diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java
index a7a644bfc6aa..ff4ab26f03b9 100644
--- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java
+++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java
@@ -437,6 +437,22 @@ private ApplicationCreateResult persistBasicApplicationInformation(Connection co
ServiceProviderProperty isB2BSSAppProperty = buildIsB2BSSAppProperty(application);
serviceProviderProperties.add(isB2BSSAppProperty);
+ ServiceProviderProperty isAPIBasedAuthenticationEnabled
+ = buildIsAPIBasedAuthenticationEnabledProperty(application);
+ serviceProviderProperties.add(isAPIBasedAuthenticationEnabled);
+
+ if (application.getClientAttestationMetaData() != null) {
+ ServiceProviderProperty isAttestationEnabled =
+ buildIsAttestationEnabledProperty(application.getClientAttestationMetaData());
+ serviceProviderProperties.add(isAttestationEnabled);
+
+ ServiceProviderProperty androidPackageName =
+ buildAndroidPackageNameProperty(application.getClientAttestationMetaData());
+ serviceProviderProperties.add(androidPackageName);
+
+ storeAndroidAttestationServiceCredentialAsSecret(application);
+ }
+
ServiceProviderProperty allowedRoleAudienceProperty = buildAllowedRoleAudienceProperty(application);
serviceProviderProperties.add(allowedRoleAudienceProperty);
application.setSpProperties(serviceProviderProperties.toArray(new ServiceProviderProperty[0]));
diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java
index 75ee63660de2..ef6e158a5d27 100644
--- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java
+++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java
@@ -38,6 +38,7 @@
import org.wso2.carbon.identity.application.common.model.Claim;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
+import org.wso2.carbon.identity.application.common.model.ClientAttestationMetaData;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
@@ -776,6 +777,119 @@ public void testAddApplicationWithIsManagementApplication(boolean isManagementAp
REGISTRY_SYSTEM_USERNAME);
}
+ @DataProvider(name = "testAddApplicationWithAPIBasedAuthenticationData")
+ public Object[][] testAddApplicationWithAPIBasedAuthenticationData() {
+
+
+ return new Object[][]{
+ {true},
+ {false}
+ };
+ }
+
+ @Test(dataProvider = "testAddApplicationWithAPIBasedAuthenticationData")
+ public void testAddApplicationWithAPIBasedAuthentication(boolean isAPIBasedAuthenticationEnabled) throws Exception {
+
+
+ ServiceProvider inputSP = new ServiceProvider();
+ inputSP.setApplicationName(APPLICATION_NAME_1);
+
+ addApplicationConfigurations(inputSP);
+ inputSP.setAPIBasedAuthenticationEnabled(isAPIBasedAuthenticationEnabled);
+
+ // Adding new application.
+ ServiceProvider addedSP = applicationManagementService.addApplication(inputSP, SUPER_TENANT_DOMAIN_NAME,
+ REGISTRY_SYSTEM_USERNAME);
+ Assert.assertEquals(addedSP.isAPIBasedAuthenticationEnabled(), isAPIBasedAuthenticationEnabled);
+
+
+ // Retrieving added application.
+ ServiceProvider retrievedSP = applicationManagementService.getApplicationExcludingFileBasedSPs
+ (inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME);
+ Assert.assertEquals(retrievedSP.isAPIBasedAuthenticationEnabled(), isAPIBasedAuthenticationEnabled);
+
+ // Updating the application by changing the isManagementApplication flag. It should be changed.
+ inputSP.setAPIBasedAuthenticationEnabled(!isAPIBasedAuthenticationEnabled);
+
+ applicationManagementService.updateApplication(inputSP, SUPER_TENANT_DOMAIN_NAME, REGISTRY_SYSTEM_USERNAME);
+
+ retrievedSP = applicationManagementService.getApplicationExcludingFileBasedSPs
+ (inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME);
+
+ Assert.assertEquals(retrievedSP.isAPIBasedAuthenticationEnabled(), !isAPIBasedAuthenticationEnabled);
+
+ // Deleting added application.
