IDSDEV-678-Add New Publishing Points for Token Failure

.gitignore

@@ -26,3 +26,4 @@ target
 *pom.xml.tag
 *release.properties
 features/com.wso2telco.ids.dashboard.ui.feature/src/main/resources/generated/dashboard.zip
+components/self-service-portal/src/angular-source/node_modules

components/auth-proxy-service/pom.xml

@@ -100,6 +100,18 @@
         <version>2.2.0-SNAPSHOT</version>
         <scope>provided</scope>
     </dependency>
+    	<dependency>
+			<groupId>com.wso2telco.ids</groupId>
+			<artifactId>sp-seamless-provision</artifactId>
+			<version>2.2.0-SNAPSHOT</version>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>com.wso2telco.core</groupId>
+			<artifactId>spprovisionservice</artifactId>
+			<version>2.0.23-SNAPSHOT</version>
+			<scope>provided</scope>
+		</dependency>
 </dependencies>
 
 <build>

components/auth-proxy-service/src/main/java/com/wso2telco/proxy/entity/Endpoints.java

@@ -15,13 +15,62 @@
  ******************************************************************************/
 package com.wso2telco.proxy.entity;
 
+import java.io.FileNotFoundException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.rmi.RemoteException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.UUID;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.naming.ConfigurationException;
+import javax.naming.NamingException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
+import org.wso2.carbon.identity.user.registration.stub.UserRegistrationAdminService;
+import org.wso2.carbon.identity.user.registration.stub.UserRegistrationAdminServiceException;
+import org.wso2.carbon.identity.user.registration.stub.UserRegistrationAdminServiceIdentityException;
+import org.wso2.carbon.identity.user.registration.stub.UserRegistrationAdminServiceStub;
+import org.wso2.carbon.identity.user.registration.stub.UserRegistrationAdminServiceUserRegistrationException;
+import org.wso2.carbon.identity.user.registration.stub.dto.UserDTO;
+import org.wso2.carbon.identity.user.registration.stub.dto.UserFieldDTO;
+
 import com.google.gdata.util.common.util.Base64DecoderException;
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.wso2telco.core.config.model.LoginHintFormatDetails;
 import com.wso2telco.core.config.model.MobileConnectConfig;
 import com.wso2telco.core.config.model.ScopeParam;
 import com.wso2telco.core.config.service.ConfigurationService;
 import com.wso2telco.core.config.service.ConfigurationServiceImpl;
+import com.wso2telco.core.spprovisionservice.sp.entity.AdminServiceConfig;
+import com.wso2telco.core.spprovisionservice.sp.entity.AdminServiceDto;
+import com.wso2telco.core.spprovisionservice.sp.entity.ProvisionType;
+import com.wso2telco.core.spprovisionservice.sp.entity.ServiceProviderDto;
+import com.wso2telco.core.spprovisionservice.sp.entity.SpProvisionConfig;
+import com.wso2telco.core.spprovisionservice.sp.entity.SpProvisionDto;
+import com.wso2telco.core.spprovisionservice.sp.exception.SpProvisionServiceException;
 import com.wso2telco.ids.datapublisher.model.UserStatus;
 import com.wso2telco.ids.datapublisher.util.DataPublisherUtil;
 import com.wso2telco.proxy.MSISDNDecryption;
@@ -32,6 +81,11 @@
 import com.wso2telco.proxy.util.DBUtils;
 import com.wso2telco.proxy.util.Decrypt;
 import com.wso2telco.proxy.util.EncryptAES;
+import com.wso2telco.sp.discovery.service.DiscoveryService;
+import com.wso2telco.sp.discovery.service.impl.DiscoveryServiceImpl;
+import com.wso2telco.sp.provision.service.ProvisioningService;
+import com.wso2telco.sp.provision.service.impl.ProvisioningServiceImpl;
+import com.wso2telco.sp.util.TransformUtil;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -71,6 +125,7 @@ public class Endpoints {
     private static MobileConnectConfig mobileConnectConfigs = null;
     private static Map<String, List<MSISDNHeader>> operatorsMSISDNHeadersMap;
     private static Map<String, MobileConnectConfig.OPERATOR> operatorPropertiesMap = null;
+    private static AdminServiceConfig adminServiceConfig = null;
 
