public RTResponse createResponse(AccessToken at, RefreshToken rt){ return new RTResponse(at, rt); } }
/** * Processes protected asset request * * @param request PA/cert request * @return asset */ public PAResponse processPARequest(PARequest request) { return getAsset(request.getClient(), request.getParameters(), request.getAccessToken()); }
@Override public URI createRedirectURL(DelegationRequest delegationRequest, AGResponse agResp) { return URI.create(delegationRequest.getBaseUri() + "?" + OAUTH_TOKEN + "=" + agResp.getAuthorizationGrant().getToken()); } }
/** * Does the actual work getting the cert. * * @param asset * @param ag * @param v * @return */ protected AssetResponse getCert(Asset asset, AuthorizationGrant ag, Verifier v) { DelegatedAssetRequest dar = new DelegatedAssetRequest(); dar.setAuthorizationGrant(ag); dar.setClient(getEnvironment().getClient()); dar.setVerifier(v); dar.setParameters(getATParameters(asset, ag, v)); Map<String, String> m1 = getAssetParameters(asset); preGetCert(asset, m1); dar.setAssetParameters(m1); DelegatedAssetResponse daResp = (DelegatedAssetResponse) getEnvironment().getDelegationService().process(dar); AssetResponse par = new AssetResponse(); MyX509Certificates myX509Certificate = (MyX509Certificates) daResp.getProtectedAsset(); par.setX509Certificates(myX509Certificate.getX509Certificates()); par.setUsername(daResp.getAdditionalInformation().get("username")); postGetCert(asset, par); asset.setUsername(par.getUsername()); asset.setCertificates(par.getX509Certificates()); getEnvironment().getAssetStore().save(asset); return par; }
HashMap m = new HashMap(); m.put(OA2Constants.RESPONSE_TYPE, OA2Constants.AUTHORIZATION_CODE); m.put(OA2Constants.CLIENT_ID, acRequest.getClient().getIdentifierString()); m.put(OA2Constants.SCOPE, OA2Scopes.SCOPE_OPENID + " " + OA2Scopes.SCOPE_MYPROXY + " " + OA2Scopes.SCOPE_PROFILE); m.put(OA2Constants.REDIRECT_URI, acRequest.getParameters().get(OA2Constants.REDIRECT_URI)); byte[] bytes = new byte[STATE_LENGTH]; secureRandom.nextBytes(bytes); AGResponse agr = new AGResponse(agi); agr.setParameters(map); return agr;
OAClient oaClient = (OAClient) atRequest.getClient(); OAuthAccessor accessor = OAuthUtilities.createOAuthAccessor(this, oaClient); if (atRequest.getAuthorizationGrant() instanceof AuthorizationGrantImpl) { ag = (AuthorizationGrantImpl) atRequest.getAuthorizationGrant(); } else { throw new GeneralException("Internal Error: Incorrect authorization grant found. Should have been a TempCred but was a " + atRequest.getAuthorizationGrant().getClass()); if (atRequest.getVerifier() == null) { throw new GeneralException("Error: No verifier found. This is required by the OAuth spec."); if (atRequest.getVerifier() instanceof VerifierImpl) { vImpl = (VerifierImpl) atRequest.getVerifier(); } else { throw new GeneralException("Internal Error: Incorrect verifier instance found. Should have been a VerifierImpl but was a " + atRequest.getVerifier()); arrayList.add(OAuth.OAUTH_VERIFIER); arrayList.add(vImpl.getURIToken().toString()); for (String key : atRequest.getParameters().keySet()) { arrayList.add(key); arrayList.add(atRequest.getParameters().get(key)); ATResponse atr = new ATResponse(accessToken); atr.setParameters(m); return atr; } catch (Exception e) {
public ATResponse2 getAccessToken(OA2Asset asset, AuthorizationGrant ag) { DelegatedAssetRequest dar = new DelegatedAssetRequest(); dar.setAuthorizationGrant(ag); dar.setClient(getEnvironment().getClient()); Map<String, String> m1 = getATParameters(asset, ag, null); dar.setParameters(m1); ATResponse2 atResponse2 = (ATResponse2) getEnvironment().getDelegationService().getAT(dar); asset.setIssuedAt((Date) atResponse2.getParameters().get(OA2Claims.ISSUED_AT)); asset.setUsername((String) atResponse2.getParameters().get(OA2Claims.SUBJECT)); if (!NonceHerder.hasNonce((String) atResponse2.getParameters().get(OA2Constants.NONCE))) { throw new InvalidNonceException("Unknown nonce."); } NonceHerder.removeNonce((String) atResponse2.getParameters().get(OA2Constants.NONCE)); // prevent replay attacks. asset.setAccessToken(atResponse2.getAccessToken()); asset.setRefreshToken(atResponse2.getRefreshToken()); getAssetStore().save(asset); return atResponse2; }
DelegationRequest daReq = new DelegationRequest(); daReq.setParameters(additionalParameters); daReq.setClient(getEnvironment().getClient()); daReq.setBaseUri(getEnvironment().getAuthorizationUri()); DelegationResponse daResp = (DelegationResponse) getEnvironment().getDelegationService().process(daReq); if (daResp.getAuthorizationGrant() != null) { asset.setToken(BasicIdentifier.newID(daResp.getAuthorizationGrant().getToken())); if (asset.getIdentifier() == null) { asset.setIdentifier(makeb64Uri(daResp.getAuthorizationGrant().getToken().toString())); String r = daResp.getRedirectUri().toString(); if (skin != null) { r = r + "&" + SKIN_PARAMETER + "=" + skin;
