java source code of ClientService

oxAuth-master
- .github
  - ISSUE_TEMPLATE
    - issue-report.md
- RP-Demo
  - src
    - main
      - resources
        log4j2.xml
      - java
        org
        gluu
        oxauth
        rp
        demo
        LoginFilter.java
        Utils.java
        RpDemoServlet.java
      - webapp
        WEB-INF
        web.xml
        index.html
  - pom.xml
- oxAuthStatic
  - src
    - main
      - resources
        META-INF
        resources
        img
        footer_bg.jpg
        buttons_bg.jpg
        js
        Duo-Web-v1.min.js
        stylesheet
        theme.xcss
        site.css
        theme.css
  - pom.xml
  - .gitignore
- install.bat
- Server
  - src
    - main
      - webapp-tomcat
        META-INF
        context.xml
      - resources
        ehcache.xml
        validation_messages.properties
        oxauth_ru.properties
        oxauth.properties
        oxauth_fr.properties
        log4j2.xml
        META-INF
        services
        javax.faces.application.ApplicationConfigurationPopulator
        navigation
        oxpush.navigation.xml
        u2f.navigation.xml
        otp.navigation.xml
        duo.navigation.xml
        uaf.navigation.xml
        saml.navigation.xml
        super-gluu.navigation.xml
        cert.navigation.xml
        cas2.navigation.xml
        passport.navigation.xml
        gplus.navigation.xml
        uma2.sample.navigation.xml
        beans.xml
        faces-config.xml
        oxauth_it.properties
        oxauth_en.properties
        oxauth_bg.properties
        oxauth_de.properties
        quartz.properties
        oxauth_es.properties
        oxauth_tr.properties
      - webapp-jetty
        WEB-INF
        jetty-web.xml
        jetty-env.xml
        web.xml
      - java
        org
        gluu
        oxauth
        security
        Identity.java
        crypto
        cert
        CertificateParser.java
        random
        RandomChallengeGenerator.java
        ChallengeGenerator.java
        signature
        SHA256withECDSASignatureVerification.java
        SignatureVerification.java
        i18n
        LanguageBean.java
        CustomResourceBundle.java
        ApplicationFacesLocalizationConfigPopulator.java
        userinfo
        ws
        rs
        UserInfoRestWebService.java
        UserInfoRestWebServiceImpl.java
        uma
        authorization
        IPolicyExternalAuthorization.java
        PolicyExternalAuthorizationEnum.java
        UmaWebException.java
        UmaGatherContext.java
        UmaPCT.java
        UmaAuthorizationContextBuilder.java
        Claims.java
        UmaAuthorizationContext.java
        UmaScriptByScope.java
        UmaRPT.java
        service
        UmaTokenService.java
        UmaGatherer.java
        UmaResourceService.java
        UmaNeedsInfoService.java
        UmaRptService.java
        UmaSessionService.java
        UmaPermissionService.java
        UmaExpressionService.java
        UmaPctService.java
        RedirectParameters.java
        UmaScopeService.java
        UmaValidationService.java
        ws
        rs
        UmaScopeWS.java
        UmaRptIntrospectionWS.java
        UmaGatheringWS.java
        UmaResourceRegistrationWS.java
        UmaMetadataWS.java
        UmaPermissionRegistrationWS.java
        UmaScopeIconWS.java
        clientinfo
        ws
        rs
        ClientInfoRestWebService.java
        ClientInfoRestWebServiceImpl.java
        jwk
        ws
        rs
        JwkRestWebServiceImpl.java
        JwkRestWebService.java
        audit
        ApplicationAuditLogger.java
        debug
        wrapper
        ResponseWrapper.java
        RequestWrapper.java
        entity
        HttpResponse.java
        HttpRequest.java
        ServletLoggingFilter.java
        revoke
        RevokeSessionRestWebService.java
        RevokeRestWebService.java
        RevokeRestWebServiceImpl.java
        util
        CertUtil.java
        ServerUtil.java
        PasswordValidator.java
        RedirectUtil.java
        QueryStringDecoder.java
        TokenHashUtil.java
        service
        RedirectionUriService.java
        BaseAuthFilterService.java
        UserService.java
        ResteasyInitializer.java
        UserGroupService.java
        ClientAuthorizationsService.java
        OxAuthConfigurationService.java
        ClientFilterService.java
        SpontaneousScopeService.java
        cdi
        event
        ReloadAuthScript.java
        AuthConfigurationEvent.java
        ExpirationEvent.java
        KeyGenerationEvent.java
        ServerCryptoProvider.java
        ClientService.java
        net
        HttpService.java
        SectorIdentifierService.java
        AuthenticationFilterService.java
        RequestParameterService.java
        CleanerTimer.java
        expiration
        ExpType.java
        ExpirationNotificatorTimer.java
        ExpId.java
        KeyGeneratorTimer.java
        external
        ExternalAuthenticationService.java
        ExternalIntrospectionService.java
        ExternalUmaClaimsGatheringService.java
        ExternalUmaRptPolicyService.java
        ExternalDynamicScopeService.java
        context
        ExternalCibaEndUserNotificationContext.java
        ConsentGatheringContext.java
        SpontaneousScopeExternalContext.java
        ExternalUmaRptClaimsContext.java
        ExternalPostAuthnContext.java
        ExternalIntrospectionContext.java
        ExternalResourceOwnerPasswordCredentialsContext.java
        ExternalScriptContext.java
        DynamicScopeExternalContext.java
        EndSessionContext.java
        ExternalSpontaneousScopeService.java
        ExternalApplicationSessionService.java
        ExternalPostAuthnService.java
        internal
        InternalDefaultPersonAuthenticationType.java
        ExternalUmaRptClaimsService.java
        ExternalCibaEndUserNotificationService.java
        ExternalResourceOwnerPasswordCredentialsService.java
        ExternalEndSessionService.java
        ExternalDynamicClientRegistrationService.java
        ExternalIdGeneratorService.java
        session
        SessionEvent.java
        SessionEventType.java
        ExternalConsentGatheringService.java
        MetricService.java
        ScopeService.java
        AppInitializer.java
        AuthenticationProtectionService.java
        RedirectUriResponse.java
        PairwiseIdentifierService.java
        OrganizationService.java
        CookieService.java
        token
        TokenService.java
        ciba
        CibaRequestService.java
        CibaRequestsProcessorJob.java
        CibaEncryptionService.java
        CryptoProviderProviderFactory.java
        AuthenticationService.java
        logger
        LoggerService.java
        ErrorHandlerService.java
        fido
        u2f
        RequestService.java
        ClientDataValidationService.java
        UserSessionIdService.java
        util
        KeyGenerator.java
        ValidationService.java
        ApplicationService.java
        AuthenticationService.java
        RawRegistrationService.java
        RegistrationService.java
        RawAuthenticationService.java
        DeviceRegistrationService.java
        GrantService.java
        AuthorizeService.java
        LdapCustomAuthenticationConfigurationService.java
        AttributeService.java
        push
        sns
        PushPlatform.java
        PushSnsService.java
        SessionIdService.java
        custom
        CustomScriptService.java
        status
        ldap
        LdapStatusTimer.java
        exception
        GlobalExceptionHandlerFactory.java
        GlobalExceptionHandler.java
        UncaughtException.java
        InvalidSchemaUpdateException.java
        fido
        u2f
        NoEligableDevicesException.java
        BadConfigurationException.java
        InvalidDeviceCounterException.java
        DeviceCompromisedException.java
        InvalidKeyHandleDeviceException.java
        gluu
        ws
        rs
        GluuConfigurationWS.java
        introspection
        ws
        rs
        IntrospectionWebService.java
        token
        ws
        rs
        TokenRestWebServiceImpl.java
        TokenRestWebService.java
        ciba
        CIBAPushErrorService.java
        CIBAConfigurationService.java
        CIBAAuthorizeParamsValidatorService.java
        CIBAPingCallbackService.java
        CIBAEndUserNotificationService.java
        CIBARegisterParamsValidatorService.java
        CIBADeviceRegistrationValidatorService.java
        CIBARegisterClientResponseService.java
        CIBAPushTokenDeliveryService.java
        CIBARegisterClientMetadataService.java
        register
        ws
        rs
        RegisterRestWebServiceImpl.java
        RegisterRestWebService.java
        auth
        MTLSService.java
        Authenticator.java
