Refactoring of common code and new mthods to get "refreshed" token

2020-06-29 16:22:51 +02:00 · 2020-06-29 16:22:51 +02:00 · 65e2882c2f
parent 10806e57cb
commit 65e2882c2f
1 changed files with 81 additions and 38 deletions
--- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
+++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
@ -6,6 +6,7 @@ import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
+import java.net.ProtocolException;
 import java.net.URL;
 import java.net.URLEncoder;
 import java.util.Arrays;
@ -72,6 +73,35 @@ public class OpenIdConnectRESTHelper {
        if (logger.isDebugEnabled()) {
            logger.debug("Querying access token from OIDC server with URL: " + tokenURL);
        }
+        HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization);
+
+        StringBuilder sb = new StringBuilder();
+        int httpResultCode = httpURLConnection.getResponseCode();
+        if (logger.isTraceEnabled()) {
+            logger.trace("HTTP Response code: " + httpResultCode);
+        }
+        if (httpResultCode != HttpURLConnection.HTTP_OK) {
+            BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), "UTF-8"));
+            String line = null;
+            while ((line = br.readLine()) != null) {
+                sb.append(line + "\n");
+            }
+            br.close();
+            throw new Exception("Unable to get token " + sb);
+        } else {
+            BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), "UTF-8"));
+            String line = null;
+            while ((line = br.readLine()) != null) {
+                sb.append(line + "\n");
+            }
+            br.close();
+        }
+        return JWTToken.fromString(sb.toString());
+    }
+
+    protected static HttpURLConnection performURLEncodedPOSTSendData(URL tokenURL, Map<String, List<String>> params,
+            String authorization) throws IOException, ProtocolException, UnsupportedEncodingException {
+
        HttpURLConnection con = (HttpURLConnection) tokenURL.openConnection();
        con.setRequestMethod("POST");
        con.setDoOutput(true);
@ -80,7 +110,7 @@ public class OpenIdConnectRESTHelper {
        con.setRequestProperty("Accept", "application/json");
        if (authorization != null) {
            if (logger.isDebugEnabled()) {
-                logger.debug("Adding auhotization header as: " + authorization);
+                logger.debug("Adding authorization header as: " + authorization);
            }
            con.setRequestProperty("Authorization", authorization);
        }
@ -90,29 +120,7 @@ public class OpenIdConnectRESTHelper {
        }
        os.write(mapToQueryString(params).getBytes("UTF-8"));
        os.close();
-
-        StringBuilder sb = new StringBuilder();
-        int httpResultCode = con.getResponseCode();
-        if (logger.isTraceEnabled()) {
-            logger.trace("HTTP Response code: " + httpResultCode);
-        }
-        if (httpResultCode != HttpURLConnection.HTTP_OK) {
-            BufferedReader br = new BufferedReader(new InputStreamReader(con.getErrorStream(), "UTF-8"));
-            String line = null;
-            while ((line = br.readLine()) != null) {
-                sb.append(line + "\n");
-            }
-            br.close();
-            throw new Exception("Unable to get token " + sb);
-        } else {
-            BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream(), "UTF-8"));
-            String line = null;
-            while ((line = br.readLine()) != null) {
-                sb.append(line + "\n");
-            }
-            br.close();
-        }
-        return JWTToken.fromString(sb.toString());
+        return con;
    }

    public static JWTToken queryUMAToken(URL tokenUrl, String authorizationToken, String audience,
@ -134,27 +142,62 @@ public class OpenIdConnectRESTHelper {
        return performQueryTokenWithPOST(tokenUrl, authorizationToken, params);
    }

-    public static void logout(JWTToken token, URL logoutUrl, String clientId) throws IOException {
+    public static JWTToken refreshToken(URL tokenURL, JWTToken token) throws Exception {
+        return refreshToken(tokenURL, null, null, token);
+    }
+
+    public static JWTToken refreshToken(URL tokenURL, String clientId, JWTToken token) throws Exception {
+        return refreshToken(tokenURL, clientId, null, token);
+    }
+
+    public static JWTToken refreshToken(URL tokenURL, String clientId, String clientSecret, JWTToken token)
+            throws Exception {
+
        Map<String, List<String>> params = new HashMap<>();
+        params.put("grant_type", Arrays.asList("refresh_token"));
+        if (clientId == null) {
+            clientId = getFirstAudienceNoAccount(token);
+        }
+        params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
+        if (clientSecret != null) {
+            params.put("client_secret", Arrays.asList(URLEncoder.encode(clientSecret, "UTF-8")));
+        }
+        params.put("refresh_token", Arrays.asList(token.getRefreshTokenString()));
+        return performQueryTokenWithPOST(tokenURL, null, params);
+    }
+
+    private static String getFirstAudienceNoAccount(JWTToken token) {
+        // Trying to get it from the token's audience ('aud' field), getting the first except the 'account'
+        List<String> tokenAud = token.getAud();
+        tokenAud.remove(JWTToken.ACCOUNT_RESOURCE);
+        if (tokenAud.size() > 0) {
+            return tokenAud.iterator().next();
+        } else {
+            // Setting it to empty string to avoid NPE in encoding
+            return "";
+        }
+    }
+
+    public static boolean logout(URL logoutUrl, JWTToken token) throws IOException {
+        return logout(logoutUrl, null, token);
+    }
+
+    public static boolean logout(URL logoutUrl, String clientId, JWTToken token) throws IOException {
+        Map<String, List<String>> params = new HashMap<>();
+        if (clientId == null) {
+            clientId = getFirstAudienceNoAccount(token);
+        }
        params.put("client_id", Arrays.asList(URLEncoder.encode(clientId, "UTF-8")));
        params.put("refresh_token", Arrays.asList(token.getRefreshTokenString()));
        logger.info("Performing logut from OIDC server with URL: " + logoutUrl);
-        HttpURLConnection con = (HttpURLConnection) logoutUrl.openConnection();
-        con.setRequestMethod("POST");
-        con.setDoOutput(true);
-        con.setDoInput(true);
-        con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
-        con.setRequestProperty("Accept", "application/json");
-        con.setRequestProperty("Authorization", token.getAsBearer());
-        OutputStream os = con.getOutputStream();
-        os.write(mapToQueryString(params).getBytes("UTF-8"));
-        os.close();
-        int responseCode = con.getResponseCode();
+        HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(logoutUrl, params, token.getAsBearer());
+        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode == 204) {
            logger.info("Logout performed correctly");
+            return true;
        } else {
-            logger.error("Cannot perfrom logout: [" + responseCode + "] " + con.getResponseMessage());
+            logger.error("Cannot perfrom logout: [" + responseCode + "] " + httpURLConnection.getResponseMessage());
        }
-
+        return false;
    }
 }