Class IotRegistrationNode

  • All Implemented Interfaces:
    Node

    public class IotRegistrationNode
    extends Object
    This node handles the registration of things. It is responsible for collecting the registration Proof of Possession JWT and/or Software Statement for a thing and verifying that the JWT`s claims and signature are valid in accordance with the JWT registration Method. The node can create a new thing identity (with provided claims) and register or rotate the thing's confirmation key.
    • Constructor Detail

      • IotRegistrationNode

        @Inject
        public IotRegistrationNode​(Realm realm,
                                   IotRegistrationNode.Config config,
                                   org.forgerock.openam.core.CoreWrapper coreWrapper,
                                   LegacyIdentityService identityService,
                                   org.forgerock.am.iot.JwtProofOfPossessionVerifier.Factory jwtPopVerifierFactory,
                                   org.forgerock.openam.integration.idm.IdmIntegrationConfig idmConfig,
                                   org.forgerock.openam.integration.idm.IdmIntegrationService idmIntegrationService,
                                   IdentityStoreFactory identityStoreFactory,
                                   JwtBuilderFactory jwtBuilderFactory,
                                   org.forgerock.oauth2.registration.SoftwareStatementVerifier.Factory softwareStatementVerifierFactory,
                                   org.forgerock.am.iot.OAuthAudienceProvider audienceProvider)
        Create an instance of the IotRegistrationNode.
        Parameters:
        realm - the realm in which to create the node.
        config - the node configuration.
        coreWrapper - wrapper for abstracting core AM functionality.
        identityService - an instance of IdentityService.
        jwtPopVerifierFactory - factory for creating JWT PoP verifiers.
        idmConfig - IDM integration config.
        idmIntegrationService - IDM integration service.
        identityStoreFactory - factory for creating identity repositories.
        jwtBuilderFactory - factory for creating JwtBuilder.
        softwareStatementVerifierFactory - factory for creating Software Statement verifiers.
        audienceProvider - a provider for the OAuth audience values configured in the OAuth Provider.
    • Method Detail

      • getInputs

        public org.forgerock.openam.auth.node.api.InputState[] getInputs()
        Description copied from interface: Node
        Provide a list of shared state data a node consumes. An InputState consists of a property name and an "isRequired" flag. The IsRequired flag indicates whether the input is required in order for the node to function. If the flag is false this indicates that the node will consume this data if it is present but it is not required for the node to function. Example: public InputState[] getInputs() { return new InputState[] { new InputState(IDENTITY), new InputState("foo", false) }; } In this example the node declares that it requires state to contain a property named IDENTITY and that it will consume a property named "foo" if it is present. If "foo" is not present then the node will still function but may be skipping some functionality. This list is used to ensure that state data, both shared and transient, from upstream nodes is left intact for this node to access. If inputs are not declared there is no guarantee that the data needed by the node will still be present in state when the node executes. This list is also used for tree validation to report errors in tree construction.
        Returns:
        The list of shared state data.
      • getOutputs

        public org.forgerock.openam.auth.node.api.OutputState[] getOutputs()
        Description copied from interface: Node
        Provide a list of shared state data a node provides. An OutputState consists of a property name and a map of node outcomes to a flag indicating whether that outcome is guaranteed to produce that property in state. Any given output may be provided for all outcomes or any subset of outcomes and perhaps only optionally for some of them. Example: public OutputState[] getOutputs() { return new OutputState[] { new OutputState(PASSWORD), new OutputState(config.mode(), singletonMap("*", false) }; } In this example we declare that the node will produce an output named PASSWORD. The lack of an outcome map indicates that this output is provided for all outcomes. The node also outputs a property named via config.mode() that is optional for all of the node's outcomes, i.e. it may or may not be present for downstream nodes to consume. This type of output is best consumed by other nodes by declaring an InputState such as new InputState(config.mode(), false). This list is used by tree validation to report errors in tree construction.
        Returns:
        The list of shared state data.
      • process

        public Action process​(TreeContext context)
                       throws NodeProcessException
        Description copied from interface: Node
        Performs processing on the given shared state, which holds all the data gathered by nodes that have already executed as part of this authentication session in the tree.

        This method is invoked when the node is reached in the tree.

        Specified by:
        process in interface Node
        Parameters:
        context - The context of the tree authentication.
        Returns:
        The next action to perform. Must not be null.
        Throws:
        NodeProcessException - If there was a problem processing that could not be resolved to a single outcome.
      • failureAction

        protected Action failureAction()
      • successAction

        protected Action successAction​(org.forgerock.am.iot.VerifiedClaimSet verifiedClaims,
                                       TreeContext context,
                                       boolean requiresTokenRestriction)
                                throws Exception
        Throws:
        Exception