        SelectAccountAction.java
        AuthenticationFilter.java
        model
        GluuOrganization.java
        ldap
        TokenType.java
        TokenLdap.java
        CIBARequest.java
        SchemaEntry.java
        ClientAuthorization.java
        TokenAttributes.java
        UserGroup.java
        userinfo
        UserInfoParamsValidator.java
        clientinfo
        ClientInfoErrorResponseType.java
        ClientInfoParamsValidator.java
        error
        ErrorMessageList.java
        ErrorMessages.java
        ErrorResponseFactory.java
        JsonErrorResponse.java
        ErrorMessage.java
        net
        HttpServiceResponse.java
        audit
        OAuth2AuditLog.java
        Action.java
        discovery
        OpenIdConnectDiscoveryParamsValidator.java
        common
        SimpleAuthorizationGrant.java
        ResourceOwnerPasswordCredentialsGrant.java
        AuthorizationCode.java
        IAuthorizationGrantList.java
        AccessToken.java
        AbstractAuthorizationGrant.java
        SessionTokens.java
        CacheGrant.java
        AuthorizationGrant.java
        CibaRequestStatus.java
        AuthorizationCodeGrant.java
        AuthorizationGrantType.java
        AbstractToken.java
        IdToken.java
        CIBAGrant.java
        AuthorizationGrantList.java
        IAuthorizationGrant.java
        SessionIdState.java
        CibaRequestCacheControl.java
        UnmodifiableAuthorizationGrant.java
        ImplicitGrant.java
        ExecutionContext.java
        SessionIdAccessMap.java
        SessionId.java
        ClientTokens.java
        DefaultScope.java
        RefreshToken.java
        ClientCredentialsGrant.java
        registration
        RegisterParamsValidator.java
        config
        ConfigurationFactory.java
        Conf.java
        Constants.java
        WebKeysConfiguration.java
        exception
        InvalidStateException.java
        InvalidSessionStateException.java
        AcrChangedException.java
        token
        ValidateTokenParamsValidator.java
        HandleTokenFactory.java
        ClientAssertion.java
        TokenParamsValidator.java
        PersistentJwt.java
        HttpAuthTokenType.java
        JwtSigner.java
        IdTokenFactory.java
        JwrService.java
        auth
        AuthenticationMode.java
        authorize
        UserInfoMember.java
        JwtAuthorizationRequest.java
        IdTokenMember.java
        ClaimValueType.java
        Claim.java
        ClaimValue.java
        ScopeChecker.java
        AuthorizeParamsValidator.java
        fido
        u2f
        DeviceRegistrationConfiguration.java
        RequestMessageLdap.java
        AuthenticateRequestMessageLdap.java
        RegisterRequestMessageLdap.java
        DeviceRegistration.java
        DeviceRegistrationResult.java
        session
        SessionClient.java
        authorize
        ws
        rs
        ConsentGatheringSessionService.java
        ConsentGathererService.java
        AuthorizeAction.java
        LogoutAction.java
        LoginAction.java
        AuthorizeRestWebService.java
        AuthorizeRestWebServiceValidator.java
        AuthorizeRestWebServiceImpl.java
        servlet
        SectorIdentifier.java
        BcFirebaseMessagingSwServlet.java
        OxAuthLogoServlet.java
        OpenIdConfiguration.java
        WebFinger.java
        OxAuthFaviconServlet.java
        idgen
        ws
        rs
        IdGenService.java
        InumGenerator.java
        bcauthorize
        ws
        rs
        BackchannelAuthorizeRestWebService.java
        BackchannelDeviceRegistrationRestWebService.java
        BackchannelAuthorizeRestWebServiceImpl.java
        CIBAAuthorizeAction.java
        BackchannelDeviceRegistrationRestWebServiceImpl.java
        filter
        CorsFilter.java
        CorsFilterConfig.java
        session
        ws
        rs
        LogoutTokenFactory.java
        EndSessionRestWebServiceImpl.java
        EndSessionUtils.java
        EndSessionRestWebService.java
        CheckSessionStatusRestWebServiceImpl.java
        ws
        rs
        fido
        u2f
        U2fAuthenticationWS.java
        U2fConfigurationWS.java
        U2fRegistrationWS.java
      - webapp
        selectAccount.xhtml
        img
        tube_1.jpg
        securitykey.jpg
        footer_bg.jpg
        buttons_bg.jpg
        favicon_icosahedron.ico
        casa
        otp_sms.xhtml
        u2f.xhtml
        otp_sms_prompt.xhtml
        cert.xhtml
        sg.xhtml
        login.xhtml
        otp.xhtml
        login-template.xhtml
        fido2.xhtml
        casa.xhtml
        uma2
        sample
        country.xhtml
        city.xhtml
        authz
        authorize.xhtml
        transaction.xhtml
        error.xhtml
        error_session.xhtml
        postlogin.xhtml
        login.xhtml
        index.jsp
        authorize.xhtml
        fonts
        fontawesome-webfont.woff2
        fontawesome-webfont.woff
        fontawesome-webfont.eot
        FontAwesome.otf
        fontawesome-webfont.ttf
        error_service.xhtml
        WEB-INF
        incl
        layout
        login-extended-template.xhtml
        authorize-extended-template.xhtml
        authorize-template.xhtml
        template.xhtml
        login-template.xhtml
        ciba-authorize-extended-template.xhtml
        ciba-authorize-template.xhtml
        firebase-messaging-sw.js
        faces-config.xml
        static
        favicon.ico
        ciba
        manifest.json
        home.xhtml
        index.jsp
        authorizeResponse.xhtml
        opiframe.xhtml
        js
        bootstrap.min.js
        bootstrap.bundle.min.js
        jquery-3.4.1.min.js
        fontawesome.min.js
        popper.min.js
        crypto-js-3.1.9-1
        mode-ecb.js
        pad-zeropadding.js
        hmac-sha256.js
        sha384.js
        hmac-sha512.js
        mode-cfb.js
        hmac-sha224.js
        enc-latin1.js
        hmac-sha1.js
        hmac-sha3.js
        sha3.js
        bower.json
        sha224.js
        enc-base64.js
        evpkdf.js
        pad-iso97971.js
        x64-core.js
        pbkdf2.js
        LICENSE
        enc-hex.js
        hmac-md5.js
        core.js
        mode-ofb.js
        format-hex.js
        cipher-core.js
        format-openssl.js
        ripemd160.js
        CONTRIBUTING.md
        aes.js
        pad-pkcs7.js
        sha256.js
        tripledes.js
        crypto-js.js
        rabbit-legacy.js
        hmac-sha384.js
        lib-typedarrays.js
        sha1.js
        pad-nopadding.js
        rc4.js
        enc-utf8.js
        mode-ctr-gladman.js
        README.md
        package.json
        hmac.js
        mode-ctr.js
        enc-utf16.js
        rabbit.js
        hmac-ripemd160.js
        pad-ansix923.js
        docs
        QuickStartGuide.wiki
        index.js
        sha512.js
        pad-iso10126.js
        md5.js
        jquery-qrcode-0.17.0.min.js
        respond.min.js
        gluu-auth.js
        platform.js
        auth
        duo
        duologin.xhtml
        js
        Duo-Web-v2.min.js
        wikid
        wikidregister.xhtml
        wikidlogin.xhtml
        pwd
        newpassword.xhtml
        uaf
        login.xhtml
        js
        uaf-api.js
        u2f
        login.xhtml
        scripts
        u2f-api.js
        forgot_password
        forgot.xhtml
        newpassword.xhtml
        entertoken.xhtml
        super-gluu
        login.xhtml
        inwebo
        iwlogin.xhtml
        iwauthenticate.xhtml
        idfirst
        alter_login.xhtml
        idfirst_login.xhtml
        phonefactor
        pflogin.xhtml
        compromised
        newpassword.xhtml
        complogin.xhtml
        cert
        cert-login.xhtml
        cert-invalid.xhtml
        login.xhtml
        cert-not-selected.xhtml
        thumbsignin
        expired.xhtml
        tsRegistrationSuccess.xhtml
        tsLogin.xhtml
        README.md
        js
        thumbsign_widget.js
        thumbsignin_widget.css
        tsRegister.xhtml
        passport
        img
        passportlogin.xhtml
        sample-redirector.xhtml
        passportpostlogin.xhtml
        toopher
        tpauthenticate.xhtml
        tppair.xhtml
        cas2
        cas2login.xhtml
        cas2postlogin.xhtml
        oneid
        oneidlogin.xhtml
        oneidpostlogin.xhtml
        register
        register.xhtml
        saml
        samllogin.xhtml
        samlpostlogin.xhtml
        oxpush
        oxlogin.xhtml
        oxpair.xhtml
        oxauthenticate.xhtml
        otp
        enroll.xhtml
        otplogin.xhtml
        fido2
        login.xhtml
        js
        base64url.js
        webauthn.js
        base64js.js
        otp_sms
        otp_sms.xhtml
        gplus
        gpluslogin.xhtml
        gpluspostlogin.xhtml
        logout.xhtml
        stylesheet