     /**
      * The Configuration service
@@ -104,6 +159,8 @@ public class Endpoints {
             for (MobileConnectConfig.OPERATOR op : operators) {
                 operatorPropertiesMap.put(op.getOperatorName(), op);
             }
+            adminServiceConfig = new AdminServiceConfig();
+            getSpProvisionConfig(mobileConnectConfigs);
         } catch (SQLException e) {
             log.error("Error occurred while retrieving operator MSISDN properties of operators.");
         } catch (NamingException e) {
@@ -127,6 +184,7 @@ public void RedirectToAuthorizeEndpoint(@Context HttpServletRequest httpServletR
         String redirectURL = queryParams.get(AuthProxyConstants.REDIRECT_URI).get(0);
         String scopeName = queryParams.get(AuthProxyConstants.SCOPE).get(0);
 
+        serviceProviderSeamlessProvision(httpServletRequest.getParameter("client_id"), redirectURL);
 
         //maintain userstatus related to request for data publishing purpose
         UserStatus userStatus = DataPublisherUtil.buildUserStatusFromRequest(httpServletRequest, null);
@@ -204,6 +262,13 @@ public void RedirectToAuthorizeEndpoint(@Context HttpServletRequest httpServletR
                 //Validate with Scope wise parameters and throw exceptions
                 ScopeParam scopeParam = validateAndSetScopeParameters(loginHint, msisdn, scopeName, redirectUrlInfo,
                         userStatus);
+
+                String apiScopes = null;
+                if(scopeParam.isConsentPage()==true){
+                	String[] api_Scopes = scopeName.split("\\s+");
+                	api_Scopes=Arrays.copyOfRange(api_Scopes, 1, api_Scopes.length);
+                	apiScopes=Arrays.toString(api_Scopes);
+                }
 
                 String loginhint_msisdn = null;
                 try {
@@ -262,7 +327,9 @@ public void RedirectToAuthorizeEndpoint(@Context HttpServletRequest httpServletR
                     redirectUrlInfo.setQueryString(queryString);
                     redirectUrlInfo.setIpAddress(ipAddress);
                     redirectUrlInfo.setTelcoScope(operatorScopeWithClaims);
+                    redirectUrlInfo.setParentScope(scopeParam.getScope());
                     redirectUrlInfo.setTransactionId(userStatus.getTransactionId());
+                    redirectUrlInfo.setApiScopes(apiScopes);
                     redirectURL = constructRedirectUrl(redirectUrlInfo, userStatus);
 
                     DataPublisherUtil.updateAndPublishUserStatus(
@@ -285,6 +352,64 @@ public void RedirectToAuthorizeEndpoint(@Context HttpServletRequest httpServletR
         httpServletResponse.sendRedirect(redirectURL);
     }
 
