegistrat
             ClientRegistrationType externalType = (ClientRegistrationType) defaultExternalCustomScript.getExternalType();
             final boolean result = externalType.isCertValidForClient(cert, context);
             context.throwWebApplicationExceptionIfSet();
-            log.trace("Result of python 'isCertValidForClient' method: " + result);
+            log.trace("Result of python 'isCertValidForClient' method: {}", result);
             return result;
         } catch (WebApplicationException e) {
             throw e;
@@ -234,6 +254,10 @@ public boolean isCertValidForClient(X509Certificate cert, DynamicClientRegistrat
     }
 
     public boolean modifyPostResponse(JSONObject responseAsJsonObject, ExecutionContext context) {
+        if (defaultExternalCustomScript == null) {
+            return false;
+        }
+
         CustomScriptConfiguration script = defaultExternalCustomScript;
 
         try {
@@ -257,6 +281,10 @@ public boolean modifyPostResponse(JSONObject responseAsJsonObject, ExecutionCont
     }
 
     public boolean modifyPutResponse(JSONObject responseAsJsonObject, ExecutionContext context) {
+        if (defaultExternalCustomScript == null) {
+            return false;
+        }
+
         CustomScriptConfiguration script = defaultExternalCustomScript;
 
         try {
@@ -280,6 +308,10 @@ public boolean modifyPutResponse(JSONObject responseAsJsonObject, ExecutionConte
     }
 
     public boolean modifyReadResponse(JSONObject responseAsJsonObject, ExecutionContext context) {
+        if (defaultExternalCustomScript == null) {
+            return false;
+        }
+
         CustomScriptConfiguration script = defaultExternalCustomScript;
 
         try {
diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/service/external/ExternalDynamicClientRegistrationServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/service/external/ExternalDynamicClientRegistrationServiceTest.java
new file mode 100644
index 00000000000..340703041ce
--- /dev/null
+++ b/jans-auth-server/server/src/test/java/io/jans/as/server/service/external/ExternalDynamicClientRegistrationServiceTest.java
@@ -0,0 +1,85 @@
+package io.jans.as.server.service.external;
+
+import io.jans.as.model.configuration.AppConfiguration;
+import io.jans.as.model.error.ErrorResponseFactory;
+import io.jans.as.model.jwt.Jwt;
+import io.jans.as.server.model.common.ExecutionContext;
+import org.json.JSONObject;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.testng.MockitoTestNGListener;
+import org.slf4j.Logger;
+import org.testng.annotations.Listeners;
+import org.testng.annotations.Test;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertNull;
+import static org.testng.Assert.assertTrue;
+
+/**
+ * @author Yuriy Zabrovarnyy
+ */
+@Listeners(MockitoTestNGListener.class)
+public class ExternalDynamicClientRegistrationServiceTest {
+
+    @InjectMocks
+    private ExternalDynamicClientRegistrationService externalDynamicClientRegistrationService;
+
+    @Mock
+    private Logger log;
+
+    @Mock
+    private AppConfiguration appConfiguration;
+
+    @Mock
+    private ErrorResponseFactory errorResponseFactory;
+
+    @Test
+    public void modifyPostResponse_whenDefaultExternalCustomScriptIsNull_shouldReturnFalseWithoutNpe() {
+        final boolean result = externalDynamicClientRegistrationService.modifyPostResponse(new JSONObject(), new ExecutionContext());
+        assertFalse(result);
+    }
+
+    @Test
+    public void modifyPutResponse_whenDefaultExternalCustomScriptIsNull_shouldReturnFalseWithoutNpe() {
+        final boolean result = externalDynamicClientRegistrationService.modifyPutResponse(new JSONObject(), new ExecutionContext());
+        assertFalse(result);
+    }
+
+    @Test
+    public void modifyReadResponse_whenDefaultExternalCustomScriptIsNull_shouldReturnFalseWithoutNpe() {
+        final boolean result = externalDynamicClientRegistrationService.modifyReadResponse(new JSONObject(), new ExecutionContext());
+        assertFalse(result);
+    }
+
+    @Test
+    public void isCertValidForClient_whenDefaultExternalCustomScriptIsNull_shouldReturnTrueWithoutNpe() {
+        final boolean result = externalDynamicClientRegistrationService.isCertValidForClient(null, null);
+        assertTrue(result);
+    }
+
+    @Test
+    public void getDcrHmacSecret_whenDefaultExternalCustomScriptIsNull_shouldReturnEmptyStringWithoutNpe() {
+        final String result = externalDynamicClientRegistrationService.getDcrHmacSecret(null, new Jwt());
+        assertEquals(result, "");
+    }
+
+    @Test
+    public void getDcrJwks_whenDefaultExternalCustomScriptIsNull_shouldReturnNullWithoutNpe() {
+        JSONObject result = externalDynamicClientRegistrationService.getDcrJwks(null, new Jwt());
+        assertNull(result);
+    }
+
+    @Test
+    public void getSoftwareStatementHmacSecret_whenDefaultExternalCustomScriptIsNull_shouldReturnEmptyStringWithoutNpe() {
+        String result = externalDynamicClientRegistrationService.getSoftwareStatementHmacSecret(null, new JSONObject(), new Jwt());
+        assertEquals(result, "");
+    }
+
+    @Test
+    public void getSoftwareStatementJwks_whenDefaultExternalCustomScriptIsNull_shouldReturnNullWithoutNpe() {
+        JSONObject result = externalDynamicClientRegistrationService.getSoftwareStatementJwks(null, new JSONObject(), new Jwt());
+        assertNull(result);
+    }
+}