Search in sources :

Example 1 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class OA2ATServlet method doAT.

protected IssuerTransactionState doAT(HttpServletRequest request, HttpServletResponse response, OA2Client client) throws Throwable {
    verifyClientSecret(client, getClientSecret(request));
    IssuerTransactionState state = doDelegation(client, request, response);
    ATIResponse2 atResponse = (ATIResponse2) state.getIssuerResponse();
    atResponse.setSignToken(client.isSignTokens());
    DebugUtil.dbg(this, "set token signing flag =" + atResponse.isSignToken());
    OA2ServiceTransaction st2 = (OA2ServiceTransaction) state.getTransaction();
    if (!client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
        // Since this bit of information could be extremely useful if a service decides
        // eto start issuing refresh tokens after
        // clients have been registered, it should be logged.
        info("Refresh tokens are disabled for client " + client.getIdentifierString() + ", but enabled on the server. No refresh token will be madeg.");
    }
    if (client.isRTLifetimeEnabled() && ((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) {
        RefreshToken rt = atResponse.getRefreshToken();
        st2.setRefreshToken(rt);
        // First pass through the system should have the system default as the refresh token lifetime.
        st2.setRefreshTokenLifetime(((OA2SE) getServiceEnvironment()).getRefreshTokenLifetime());
        rt.setExpiresIn(computeRefreshLifetime(st2));
        st2.setRefreshTokenValid(true);
    } else {
        // Do not return a refresh token.
        atResponse.setRefreshToken(null);
    }
    getTransactionStore().save(st2);
    return state;
}
Also used : IssuerTransactionState(edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState) RefreshToken(edu.uiuc.ncsa.security.delegation.token.RefreshToken) OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)

Example 2 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class OA2ATServlet method preprocess.

@Override
public void preprocess(TransactionState state) throws Throwable {
    super.preprocess(state);
    state.getResponse().setHeader("Cache-Control", "no-store");
    state.getResponse().setHeader("Pragma", "no-cache");
    OA2ServiceTransaction st = (OA2ServiceTransaction) state.getTransaction();
    Map<String, String> p = state.getParameters();
    String givenRedirect = p.get(OA2Constants.REDIRECT_URI);
    try {
        st.setCallback(URI.create(givenRedirect));
    } catch (Throwable t) {
        throw new InvalidURIException("Invalid redirect URI \"" + givenRedirect + "\"", t);
    }
    // Spec says that the redirect must match one of the ones stored and if not, the request is rejected.
    OA2ClientCheck.check(st.getClient(), givenRedirect);
    // Here is where we put the information from the session for generating claims in the id_token
    if (st.getNonce() != null && 0 < st.getNonce().length()) {
        p.put(OA2Constants.NONCE, st.getNonce());
    }
    p.put(OA2Constants.CLIENT_ID, st.getClient().getIdentifierString());
    populateClaims(state.getRequest(), p, st);
}
Also used : OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)

Example 3 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class RefreshTokenStoreTest method testRT.

public void testRT(TransactionStore tStore) throws Exception {
    if (!(tStore instanceof RefreshTokenStore)) {
        // fail here if can't cast
        throw new IllegalStateException("Error: The store " + tStore.getClass().getSimpleName() + " is not of a type RefreshTokenStore");
    }
    RefreshTokenStore rts = (RefreshTokenStore) tStore;
    OA2ServiceTransaction st2 = (OA2ServiceTransaction) tStore.create();
    OA2TokenForge tf2 = new OA2TokenForge("http://localhost/test/");
    RefreshToken rt = tf2.getRefreshToken();
    st2.setRefreshToken(rt);
    // the auth grant is used to retrieve this later and should in this case just be set to the identifier.
    AuthorizationGrant ag = tf2.getAuthorizationGrant(st2.getIdentifierString());
    st2.setAuthorizationGrant(ag);
    st2.setRefreshTokenLifetime(EXPIRES_IN);
    tStore.save(st2);
    OA2ServiceTransaction testST = rts.get(rt);
    assert testST.equals(st2) : "Error: created transaction is not fetched faithfully from the store";
    // get another one and retry since we have to be able to show the store can handle updating the refresh token
    rt = tf2.getRefreshToken();
    st2.setRefreshToken(rt);
    st2.setRefreshTokenValid(false);
    tStore.save(st2);
    assert rts.get(rt).equals(st2) : "Error: updating refresh token fails.";
}
Also used : RefreshTokenStore(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.RefreshTokenStore) RefreshToken(edu.uiuc.ncsa.security.delegation.token.RefreshToken) OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction) AuthorizationGrant(edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant) OA2TokenForge(edu.uiuc.ncsa.security.oauth_2_0.OA2TokenForge)

Example 4 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class OA2AuthorizationServer method prepare.

@Override
public void prepare(PresentableState state) throws Throwable {
    super.prepare(state);
    if (state.getState() == AUTHORIZATION_ACTION_START) {
        state.getRequest().setAttribute(AUTHORIZATION_REFRESH_TOKEN_LIFETIME_KEY, AUTHORIZATION_REFRESH_TOKEN_LIFETIME_KEY);
    }
    if (state.getState() == AUTHORIZATION_ACTION_OK) {
        AuthorizedState authorizedState = (AuthorizedState) state;
        ((OA2ServiceTransaction) authorizedState.getTransaction()).setAuthTime(new Date());
    }
}
Also used : OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction) Date(java.util.Date)

Example 5 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class RefreshCleanup method getSortedKeys.

@Override
public Set<K> getSortedKeys() {
    TreeSet targetList = new TreeSet<>();
    for (Object key : rts.keySet()) {
        OA2ServiceTransaction st2 = (OA2ServiceTransaction) rts.get(key);
        targetList.add(st2.getRefreshToken());
    }
    return targetList;
}
Also used : TreeSet(java.util.TreeSet) OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)

Aggregations

OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)17 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)7 RefreshToken (edu.uiuc.ncsa.security.delegation.token.RefreshToken)4 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)3 AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)3 IssuerTransactionState (edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.IssuerTransactionState)2 InvalidTimestampException (edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException)2 BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)2 ArrayList (java.util.ArrayList)2 MPSingleConnectionProvider (edu.uiuc.ncsa.myproxy.MPSingleConnectionProvider)1 RefreshTokenStore (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.RefreshTokenStore)1 UsernameFindable (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.UsernameFindable)1 AdminClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)1 OA4MPIdentifierProvider (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.transactions.OA4MPIdentifierProvider)1 MyMyProxyLogon (edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractAuthorizationServlet.MyMyProxyLogon)1 IdentifiableProvider (edu.uiuc.ncsa.security.core.IdentifiableProvider)1 Identifier (edu.uiuc.ncsa.security.core.Identifier)1 NFWException (edu.uiuc.ncsa.security.core.exceptions.NFWException)1 ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)1 AGResponse (edu.uiuc.ncsa.security.delegation.server.request.AGResponse)1