// Access 토큰을 refresh함.
private TokenVO refreshToken(String clientRefreshToken) throws OAuth2Exception {
TokenVO tempVO = new TokenVO();
tempVO.setRefresh_token(clientRefreshToken);
TokenVO tVO = null;
try {
tVO = dao.selectRefreshToken(tempVO);
} catch (Exception e) {
e.printStackTrace();
throw new OAuth2Exception(500, OAuth2ErrorConstant.SERVER_ERROR);
}
if (tVO == null) {
throw new OAuth2Exception(401, OAuth2ErrorConstant.INVALID_TOKEN);
}
tVO.setAccess_token(OAuth2Util.generateToken());
tVO.setCreated_at(OAuth2Util.getCurrentTimeStamp());
try {
dao.updateAccessToken(tVO);
} catch (Exception e) {
e.printStackTrace();
throw new OAuth2Exception(401, OAuth2ErrorConstant.INVALID_TOKEN);
}
return tVO;
}
// grant_type이 authorization_code일 때
private ResponseAccessTokenVO refreshTokenFlow(
RequestAccessTokenVO ratVO, HttpServletRequest request) throws OAuth2Exception {
// 1. 전달된 refresh Token과
// GET 방식일 때는 Client ID와 Client Secret은 Authorization Header를 통해 전달되어야 함.
if (request.getMethod().equalsIgnoreCase("GET")) {
String authHeader = (String) request.getHeader("Authorization");
if (authHeader == null || authHeader.equals("")) {
throw new OAuth2Exception(400, OAuth2ErrorConstant.INVALID_PARAMETER);
}
// Basic 인증 헤더 파싱
OAuth2Util.parseBasicAuthHeader(authHeader, ratVO);
}
// 2. ClientID, Secret 모두 전달되었는지 여부 --> 존재 여부 확인
if (ratVO.getClient_id() == null || ratVO.getClient_secret() == null) {
throw new OAuth2Exception(400, OAuth2ErrorConstant.INVALID_PARAMETER);
}
// 3. clientID 와 client_secret의 일치여부
ClientVO cVOTemp = new ClientVO();
cVOTemp.setClient_id(ratVO.getClient_id());
ClientVO cVO = null;
try {
cVO = dao.getClientOne(cVOTemp);
} catch (Exception e) {
throw new OAuth2Exception(500, OAuth2ErrorConstant.SERVER_ERROR);
}
if (cVO == null) {
throw new OAuth2Exception(500, OAuth2ErrorConstant.UNAUTHORIZED_CLIENT);
}
if (ratVO.getClient_secret() != null
&& !cVO.getClient_secret().equals(ratVO.getClient_secret())) {
throw new OAuth2Exception(500, OAuth2ErrorConstant.UNAUTHORIZED_CLIENT);
}
// 4. refresh token의 일치 여부
if (ratVO.getRefresh_token() == null) {
throw new OAuth2Exception(400, OAuth2ErrorConstant.INVALID_PARAMETER);
}
TokenVO tVOTemp = new TokenVO();
tVOTemp.setRefresh_token(ratVO.getRefresh_token());
TokenVO tVO = null;
try {
tVO = dao.selectRefreshToken(tVOTemp);
} catch (Exception e) {
e.printStackTrace();
throw new OAuth2Exception(500, OAuth2ErrorConstant.SERVER_ERROR);
}
if (tVO == null) {
throw new OAuth2Exception(400, OAuth2ErrorConstant.INVALID_TOKEN);
}
// 5. TokenVO의 accessToken 갱신 --> DB 업데이트 -->
// --> refreshToken 값 없이 ResponseAccessTokenVO객체 생성 --> JSON 포맷으로 응답
tVO.setAccess_token(OAuth2Util.generateToken());
tVO.setCreated_at(OAuth2Util.getCurrentTimeStamp());
try {
dao.updateAccessToken(tVO);
} catch (Exception e) {
e.printStackTrace();
throw new OAuth2Exception(500, OAuth2ErrorConstant.SERVER_ERROR);
}
ResponseAccessTokenVO resVO =
new ResponseAccessTokenVO(
tVO.getAccess_token(),
tVO.getToken_type(),
tVO.getExpires_in(),
null,
ratVO.getState(),
tVO.getCreated_at());
return resVO;
}