use of com.microsoft.identity.common.internal.dto.Credential in project microsoft-authentication-library-common-for-android by AzureAD.
the class MsalCppOAuth2TokenCache method saveCredentials.
/**
* @param accountRecord : AccountRecord associated with the input credentials, can be null.
* @param credentials : list of Credential which can include AccessTokenRecord, IdTokenRecord and RefreshTokenRecord.
* @throws ClientException : If the supplied Account or Credential are null or schema invalid.
*/
public synchronized void saveCredentials(@Nullable final AccountRecord accountRecord, @NonNull final Credential... credentials) throws ClientException {
if (credentials == null || credentials.length == 0) {
throw new ClientException("Credential array passed in is null or empty");
}
RefreshTokenRecord refreshTokenRecord = null;
for (final Credential credential : credentials) {
if (credential instanceof RefreshTokenRecord) {
refreshTokenRecord = (RefreshTokenRecord) credential;
}
if (credential instanceof AccessTokenRecord && !isAccessTokenSchemaCompliant((AccessTokenRecord) credential)) {
throw new ClientException(CREDENTIAL_IS_SCHEMA_NONCOMPLIANT, "AT is missing a required property.");
}
}
if (accountRecord != null && refreshTokenRecord != null) {
// MSAL C++ writes credentials first and then the account.
// For a new account, this will not be true as the accountRecord will be null.
// For existing accounts, we would remove the old refresh token if present.
removeRefreshTokenIfNeeded(accountRecord, refreshTokenRecord);
}
saveCredentialsInternal(credentials);
}
use of com.microsoft.identity.common.internal.dto.Credential in project microsoft-authentication-library-common-for-android by AzureAD.
the class MsalOAuth2TokenCache method getAccounts.
@Override
public List<AccountRecord> getAccounts(@Nullable final String environment, @NonNull final String clientId) {
final String methodName = ":getAccounts";
Logger.verbosePII(TAG + methodName, "Environment: [" + environment + "]" + "\n" + "ClientId: [" + clientId + "]");
final List<AccountRecord> accountsForThisApp = new ArrayList<>();
// Get all of the Accounts for this environment
final List<AccountRecord> accountsForEnvironment = mAccountCredentialCache.getAccountsFilteredBy(// wildcard (*) homeAccountId
null, environment, // wildcard (*) realm
null);
Logger.verbose(TAG + methodName, "Found " + accountsForEnvironment.size() + " accounts for this environment");
final Set<CredentialType> credentialTypes = new HashSet<>(Arrays.asList(IdToken, V1IdToken, RefreshToken));
final List<Credential> appCredentials = mAccountCredentialCache.getCredentialsFilteredBy(// homeAccountId
null, environment, credentialTypes, clientId, // realm
null, // target
null, // authScheme
null, // requestedClaims
null);
// For each Account with an associated RT, add it to the result List...
for (final AccountRecord account : accountsForEnvironment) {
if (accountHasCredential(account, appCredentials)) {
accountsForThisApp.add(account);
}
}
Logger.verbose(TAG + methodName, "Found " + accountsForThisApp.size() + " accounts for this clientId");
return Collections.unmodifiableList(accountsForThisApp);
}
use of com.microsoft.identity.common.internal.dto.Credential in project microsoft-authentication-library-common-for-android by AzureAD.
the class AbstractAccountCredentialCache method getCredentialsFilteredByInternal.