/** * Creates redirect URL * * @param delegationAssetRequest Delegation asset request * @param agResp Authorization grant response * @return URI for redirect */ @Override public URI createRedirectURL(DelegationRequest delegationAssetRequest, AGResponse agResp) { String rc = delegationAssetRequest.getBaseUri().toString() + "?" + OA2Constants.AUTHORIZATION_CODE + "=" + agResp.getAuthorizationGrant().getToken(); Object state = agResp.getParameters().get(OA2Constants.STATE); // As per spec, only return the state if it was sent in the first place. if (state != null) { rc = rc + "&" + OA2Constants.STATE + "=" + state; } return URI.create(rc); }
@Override public DelegationResponse processDelegationRequest(DelegationRequest delegationRequest) { DelegationResponse delResp = new DelegationResponse(null); Map<String,String> m = delegationRequest.getParameters(); m.put(OA2Constants.CLIENT_ID, delegationRequest.getClient().getIdentifierString()); m.put(OA2Constants.REDIRECT_URI, delegationRequest.getParameters().get(OA2Constants.REDIRECT_URI)); URI authZUri = ((AGServer2)getAgServer()).getServiceClient().host(); URI redirectURI = URI.create(ServiceClient.convertToStringRequest(authZUri.toString(), m)); delResp.setParameters(m); //send them all back. delResp.setRedirectUri(redirectURI); return delResp; }
/** * This will take the identifier and make the necessary calls to the service to update the refresh * token and access token. This returns the asset or null if no such asset exists. * * @param identifier */ public RTResponse refresh(String identifier) { OA2Asset asset = (OA2Asset) getAssetStore().get(identifier); if (asset == null) return null; DS2 ds2 = (DS2) getEnvironment().getDelegationService(); RTRequest rtRequest = new RTRequest(getEnvironment().getClient(), null); rtRequest.setAccessToken(asset.getAccessToken()); rtRequest.setRefreshToken(asset.getRefreshToken()); RTResponse rtResponse = ds2.refresh(rtRequest); asset.setAccessToken(rtResponse.getAccessToken()); asset.setRefreshToken(rtResponse.getRefreshToken()); getAssetStore().remove(asset.getIdentifier()); // clear out getAssetStore().save(asset); return rtResponse; }
@Override public CallbackResponse processCallback(CallbackRequest callbackRequest) { CallbackResponse cResp = new CallbackResponse(); ServletRequest servletRequest = callbackRequest.getServletRequest(); String token = servletRequest.getParameter(OAUTH_TOKEN); if (token == null || token.length() == 0) { throw new GeneralException("Error: No token found"); } String tc = OAuth.decodePercent(token); String verifier = servletRequest.getParameter(OAUTH_VERIFIER); if (verifier == null || verifier.length() == 0) { throw new GeneralException("Error: No verifier found"); } String v = OAuth.decodePercent(verifier); AuthorizationGrant ag = tokenForge.getAuthorizationGrant(tc); cResp.setAuthorizationGrant(ag); cResp.setVerifier(tokenForge.getVerifier(v)); return cResp; }
@Override public RTResponse processRTRequest(RTRequest rtRequest) { AccessToken accessToken = rtRequest.getAccessToken(); RefreshToken refreshToken = rtRequest.getRefreshToken(); if (refreshToken == null) { throw new GeneralException("Error: There is no refresh token, so it is not possible to refresh it."); } String raw = getRTResponse(getAddress(), refreshToken, rtRequest.getClient()); JSONObject json = getAndCheckResponse(raw); String returnedAT = json.getString(OA2Constants.ACCESS_TOKEN); if (accessToken.getToken().equals(returnedAT)) { throw new IllegalArgumentException("Error: The returned access token from the server should not match the one in the request."); } String exp = json.getString(OA2Constants.EXPIRES_IN); if (exp == null || exp.length() == 0) { throw new IllegalArgumentException("Error: missing expires_in field from server"); } long expiresIn = Long.parseLong(exp) * 1000; JSONObject claims = getAndCheckIDToken(json, rtRequest); OA2RefreshTokenImpl refreshTokenImpl2 = new OA2RefreshTokenImpl(URI.create(json.getString(OA2Constants.REFRESH_TOKEN))); AccessToken newAT = new AccessTokenImpl(URI.create(returnedAT)); refreshTokenImpl2.setExpiresIn(expiresIn); RTResponse rtResponse = createResponse(newAT, refreshTokenImpl2); rtResponse.setParameters(claims); return rtResponse; }
