AbstractClientManager.java

/**
 * Copyright 2005-2014 Restlet
 * 
 * The contents of this file are subject to the terms of one of the following
 * open source licenses: Apache 2.0 or or EPL 1.0 (the "Licenses"). You can
 * select the license that you prefer but you may not use this file except in
 * compliance with one of these Licenses.
 * 
 * You can obtain a copy of the Apache 2.0 license at
 * http://www.opensource.org/licenses/apache-2.0
 * 
 * You can obtain a copy of the EPL 1.0 license at
 * http://www.opensource.org/licenses/eclipse-1.0
 * 
 * See the Licenses for the specific language governing permissions and
 * limitations under the Licenses.
 * 
 * Alternatively, you can obtain a royalty free commercial license with less
 * limitations, transferable or non-transferable, directly at
 * http://restlet.com/products/restlet-framework
 * 
 * Restlet is a registered trademark of Restlet S.A.S.
 */

package org.restlet.ext.oauth.internal;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

import org.restlet.engine.util.Base64;
import org.restlet.ext.oauth.GrantType;
import org.restlet.ext.oauth.ResponseType;
import org.restlet.ext.oauth.internal.Client.ClientType;

/**
 * 
 * @author Shotaro Uchida <fantom@xmaker.mx>
 */
public abstract class AbstractClientManager implements ClientManager {

    public static final Object[] DEFAULT_SUPPORTED_FLOWS_CONFIDENTIAL = new Object[] {
            ResponseType.code, GrantType.authorization_code,
            GrantType.client_credentials, GrantType.refresh_token };

    public static final Object[] DEFAULT_SUPPORTED_FLOWS_PUBLIC = new Object[] { ResponseType.token, };

    public static final int RESEED_CLIENTS = 100;

    private volatile int count = 0;

    private Map<ClientType, Object[]> defaultSupportedFlow;

    private boolean issueClientSecretToPublicClients = false;

    private SecureRandom random;

    public AbstractClientManager() {
        try {
            random = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException ex) {
            throw new IllegalStateException(ex);
        }
        defaultSupportedFlow = new EnumMap<ClientType, Object[]>(
                ClientType.class);
        defaultSupportedFlow.put(ClientType.PUBLIC,
                DEFAULT_SUPPORTED_FLOWS_PUBLIC);
        defaultSupportedFlow.put(ClientType.CONFIDENTIAL,
                DEFAULT_SUPPORTED_FLOWS_CONFIDENTIAL);
    }

    public Client createClient(ClientType clientType, String[] redirectURIs,
            Map<String, Object> properties) {
        if (properties == null) {
            properties = new HashMap<String, Object>();
        }

        Object flows = properties.get(Client.PROPERTY_SUPPORTED_FLOWS);
        if (flows == null) {
            flows = defaultSupportedFlow.get(clientType);
            properties.put(Client.PROPERTY_SUPPORTED_FLOWS, flows);
        }

        /*
         * The authorization server MUST require the following clients to
         * register their redirection endpoint: o Public clients. o Confidential
         * clients utilizing the implicit grant type. (3.1.2.2. Registration
         * Requirements)
         */
        if (clientType == ClientType.PUBLIC
                || (clientType == ClientType.CONFIDENTIAL && Arrays.asList(
                        (Object[]) flows).contains(ResponseType.token))) {
            if (redirectURIs == null || redirectURIs.length == 0) {
                throw new IllegalArgumentException(
                        "RedirectionURI(s) required.");
            }
        }

        String clientId = UUID.randomUUID().toString();
        char[] clientSecret = null;
        if (clientType == ClientType.CONFIDENTIAL
                || (clientType == ClientType.PUBLIC && isIssueClientSecretToPublicClients())) {
            // Issue a client secret to the confidential client.
            if (count++ > RESEED_CLIENTS) {
                count = 0;
                random.setSeed(random.generateSeed(20));
            }
            byte[] secret = new byte[20];
            random.nextBytes(secret);
            clientSecret = Base64.encode(secret, false).toCharArray();
        }

        return createClient(clientId, clientSecret, clientType, redirectURIs,
                properties);
    }

    protected abstract Client createClient(String clientId,
            char[] clientSecret, ClientType clientType, String[] redirectURIs,
            Map<String, Object> properties);

    /**
     * @return the issueClientSecretToPublicClients
     */
    public boolean isIssueClientSecretToPublicClients() {
        return issueClientSecretToPublicClients;
    }

    public void setDefaultSupportedFlow(ClientType clientType, Object[] flows) {
        if (flows == null) {
            throw new IllegalArgumentException("Flows cannot be null.");
        }
        for (Object o : flows) {
            if (!(o instanceof GrantType) || !(o instanceof ResponseType)) {
                throw new IllegalArgumentException("Unsupported flow type.");
            }
        }
        defaultSupportedFlow.put(clientType, flows);
    }

    /**
     * @param issueClientSecretToPublicClients
     *            the issueClientSecretToPublicClients to set
     */
    public void setIssueClientSecretToPublicClients(
            boolean issueClientSecretToPublicClients) {
        this.issueClientSecretToPublicClients = issueClientSecretToPublicClients;
    }
}