|
|
@ -1,21 +1,27 @@ |
|
|
|
/* © SRSoftware 2024 */ |
|
|
|
/* © SRSoftware 2024 */ |
|
|
|
package de.srsoftware.oidc.backend; |
|
|
|
package de.srsoftware.oidc.backend; |
|
|
|
|
|
|
|
|
|
|
|
import static de.srsoftware.oidc.api.Constants.ATUH_CODE; |
|
|
|
import static de.srsoftware.oidc.api.Constants.*; |
|
|
|
import static de.srsoftware.oidc.api.Constants.GRANT_TYPE; |
|
|
|
|
|
|
|
import static java.lang.System.Logger.Level.ERROR; |
|
|
|
import static java.lang.System.Logger.Level.ERROR; |
|
|
|
import static java.lang.System.Logger.Level.WARNING; |
|
|
|
import static java.lang.System.Logger.Level.WARNING; |
|
|
|
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST; |
|
|
|
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST; |
|
|
|
import static java.net.HttpURLConnection.HTTP_NOT_FOUND; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import com.sun.net.httpserver.HttpExchange; |
|
|
|
import com.sun.net.httpserver.HttpExchange; |
|
|
|
|
|
|
|
import de.srsoftware.oidc.api.Client; |
|
|
|
|
|
|
|
import de.srsoftware.oidc.api.ClientService; |
|
|
|
import de.srsoftware.oidc.api.PathHandler; |
|
|
|
import de.srsoftware.oidc.api.PathHandler; |
|
|
|
import java.io.IOException; |
|
|
|
import java.io.IOException; |
|
|
|
import java.util.Arrays; |
|
|
|
import java.util.*; |
|
|
|
import java.util.Map; |
|
|
|
|
|
|
|
import java.util.stream.Collectors; |
|
|
|
import java.util.stream.Collectors; |
|
|
|
|
|
|
|
import org.json.JSONObject; |
|
|
|
|
|
|
|
|
|
|
|
public class TokenController extends PathHandler { |
|
|
|
public class TokenController extends PathHandler { |
|
|
|
|
|
|
|
private final ClientService clients; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public TokenController(ClientService clientService) { |
|
|
|
|
|
|
|
clients = clientService; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private Map<String, String> deserialize(String body) { |
|
|
|
private Map<String, String> deserialize(String body) { |
|
|
|
return Arrays.stream(body.split("&")).map(s -> s.split("=")).collect(Collectors.toMap(arr -> arr[0], arr -> arr[1])); |
|
|
|
return Arrays.stream(body.split("&")).map(s -> s.split("=")).collect(Collectors.toMap(arr -> arr[0], arr -> arr[1])); |
|
|
|
} |
|
|
|
} |
|
|
@ -32,10 +38,36 @@ public class TokenController extends PathHandler { |
|
|
|
|
|
|
|
|
|
|
|
private boolean provideToken(HttpExchange ex) throws IOException { |
|
|
|
private boolean provideToken(HttpExchange ex) throws IOException { |
|
|
|
var map = deserialize(body(ex)); |
|
|
|
var map = deserialize(body(ex)); |
|
|
|
|
|
|
|
// TODO: check Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
|
|
|
|
|
|
|
|
// TODO: check Redirect URL
|
|
|
|
LOG.log(WARNING, "post data: {0}", map); |
|
|
|
LOG.log(WARNING, "post data: {0}", map); |
|
|
|
LOG.log(ERROR, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName()); |
|
|
|
LOG.log(ERROR, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName()); |
|
|
|
var grantType = map.get(GRANT_TYPE); |
|
|
|
var grantType = map.get(GRANT_TYPE); |
|
|
|
if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType)); |
|
|
|
if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType)); |
|
|
|
return sendEmptyResponse(HTTP_NOT_FOUND, ex); |
|
|
|
var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient); |
|
|
|
|
|
|
|
if (optClient.isEmpty()) { |
|
|
|
|
|
|
|
LOG.log(ERROR, "client not found"); |
|
|
|
|
|
|
|
return sendEmptyResponse(HTTP_BAD_REQUEST, ex); |
|
|
|
|
|
|
|
// TODO: send correct response
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
var secretFromClient = map.get(CLIENT_SECRET); |
|
|
|
|
|
|
|
var client = optClient.get(); |
|
|
|
|
|
|
|
if (!client.secret().equals(secretFromClient)) { |
|
|
|
|
|
|
|
LOG.log(ERROR, "client secret mismatch"); |
|
|
|
|
|
|
|
return sendEmptyResponse(HTTP_BAD_REQUEST, ex); |
|
|
|
|
|
|
|
// TODO: send correct response
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
String jwToken = createJWT(client); |
|
|
|
|
|
|
|
ex.getResponseHeaders().add("Cache-Control", "no-store"); |
|
|
|
|
|
|
|
JSONObject response = new JSONObject(); |
|
|
|
|
|
|
|
response.put(ACCESS_TOKEN, UUID.randomUUID().toString()); // TODO: wofür genau wird der verwendet, was gilt es hier zu beachten
|
|
|
|
|
|
|
|
response.put(TOKEN_TYPE, BEARER); |
|
|
|
|
|
|
|
response.put(EXPIRES_IN, 3600); |
|
|
|
|
|
|
|
response.put(ID_TOKEN, jwToken); |
|
|
|
|
|
|
|
return sendContent(ex, response); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private String createJWT(Client client) { |
|
|
|
|
|
|
|
return null; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|