public UserInfo getUserInfo(String identifier) { OA2Asset asset = getAsset2(identifier); if (asset == null || asset.getAccessToken() == null) return null; UIRequest uiRequest = new UIRequest(asset.getAccessToken()); uiRequest.setClient(getEnvironment().getClient()); DS2 ds2 = (DS2) getEnvironment().getDelegationService(); UIResponse resp = ds2.getUserInfo(uiRequest); JSONObject json = JSONObject.fromObject(resp.getRawJSON()); UserInfo ui = new UserInfo(); ui.setMap(json); // return everything, even specialized fields. //UserInfo ui = (UserInfo) JSONObject.toBean(json, UserInfo.class); return ui; }
/** * Processes UserInfo request * * @param uiRequest User info request * @return User Info response */ public UIResponse processUIRequest(UIRequest uiRequest) { HashMap m = new HashMap(); m.put(OA2Constants.ACCESS_TOKEN, uiRequest.getAccessToken().getToken()); String response = getServiceClient().getRawResponse(m); return new UIResponse(uiRequest.getAccessToken(), response); } }
public AssetResponse getCert(OA2Asset a, ATResponse2 atResponse2) { KeyPair keyPair = getNextKeyPair(); MyPKCS10CertRequest certReq = null; try { certReq = CertUtil.createCertRequest(keyPair, a.getUsername()); } catch (Throwable e) { if (e instanceof RuntimeException) { throw (RuntimeException) e; } throw new GeneralException("Could no create cert request", e); } a.setPrivateKey(keyPair.getPrivate()); a.setCertReq(certReq); Map<String, String> m1 = getAssetParameters(a); preGetCert(a, m1); if (MANUAL_TEST) { return manualTest(a, m1); } DelegatedAssetResponse daResp = getEnvironment().getDelegationService().getCert(atResponse2, getEnvironment().getClient(), m1); AssetResponse par = new AssetResponse(); MyX509Certificates myX509Certificate = (MyX509Certificates) daResp.getProtectedAsset(); par.setX509Certificates(myX509Certificate.getX509Certificates()); postGetCert(a, par); a.setCertificates(par.getX509Certificates()); getEnvironment().getAssetStore().save(a); return par; }
/** * Gets asset * * @param client Client ID * @param props Map of properties * @param accessToken Access token * @return asset */ protected PAResponse getAsset(Client client, Map props, AccessToken accessToken) { HashMap m = new HashMap(); m.put(OA2Constants.ACCESS_TOKEN, accessToken.getToken().toString()); m.put(OA2Constants.CLIENT_ID, client.getIdentifierString()); m.put(OA2Constants.CLIENT_SECRET, client.getSecret()); m.put(OA2Constants.REDIRECT_URI, props.get(OA2Constants.REDIRECT_URI)); m.put(OA2Constants.CERT_REQ, String.valueOf(props.get(AbstractClientEnvironment.CERT_REQUEST_KEY))); m.put(OA2Constants.CERT_LIFETIME, String.valueOf(props.get(AbstractClientEnvironment.CERT_LIFETIME_KEY))); String response = getServiceClient().getRawResponse(m); // No JSON in the spec. Just a string of certs. MyX509Certificates myX509Certificate = null; try { myX509Certificate = new MyX509Certificates(CertUtil.fromX509PEM(response)); } catch (CertificateException e) { e.printStackTrace(); } PAResponse par = new PAResponse(myX509Certificate); return par; } }
public void getrt(InputLine inputLine) throws Exception { if (showHelp(inputLine)) { getRTHelp(); return; } RTResponse rtResponse = getOA2S().refresh(dummyAsset.getIdentifier().toString()); dummyAsset = (OA2Asset) getCe().getAssetStore().get(dummyAsset.getIdentifier().toString()); // Have to update the AT reponse here every time or no token state is preserved. currentATResponse = new ATResponse2(dummyAsset.getAccessToken(), dummyAsset.getRefreshToken()); currentATResponse.setParameters(rtResponse.getParameters()); JSONObject json = JSONObject.fromObject(currentATResponse.getParameters()); claims = json; if (inputLine.hasArg(CLAIMS_FLAG)) { if (json.isEmpty()) { say("(no claims found)"); } else { say(json.toString(2)); } } printTokens(); }
protected AGResponse getAuthorizationGrant(AGRequest agRequest) { List<Map.Entry<String, String>> params = MapUtilities.toList(agRequest.getParameters()); OAClient oac = (OAClient) agRequest.getClient(); OAuthAccessor accessor = OAuthUtilities.createOAuthAccessor(this, oac); if (oac.getSignatureMethod().equals(RSA_SHA1)) { if (!((OAClient) agRequest.getClient()).getSignatureMethod().equals(RSA_SHA1) && (rtss == null || rtss.length() == 0)) { throw new IllegalArgumentException("Error: delegation server did not return a shared secret"); AGResponse agr = new AGResponse(agi); HashMap m = whittleParameters(message); agr.setParameters(m); return agr; } catch (Throwable e) {
protected PAResponse getAsset(PARequest request) { return getAsset(request.getClient(), request.getParameters(), request.getAccessToken()); }