+ applicationManagementService.deleteApplication(inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME,
+ REGISTRY_SYSTEM_USERNAME);
+ }
+
+ @DataProvider(name = "testAddApplicationWithAttestationData")
+ public Object[][] testAddApplicationWithAttestationData() {
+
+
+ return new Object[][]{
+ {true, "com.wso2.sample.mobile.application", "sampleCredentials"}
+ };
+ }
+
+ @Test(dataProvider = "testAddApplicationWithAttestationData")
+ public void testAddApplicationWithAttestationData(boolean isAttestationEnabled,
+ String androidPackageName,
+ String androidCredentials) throws Exception {
+
+ ResolvedSecret resolvedSecret = new ResolvedSecret();
+ resolvedSecret.setResolvedSecretValue(androidCredentials);
+ SecretResolveManager secretResolveManager = mock(SecretResolveManagerImpl.class);
+ ApplicationManagementServiceComponentHolder.getInstance().setSecretResolveManager(secretResolveManager);
+ when(secretResolveManager.getResolvedSecret(anyString(), anyString())).thenReturn(resolvedSecret);
+
+ ServiceProvider inputSP = new ServiceProvider();
+ inputSP.setApplicationName(APPLICATION_NAME_1);
+
+ addApplicationConfigurations(inputSP);
+ ClientAttestationMetaData clientAttestationMetaData = new ClientAttestationMetaData();
+ clientAttestationMetaData.setAttestationEnabled(isAttestationEnabled);
+ clientAttestationMetaData.setAndroidPackageName(androidPackageName);
+ clientAttestationMetaData.setAndroidAttestationServiceCredentials(androidCredentials);
+ inputSP.setClientAttestationMetaData(clientAttestationMetaData);
+
+ // Adding new application.
+ ServiceProvider addedSP = applicationManagementService.addApplication(inputSP, SUPER_TENANT_DOMAIN_NAME,
+ REGISTRY_SYSTEM_USERNAME);
+ Assert.assertEquals(addedSP.getClientAttestationMetaData().isAttestationEnabled(), isAttestationEnabled);
+ Assert.assertEquals(addedSP.getClientAttestationMetaData().getAndroidPackageName(), androidPackageName);
+ Assert.assertEquals(addedSP.getClientAttestationMetaData().getAndroidAttestationServiceCredentials(),
+ androidCredentials);
+
+ SecretManager secretManager = mock(SecretManagerImpl.class);
+ when(secretManager.isSecretExist(anyString(), anyString())).thenReturn(true);
+ ApplicationManagementServiceComponentHolder.getInstance().setSecretManager(secretManager);
+
+ // Retrieving added application.
+ ServiceProvider retrievedSP = applicationManagementService.getApplicationExcludingFileBasedSPs
+ (inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME);
+ Assert.assertEquals(retrievedSP.getClientAttestationMetaData().isAttestationEnabled(), isAttestationEnabled);
+ Assert.assertEquals(retrievedSP.getClientAttestationMetaData().getAndroidPackageName(), androidPackageName);
+ Assert.assertEquals(retrievedSP.getClientAttestationMetaData().getAndroidAttestationServiceCredentials(),
+ androidCredentials);
+ // Updating the application by changing the isManagementApplication flag. It should be changed.
+ ClientAttestationMetaData clientAttestationMetaData2 = new ClientAttestationMetaData();
+ clientAttestationMetaData2.setAttestationEnabled(!isAttestationEnabled);
+ clientAttestationMetaData2.setAndroidPackageName(null);
+ clientAttestationMetaData2.setAndroidAttestationServiceCredentials(null);
+ inputSP.setClientAttestationMetaData(clientAttestationMetaData2);
+ applicationManagementService.updateApplication(inputSP, SUPER_TENANT_DOMAIN_NAME, REGISTRY_SYSTEM_USERNAME);
+
+ retrievedSP = applicationManagementService.getApplicationExcludingFileBasedSPs
+ (inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME);
+
+ Assert.assertEquals(retrievedSP.getClientAttestationMetaData().isAttestationEnabled(), !isAttestationEnabled);
+ Assert.assertNull(retrievedSP.getClientAttestationMetaData().getAndroidAttestationServiceCredentials());
+ // Deleting added application.