        jquery-ui.min.css
        theme.xcss
        jquery-ui.structure.min.css
        style.css
        fontawesome.min.css
        bootstrap.min.css
        bootstrap.css
        font-awesome.css
        bootstrap-reboot.min.css
        jquery-ui.theme.min.css
        ciba.css
        site.css
        bootstrap-grid.min.css
        responsive-media.css
        authorize.css
        bootstrap-responsive.css
        theme.css
      - docs
        mustache
        markdown.mustache
    - test
      - resources
        testng-multi-authz.xml
        client
        sector_identifier.js
        jwks.json
        arquillian.xml
        testng.xml
        testng-benchmark.xml
        id
        gen
        SampleIdGenerator.py
        jetty-env.xml
        77-customAttributes.ldif
        testng.properties
        web.xml
      - java
        org
        gluu
        oxauth
        comp
        LocaleTest.java
        UmaResourceServiceTest.java
        JwtCrossCheckTest.java
        CrossEncryptionTest.java
        ConfigurationTest.java
        KeyGenerationTest.java
        EncryptionTest.java
        IdGenServiceTest.java
        GrantServiceTest.java
        CleanUpClientTest.java
        UtilityMethodsTest.java
        InumGeneratorTest.java
        SignatureTest.java
        CleanerTimerTest.java
        CryptoProviderTest.java
        SessionIdServiceTest.java
        uma
        ws
        rs
        ObtainPatWSTest.java
        UmaConfigurationWSTest.java
        ObtainRptWSTest.java
        UmaRegisterResourceWSTest.java
        AccessProtectedResourceFlowWSTest.java
        RegisterPermissionWSTest.java
        UmaScopeWSTest.java
        BaseComponentTest.java
        util
        Deployments.java
        ConfigurableTest.java
        service
        TestResteasyInitializer.java
        fido
        u2f
        RawRegistrationServiceTest.java
        RawAuthenticationServiceTest.java
        dev
        duo
        PythonToLdapString.java
        TestUUID.java
        ConfSerialization.java
        CacheGrantManual.java
        Manual.java
        gluu
        ws
        rs
        GluuConfigurationWSTest.java
        BaseTest.java
        json
        JsonApplierServerTest.java
        model
        uma
        TRegisterResource.java
        TTokenRequest.java
        TRegisterPermission.java
        TConfiguration.java
        TUma.java
        TClientService.java
        WebServiceFactory.java
        ws
        rs
        OpenIDRequestObjectWithESAlgEmbeddedTest.java
        ResponseTypesRestrictionEmbeddedTest.java
        AuthorizeWithResponseModeEmbeddedTest.java
        EndSessionBackchannelRestServerTest.java
        TokenRestWebServiceEmbeddedTest.java
        ClientAuthenticationFilterEmbeddedTest.java
        TokenRestWebServiceWithRSAlgEmbeddedTest.java
        IntrospectionWebServiceEmbeddedTest.java
        SectorIdentifierUrlVerificationEmbeddedTest.java
        UserInfoRestWebServiceEmbeddedTest.java
        UserAuthenticationFilterEmbeddedTest.java
        OpenIDRequestObjectWithHSAlgEmbeddedTest.java
        TokenRestWebServiceWithESAlgEmbeddedTest.java
        RegistrationRestWebServiceEmbeddedTest.java
        TokenRestWebServiceWithHSAlgEmbeddedTest.java
        EndSessionRestWebServiceEmbeddedTest.java
        AuthorizationCodeFlowEmbeddedTest.java
        OpenIDRequestObjectWithRSAlgEmbeddedTest.java
        ApplicationTypeRestrictionEmbeddedTest.java
        RequestObjectSigningAlgRestrictionEmbeddedTest.java
        AuthorizeRestWebServiceEmbeddedTest.java
        ClientInfoRestWebServiceEmbeddedTest.java
        TokenEndpointAuthMethodRestrictionEmbeddedTest.java
        JwkRestWebServiceEmbeddedTest.java
        OpenIDRequestObjectEmbeddedTest.java
  - integrations
    - basic.reset_to_step
      - README.txt
      - BasicResetToStepExternalAuthenticator.py
    - duo
      - INSTALLATION.txt
      - lib
        duo_web.py
      - README.txt
      - DuoExternalAuthenticator.py
    - bcrypt_ssha_migration
      - pwd_migration.py
    - yubicloud
      - README.txt
      - YubicloudExternalAuthenticator.py
    - casa
      - Casa.py
    - Migration_stepts_to_3.1.x.txt
    - uaf
      - Properties description.md
      - img
      - Readme.md
      - Installation.md
      - sequence_diagram.txt
      - UafExternalAuthenticator.py
    - basic.lock.account
      - BasicLockAccountExternalAuthenticator.py
      - README.txt
    - authz
      - ConsentGatheringSample.py
      - docs
        Authz design.dia
    - basic.change_password
      - auth
        pwd
        new-password.xhtml
      - BasicPassowrdUpdateExternalAuthenticator.py
    - u2f
      - U2fExternalAuthenticator.py
    - basic.external_logout
      - BasicExternalAuthenticatorWithExternalLogout.py
      - README.txt
    - forgot_password
      - forgot_password.py
      - README.md
    - inwebo
      - iwlogin.xhtml
      - oxauth.properties
      - iw_creds.json
      - iwlogin_without_password.xhtml
      - iw_va.xhtml
      - iwauthenticate.xhtml
      - iwpushnotification.xhtml
      - inwebo.py
    - idfirst
      - README_idfirst.md
      - idfirst.py
    - cert
      - Quick certs guide for testing.md
      - sample
        cert_creds.json
      - UserCertExternalAuthenticator.py
      - Generate certs without configs.md
      - Generate certs guide.md
      - README.txt
      - docs
        Cert design.dia
        Cert design.jpg
    - basic.one_session
      - README.txt
      - BasicOneSessionExternalAuthenticator.py
    - basic.password_expiration
      - PasswordExpiration.py
      - README.md
    - basic.client_group
      - BasicClientGroupExternalAuthenticator.py
      - README.txt
      - client_group.json
    - passport
      - sample
        passport_script_entry.ldif
      - PassportExternalAuthenticator.py
      - README.md
    - allowed_countries
      - allowed_countries.py
      - readme.txt
    - cas2_duo
      - Readme.md
      - Cas2DuoExternalAuthenticator.py
      - docs
        joinded_flows.dia
        joinded_flows.jpg
    - registration
      - read.txt
      - register.py
    - compromised_password
      - compromised_password.py
      - readme.txt
    - saml-passport
      - SamlPassportAuthenticator.py
    - super_gluu
      - sample
        super_gluu_creds.json
      - SuperGluuExternalAuthenticator.py
      - repository
        com
        google
        gcm
        gcm-server
        1.0.1.gluu
        gcm-server-1.0.1.gluu.jar.md5
        gcm-server-1.0.1.gluu.pom.md5
        gcm-server-1.0.1.gluu.pom
        gcm-server-1.0.1.gluu.jar.sha1
        gcm-server-1.0.1.gluu.jar
        gcm-server-1.0.1.gluu.pom.sha1
        maven-metadata.xml
        maven-metadata.xml.md5
        maven-metadata.xml.sha1
    - azuread
      - AzureADAuthenticationForGluu.py
      - README.md
    - postauthn
      - postauthn.py
    - ThumbSignIn
      - ThumbSignInExternalAuthenticator.py
      - README.md
    - cas2
      - Cas2ExternalAuthenticator.py
    - acr_router
      - acr_routerauthenticator.py
      - Readme.txt
    - basic
      - INSTALLATION.txt
      - README.txt
      - BasicExternalAuthenticator.py
    - basic.multiple_test_email_addresses
      - BasicMultipleTestEmailAddressesExternalAuthenticator.py
      - README.txt
    - ciba
      - FirebaseEndUserNotification.py
    - basic.multi_login
      - INSTALLATION.txt
      - README.txt
      - BasicMultiLoginExternalAuthenticator.py
    - basic.multi_auth_conf
      - BasicMultiAuthConfExternalAuthenticator.py
      - INSTALLATION.txt
      - README.txt
    - saml
      - INSTALLATION.txt
      - SamlExternalAuthenticator.py
      - README.txt
    - custom_registration
      - register.py
      - README.md
      - Attributes.json
      - reg.xhtml
    - twilio_sms
      - twilio2FA.py
      - README.txt
    - otp
      - Properties description.md
      - sample
        otp_configuration.json
      - img
      - Readme.md
      - Installation.md
      - sequence_diagram.txt
      - OtpExternalAuthenticator.py
      - repository
        com
        lochbridge
        oath
        oath-otp-keyprovisioning
        0.0.1-SNAPSHOT
        oath-otp-keyprovisioning-0.0.1-SNAPSHOT.pom
        _remote.repositories
        oath-otp-keyprovisioning-0.0.1-SNAPSHOT-sources.jar
        oath-otp-keyprovisioning-0.0.1-SNAPSHOT-javadoc.jar
        maven-metadata-local.xml
        oath-otp-keyprovisioning-0.0.1-SNAPSHOT.jar
        maven-metadata-local.xml
        oath-parent
        0.0.1-SNAPSHOT
        _remote.repositories
        oath-parent-0.0.1-SNAPSHOT.pom
        maven-metadata-local.xml
        maven-metadata-local.xml
        oath-otp
        0.0.1-SNAPSHOT
        oath-otp-0.0.1-SNAPSHOT.pom
        oath-otp-0.0.1-SNAPSHOT.jar
        _remote.repositories
        oath-otp-0.0.1-SNAPSHOT-javadoc.jar
