resolve suggestions

components/org.wso2.carbon.identity.oauth.endpoint/pom.xml

@@ -332,7 +332,7 @@
                                         <limit implementation="org.jacoco.report.check.Limit">
                                             <counter>COMPLEXITY</counter>
                                             <value>COVEREDRATIO</value>
-                                            <minimum>0.53</minimum>
+                                            <minimum>0.52</minimum>
                                         </limit>
                                     </limits>
                                 </rule>

components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java

@@ -289,7 +289,7 @@ public Response authorize(@Context HttpServletRequest request, @Context HttpServ
             throw e;
         } catch (OAuthProblemException e) {
             EndpointUtil.triggerOnAuthzRequestException(e, request);
-            throw new InvalidRequestException(e.getMessage(), OAuth2ErrorCodes.INVALID_REQUEST);
+            throw new InvalidRequestException(e.getMessage(), OAuth2ErrorCodes.INVALID_REQUEST, e);
         }
 
         try {

components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/par/OAuth2ParEndpoint.java

@@ -66,8 +66,6 @@ public class OAuth2ParEndpoint {
 
     private static final Log log = LogFactory.getLog(OAuth2ParEndpoint.class);
 
-    private static final String PAR_CLIENT_AUTH_ERROR = "Client Authentication Failed";
-
     @POST
     @Path("/")
     @Consumes("application/x-www-form-urlencoded")
@@ -136,7 +134,7 @@ private Response handleParCoreException(ParCoreException parCoreException) {
 
         JSONObject parErrorResponse = new JSONObject();
         parErrorResponse.put(OAuthConstants.OAUTH_ERROR, OAuth2ErrorCodes.SERVER_ERROR);
-        parErrorResponse.put(OAuthConstants.OAUTH_ERROR_DESCRIPTION, "Internal Server Error.");
+        parErrorResponse.put(OAuthConstants.OAUTH_ERROR_DESCRIPTION, ParConstants.INTERNAL_SERVER_ERROR);
 
         Response.ResponseBuilder respBuilder = Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
         log.debug("Exception occurred when handling the request: ", parCoreException);
@@ -176,7 +174,7 @@ private void checkClientAuthentication(HttpServletRequest request) throws ParCor
                     oAuthClientAuthnContext.getErrorMessage());
         }
 
-        throw new ParClientException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, "Client authentication required");
+        throw new ParClientException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, ParConstants.CLIENT_AUTH_REQUIRED_ERROR);
     }
 
     private OAuthClientAuthnContext getClientAuthnContext(HttpServletRequest request) {
@@ -192,7 +190,7 @@ private OAuthClientAuthnContext createNewOAuthClientAuthnContext() {
 
         OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
         oAuthClientAuthnContext.setAuthenticated(false);
-        oAuthClientAuthnContext.setErrorMessage(PAR_CLIENT_AUTH_ERROR);
+        oAuthClientAuthnContext.setErrorMessage(ParConstants.PAR_CLIENT_AUTH_ERROR);
         oAuthClientAuthnContext.setErrorCode(OAuth2ErrorCodes.INVALID_REQUEST);
         return oAuthClientAuthnContext;
     }
@@ -203,8 +201,7 @@ private void validateClient(HttpServletRequest request, MultivaluedMap<String, S
         OAuth2ClientValidationResponseDTO validationResponse = getOAuth2Service().validateClientInfo(request);
 
         if (!validationResponse.isValidClient()) {
-            throw new ParClientException(validationResponse.getErrorCode(),
-                    "Cannot find an application associated with the given consumer key.");
+            throw new ParClientException(validationResponse.getErrorCode(), ParConstants.INVALID_CONSUMER_KEY_ERROR);
         }
         if (isRequestUriProvided(params)) {
             throw new ParClientException(OAuth2ErrorCodes.INVALID_REQUEST,
@@ -216,7 +213,8 @@ private void validateRepeatedParams(HttpServletRequest request, Map<String, List
             throws ParClientException {
 
         if (!validateParams(request, paramMap)) {
-            throw new ParClientException(OAuth2ErrorCodes.INVALID_REQUEST, "Invalid request with repeated parameters.");
+            throw new ParClientException(OAuth2ErrorCodes.INVALID_REQUEST,
+                    ParConstants.REPEATED_PARAMS_IN_REQUEST_ERROR);
         }
     }
 

components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/EndpointUtil.java

@@ -1813,35 +1813,30 @@ public static boolean isConsentPageRedirectParamsAllowed() {
     public static OAuthAuthzRequest getOAuthAuthzRequest(HttpServletRequest request)
             throws OAuthProblemException, OAuthSystemException {
 