+ applicationManagementService.deleteApplication(inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME,
+ REGISTRY_SYSTEM_USERNAME);
+ }
+
private void addApplicationConfigurations(ServiceProvider serviceProvider) {
serviceProvider.setDescription("Created for testing");
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/pom.xml b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/pom.xml
index 8468094175b0..0e4c98f0a8b8 100644
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/pom.xml
+++ b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/pom.xml
@@ -47,7 +47,6 @@
provided
-
org.wso2.carbon.identity.framework
org.wso2.carbon.identity.base
@@ -93,7 +92,7 @@
org.wso2.carbon.identity.framework
org.wso2.carbon.identity.core
-
+
org.testng
testng
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/exceptions/ClientAttestationMgtException.java b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/exceptions/ClientAttestationMgtException.java
index 86bc537c5bc1..07c744955360 100644
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/exceptions/ClientAttestationMgtException.java
+++ b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/exceptions/ClientAttestationMgtException.java
@@ -32,6 +32,7 @@ public class ClientAttestationMgtException extends IdentityException {
* @param message The error message.
*/
public ClientAttestationMgtException(String message) {
+
super(message);
}
@@ -42,6 +43,7 @@ public ClientAttestationMgtException(String message) {
* @param message The error message.
*/
public ClientAttestationMgtException(String errorCode, String message) {
+
super(errorCode, message);
}
@@ -52,6 +54,7 @@ public ClientAttestationMgtException(String errorCode, String message) {
* @param cause The throwable cause of the exception.
*/
public ClientAttestationMgtException(String message, Throwable cause) {
+
super(message, cause);
}
@@ -64,6 +67,7 @@ public ClientAttestationMgtException(String message, Throwable cause) {
* @param cause The throwable cause of the exception.
*/
public ClientAttestationMgtException(String errorCode, String message, Throwable cause) {
+
super(errorCode, message, cause);
}
}
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/internal/ClientAttestationMgtServiceComponent.java b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/internal/ClientAttestationMgtServiceComponent.java
index a718c1b5ed89..d673fffaff09 100644
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/internal/ClientAttestationMgtServiceComponent.java
+++ b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/internal/ClientAttestationMgtServiceComponent.java
@@ -51,7 +51,9 @@ protected void activate(ComponentContext context) {
try {
context.getBundleContext().registerService(ClientAttestationService.class.getName(),
new ClientAttestationServiceImpl(), null);
- log.info("Client Attestation Service Component deployed.");
+ if (log.isDebugEnabled()) {
+ log.debug("Client Attestation Service Component deployed.");
+ }
} catch (Throwable throwable) {
log.error("Error while activating Input Validation Service Component.", throwable);
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/AndroidAttestationMetaData.java b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/AndroidAttestationMetaData.java
deleted file mode 100644
index 28b3518f01a9..000000000000
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/AndroidAttestationMetaData.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
- *
- * WSO2 LLC. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-
-package org.wso2.carbon.identity.client.attestation.mgt.model;
-
-/**
- * Represents metadata related to Android app attestation.
- */
-public class AndroidAttestationMetaData {
-
- // The package name of the Android app.
- private String packageName;
-
- /**
- * Get the package name of the Android app.
- *
- * @return The package name.
- */
- public String getPackageName() {
-
- return packageName;
- }
-
- /**
- * Set the package name of the Android app.
- *
- * @param packageName The package name to set.
- */
- public void setPackageName(String packageName) {
-
- this.packageName = packageName;
- }
-}
-
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/AppleAttestationMetaData.java b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/AppleAttestationMetaData.java
deleted file mode 100644
index 66c1c8911e85..000000000000
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/AppleAttestationMetaData.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
- *
- * WSO2 LLC. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-
-package org.wso2.carbon.identity.client.attestation.mgt.model;
-
-/**
- * Represents metadata related to Apple app attestation.
- */
-public class AppleAttestationMetaData {
-
- // The App ID associated with the Apple app.
- private String appId;
-
- /**
- * Get the App ID associated with the Apple app.
- *
- * @return The App ID.
- */
- public String getAppId() {
-
- return appId;
- }
-
- /**
- * Set the App ID associated with the Apple app.
- *
- * @param appId The App ID to set.