        maven-metadata-local.xml
        oath-otp-0.0.1-SNAPSHOT-sources.jar
        maven-metadata-local.xml
    - smpp
      - smpp2FA.py
    - fido2
      - Fido2ExternalAuthenticator.py
    - gplus
      - workflow.txt
      - sample
        custom_script_entry.ldif
        gplus_client_secrets.json
      - GooglePlusExternalAuthenticator.py
      - README.txt
    - Migration_stepts_to_4.0.txt
  - .tern-project
  - profiles
    - default
      - config-oxauth-test-data.properties
      - config-build.properties
      - config-oxauth-test.properties
      - client_keystore.jks
      - config-oxauth.properties
    - .gitignore
  - src-remove
    - pages.xml
  - uma
    - sample
      - UmaClaimsGathering.py
      - UmaRptPolicy.py
    - UmaClientAuthzRptPolicy.py
  - pom.xml
  - integrations.deprecatred
    - wikid
      - README.txt
      - WikidExternalAuthenticator.py
    - inwebo
      - InWeboExternalAuthenticator.py
    - phonefactor
      - PhoneFactorExternalAuthenticator.py
      - repository
        com
        phonefactor
        PhoneFactorSDK
        2.13
        PhoneFactorSDK-2.13.pom
        PhoneFactorSDK-2.13.jar
        maven-metadata-local.xml
    - toopher
      - sdk
        src
        main
        java
        com
        toopher
        ToopherAPI.java
        PairingStatus.java
        RequestError.java
        AuthenticationStatus.java
        pom.xml
      - ToopherExternalAuthenticator.py
      - repository
        com
        toopher
        ToopherSDK
        1.0.0
        ToopherSDK-1.0.0.pom
        ToopherSDK-1.0.0.jar
        maven-metadata-local.xml
    - oneid
      - OneIdExternalAuthenticator.py
      - lib
        stringprep.py
        oneid.py
      - docs
        workflow.txt
    - oxpush
      - oxPushExternalAuthenticator.py
  - .gitignore
  - conf
    - oxauth-web-keys.json
    - gluu.properties
    - salt
    - oxauth-errors.json
    - oxauth-config.json
    - oxauth-static-conf.json
    - keystore.jks
    - gluu-ldap.properties
    - gluu-couchbase.properties
- pom.xml
- jmeter
  - test
    - Authorization Code Flow_amazon_client_credentials.jmx
    - Authorization Code Flow_xeon_client_credentials.jmx
    - Authorization Code Flow.jmx
    - authorization
      - oxServer - Test user authorization - testing data.csv
      - oxServer - Test user authorization.jmx
    - Implicit_Flow_benchmark_gluu_org.jmx
    - Authorization Code Flow_ce-dev5.jmx
    - Authorization Code Flow_xeon.jmx
    - Implicit_Flow_c7_horizontal_scale.jmx
    - Authorization Code Flow_amazon.jmx
- RP
  - src
    - main
      - resources
        components.properties
        log4j2.xml
        messages_tr.properties
        messages_it.properties
        messages_en.properties
        META-INF
        beans.xml
        messages_de.properties
        messages_bg.properties
        messages_fr.properties
      - webapp-jetty
        WEB-INF
        jetty-web.xml
        jetty-env.xml
        web.xml
      - java
        org
        gluu
        oxauth
        validator
        JSonValidator.java
        util
        Resources.java
        EnumValuesFactory.java
        service
        CibaService.java
        CibaSessions.java
        action
        EndSessionAction.java
        TokenAction.java
        BackchannelAuthenticationAction.java
        RegistrationAction.java
        UserInfoAction.java
        AuthorizationAction.java
        OpenIdConnectDiscoveryAction.java
        CheckSessionAction.java
        model
        ciba
        CibaFlowState.java
        CibaRequestSession.java
        CibaCallback.java
        ws
        ResteasyInitializer.java
        TestResteasyInitializer.java
        CibaClientNotificationEndpointImpl.java
        CibaClientNotificationEndpoint.java
      - webapp
        img
        footer_bg.jpg
        buttons_bg.jpg
        error.xhtml
        javascript
        ciba.js
        login.xhtml
        home.xhtml
        index.jsp
        META-INF
        context.xml
        WEB-INF
        incl
        layout
        template.xhtml
        pages.xml
        components.xml
        faces-config.xml
        js
        crypto-js-3.1.9-1
        mode-ecb.js
        pad-zeropadding.js
        hmac-sha256.js
        sha384.js
        hmac-sha512.js
        mode-cfb.js
        hmac-sha224.js
        enc-latin1.js
        hmac-sha1.js
        hmac-sha3.js
        sha3.js
        bower.json
        sha224.js
        enc-base64.js
        evpkdf.js
        pad-iso97971.js
        x64-core.js
        pbkdf2.js
        LICENSE
        enc-hex.js
        hmac-md5.js
        core.js
        mode-ofb.js
        format-hex.js
        cipher-core.js
        format-openssl.js
        ripemd160.js
        CONTRIBUTING.md
        aes.js
        pad-pkcs7.js
        sha256.js
        tripledes.js
        crypto-js.js
        rabbit-legacy.js
        hmac-sha384.js
        lib-typedarrays.js
        sha1.js
        pad-nopadding.js
        rc4.js
        enc-utf8.js
        mode-ctr-gladman.js
        README.md
        package.json
        hmac.js
        mode-ctr.js
        enc-utf16.js
        rabbit.js
        hmac-ripemd160.js
        pad-ansix923.js
        docs
        QuickStartGuide.wiki
        index.js
        sha512.js
        pad-iso10126.js
        md5.js
        rpiframe.xhtml
        stylesheet
        theme.xcss
        site.css
        theme.css
    - test
      - resources
        testng-multi-authz.xml
        testng.xml
        testng-benchmark.xml
  - pom.xml
  - .gitignore
- LICENSE
- README
- common
  - src
    - main
      - resources
        META-INF
        beans.xml
      - java
        org
        gluu
        oxauth
        cert
        fingerprint
        FingerprintHelper.java
        validation
        CRLCertificateVerifier.java
        GenericCertificateVerifier.java
        CertificateVerifier.java
        OCSPCertificateVerifier.java
        model
        ValidationStatus.java
        PathCertificateVerifier.java
        util
        RedirectUri.java
        service
        common
        UserService.java
        InumService.java
        api
        IdGenerator.java
        ConfigurationService.java
        EncryptionService.java
        ApplicationFactory.java
        claims
        Audience.java
        model
        common
        SimpleUser.java
        User.java
        registration
        Client.java
        config
        StaticConfiguration.java
        BaseDnConfiguration.java
        event
        CryptoProviderEvent.java
    - test
      - resources
        testng.xml
      - java
        org
        gluu
        oxauth
        claims
        AudienceTest.java
  - pom.xml
- Model
  - src
    - main
      - resources
        json_logic.js
      - java
        org
        gluu
        oxauth
        model
        configuration
        AuthenticationProtectionConfiguration.java
        AppConfiguration.java
        Configuration.java
        CorsConfigurationFilter.java
        CIBAEndUserNotificationConfig.java
        ClientAuthenticationFilter.java
        BaseFilter.java
        AuthenticationFilter.java
        ConfigurationResponseClaim.java
        crypto
        OxElevenCryptoProvider.java
        OxAuthCryptoProvider.java
        PrivateKey.java
        AbstractCryptoProvider.java
        CryptoProviderFactory.java
        Certificate.java
        binding
        TokenBindingMessageParser.java
        TokenBinding.java
        TokenBindingKeyParameters.java
        TokenBindingMessage.java
        TokenBindingStream.java
        TokenBindingType.java
        TokenBindingExtension.java
        TokenBindingExtensionType.java
        TokenBindingID.java
        TokenBindingParseException.java
        KeyFactory.java
        signature
        RSAPublicKey.java
        AlgorithmFamily.java
        AsymmetricSignatureAlgorithm.java
        ECEllipticCurve.java
        RSAKeyFactory.java
        ECDSAPublicKey.java
        AbstractSigner.java
        ECDSAKeyFactory.java
        Signer.java
        SignatureAlgorithm.java
        ECDSAPrivateKey.java
        RSAPrivateKey.java
        Key.java
        PublicKey.java
        encryption
        KeyEncryptionAlgorithm.java
        BlockEncryptionAlgorithm.java
        jwt
        Jwt.java
        JwtHeader.java
        JwtHeaderName.java
        JwtClaims.java
        JwtStateClaimName.java
        JwtClaimSet.java
        PureJwt.java
        JwtClaimName.java
        JwtSubClaimObject.java
        JwtType.java
        userinfo
        Schema.java
        UserInfoErrorResponseType.java
        jws
        PlainTextSignature.java
        AbstractJwsSigner.java
        JwsSigner.java
        ECDSASigner.java
        HMACSigner.java
        RSASigner.java
        uma
        UmaResourceResponse.java
        RptProfiles.java
        RptIntrospectionResponse.java
        wrapper