-        OAuthAuthzRequest oAuthAuthzRequest;
-
         if (isDefaultOAuthAuthzRequestClassConfigured()) {
-            oAuthAuthzRequest = new CarbonOAuthAuthzRequest(request);
-        } else {
-            try {
-                Class<? extends OAuthAuthzRequest> clazz = getOAuthAuthzRequestClass();
-                // Validations will be performed when initializing the class instance.
-                Constructor<?> constructor = clazz.getConstructor(HttpServletRequest.class);
-                oAuthAuthzRequest = (OAuthAuthzRequest) constructor.newInstance(request);
-            } catch (InvocationTargetException e) {
-                // Handle OAuthProblemException & OAuthSystemException thrown from extended class.
-                if (e.getTargetException() instanceof OAuthProblemException) {
-                    throw (OAuthProblemException) e.getTargetException();
-                } else if (e.getTargetException() instanceof OAuthSystemException) {
-                    throw (OAuthSystemException) e.getTargetException();
-                } else {
-                    log.warn("Failed to initiate OAuthAuthzRequest from identity.xml. " +
-                            "Hence initiating the default implementation");
-                    oAuthAuthzRequest = new CarbonOAuthAuthzRequest(request);
-                }
-            } catch (ClassNotFoundException | InstantiationException | IllegalAccessException |
-                     NoSuchMethodException e) {
-                log.warn("Failed to initiate OAuthAuthzRequest from identity.xml. " +
-                        "Hence initiating the default implementation");
-                oAuthAuthzRequest = new CarbonOAuthAuthzRequest(request);
+            return new CarbonOAuthAuthzRequest(request);
+        }
+        try {
+            Class<? extends OAuthAuthzRequest> clazz = getOAuthAuthzRequestClass();
+            // Validations will be performed when initializing the class instance.
+            Constructor<?> constructor = clazz.getConstructor(HttpServletRequest.class);
+            return (OAuthAuthzRequest) constructor.newInstance(request);
+        } catch (InvocationTargetException e) {
+            // Handle OAuthProblemException & OAuthSystemException thrown from extended class.
+            if (e.getTargetException() instanceof OAuthProblemException) {
+                throw (OAuthProblemException) e.getTargetException();
+            } else if (e.getTargetException() instanceof OAuthSystemException) {
+                throw (OAuthSystemException) e.getTargetException();
+            } else {
+                log.warn("Failed to initiate OAuthAuthzRequest from identity.xml. ");
             }
+        } catch (ClassNotFoundException | InstantiationException | IllegalAccessException |
+                 NoSuchMethodException e) {
+            log.warn("Failed to initiate OAuthAuthzRequest from identity.xml. ");
         }
-        return oAuthAuthzRequest;
+        log.debug("Initiating the default OAuthAuthzRequest implementation");
+        return new CarbonOAuthAuthzRequest(request);
+
     }
 
     private static boolean isDefaultOAuthAuthzRequestClassConfigured() {

components/org.wso2.carbon.identity.oauth.par/src/main/java/org/wso2/carbon/identity/oauth/par/common/ParConstants.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
@@ -22,17 +22,25 @@
  * Contains the required constants for PAR feature.
  */
 public class ParConstants {
+
     public static final long EXPIRES_IN_DEFAULT_VALUE = 60;
     public static final long SEC_TO_MILLISEC_FACTOR = 1000;
     public static final String UTC = "UTC";
     public static final String EXPIRES_IN = "expires_in";
     public static final String REQUEST_URI_PREFIX = "urn:ietf:params:oauth:request_uri:";
-    public static final String REQUEST_URI_IN_REQUEST_BODY_ERROR = "Request with request_uri not allowed.";
     public static final String CACHE_NAME = "ParCache";
     public static final String COL_LBL_PARAMETERS = "PARAMETERS";
     public static final String COL_LBL_SCHEDULED_EXPIRY = "SCHEDULED_EXPIRY";
     public static final String COL_LBL_CLIENT_ID = "CLIENT_ID";
     public static final String PAR = "PAR";
+    public static final String REQUEST_URI_IN_REQUEST_BODY_ERROR = "Request with request_uri not allowed.";
+    public static final String REPEATED_PARAMS_IN_REQUEST_ERROR = "Invalid request with repeated parameters.";
+    public static final String INVALID_CONSUMER_KEY_ERROR =
+            "Cannot find an application associated with the given consumer key.";
+    public static final String PAR_CLIENT_AUTH_ERROR = "Client Authentication Failed.";
+    public static final String CLIENT_AUTH_REQUIRED_ERROR = "Client authentication required.";
+    public static final String INTERNAL_SERVER_ERROR = "Internal Server Error.";
+    public static final String INVALID_REQUEST_URI_FORMAT = "Invalid request_uri format";
 
     private ParConstants() {
 

components/org.wso2.carbon.identity.oauth.par/src/main/java/org/wso2/carbon/identity/oauth/par/core/ParRequestBuilder.java

