/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.cxf.rs.security.oauth2.grants.code;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.crypto.SecretKey;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
import org.apache.cxf.rt.security.crypto.KeyProperties;
public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDataProvider
implements AuthorizationCodeDataProvider {
private long grantLifetime;
private Set<String> grants = Collections.synchronizedSet(new HashSet<>());
public DefaultEncryptingCodeDataProvider(String algo, int keySize) {
super(algo, keySize);
}
public DefaultEncryptingCodeDataProvider(KeyProperties props) {
super(props);
}
public DefaultEncryptingCodeDataProvider(SecretKey key) {
super(key);
}
@Override
public Client removeClient(String clientId) {
Client c = super.removeClient(clientId);
removeClientCodeGrants(c);
return c;
}
protected void removeClientCodeGrants(Client c) {
for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null)) {
removeCodeGrant(grant.getCode());
}
}
@Override
public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)
throws OAuthServiceException {
ServerAuthorizationCodeGrant grant = doCreateCodeGrant(reg);
saveAuthorizationGrant(grant);
return grant;
}
public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub) {
List<ServerAuthorizationCodeGrant> list =
new ArrayList<>(grants.size());
for (String key : grants) {
ServerAuthorizationCodeGrant grant = getCodeGrant(key);
if (c == null || grant.getClient().getClientId().equals(c.getClientId())) {
UserSubject grantSub = grant.getSubject();
if (sub == null || grantSub != null && grantSub.getLogin().equals(sub.getLogin())) {
list.add(grant);
}
}
}
return list;
}
@Override
public ServerAuthorizationCodeGrant removeCodeGrant(String code) throws OAuthServiceException {
grants.remove(code);
return ModelEncryptionSupport.decryptCodeGrant(this, code, key);
}
public ServerAuthorizationCodeGrant getCodeGrant(String code) throws OAuthServiceException {
ServerAuthorizationCodeGrant grant = ModelEncryptionSupport.decryptCodeGrant(this, code, key);
if (grant != null) {
grants.remove(code);
}
return grant;
}
protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration reg)
throws OAuthServiceException {
return AbstractCodeDataProvider.initCodeGrant(reg, grantLifetime);
}
protected List<String> getApprovedScopes(AuthorizationCodeRegistration reg) {
return reg.getApprovedScope();
}
protected String getCode(AuthorizationCodeRegistration reg) {
return OAuthUtils.generateRandomTokenKey();
}
public long getGrantLifetime() {
return grantLifetime;
}
public void setGrantLifetime(long lifetime) {
this.grantLifetime = lifetime;
}
protected long getIssuedAt() {
return OAuthUtils.getIssuedAt();
}
protected void saveAuthorizationGrant(ServerAuthorizationCodeGrant grant) {
String encrypted = ModelEncryptionSupport.encryptCodeGrant(grant, key);
grant.setCode(encrypted);
grants.add(encrypted);
}
}