+    private void serviceProviderSeamlessProvision(String client_id, String redirectURL) {
+        DiscoveryService discoveryService = new DiscoveryServiceImpl();
+        if (mobileConnectConfigs.isSeamlessProvisioningEnabled() && !client_id.isEmpty() && client_id != null &&
+                !redirectURL.isEmpty() && redirectURL != null) {
+            ServiceProviderDto serviceProviderDto = discoveryService.servceProviderCredentialDiscovery(
+                    TransformUtil.transformDiscoveryConfig(mobileConnectConfigs.getDiscoveryConfig(),
+                            mobileConnectConfigs),
+                    TransformUtil.transofrmDiscoveryDto(client_id, redirectURL,mobileConnectConfigs),
+                    getServiceProviderDto(null, mobileConnectConfigs));
+
+            if (serviceProviderDto != null && serviceProviderDto.getExistance().equals(ProvisionType.REMOTE)
+                    && serviceProviderDto.getAdminServiceDto() != null) {
+                log.info("Provisioning Service Provider to Local data store....");
+                serviceProviderSeamlessProvision(serviceProviderDto);
+            }
+        }
+    }
+
+    private void serviceProviderSeamlessProvision(ServiceProviderDto serviceProvider) {
+
+        SpProvisionDto spProvisionDto = null;
+
+        try {
+
+            boolean isSeamlessProvisioningEnabled = mobileConnectConfigs.isSeamlessProvisioningEnabled();
+            MobileConnectConfig.Config config = mobileConnectConfigs.getSpProvisionConfig().getConfig();
+
+            if (isSeamlessProvisioningEnabled && serviceProvider != null) {
+                if (config != null) {
+                    spProvisionDto = getServiceProviderDto(serviceProvider, mobileConnectConfigs);
+                    ProvisioningService provisioningService = new ProvisioningServiceImpl();
+                    provisioningService.provisionServiceProvider(spProvisionDto);
+                } else {
+                    log.error("Config null");
+                }
+            }
+        } catch (SpProvisionServiceException e) {
+            log.error("Error occurred in provisioning a Service Provider " + e.getMessage());
+        }
+    }
+
+    private SpProvisionDto getServiceProviderDto(ServiceProviderDto serviceProvider,
+            MobileConnectConfig config) {
+
+        SpProvisionDto spProvisionDto = TransformUtil.getServiceProviderDto(serviceProvider, config);
+        spProvisionDto.getSpProvisionConfig().setAdminServiceConfig(adminServiceConfig);
+        return spProvisionDto;
+
+    }
+
+    private static AdminServiceConfig getSpProvisionConfig(MobileConnectConfig config) {
+        adminServiceConfig.setAdminServiceUrl(config.getSpProvisionConfig().getAdminServiceUrl());
+        adminServiceConfig
+                .setApplicationManagementHostUrl(config.getSpProvisionConfig().getApplicationManagementHostUrl());
+        adminServiceConfig.setStubAccessPassword(config.getSpProvisionConfig().getStubAccessPassword());
+        adminServiceConfig.setStubAccessUserName(config.getSpProvisionConfig().getStubAccessUserName());
+        return adminServiceConfig;
+    }
 
     /**
      * Check if the Scope is allowed for SP
@@ -627,16 +752,18 @@ private String constructRedirectUrl(RedirectUrlInfo redirectUrlInfo, UserStatus
         String loginHintMsisdn = redirectUrlInfo.getLoginhintMsisdn();
         String operatorName = redirectUrlInfo.getOperatorName();
         String telcoScope = redirectUrlInfo.getTelcoScope();
+        String parentScope = redirectUrlInfo.getParentScope();
         String ipAddress = redirectUrlInfo.getIpAddress();
         String prompt = redirectUrlInfo.getPrompt();
+        String apiScopes = redirectUrlInfo.getApiScopes();
         boolean isShowTnc = redirectUrlInfo.isShowTnc();
         ScopeParam.msisdnMismatchResultTypes headerMismatchResult = redirectUrlInfo.getHeaderMismatchResult();
         ScopeParam.heFailureResults heFailureResult = redirectUrlInfo.getHeFailureResult();
 
         String transactionId = redirectUrlInfo.getTransactionId();
         if (authorizeUrl != null) {
             redirectURL = authorizeUrl + queryString + "&" + AuthProxyConstants.OPERATOR + "=" +
-                    operatorName + "&" + AuthProxyConstants.TELCO_SCOPE + "=" + telcoScope + "&" +
+                    operatorName + "&" + AuthProxyConstants.TELCO_SCOPE + "=" + telcoScope + "&" + AuthProxyConstants.PARENT_SCOPE + "=" + parentScope + "&" +
                     AuthProxyConstants.SHOW_TNC + "=" + isShowTnc + "&" + AuthProxyConstants.HEADER_MISMATCH_RESULT +
                     "=" + headerMismatchResult + "&" + AuthProxyConstants.HE_FAILURE_RESULT +
                     "=" + heFailureResult;
@@ -664,6 +791,12 @@ private String constructRedirectUrl(RedirectUrlInfo redirectUrlInfo, UserStatus
                 redirectURL = redirectURL + "&" + AuthProxyConstants.TELCO_PROMPT +
                         "=" + prompt;
             }
+
+            if(apiScopes != null && !StringUtils.isEmpty(apiScopes)){
+                redirectURL = redirectURL + "&" + AuthProxyConstants.API_SCOPES +
+                        "=" + apiScopes;
+            }
+
         } else {
             String errMsg = "AuthorizeURL could not be found in mobile-connect.xml";
             DataPublisherUtil.updateAndPublishUserStatus(userStatus, DataPublisherUtil.UserState.CONFIGURATION_ERROR,

components/auth-proxy-service/src/main/java/com/wso2telco/proxy/model/RedirectUrlInfo.java