protected List<Credential> getCredentialsFilteredByInternal(@Nullable final String homeAccountId, @Nullable final String environment, @Nullable final CredentialType credentialType, @Nullable final String clientId, @Nullable final String realm, @Nullable final String target, @Nullable final String authScheme, @Nullable final String requestedClaims, @NonNull final List<Credential> allCredentials) {
final boolean mustMatchOnEnvironment = !StringExtensions.isNullOrBlank(environment);
final boolean mustMatchOnHomeAccountId = !StringExtensions.isNullOrBlank(homeAccountId);
final boolean mustMatchOnRealm = !StringExtensions.isNullOrBlank(realm);
final boolean mustMatchOnTarget = !StringExtensions.isNullOrBlank(target);
final boolean mustMatchOnClientId = !StringExtensions.isNullOrBlank(clientId);
final boolean mustMatchOnCredentialType = null != credentialType;
final boolean mustMatchOnAuthScheme = mustMatchOnCredentialType && !StringExtensions.isNullOrBlank(authScheme) && credentialType == CredentialType.AccessToken_With_AuthScheme;
final boolean mustMatchOnRequestedClaims = !StringExtensions.isNullOrBlank(requestedClaims);
Logger.verbose(TAG, "Credential lookup filtered by home_account_id? [" + mustMatchOnHomeAccountId + "]" + NEW_LINE + "Credential lookup filtered by realm? [" + mustMatchOnRealm + "]" + NEW_LINE + "Credential lookup filtered by target? [" + mustMatchOnTarget + "]" + NEW_LINE + "Credential lookup filtered by clientId? [" + mustMatchOnClientId + "]" + NEW_LINE + "Credential lookup filtered by credential type? [" + mustMatchOnCredentialType + "]" + NEW_LINE + "Credential lookup filtered by auth scheme? [" + mustMatchOnAuthScheme + "]" + NEW_LINE + "Credential lookup filtered by requested claims? [" + mustMatchOnRequestedClaims + "]");
final List<Credential> matchingCredentials = new ArrayList<>();
for (final Credential credential : allCredentials) {
boolean matches = true;
if (mustMatchOnHomeAccountId) {
matches = equalsIgnoreCaseTrimBoth(homeAccountId, credential.getHomeAccountId());
}
if (mustMatchOnEnvironment) {
matches = matches && equalsIgnoreCaseTrimBoth(environment, credential.getEnvironment());
}
if (mustMatchOnCredentialType) {
matches = matches && equalsIgnoreCaseTrimBoth(credentialType.name(), credential.getCredentialType());
}
if (mustMatchOnClientId) {
matches = matches && equalsIgnoreCaseTrimBoth(clientId, credential.getClientId());
}
if (mustMatchOnRealm && credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(realm, accessToken.getRealm());
}
if (mustMatchOnRealm && credential instanceof IdTokenRecord) {
final IdTokenRecord idToken = (IdTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(realm, idToken.getRealm());
}
if (mustMatchOnTarget) {
if (credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && targetsIntersect(target, accessToken.getTarget(), true);
} else if (credential instanceof RefreshTokenRecord) {
final RefreshTokenRecord refreshToken = (RefreshTokenRecord) credential;
matches = matches && targetsIntersect(target, refreshToken.getTarget(), true);
} else {
Logger.verbose(TAG, "Query specified target-match, but no target to match.");
}
}
if (mustMatchOnAuthScheme && credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
String atType = accessToken.getAccessTokenType();
if (null != atType) {
atType = atType.trim();
}
matches = matches && authScheme.equalsIgnoreCase(atType);
}
if (mustMatchOnRequestedClaims) {
if (credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(requestedClaims, accessToken.getRequestedClaims());
} else {
Logger.verbose(TAG, "Query specified requested_claims-match, but attempted to match with non-AT credential type.");
}
}
if (matches) {
matchingCredentials.add(credential);
}
}
return matchingCredentials;
}
use of com.microsoft.identity.common.internal.dto.Credential in project microsoft-authentication-library-common-for-android by AzureAD.
the class SharedPreferencesAccountCredentialCache method getCredentialsWithKeys.
@NonNull
private Map<String, Credential> getCredentialsWithKeys() {
Logger.verbose(TAG, "Loading Credentials with keys...");
final Map<String, Credential> credentials = new HashMap<>();
final Iterator<Map.Entry<String, String>> cacheValues = mSharedPreferencesFileManager.getAllFilteredByKey(new SharedPreferencesFileManager.Predicate<String>() {
@Override
public boolean test(String value) {
return isCredential(value);
}
});
while (cacheValues.hasNext()) {
Map.Entry<String, ?> cacheValue = cacheValues.next();
final String cacheKey = cacheValue.getKey();
final Credential credential = mCacheValueDelegate.fromCacheValue(cacheValue.getValue().toString(), credentialClassForType(cacheKey));
if (null == credential) {
Logger.warn(TAG, CREDENTIAL_DESERIALIZATION_FAILED);
} else {
credentials.put(cacheKey, credential);
}
}
Logger.verbose(TAG, "Loaded [" + credentials.size() + "] Credentials...");
return credentials;
}
use of com.microsoft.identity.common.internal.dto.Credential in project microsoft-authentication-library-common-for-android by AzureAD.
the class SharedPreferencesAccountCredentialCache method saveCredential.
@Override
public synchronized void saveCredential(@NonNull Credential credentialToSave) {
Logger.verbose(TAG, "Saving credential...");
final String cacheKey = mCacheValueDelegate.generateCacheKey(credentialToSave);
Logger.verbosePII(TAG, "Generated cache key: [" + cacheKey + "]");
// Perform any necessary field merging on the Credential to save...
final Credential existingCredential = getCredential(cacheKey);
if (null != existingCredential) {
credentialToSave.mergeAdditionalFields(existingCredential);
}
final String cacheValue = mCacheValueDelegate.generateCacheValue(credentialToSave);
mSharedPreferencesFileManager.putString(cacheKey, cacheValue);
}
Aggregations