        Token.java
        RPTResponse.java
        UmaPermission.java
        UmaResourceWithId.java
        UmaTokenResponse.java
        JsonLogicNodeParser.java
        UmaNeedInfoResponse.java
        UmaErrorResponseType.java
        UmaMetadata.java
        JsonLogic.java
        UmaResource.java
        UmaScopeDescription.java
        ClaimTokenFormatType.java
        UmaConstants.java
        PermissionTicket.java
        UmaPermissionList.java
        JsonLogicNode.java
        UmaScopeType.java
        persistence
        UmaPermission.java
        UmaResource.java
        error
        IErrorType.java
        ErrorHandlingMethod.java
        ErrorResponse.java
        DefaultErrorResponse.java
        jwk
        JSONWebKeySet.java
        Algorithm.java
        KeyType.java
        JSONWebKey.java
        Use.java
        JWKParameter.java
        discovery
        WebFingerLink.java
        WebFingerParam.java
        OAuth2Discovery.java
        common
        AuthorizationMethod.java
        WebKeyStorage.java
        GrantType.java
        ScopeType.java
        Prompt.java
        TokenType.java
        ScopeConstants.java
        ResponseMode.java
        ResponseType.java
        ProgrammingLanguage.java
        Display.java
        SubjectType.java
        IdType.java
        JSONable.java
        BackchannelTokenDeliveryMode.java
        TokenTypeHint.java
        PairwiseIdType.java
        Holder.java
        HasParamName.java
        AuthenticationMethod.java
        Id.java
        IntrospectionResponse.java
        util
        ByteUtils.java
        JwtUtil.java
        URLPatternList.java
        QueryBuilder.java
        Base64Util.java
        Util.java
        HashUtil.java
        SubjectIdentifierGenerator.java
        SecurityProviderUtility.java
        CertUtils.java
        Pair.java
        StringUtils.java
        exception
        InvalidClaimException.java
        InvalidJwtException.java
        InvalidJweException.java
        SignatureException.java
        InvalidParameterException.java
        gluu
        GluuConfiguration.java
        GluuErrorResponseType.java
        token
        TokenRevocationErrorResponseType.java
        JsonWebResponse.java
        TokenErrorResponseType.java
        ClientAssertionType.java
        TokenRevocationRequestParam.java
        ciba
        BackchannelAuthenticationResponseParam.java
        BackchannelAuthenticationErrorResponseType.java
        BackchannelDeviceRegistrationErrorResponseType.java
        FirebaseCloudMessagingRequestParam.java
        BackchannelAuthenticationRequestParam.java
        PushErrorResponseType.java
        FirebaseCloudMessagingResponseParam.java
        PushErrorRequestParam.java
        PushTokenDeliveryRequestParam.java
        register
        ApplicationType.java
        RegisterRequestParam.java
        RegisterErrorResponseType.java
        RegisterResponseParam.java
        json
        JsonApplier.java
        PropertyDefinition.java
        authorize
        CodeVerifier.java
        AuthorizeErrorResponseType.java
        AuthorizeRequestParam.java
        AuthorizeResponseParam.java
        fido
        u2f
        U2fConfiguration.java
        DeviceRegistrationStatus.java
        message
        RawRegisterResponse.java
        RawAuthenticateResponse.java
        U2fConstants.java
        exception
        BadInputException.java
        RegistrationNotAllowed.java
        protocol
        RegisterResponse.java
        RegisterRequest.java
        AuthenticateResponse.java
        AuthenticateStatus.java
        RegisterRequestMessage.java
        ClientData.java
        DeviceData.java
        AuthenticateRequest.java
        AuthenticateRequestMessage.java
        RegisterStatus.java
        U2fErrorResponseType.java
        session
        EndSessionResponseParam.java
        EndSessionRequestParam.java
        EndSessionErrorResponseType.java
        jwe
        JweEncrypterImpl.java
        KeyDerivationFunction.java
        AbstractJweDecrypter.java
        Jwe.java
        JweDecrypter.java
        JweDecrypterImpl.java
        AbstractJweEncrypter.java
        JweEncrypter.java
    - test
      - resources
        testng-multi-authz.xml
        json-logic-node.json
        testng.xml
        testng-benchmark.xml
      - java
        org
        gluu
        oxauth
        model
        crypto
        binding
        TokenBindingParserTest.java
        uma
        JsonLogicTest.java
        TestUtil.java
        JsonLogicNodeParserTest.java
        UmaTestUtil.java
        util
        JwtUtilTest.java
        CertUtilsTest.java
        HashUtilTest.java
        authorize
        CodeVerifierTest.java
  - pom.xml
  - .gitignore
- Tests
  - selenium
    - selenium_login. t3_user.html
    - selenium_login. t2_user.html
    - selenium_login. t1_user.html
    - ReadMe.txt
    - while.js
- release.properties
- Client
  - src
    - main
      - java
        org
        gluu
        oxauth
        client
        RegisterResponse.java
        GluuConfigurationClient.java
        BackchannelAuthenticationClient.java
        BaseRequest.java
        ClientAuthnRequest.java
        RegisterRequest.java
        ClientInfoClient.java
        OpenIdConnectDiscoveryRequest.java
        RevokeSessionResponse.java
        BaseClient.java
        TokenRequest.java
        UserInfoResponse.java
        GluuConfigurationResponse.java
        TokenRevocationRequest.java
        BackchannelAuthenticationRequest.java
        BaseResponse.java
        TokenRevocationClient.java
        uma
        wrapper
        UmaClient.java
        UmaTokenService.java
        UmaResourceService.java
        exception
        UmaException.java
        UmaPermissionService.java
        UmaRptIntrospectionService.java
        UmaScopeService.java
        UmaMetadataService.java
        UmaClientFactory.java
        ClientInfoResponse.java
        AuthorizationResponse.java
        JwkRequest.java
        JwkResponse.java
        JwkClient.java
        UserInfoClient.java
        OpenIdConfigurationResponse.java
        EndSessionClient.java
        GluuConfigurationRequest.java
        ClientAuthnEnabler.java
        EndSessionRequest.java
        BaseResponseWithErrors.java
        RegisterClient.java
        service
        ClientFactory.java
        IntrospectionService.java
        BackchannelAuthenticationResponse.java
        ClientUtils.java
        TokenRevocationResponse.java
        OpenIdConnectDiscoveryResponse.java
        OpenIdConfigurationRequest.java
        ClientInfoRequest.java
        ciba
        ping
        PingCallbackRequest.java
        PingCallbackClient.java
        PingCallbackResponse.java
        fcm
        FirebaseCloudMessagingClient.java
        FirebaseCloudMessagingRequest.java
        FirebaseCloudMessagingResponse.java
        push
        PushErrorClient.java
        PushTokenDeliveryRequest.java
        PushTokenDeliveryResponse.java
        PushTokenDeliveryClient.java
        PushErrorRequest.java
        PushErrorResponse.java
        AuthorizationRequest.java
        EndSessionResponse.java
        TokenResponse.java
        QueryStringDecoder.java
        model
        SoftwareStatement.java
        JwtState.java
        authorize
        UserInfoMember.java
        JwtAuthorizationRequest.java
        IdTokenMember.java
        Claim.java
        ClaimValue.java
        AuthorizeClient.java
        OpenIdConnectDiscoveryClient.java
        fido
        u2f
        U2fConfigurationService.java
        FidoU2fClientFactory.java
        RegistrationRequestService.java
        AuthenticationRequestService.java
        UserInfoRequest.java
        RevokeSessionClient.java
        TokenClient.java
        OpenIdConfigurationClient.java
        RevokeSessionRequest.java
        util
        ClientUtil.java
        KeyGenerator.java
        KeyExporter.java
    - test
      - resources
        interop_Roland_Hedberg_Test.properties
        testng-multi-authz.xml
        interop_rohe_python_config.json
        interop_Gluu_OX.properties
        interop_rohe_config.py
        interop_Nov_Matake_Test.properties
        testng.xml
        testng-benchmark.xml
        interop_Oreo.properties
        interop_Ryo_Ito_Test.properties
        interop_NRI_PHP.properties
        clientkeystore.jks
        testng.properties
        interop_Wenou.properties
      - java
        org
        gluu
        oxauth
        interop
        DisplaysLogoInLoginPage.java
        AcceptValidSymmetricIdTokenSignature.java
        SupportRequestFile.java
        SupportCombinationOfIdTokenTokenResponseTypes.java
        AcceptRequestWithoutRedirectUriWhenOneRegistered.java
        SecondUseOfAccessCodeRevokesPreviouslyIssuedAccessToken.java
