Examples with RefreshToken edu.uiuc.ncsa.security.delegation.token.RefreshToken used on opensource projects

Example 6 with RefreshToken

use of edu.uiuc.ncsa.security.delegation.token.RefreshToken in project OA4MP by ncsa.

the class OA2ATServlet method doRefresh.

protected TransactionState doRefresh(OA2Client c, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    RefreshToken oldRT = getTF2().getRefreshToken(request.getParameter(OA2Constants.REFRESH_TOKEN));
    if (c == null) {
        throw new InvalidTokenException("Could not find the client associated with refresh token \"" + oldRT + "\"");
    }
    OA2ServiceTransaction t = getByRT(oldRT);
    if ((!((OA2SE) getServiceEnvironment()).isRefreshTokenEnabled()) || (!c.isRTLifetimeEnabled())) {
        throw new OA2ATException(OA2Errors.REQUEST_NOT_SUPPORTED, "Refresh tokens are not supported on this server");
    }
    if (t == null || !t.isRefreshTokenValid()) {
        throw new OA2ATException(OA2Errors.INVALID_REQUEST, "Error: The refresh token is no longer valid.");
    }
    // this way if it fails at some point we know it is invalid.
    t.setRefreshTokenValid(false);
    AccessToken at = t.getAccessToken();
    RTIRequest rtiRequest = new RTIRequest(request, c, at);
    RTI2 rtIsuuer = new RTI2(getTF2(), getServiceEnvironment().getServiceAddress());
    RTIResponse rtiResponse = (RTIResponse) rtIsuuer.process(rtiRequest);
    rtiResponse.setSignToken(c.isSignTokens());
    populateClaims(request, rtiResponse.getParameters(), t);
    RefreshToken rt = rtiResponse.getRefreshToken();
    rt.setExpiresIn(computeRefreshLifetime(t));
    t.setRefreshToken(rtiResponse.getRefreshToken());
    t.setRefreshTokenValid(true);
    t.setAccessToken(rtiResponse.getAccessToken());
    // At this point, key in the transaction store is the grant, so changing the access token
    // over-writes the current value. This practically invalidates the previous access token.
    // this is necessary to clear any caches.
    getTransactionStore().remove(t.getIdentifier());
    ArrayList<String> targetScopes = new ArrayList<>();
    OA2SE oa2SE = (OA2SE) getServiceEnvironment();
    // set true if something is requested we don't support
    boolean returnScopes = false;
    for (String s : t.getScopes()) {
        if (oa2SE.getScopes().contains(s)) {
            targetScopes.add(s);
        } else {
            returnScopes = true;
        }
    }
    if (returnScopes) {
        rtiResponse.setSupportedScopes(targetScopes);
    }
    rtiResponse.setScopeHandlers(setupScopeHandlers(t, oa2SE));
    rtiResponse.setServiceTransaction(t);
    rtiResponse.setJsonWebKey(oa2SE.getJsonWebKeys().getDefault());
    getTransactionStore().save(t);
    rtiResponse.write(response);
    IssuerTransactionState state = new IssuerTransactionState(request, response, rtiResponse.getParameters(), t, rtiResponse);
    return state;
}

Example 7 with RefreshToken

use of edu.uiuc.ncsa.security.delegation.token.RefreshToken in project OA4MP by ncsa.

the class OA2TConverter method fromMap.

@Override
public V fromMap(ConversionMap<String, Object> map, V v) {
    V st = super.fromMap(map, v);
    Object refreshToken = map.get(getTCK().refreshToken());
    if (refreshToken != null) {
        if (refreshToken instanceof RefreshToken) {
            st.setRefreshToken((RefreshToken) refreshToken);
        } else {
            st.setRefreshToken(getTF2().getRefreshToken(refreshToken.toString()));
        }
    }
    st.setRefreshTokenValid(map.getBoolean(getTCK().refreshTokenValid()));
    st.setRefreshTokenLifetime(map.getLong(getTCK().expiresIn()));
    st.setCallback(map.getURI(getTCK().callbackUri()));
    st.setNonce(map.getString(getTCK().nonce()));
    if (map.get(getTCK().scopes()) != null) {
        net.sf.json.JSONArray json = (JSONArray) JSONSerializer.toJSON(map.get(getTCK().scopes()));
        Collection<String> zzz = (Collection<String>) JSONSerializer.toJava(json);
        st.setScopes(zzz);
    }
    if (map.get(getTCK().authTime()) != null) {
        st.setAuthTime(map.getDate(getTCK().authTime));
    }
    if (map.get(getTCK().flowStates()) != null) {
        st.setFlowStates(new FlowStates((JSONObject) JSONSerializer.toJSON(map.get(getTCK().flowStates()))));
    } else {
        st.setFlowStates(new FlowStates());
    }
    return st;
}

Example 8 with RefreshToken

use of edu.uiuc.ncsa.security.delegation.token.RefreshToken in project OA4MP by ncsa.

the class OA2AssetConverter method fromMap.

@Override
public Asset fromMap(ConversionMap<String, Object> map, Asset asset) {
    OA2Asset a = (OA2Asset) super.fromMap(map, asset);
    String rawCR = map.getString(getASK().certReq());
    if (rawCR != null) {
        MyPKCS10CertRequest certReq = CertUtil.fromStringToCertReq(rawCR);
        a.setCertReq(certReq);
    }
    String at = map.getString(getASK().accessToken());
    if (at != null)
        a.setAccessToken(new AccessTokenImpl(URI.create(at)));
    String rt = map.getString(getASK().refreshToken());
    if (rt != null) {
        RefreshToken refreshToken = new OA2RefreshTokenImpl(URI.create(rt));
        refreshToken.setExpiresIn(map.getLong(getASK().refreshLifetime()));
        a.setRefreshToken(refreshToken);
    }
    String state = map.getString(getASK().state());
    if (state != null) {
        a.setState(state);
    }
    a.setNonce(map.getString(getASK().nonce()));
    if (map.containsKey(OA2Claims.ISSUED_AT)) {
        a.setIssuedAt(map.getDate(OA2Claims.ISSUED_AT));
    }
    return a;
}