- */
- public void setAppId(String appId) {
-
- this.appId = appId;
- }
-}
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/ClientAttestationContext.java b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/ClientAttestationContext.java
index d7838f6f9846..02f5b1a2a7e6 100644
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/ClientAttestationContext.java
+++ b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/model/ClientAttestationContext.java
@@ -40,55 +40,68 @@ public class ClientAttestationContext extends MessageContext {
private String validationFailureMessage;
public String getApplicationResourceId() {
+
return applicationResourceId;
}
public void setApplicationResourceId(String applicationResourceId) {
+
this.applicationResourceId = applicationResourceId;
}
public String getTenantDomain() {
+
return tenantDomain;
}
public void setTenantDomain(String tenantDomain) {
+
this.tenantDomain = tenantDomain;
}
public boolean isAttestationEnabled() {
+
return attestationEnabled;
}
public void setAttestationEnabled(boolean attestationEnabled) {
+
this.attestationEnabled = attestationEnabled;
}
public boolean isAttested() {
+
return isAttested;
}
public void setAttested(boolean attested) {
+
isAttested = attested;
}
public Constants.ClientTypes getClientType() {
+
return clientType;
}
public void setClientType(Constants.ClientTypes clientType) {
+
this.clientType = clientType;
}
public String getValidationFailureMessage() {
+
return validationFailureMessage;
}
public void setValidationFailureMessage(String validationFailureMessage) {
+
this.validationFailureMessage = validationFailureMessage;
}
@Override
public String toString() {
+
return "ClientAttestationContext{" +
"applicationResourceId='" + applicationResourceId + '\'' +
", tenantDomain='" + tenantDomain + '\'' +
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/validators/AndroidAttestationValidator.java b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/validators/AndroidAttestationValidator.java
index 090695485446..6b916105a50d 100644
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/validators/AndroidAttestationValidator.java
+++ b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/validators/AndroidAttestationValidator.java
@@ -120,7 +120,6 @@ private DecodeIntegrityTokenResponse decodeIntegrityToken(String attestationObje
ClientAttestationContext clientAttestationContext)
throws ClientAttestationMgtException {
try {
- // JSON data for service account credentials (replace with actual credentials).
String jsonData = clientAttestationMetaData.getAndroidAttestationServiceCredentials();
if (jsonData == null) {
@@ -157,9 +156,6 @@ private DecodeIntegrityTokenResponse decodeIntegrityToken(String attestationObje
.execute();
} catch (IOException | GeneralSecurityException e) {
- clientAttestationContext.setAttested(false);
- clientAttestationContext.setValidationFailureMessage("Unable to decode or verify the integrity token " +
- "form google play integrity service.");
if (LOG.isDebugEnabled()) {
LOG.debug("Unable to decode or verify attestation request from Client :" + applicationResourceId +
" in tenant : " + tenantDomain + " from google play integrity service." , e);
@@ -208,7 +204,10 @@ private boolean validateRequestDetails(DecodeIntegrityTokenResponse decodeIntegr
// Get the request time from the token response.
long requestTimeInMillis = requestDetails.getTimestampMillis();
- long allowedWindowMillis = getConfiguredAllowedWindow();
+ long allowedWindowMillis;
+
+ String allowedWindow = IdentityUtil.getProperty(CLIENT_ATTESTATION_ALLOWED_WINDOW_IN_MILL_SECOND);
+
if (!StringUtils.equals(requestDetails.getRequestPackageName(), expectedPackageName)) {
// The package name in the request details does not match the requested client.
@@ -216,16 +215,30 @@ private boolean validateRequestDetails(DecodeIntegrityTokenResponse decodeIntegr
clientAttestationContext.setValidationFailureMessage("Package name in the request details does " +
"not match with the requested client.");
return false;
- } else if (currentTimeInMillis - requestTimeInMillis > allowedWindowMillis) {
- // The generated Integrity token is considered old, likely due to a replay attack.
- if (LOG.isDebugEnabled()) {
- LOG.debug("Attestation request provided by Client :" + applicationResourceId +
- " in tenant : " + tenantDomain + " is older than required window.");
+ } else if (StringUtils.isNotEmpty(allowedWindow)) {
+ try {
+ allowedWindowMillis = Long.parseLong(allowedWindow);
+ if (currentTimeInMillis - requestTimeInMillis > allowedWindowMillis) {
+ // The generated Integrity token is considered old, likely due to a replay attack.