@@ -28,12 +28,14 @@ public class RedirectUrlInfo {
     private String loginhintMsisdn;
     private String ipAddress;
     private String telcoScope;
+    private String parentScope;
     private boolean isLoginhintMandatory;
     private boolean showTnc;
     private ScopeParam.msisdnMismatchResultTypes headerMismatchResult;
     private ScopeParam.heFailureResults heFailureResult;
     private String transactionId;
     private String prompt;
+    private String apiScopes;
 
     public void setPrompt(String prompt) { this.prompt = prompt; }
 
@@ -55,7 +57,15 @@ public void setTelcoScope(String telcoScope) {
         this.telcoScope = telcoScope;
     }
 
-    public String getIpAddress() {
+    public String getParentScope() {
+		return parentScope;
+	}
+
+	public void setParentScope(String parentScope) {
+		this.parentScope = parentScope;
+	}
+
+	public String getIpAddress() {
         return ipAddress;
     }
 
@@ -134,4 +144,12 @@ public void setTransactionId(String transactionId) {
     public String getTransactionId() {
         return transactionId;
     }
+
+	public String getApiScopes() {
+		return apiScopes;
+	}
+
+	public void setApiScopes(String apiScopes) {
+		this.apiScopes = apiScopes;
+	}
 }

components/auth-proxy-service/src/main/java/com/wso2telco/proxy/util/AuthProxyConstants.java

@@ -54,6 +54,8 @@ public class AuthProxyConstants {
     public static final String SCOPE_MNV = "mnv";
     public static final String SCOPE_OPENID = "openid";
     public static final String TELCO_SCOPE = "telco_scope";
+    public static final String PARENT_SCOPE = "parent_scope";
+    public static final String API_SCOPES = "api_scope";
     public static final String UTF_ENCODER = "UTF-8";
     public static final String SHOW_TNC = "isShowTnc";
     public static final String LOGIN_HINT_MANDATORY = "isLoginhintMandatory";

components/auth-proxy-service/src/main/java/com/wso2telco/proxy/util/DBUtils.java

@@ -299,6 +299,7 @@ public static Map<String, ScopeParam> getScopeParams(String scope) throws Authen
                     parameters.setHeFailureResult(ScopeParam.heFailureResults.valueOf(results.getString(
                             "he_failure_result")));
                     parameters.setTncVisible(results.getBoolean("is_tnc_visible"));
+                    parameters.setConsentPage(results.getBoolean("is_consent_page"));
                     parameters.setLoginHintFormat(getLoginHintFormatTypeDetails(results.getInt("param_id"), conn));
 
                     scopeParamsMap.put("params", parameters);

components/authentication-endpoint/src/main/webapp/WEB-INF/web.xml

@@ -220,6 +220,11 @@
         <servlet-name>registration.do</servlet-name>
         <jsp-file>/registration.jsp</jsp-file>
     </servlet>
+
+    <servlet>
+        <servlet-name>user_consent.do</servlet-name>
+        <jsp-file>/mcx-user-registration/user_consent.jsp</jsp-file>
+    </servlet>
 
     <servlet-mapping>
         <servlet-name>terms_and_conditions</servlet-name>
@@ -356,6 +361,11 @@
         <servlet-name>registration.do</servlet-name>
         <url-pattern>/registration.do</url-pattern>
     </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>user_consent.do</servlet-name>
+        <url-pattern>/consent.do</url-pattern>
+    </servlet-mapping>
 
     <error-page>
         <exception-type>java.lang.Throwable</exception-type>

components/authentication-endpoint/src/main/webapp/login.jsp

@@ -250,7 +250,7 @@
 																	 alt="Mobile Connect Logo" width="150"
 																	 class="site-header__logo"></a>
 			<% if (!operator.isEmpty()) {
-				String imgPath = "images/branding/" + operator + "_logo.svg";
+				String imgPath = "mcx-user-registration/images/branding/" + operator + "_logo.svg";
 			%>
 			<p class="site-header__powered-by">powered&nbsp;by