        CanDiscoverIdentifiersUsingUrlSyntax.java
        CanRequestAndUseEncryptedIdTokenResponse.java
        Supports3rdPartyInitLoginNoHttps.java
        ProvidingIdTokenWithMaxAgeRestriction.java
        SupportTokenResponseType.java
        UsesAsymmetricIdTokenSignatures.java
        PublishOpenIdConfigurationDiscoveryInformation.java
        SupportAuthenticationToTokenEndpointUsingFormEncodedClientCredentialsInPostBody.java
        ProvidingIndividuallyRequestedEssentialClaims.java
        RejectsIncorrectAtHashWhenImplicitFlowUsed.java
        SupportAuthenticationToTokenEndpointWithSymmetricallySignedJWTs.java
        RequestingUserInfoClaimsWithOpenIdRequestObject.java
        VerifiesCorrectCHashWhenCodeFlowUsed.java
        RejectInvalidAsymmetricIdTokenSignature.java
        CanProvideSignedUserInfoResponse.java
        SupportCombinationOfIdTokenCodeResponseTypes.java
        SupportCombinationOfCodeIdTokenTokenResponseTypes.java
        CanProvideEncryptedIdTokenResponse.java
        CanRequestAndUseClaimsInIdToken.java
        UserInfoEndpointAccessWithHeaderMethod.java
        RejectRedirectUriNotMatchingARegisteredRedirectUri.java
        EnablesDynamicRegistration.java
        IncludesCHashInIdTokenWhenCodeFlowUsed.java
        ProvidingIndividuallyRequestedEssentialAndVoluntaryClaims.java
        CanMakeAccessTokenRequestWithClientSecretPostAuthentication.java
        SupportRequestsContainingNonce.java
        AcceptValidAsymmetricIdTokenSignature.java
        SupportAuthenticationToTokenEndpointWithAsymmetricallySignedJWTs.java
        ProvidingIndividuallyRequestedVoluntaryClaims.java
        CanMakeAccessTokenRequestWithPrivateKeyJwtAuthentication.java
        VerifiesCorrectAtHashWhenImplicitFlowUsed.java
        IncludesAtHashInIdTokenWhenImplicitFlowUsed.java
        RejectInvalidSymmetricIdTokenSignature.java
        RejectsRedirectUriWhenQueryParameterDoesNotMatch.java
        CanProvideEncryptedUserInfoResponse.java
        SupportClaimsRequestSpecifyingSubValue.java
        IgnoresExtraQueryComponentInRequest.java
        SupportPromptValueNone.java
        SupportRequestsWithoutNonce.java
        SupportsReturningClaimsInIdToken.java
        SupportsCombiningClaimsRequestedWithScopeAndRequestObject.java
        OPRegistrationJwks.java
        CanMakeAccessTokenRequestWithClientSecretJwtAuthentication.java
        SupportAuthenticationToTokenEndpointUsingHttpBasicWithPost.java
        DisplaysPolicyUriInLoginPage.java
        RejectRequestWithoutResponseType.java
        SupportScopeRequestingPhoneClaims.java
        UserInfoEndpointAccessWithFormEncodedBodyMethod.java
        RejectRequestWithoutRedirectUriWhenMultipleRegistered.java
        SupportRegistrationRead.java
        CanMakeAccessTokenRequestWithClientSecretBasicAuthentication.java
        RequestingUserInfoClaimsWithScopeValues.java
        RejectsSecondUseOfAccessCode.java
        SupportWebFingerDiscovery.java
        RejectsSectorIdentifierNotContainingRegisteredRedirectUriValues.java
        SupportsReturningDifferentClaimsInIdTokenAndUserInfoEndpoint.java
        UsesDiscovery.java
        SupportIdTokenResponseType.java
        CanDiscoverIdentifiersUsingEMailSyntax.java
        SupportScopeRequestingNoSpecificClaims.java
        SupportScopeRequestingAddressClaims.java
        SupportDisplayValuePopup.java
        UsesDynamicRegistration.java
        SupportCodeResponseType.java
        CanRequestAndUseSignedUserInfoResponse.java
        SupportPromptValueLogin.java
        UsesSymmetricIdTokenSignatures.java
        SupportScopeRequestingProfileClaims.java
        RejectRequestsWithoutNonceUsingImplicitFlow.java
        SupportDisplayValuePage.java
        SupportScopeRequestingEmailClaims.java
        UserInfoEndpoint.java
        Supports3rdPartyInitLogin.java
        CanRequestAndUseEncryptedUserInfoResponse.java
        RejectRegistrationOfRedirectUriWithFragment.java
        RejectsIncorrectCHashWhenCodeFlowUsed.java
        ProvidingAcrValues.java
        SupportScopeRequestingAllBasicClaims.java
        SupportCombinationOfCodeTokenResponseTypes.java
        ProvidingIdTokenWithEssentialAuthTimeClaim.java
        page
        PageConfig.java
        AbstractPage.java
        SelectPage.java
        LoginPage.java
        Page.java
        client
        RegisterRequestTest.java
        Asserter.java
        ResponseAsserter.java
        JSONObjectAsserter.java
        dev
        manual
        MTSLClientAuthenticationTest.java
        AccessTokenManualTest.java
        HostnameVerifierType.java
        TestSessionWorkflow.java
        .gitignore
        BaseTest.java
        ciba
        ConfigurationTest.java
        RegistrationTest.java
        CibaPingModeJwtAuthRequestTests.java
        BackchannelAuthenticationExpiredRequestsTests.java
        CibaPollModeJwtAuthRequestTests.java
        load
        RegistrationLoadTest.java
        LoadConstants.java
        ObtainAccessTokenLoadTest.java
        benchmark
        BenchmarkRequestAuthorization.java
        suite
        BenchmarkTestListener.java
        BenchmarkTestSuiteListener.java
        BenchmarkRequestAccessToken.java
        UserInfoLoadTest.java
        json
        JsonApplierTest.java
        ws
        rs
        ClientCredentialsGrantHttpTest.java
        SpontaneousScopeHttpTest.java
        PkceHttpTest.java
        IntrospectionWsHttpTest.java
        AuthorizeRestWebServiceHttpTest.java
        OpenIDConnectDiscoveryHttpTest.java
        AuthorizationCodeFlowHttpTest.java
        TokenBindingHttpTest.java
        uma
        AccessProtectedResourceFlowHttpTest.java
        ClientAuthenticationByAccessTokenHttpTest.java
        RegisterResourceFlowHttpTest.java
        ObtainPatTokenFlowHttpTest.java
        UmaSpontaneousScopeHttpTest.java
        ScopeHttpTest.java
        MetaDataFlowHttpTest.java
        UmaRegisterPermissionFlowHttpTest.java
        GluuConfigurationWebServiceHttpTest.java
        ClientSpecificAccessTokenExpiration.java
        ApplicationTypeRestrictionHttpTest.java
        AddressClaimsTest.java
        TokenRevocationTest.java
        PersistClientAuthorizationsHttpTest.java
        ResponseTypesRestrictionHttpTest.java
        GrantTypesRestrictionHttpTest.java
        MultiStepAuthorizationCodeFlowHttpTest.java
        UserAuthenticationFilterHttpTest.java
        UILocales.java
        OpenIDRequestObjectHttpTest.java
        ClientTestUtil.java
        ClientWhiteListBlackListRedirectUris.java
        JwkRestWebServiceHttpTest.java
        ValidateIdTokenHashesTest.java
        RegistrationWithSoftwareStatement.java
        TokenRestWebServiceHttpTest.java
        AuthorizationResponseModeHttpTest.java
        AccessTokenAsJwtHttpTest.java
        TokenEncryptionHttpTest.java
        AuthorizeSessionIdRestWebServiceHttpTest.java
        UserInfoRestWebServiceHttpTest.java
        WebKeysTest.java
        ClientSecretBasicTest.java
        SSOWithMultipleBackendServicesHttpTest.java
        ClientInfoRestWebServiceHttpTest.java
        EndSessionRestWebServiceHttpTest.java
        SelectAccountHttpTest.java
        AuthorizationResponseCustomHeaderTest.java
        TokenSignaturesHttpTest.java
        ConfigurationRestWebServiceHttpTest.java
        IndividualClaimsRequestsTest.java
        AuthorizationSupportCustomParams.java
        RevokeSessionHttpTest.java
        EncodeClaimsInStateParameter.java
        SectorIdentifierUrlVerificationHttpTest.java
        EnableClientToRestrictJavascriptOrigin.java
        RegistrationRestWebServiceHttpTest.java
        ClientAuthenticationFilterHttpTest.java
  - profiles
    - default
      - config-oxauth-test-data.properties
      - client_keystore.jks
    - .gitignore
  - pom.xml
  - .gitignore
- README.md
- CODE_OF_CONDUCT.md
- rp-spring-boot
  - src
    - main
      - resources
        application.yml
        static
        index.html
      - java
        org
        gluu
        demo
        ServletInitializer.java
        RpSpringBootApplication.java
    - test
      - java
        org
        gluu
        demo
        RpSpringBootApplicationTests.java
  - pom.xml
  - mvnw
  - .mvn
    - wrapper
      - maven-wrapper.jar
      - MavenWrapperDownloader.java
      - maven-wrapper.properties
  - HELP.md
  - .gitignore
  - mvnw.cmd
- persistence-model
  - src
    - main
      - resources
        META-INF
        beans.xml
      - java
        org
        oxauth
        persistence
        model
        PairwiseIdentifier.java
        configuration
        InumEntry.java
        CustomProperty.java
        oxIDPAuthConf.java
        GluuConfiguration.java
        ScopeAttributes.java
        ClientAttributes.java
        base
        Entry.java
        SectorIdentifier.java
        Scope.java
  - pom.xml
- .gitignore
- docs
  - oxAuthSwagger.yaml