@@ -19,14 +19,16 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
+import org.apache.oltu.oauth2.common.utils.OAuthUtils;
 import org.wso2.carbon.identity.oauth.common.OAuthConstants;
 import org.wso2.carbon.identity.oauth.par.model.OAuthParRequestWrapper;
 import org.wso2.carbon.identity.oauth2.AbstractRequestBuilder;
+import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
 
 import javax.servlet.http.HttpServletRequest;
 
 /**
- * This is a global level interface for building requests.
+ * This builds the PAR request if the incoming request satisfies the PAR conditions.
  */
 public class ParRequestBuilder implements AbstractRequestBuilder {
 
@@ -41,7 +43,8 @@ public HttpServletRequest buildRequest(HttpServletRequest request) throws OAuthP
     @Override
     public boolean canHandle(HttpServletRequest request) {
 
-        return StringUtils.isNotBlank(request.getParameter(OAuthConstants.OAuth20Params.REQUEST_URI));
+        boolean isOIDCRequest = OAuth2Util.isOIDCAuthzRequest(OAuthUtils.decodeScopes(request.getParameter("scope")));
+        return StringUtils.isNotBlank(request.getParameter(OAuthConstants.OAuth20Params.REQUEST_URI)) && !isOIDCRequest;
     }
 
     @Override

components/org.wso2.carbon.identity.oauth.par/src/main/java/org/wso2/carbon/identity/oauth/par/internal/ParServiceComponent.java

@@ -17,14 +17,14 @@
  */
 package org.wso2.carbon.identity.oauth.par.internal;
 
-import com.hazelcast.org.apache.hc.core5.http.support.AbstractRequestBuilder;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.osgi.service.component.ComponentContext;
 import org.osgi.service.component.annotations.Component;
 import org.wso2.carbon.identity.oauth.par.core.ParAuthService;
 import org.wso2.carbon.identity.oauth.par.core.ParAuthServiceImpl;
 import org.wso2.carbon.identity.oauth.par.core.ParRequestBuilder;
+import org.wso2.carbon.identity.oauth2.AbstractRequestBuilder;
 
 /**
  * Service component for PAR.

components/org.wso2.carbon.identity.oauth.par/src/main/java/org/wso2/carbon/identity/oauth/par/model/OAuthParRequestWrapper.java

@@ -45,17 +45,18 @@ public class OAuthParRequestWrapper extends HttpServletRequestWrapper {
      * @param request HttpServletRequest.
      * @throws OAuthProblemException OAuthProblemException.
      */
-    public OAuthParRequestWrapper(HttpServletRequest request)
-            throws OAuthProblemException {
+    public OAuthParRequestWrapper(HttpServletRequest request) throws OAuthProblemException {
 
         super(request);
 
         // Get only uuid from request_uri.
         String requestUri = request.getParameter(OAuthConstants.OAuth20Params.REQUEST_URI);
+        if (!requestUri.startsWith(ParConstants.REQUEST_URI_PREFIX)) {
+            throw new ParAuthFailureException(ParConstants.INVALID_REQUEST_URI_FORMAT);
+        }
         String uuid = requestUri.replaceFirst(ParConstants.REQUEST_URI_PREFIX, "");
 
         try {
-
             params = ParUtil.getParAuthService()
                     .retrieveParams(uuid, request.getParameter(OAuthConstants.OAuth20Params.CLIENT_ID));
             params.put(OAuthConstants.ALLOW_REQUEST_URI_AND_REQUEST_OBJECT_IN_REQUEST, "true");

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/RequestUtil.java

@@ -41,10 +41,8 @@ public static HttpServletRequest buildRequest(HttpServletRequest request) throws
 
         List<AbstractRequestBuilder> abstractRequestBuilders =
                 OAuth2ServiceComponentHolder.getInstance().getRequestBuilders();
-        AbstractRequestBuilder requestBuilder;
 
-        for (AbstractRequestBuilder abstractRequestBuilder : abstractRequestBuilders) {
-            requestBuilder = abstractRequestBuilder;
+        for (AbstractRequestBuilder requestBuilder : abstractRequestBuilders) {
             if (requestBuilder.canHandle(request)) {
                 return requestBuilder.buildRequest(request);
             }