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Attestation request provided by Client :" + applicationResourceId +
+ " in tenant : " + tenantDomain + " is older than required window.");
+ }
+ clientAttestationContext.setAttested(false);
+ clientAttestationContext.setValidationFailureMessage("Attestation request provided by Client " +
+ "is older than required window.");
+ return false;
+ } else {
+ // Request details are valid.
+ return true;
+ }
+ } catch (NumberFormatException e) {
+ LOG.error("Error while parsing attestation allowed window timeout config: " + allowedWindow, e);
+ clientAttestationContext.setAttested(false);
+ clientAttestationContext.setValidationFailureMessage("Error while parsing attestation allowed window " +
+ "timeout config. Probably a misconfiguration, hence rejecting the request.");
+ return false;
}
- clientAttestationContext.setAttested(false);
- clientAttestationContext.setValidationFailureMessage("Package name in the request details does " +
- "not match with the requested client.");
- return false;
} else {
// Request details are valid.
return true;
@@ -260,28 +273,16 @@ private boolean validateAppIntegrity(DecodeIntegrityTokenResponse decodeIntegrit
clientAttestationContext.setAttested(false);
clientAttestationContext.setValidationFailureMessage("Application integrity validation failed." +
" Unexpected recognition verdict: " + appIntegrity.getAppRecognitionVerdict());
- // Throw an exception with a descriptive message indicating that the application
- // integrity verdict is unexpected.
return false;
}
- private long getConfiguredAllowedWindow() {
-
- String allowedWindow = IdentityUtil.getProperty(CLIENT_ATTESTATION_ALLOWED_WINDOW_IN_MILL_SECOND);
- if (StringUtils.isNotEmpty(allowedWindow)) {
- return Long.parseLong(allowedWindow);
- } else {
- return 60000L; // 1 minute
- }
- }
-
/**
* Method to indicate that this class handles Android OS.
*
* @return ANDROID.
*/
@Override
- public String getHandledOS() {
+ public String getAttestationValidationType() {
return ANDROID;
}
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/validators/ClientAttestationValidator.java b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/validators/ClientAttestationValidator.java
index 7f0e2e737aa8..42047cc10ac1 100644
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/validators/ClientAttestationValidator.java
+++ b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/main/java/org/wso2/carbon/identity/client/attestation/mgt/validators/ClientAttestationValidator.java
@@ -40,10 +40,10 @@ void validateAttestation(String attestationObject, ClientAttestationContext clie
/**
- * This method indicates which client Os it can handle.
+ * This method indicates which client Attestation validation type, it can handle.
*
* @return OS name.
*/
- String getHandledOS();
+ String getAttestationValidationType();
}
diff --git a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/test/resources/testng.xml b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/test/resources/testng.xml
index 9bf721d0d119..7e1871aec34d 100644
--- a/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/test/resources/testng.xml
+++ b/components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/src/test/resources/testng.xml
@@ -19,7 +19,7 @@
-
+
diff --git a/pom.xml b/pom.xml
index 40717a989e72..70ac7d5c6e42 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2161,7 +2161,7 @@
1.43.3.wso2v1
[1.41.2,1.44.0)
0.31.1.wso2v1
- 1.27.2.wso2v1
+ 1.59.0.wso2v1
diff --git a/service-stubs/identity/org.wso2.carbon.identity.application.mgt.stub/src/main/resources/IdentityApplicationManagementService.wsdl b/service-stubs/identity/org.wso2.carbon.identity.application.mgt.stub/src/main/resources/IdentityApplicationManagementService.wsdl
index 2698a495fbb8..48072f99dbec 100644
--- a/service-stubs/identity/org.wso2.carbon.identity.application.mgt.stub/src/main/resources/IdentityApplicationManagementService.wsdl
+++ b/service-stubs/identity/org.wso2.carbon.identity.application.mgt.stub/src/main/resources/IdentityApplicationManagementService.wsdl
@@ -356,6 +356,7 @@
+
@@ -364,6 +365,7 @@
+
@@ -421,6 +423,13 @@
+
+
+
+
+
+
+