/*
 * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
 *
 * Copyright (c) 2014, Gluu
 */

package org.gluu.oxauth.service;

import com.google.common.collect.Sets;
import org.gluu.oxauth.model.common.AuthenticationMethod;
import org.gluu.oxauth.model.config.StaticConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.exception.InvalidClaimException;
import org.gluu.oxauth.model.registration.Client;
import org.gluu.oxauth.service.common.EncryptionService;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.exception.EntryPersistenceException;
import org.gluu.persist.model.base.CustomAttribute;
import org.gluu.persist.model.base.CustomEntry;
import org.gluu.service.BaseCacheService;
import org.gluu.service.CacheService;
import org.gluu.service.LocalCacheService;
import org.gluu.util.StringHelper;
import org.gluu.util.security.StringEncrypter;
import org.gluu.util.security.StringEncrypter.EncryptionException;
import org.json.JSONArray;
import org.oxauth.persistence.model.Scope;
import org.python.jline.internal.Preconditions;
import org.slf4j.Logger;

import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import java.util.*;

/**
 * Provides operations with clients.
 *
 * @author Javier Rojas Blum
 * @author Yuriy Movchan Date: 04/15/2014
 * @version October 22, 2016
 */
@Stateless
@Named
public class ClientService {

	public static final String[] CLIENT_OBJECT_CLASSES = new String[] { "oxAuthClient" };

	@Inject
	private Logger log;

	@Inject
	private PersistenceEntryManager ldapEntryManager;

	@Inject
	private CacheService cacheService;

    @Inject
    private LocalCacheService localCacheService;

	@Inject
	private ScopeService scopeService;

	@Inject
	private EncryptionService encryptionService;

	@Inject
	private AppConfiguration appConfiguration;

	@Inject
	private StaticConfiguration staticConfiguration;

	public void persist(Client client) {
		ldapEntryManager.persist(client);
	}

	public void merge(Client client) {
		ldapEntryManager.merge(client);
		removeFromCache(client);
	}

