Examples with OA2ServiceTransaction edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction used on opensource projects

Example 16 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class OA2ATServlet method populateClaims.

protected Map<String, String> populateClaims(HttpServletRequest request, Map<String, String> p, OA2ServiceTransaction st) {
    OA2SE oa2se = (OA2SE) getServiceEnvironment();
    String issuer = null;
    // So in order
    // 1. get the issuer from the admin client
    List<Identifier> admins = oa2se.getPermissionStore().getAdmins(st.getClient().getIdentifier());
    for (Identifier adminID : admins) {
        AdminClient ac = oa2se.getAdminClientStore().get(adminID);
        if (ac != null) {
            if (ac.getIssuer() != null) {
                issuer = ac.getIssuer();
                break;
            }
        }
    }
    // 2. If the admin client does not have an issuer set, see if the client has one
    if (issuer == null) {
        issuer = ((OA2Client) st.getClient()).getIssuer();
    }
    // The discovery servlet will try to use the server default or construct the issuer
    if (issuer == null) {
        issuer = OA2DiscoveryServlet.getIssuer(request);
    }
    p.put(OA2Claims.ISSUER, issuer);
    p.put(OA2Claims.SUBJECT, st.getUsername());
    if (st.hasAuthTime()) {
        // convert the date to a time if needed.
        p.put(OA2Constants.AUTHORIZATION_TIME, Long.toString(st.getAuthTime().getTime() / 1000));
    }
    return p;
}

Example 17 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class OA2ATServlet method computeRefreshLifetime.

/**
 * The lifetime of the refresh token. This is the non-zero minimum of the client's requested
 * lifetime, the user's request at authorization time and the server global limit.
 *
 * @param st2
 * @return
 */
protected long computeRefreshLifetime(OA2ServiceTransaction st2) {
    OA2Client client = (OA2Client) st2.getClient();
    long lifetime = Math.max(st2.getRefreshTokenLifetime(), client.getRtLifetime());
    OA2SE oa2SE = (OA2SE) getServiceEnvironment();
    if (oa2SE.getRefreshTokenLifetime() <= 0) {
        throw new NFWException("Internal error: the server-wide default for the refresh token lifetime has not been set.");
    }
    lifetime = Math.min(lifetime, oa2SE.getRefreshTokenLifetime());
    return lifetime;
}

Example 18 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class OA2ATServlet method doRefresh.

protected TransactionState doRefresh(OA2Client c, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    RefreshToken oldRT = getTF2().getRefreshToken(request.getParameter(OA2Constants.REFRESH_TOKEN));
    if (c == null) {
        throw new InvalidTokenException("Could not find the client associated with refresh token \"" + oldRT + "\"");
    }
    OA2ServiceTransaction t = getByRT(oldRT);
    if ((!((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) || (!c.isRTLifetimeEnabled())) {
        throw new OA2ATException(OA2Errors.REQUEST_NOT_SUPPORTED, "Refresh tokens are not supported on this server");
    }
    if (t == null || !t.isRefreshTokenValid()) {
        throw new OA2ATException(OA2Errors.INVALID_REQUEST, "Error: The refresh token is no longer valid.");
    }
    // this way if it fails at some point we know it is invalid.
    t.setRefreshTokenValid(false);
    AccessToken at = t.getAccessToken();
    RTIRequest rtiRequest = new RTIRequest(request, c, at);
    RTI2 rtIsuuer = new RTI2(getTF2(), getServiceEnvironment().getServiceAddress());
    RTIResponse rtiResponse = (RTIResponse) rtIsuuer.process(rtiRequest);
    rtiResponse.setSignToken(c.isSignTokens());
    populateClaims(request, rtiResponse.getParameters(), t);
    RefreshToken rt = rtiResponse.getRefreshToken();
    rt.setExpiresIn(computeRefreshLifetime(t));
    t.setRefreshToken(rtiResponse.getRefreshToken());
    t.setRefreshTokenValid(true);
    t.setAccessToken(rtiResponse.getAccessToken());
    // At this point, key in the transaction store is the grant, so changing the access token
    // over-writes the current value. This practically invalidates the previous access token.
    // this is necessary to clear any caches.
    getTransactionStore().remove(t.getIdentifier());
    ArrayList<String> targetScopes = new ArrayList<>();
    OA2SE oa2SE = (OA2SE) getServiceEnvironment();
    // set true if something is requested we don't support
    boolean returnScopes = false;
    for (String s : t.getScopes()) {
        if (oa2SE.getScopes().contains(s)) {
            targetScopes.add(s);
        } else {
            returnScopes = true;
        }
    }
    if (returnScopes) {
        rtiResponse.setSupportedScopes(targetScopes);
    }
    rtiResponse.setScopeHandlers(setupScopeHandlers(t, oa2SE));
    rtiResponse.setServiceTransaction(t);
    rtiResponse.setJsonWebKey(oa2SE.getJsonWebKeys().getDefault());
    getTransactionStore().save(t);
    rtiResponse.write(response);
    IssuerTransactionState state = new IssuerTransactionState(request, response, rtiResponse.getParameters(), t, rtiResponse);
    return state;
}

Example 19 with OA2ServiceTransaction

use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction in project OA4MP by ncsa.

the class OA2ConfigurationLoader method getTSP.

@Override
protected Provider<TransactionStore> getTSP() {
    IdentifiableProvider tp = new ST2Provider(new OA4MPIdentifierProvider(TRANSACTION_ID, false));
    OA2TransactionKeys keys = new OA2TransactionKeys();
    OA2TConverter<OA2ServiceTransaction> tc = new OA2TConverter<OA2ServiceTransaction>(keys, tp, getTokenForgeProvider().get(), getClientStoreProvider().get());
    return getTSP(tp, tc);
}