diff --git a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java index 8c2ba3d..c8d2161 100644 --- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java +++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java @@ -13,6 +13,7 @@ import java.net.ProtocolException; import java.net.URL; import java.net.URLEncoder; import java.util.Arrays; +import java.util.Base64; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -58,6 +59,15 @@ public class OpenIdConnectRESTHelper { return q; } + /** + * Queries from the OIDC server an OIDC access token, by using provided clientId and client secret. + * + * @param clientId the client id + * @param clientSecret the client secret + * @param tokenUrl the token endpoint {@link URL} of the OIDC server + * @return the issued token + * @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details + */ public static JWTToken queryClientToken(String clientId, String clientSecret, URL tokenURL) throws OpenIdConnectRESTHelperException { @@ -88,7 +98,7 @@ public class OpenIdConnectRESTHelper { return performQueryTokenWithPOST(tokenURL, null, params); } - public static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization, + protected static JWTToken performQueryTokenWithPOST(URL tokenURL, String authorization, Map> params) throws OpenIdConnectRESTHelperException { logger.debug("Querying access token from OIDC server with URL: {}", tokenURL); @@ -154,7 +164,37 @@ public class OpenIdConnectRESTHelper { return con; } - public static JWTToken queryUMAToken(URL tokenUrl, String authorizationToken, String audience, + /** + * Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience + * (context) in URLEncoded form and optionally a list of permissions. + * + * @param tokenUrl the token endpoint {@link URL} of the OIDC server + * @param clientId the client id + * @param clientSecret the client secret + * @param audience the audience (context) where to request the issuing of the ticket + * @param permissions a list of permissions, can be null + * @return the issued token + * @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details + */ + public static JWTToken queryUMAToken(URL tokenUrl, String clientId, String clientSecret, String audience, + List permissions) throws OpenIdConnectRESTHelperException { + + return queryUMAToken(tokenUrl, "Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()), + audience, permissions); + } + + /** + * Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context) + * in URLEncoded form and optionally a list of permissions. + * + * @param tokenUrl the token endpoint {@link URL} of the OIDC server + * @param authorization the auth token (the access token URLEncoded by the "Bearer " string) + * @param audience the audience (context) where to request the issuing of the ticket (URLEncoded) + * @param permissions a list of permissions, can be null + * @return the issued token + * @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details + */ + public static JWTToken queryUMAToken(URL tokenUrl, String authorization, String audience, List permissions) throws OpenIdConnectRESTHelperException { Map> params = new HashMap<>(); @@ -174,18 +214,45 @@ public class OpenIdConnectRESTHelper { } }).collect(Collectors.toList())); } - return performQueryTokenWithPOST(tokenUrl, authorizationToken, params); + return performQueryTokenWithPOST(tokenUrl, authorization, params); } + /** + * Refreshes the token from the OIDC server. + * + * @param tokenUrl the token endpoint {@link URL} of the OIDC server + * @param token the token to be refreshed + * @return a new token refreshed from the previous one + * @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details + */ public static JWTToken refreshToken(URL tokenURL, JWTToken token) throws OpenIdConnectRESTHelperException { return refreshToken(tokenURL, null, null, token); } + /** + * Refreshes the token from the OIDC server for a specific client represented by the client id. + * + * @param tokenUrl the token endpoint {@link URL} of the OIDC server + * @param clientId the client id + * @param token the token to be refreshed + * @return a new token refreshed from the previous one + * @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details + */ public static JWTToken refreshToken(URL tokenURL, String clientId, JWTToken token) throws OpenIdConnectRESTHelperException { return refreshToken(tokenURL, clientId, null, token); } + /** + * Refreshes the token from the OIDC server for a specific client represented by the client id. + * + * @param tokenUrl the token endpoint {@link URL} of the OIDC server + * @param clientId the client id + * @param clientSecret the client secret + * @param token the token to be refreshed + * @return a new token refreshed from the previous one + * @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details + */ public static JWTToken refreshToken(URL tokenURL, String clientId, String clientSecret, JWTToken token) throws OpenIdConnectRESTHelperException { @@ -233,10 +300,27 @@ public class OpenIdConnectRESTHelper { } } + /** + * Performs the logout (SSOut) from all the sessions opened in the OIDC server. + * + * @param logoutUrl the logut endpoint {@link URL} of the OIDC server + * @param token the token used to take info from + * @return true if the logout is performed correctly, false otherwise + * @throws IOException if an I/O error occurs during the communication with the server + */ public static boolean logout(URL logoutUrl, JWTToken token) throws IOException { return logout(logoutUrl, null, token); } + /** + * Performs the logout from the session related to the provided client id in the OIDC server. + * + * @param logoutUrl the logut endpoint {@link URL} of the OIDC server + * @param clientId the client id + * @param token the token used to take info from + * @return true if the logout is performed correctly, false otherwise + * @throws IOException if an I/O error occurs during the communication with the server + */ public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException { Map> params = new HashMap<>(); if (clientId == null) { @@ -276,9 +360,9 @@ public class OpenIdConnectRESTHelper { } if (conn.getResponseCode() == 200) { String contentType = conn.getContentType(); - + logger.debug("Getting the stream to the avatar resource with MIME: {}", contentType); - + InputStream is = conn.getInputStream(); buffer = new ByteArrayOutputStream(); int nRead; @@ -286,7 +370,7 @@ public class OpenIdConnectRESTHelper { while ((nRead = is.read(data, 0, data.length)) != -1) { buffer.write(data, 0, nRead); } - + buffer.flush(); return buffer.toByteArray(); } else {