	/**
	 * Authenticate client.
	 *
	 * @param clientId
	 *            Client inum.
	 * @param password
	 *            Client password.
	 * @return <code>true</code> if success, otherwise <code>false</code>.
	 */
	public boolean authenticate(String clientId, String password) {
		log.debug("Authenticating Client with LDAP: clientId = {}", clientId);
		boolean authenticated = false;

		try {
			Client client = getClient(clientId);
			if (client == null) {
				log.debug("Failed to find client = {}", clientId);
				return authenticated;
			}
			String decryptedClientSecret = decryptSecret(client.getClientSecret());
			authenticated = client != null && decryptedClientSecret != null && decryptedClientSecret.equals(password);
		} catch (StringEncrypter.EncryptionException e) {
			log.error(e.getMessage(), e);
		}

		return authenticated;
	}

	public Set<Client> getClient(Collection<String> clientIds, boolean silent) {
		Set<Client> set = Sets.newHashSet();

		if (clientIds == null) {
			return set;
		}

		for (String clientId : clientIds) {
			try {
				Client client = getClient(clientId);
				if (client != null) {
					set.add(client);
				}
			} catch (RuntimeException e) {
				if (!silent) {
					throw e;
				}
			}
		}
		return set;
	}

	public Client getClient(String clientId) {
		if (clientId != null && !clientId.isEmpty()) {
			Client result = getClientByDn(buildClientDn(clientId));
			log.debug("Found {} entries for client id = {}", result != null ? 1 : 0, clientId);

			return result;
		}
		return null;
	}

	public boolean isPublic(String clientId) {
	    return isPublic(getClient(clientId));
    }

	public boolean isPublic(Client client) {
	    return client != null && client.getAuthenticationMethod() == AuthenticationMethod.NONE;
    }

	public Client getClient(String clientId, String registrationAccessToken) {
        final Client client = getClient(clientId);
        if (client != null && registrationAccessToken != null && registrationAccessToken.equals(client.getRegistrationAccessToken())) {
            return client;
        }
		return null;
	}

	public Set<Client> getClientsByDns(Collection<String> dnList) {
		return getClientsByDns(dnList, true);
	}

	public Set<Client> getClientsByDns(Collection<String> dnList, boolean silently) {
		Preconditions.checkNotNull(dnList);

		final Set<Client> result = Sets.newHashSet();
		for (String clientDn : dnList) {
			try {
				result.add(getClientByDn(clientDn));
			} catch (RuntimeException e) {
				if (!silently) {
					throw e;
				}
			}
		}
		return result;
	}

	/**
	 * Returns client by DN.
	 *
	 * @param dn
	 *            dn of client
	 * @return Client
	 */
	public Client getClientByDn(String dn) {
		BaseCacheService usedCacheService = getCacheService();
	    try {
            return usedCacheService.getWithPut(dn, () -> ldapEntryManager.find(Client.class, dn), 60);
        } catch (Exception e) {
	        log.trace(e.getMessage(), e);
	        return null;
        }
	}

	public org.gluu.persist.model.base.CustomAttribute getCustomAttribute(Client client, String attributeName) {
		for (org.gluu.persist.model.base.CustomAttribute customAttribute : client.getCustomAttributes()) {
			if (StringHelper.equalsIgnoreCase(attributeName, customAttribute.getName())) {
				return customAttribute;
			}
		}

		return null;
	}

	public void setCustomAttribute(Client client, String attributeName, String attributeValue) {
		org.gluu.persist.model.base.CustomAttribute customAttribute = getCustomAttribute(client, attributeName);

		if (customAttribute == null) {
			customAttribute = new org.gluu.persist.model.base.CustomAttribute(attributeName);
			client.getCustomAttributes().add(customAttribute);
		}

		customAttribute.setValue(attributeValue);
	}

	public List<Client> getAllClients(String[] returnAttributes) {
		String baseDn = staticConfiguration.getBaseDn().getClients();

		List<Client> result = ldapEntryManager.findEntries(baseDn, Client.class, null, returnAttributes);

		return result;
	}

	public List<Client> getAllClients(String[] returnAttributes, int size) {
		String baseDn = staticConfiguration.getBaseDn().getClients();

		List<Client> result = ldapEntryManager.findEntries(baseDn, Client.class, null, returnAttributes, size);

		return result;
	}

	public String buildClientDn(String p_clientId) {
		final StringBuilder dn = new StringBuilder();
		dn.append(String.format("inum=%s,", p_clientId));
		dn.append(staticConfiguration.getBaseDn().getClients()); // ou=clients,o=gluu
		return dn.toString();
	}

	public void remove(Client client) {
		if (client != null) {
			removeFromCache(client);

			String clientDn = client.getDn();
			ldapEntryManager.removeRecursively(clientDn);
		}
	}

	private void removeFromCache(Client client) {
		BaseCacheService usedCacheService = getCacheService();
		try {
			usedCacheService.remove(client.getDn());
		} catch (Exception e) {
			log.error("Failed to remove client from cache." + client.getDn(), e);
		}
	}

	public void updateAccessTime(Client client, boolean isUpdateLogonTime) {
		if (!appConfiguration.getUpdateClientAccessTime()) {
			return;
		}

		String clientDn = client.getDn();

		CustomEntry customEntry = new CustomEntry();
		customEntry.setDn(clientDn);
		customEntry.setCustomObjectClasses(CLIENT_OBJECT_CLASSES);

		Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
		String nowDateString = ldapEntryManager.encodeTime(customEntry.getDn(), now);

		CustomAttribute customAttributeLastAccessTime = new CustomAttribute("oxLastAccessTime", nowDateString);
		customEntry.getCustomAttributes().add(customAttributeLastAccessTime);

		if (isUpdateLogonTime) {
			CustomAttribute customAttributeLastLogonTime = new CustomAttribute("oxLastLogonTime", nowDateString);
			customEntry.getCustomAttributes().add(customAttributeLastLogonTime);
		}

		try {
			ldapEntryManager.merge(customEntry);
		} catch (EntryPersistenceException epe) {
			log.error("Failed to update oxLastAccessTime and oxLastLogonTime of client '{}'", clientDn);
		}

		removeFromCache(client);
	}

	public Object getAttribute(Client client, String clientAttribute) throws InvalidClaimException {
		Object attribute = null;

		if (clientAttribute != null) {
			if (clientAttribute.equals("displayName")) {
				attribute = client.getClientName();
			} else if (clientAttribute.equals("inum")) {
				attribute = client.getClientId();
			} else if (clientAttribute.equals("oxAuthAppType")) {
				attribute = client.getApplicationType();
			} else if (clientAttribute.equals("oxAuthIdTokenSignedResponseAlg")) {
				attribute = client.getIdTokenSignedResponseAlg();
			} else if (clientAttribute.equals("oxAuthRedirectURI") && client.getRedirectUris() != null) {
				JSONArray array = new JSONArray();
				for (String redirectUri : client.getRedirectUris()) {
					array.put(redirectUri);
				}
				attribute = array;
			} else if (clientAttribute.equals("oxAuthScope") && client.getScopes() != null) {
				JSONArray array = new JSONArray();
				for (String scopeDN : client.getScopes()) {
					Scope s = scopeService.getScopeByDn(scopeDN);
					if (s != null) {
						String scopeName = s.getId();
						array.put(scopeName);
					}
				}
				attribute = array;
			} else {
				for (CustomAttribute customAttribute : client.getCustomAttributes()) {
					if (customAttribute.getName().equals(clientAttribute)) {
						List<String> values = customAttribute.getValues();
						if (values != null) {
							if (values.size() == 1) {
								attribute = values.get(0);
							} else {
								JSONArray array = new JSONArray();
								for (String v : values) {
									array.put(v);
								}
								attribute = array;
							}
						}

						break;
					}
				}
			}
		}

		return attribute;
	}

	public String decryptSecret(String encryptedClientSecret) throws EncryptionException {
		return encryptionService.decrypt(encryptedClientSecret);
	}

	public String encryptSecret(String clientSecret) throws EncryptionException {
		return encryptionService.encrypt(clientSecret);
	}

    private BaseCacheService getCacheService() {
    	if (appConfiguration.getUseLocalCache()) {
    		return localCacheService;
    	}
    	
    	return cacheService;
    }

}