edu.uiuc.ncsa.oa4mp.oauth2.client.OA2MPService Maven / Gradle / Ivy
package edu.uiuc.ncsa.oa4mp.oauth2.client;
import edu.uiuc.ncsa.myproxy.oa4mp.client.Asset;
import edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment;
import edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPService;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.exceptions.NFWException;
import edu.uiuc.ncsa.security.core.util.DateUtils;
import edu.uiuc.ncsa.security.delegation.client.request.RTRequest;
import edu.uiuc.ncsa.security.delegation.client.request.RTResponse;
import edu.uiuc.ncsa.security.delegation.client.request.UIRequest;
import edu.uiuc.ncsa.security.delegation.client.request.UIResponse;
import edu.uiuc.ncsa.security.oauth_2_0.UserInfo;
import edu.uiuc.ncsa.security.oauth_2_0.client.DS2;
import edu.uiuc.ncsa.security.util.pkcs.CertUtil;
import edu.uiuc.ncsa.security.util.pkcs.KeyUtil;
import edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Base64;
import java.security.KeyPair;
import java.util.Map;
import static edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment.CALLBACK_URI_KEY;
/**
* Created by Jeff Gaynor
* on 2/21/14 at 2:50 PM
*/
public class OA2MPService extends OA4MPService {
@Override
public void preGetCert(Asset asset, Map parameters) {
super.preGetCert(asset, parameters);
parameters.put(ClientEnvironment.CERT_REQUEST_KEY, Base64.encodeBase64String(asset.getCertReq().getEncoded()));
if (!parameters.containsKey(getEnvironment().getConstants().get(CALLBACK_URI_KEY))) {
parameters.put(getEnvironment().getConstants().get(CALLBACK_URI_KEY), getEnvironment().getCallback().toString());
}
if (0 <= getEnvironment().getCertLifetime()) {
parameters.put(ClientEnvironment.CERT_LIFETIME_KEY, getEnvironment().getCertLifetime());
}
if (asset.getCertificates() != null) {
// We have some, so restart the sequence to get more.
MyPKCS10CertRequest certRequest = asset.getCertReq();
KeyPair keyPair = null;
if (certRequest == null) {
// ok... generate a new keypair
try {
keyPair = KeyUtil.generateKeyPair();
} catch (Throwable e) {
String msg = "Unable to generate a new keypair.";
getEnvironment().getMyLogger().warn(msg, e);
if (e instanceof RuntimeException) {
throw (RuntimeException) e;
}
throw new GeneralException(msg, e);
}
asset.setPrivateKey(keyPair.getPrivate());
} else {
// need to public key.
keyPair = new KeyPair(certRequest.getPublicKey(), asset.getPrivateKey());
}
if (asset.getPrivateKey() == null) {
String msg = "Error: The private key is missing. The internal state of the asset is invalid";
NFWException x = new NFWException((msg));
getEnvironment().getMyLogger().warn(msg, x);
throw x;
}
try {
asset.setCertReq(CertUtil.createCertRequest(keyPair));
} catch (Throwable t) {
String msg = "Error: could not create cert request.";
getEnvironment().getMyLogger().warn(msg, t);
if (t instanceof RuntimeException) {
throw (RuntimeException) t;
}
throw new GeneralException(msg, t);
}
}
}
@Override
public void preRequestCert(Asset asset, Map parameters) {
// do nothing here in this case. Protocol says add cert req before getCert.
if (!parameters.containsKey(getEnvironment().getConstants().get(CALLBACK_URI_KEY))) {
parameters.put(getEnvironment().getConstants().get(CALLBACK_URI_KEY), getEnvironment().getCallback().toString());
}
}
public OA2MPService(ClientEnvironment environment) {
super(environment);
}
/**
* This will take the identifier and make the necessary calls to the service to update the refresh
* token and access token. This returns the asset or null if no such asset exists.
*
* @param identifier
*/
public OA2Asset refresh(String identifier) {
OA2Asset asset = (OA2Asset) getAssetStore().get(identifier);
if (asset == null) return null;
DS2 ds2 = (DS2) getEnvironment().getDelegationService();
RTRequest rtRequest = new RTRequest(getEnvironment().getClient(), null);
rtRequest.setAccessToken(asset.getAccessToken());
rtRequest.setRefreshToken(asset.getRefreshToken());
RTResponse rtResponse = ds2.refresh(rtRequest);
asset.setAccessToken(rtResponse.getAccessToken());
asset.setRefreshToken(rtResponse.getRefreshToken());
return asset;
}
public boolean isAccessTokenValid(String id) {
OA2Asset asset = getAsset2(id);
if (asset == null) {
throw new NoSuchAssetException("Error: the asset with identifier \"" + id + "\" was not found.");
}
try {
DateUtils.checkTimestamp(asset.getAccessToken().getToken(), 15 * 60 * 1000L);
} catch (Throwable t) {
return false;
}
return true;
}
public UserInfo getUserInfo(String identifier) {
OA2Asset asset = getAsset2(identifier);
if (asset == null || asset.getAccessToken() == null) return null;
UIRequest uiRequest = new UIRequest(asset.getAccessToken());
uiRequest.setClient(getEnvironment().getClient());
DS2 ds2 = (DS2) getEnvironment().getDelegationService();
UIResponse resp = ds2.getUserInfo(uiRequest);
JSONObject json = JSONObject.fromObject(resp.getRawJSON());
UserInfo ui = (UserInfo) JSONObject.toBean(json, UserInfo.class);
return ui;
}
protected OA2Asset getAsset2(String id) {
return (OA2Asset) getAssetStore().get(id);
}
/**
* Note that this requires the identifier, not a token.
*
* @param id
* @return
*/
public OA2Asset getCert(String id) {
OA2Asset OA2Asset = (OA2Asset) getAssetStore().get(id);
AssetResponse assetResponse = getCert(OA2Asset.getAccessToken().getToken(), null);
OA2Asset.setCertificates(assetResponse.getX509Certificates());
OA2Asset.setUsername(assetResponse.getUsername());
getAssetStore().save(OA2Asset);
return OA2Asset;
}
}