/** {@inheritDoc} */
public void updateAuthorizationCode(AuthorizationCode authorizationCode) {
deleteAuthorizationCode(authorizationCode.getTokenId());
// Store in CTS
try {
tokenStore.create(authorizationCode);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = {"UPDATED_AUTHORIZATION_CODE", authorizationCode.toString()};
auditLogger.logAccessMessage("CREATED_AUTHORIZATION_CODE", obs, null);
}
} catch (CoreTokenException e) {
if (auditLogger.isAuditLogEnabled()) {
String[] obs = {"FAILED_UPDATE_AUTHORIZATION_CODE", authorizationCode.toString()};
auditLogger.logErrorMessage("FAILED_UPDATE_AUTHORIZATION_CODE", obs, null);
}
logger.error(
"DefaultOAuthTokenStoreImpl::Unable to create authorization code "
+ authorizationCode.getTokenInfo(),
e);
throw new OAuthProblemException(
Status.SERVER_ERROR_INTERNAL.getCode(),
"Internal error",
"Could not create token in CTS",
null);
}
}
/** For c_hash, used when code and id_token exist in scope. */
private String generateCHash(
String algorithm, OAuth2Request request, OAuth2ProviderSettings providerSettings)
throws ServerException {
final AuthorizationCode authorizationCode = request.getToken(AuthorizationCode.class);
if (authorizationCode == null) {
logger.message("c_hash generation requires an existing code.");
return null;
}
final String codeValue = authorizationCode.getTokenId();
return generateHash(algorithm, codeValue, providerSettings);
}
/** {@inheritDoc} */
public RefreshToken createRefreshToken(
String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request)
throws ServerException, NotFoundException {
final String realm = realmNormaliser.normalise(request.<String>getParameter(REALM));
logger.message("Create refresh token");
OpenIdConnectClientRegistration clientRegistration = getClientRegistration(clientId, request);
final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
final String id = UUID.randomUUID().toString();
final String auditId = UUID.randomUUID().toString();
final long lifeTime;
if (clientRegistration == null) {
lifeTime = providerSettings.getRefreshTokenLifetime();
} else {
lifeTime = clientRegistration.getRefreshTokenLifeTime(providerSettings);
}
long expiryTime = lifeTime < 0 ? -1 : lifeTime + System.currentTimeMillis();
AuthorizationCode token = request.getToken(AuthorizationCode.class);
String authModules = null;
String acr = null;
if (token != null) {
authModules = token.getAuthModules();
acr = token.getAuthenticationContextClassReference();
}
RefreshToken currentRefreshToken = request.getToken(RefreshToken.class);
if (currentRefreshToken != null) {
authModules = currentRefreshToken.getAuthModules();
acr = currentRefreshToken.getAuthenticationContextClassReference();
}
RefreshToken refreshToken =
new OpenAMRefreshToken(
id,
resourceOwnerId,
clientId,
redirectUri,
scope,
expiryTime,
OAuth2Constants.Bearer.BEARER,
OAuth2Constants.Token.OAUTH_REFRESH_TOKEN,
grantType,
realm,
authModules,
acr,
auditId);
try {
tokenStore.create(refreshToken);
if (auditLogger.isAuditLogEnabled()) {
String[] obs = {"CREATED_REFRESH_TOKEN", refreshToken.toString()};
auditLogger.logAccessMessage("CREATED_REFRESH_TOKEN", obs, null);
}
} catch (CoreTokenException e) {
if (auditLogger.isAuditLogEnabled()) {
String[] obs = {"FAILED_CREATE_REFRESH_TOKEN", refreshToken.toString()};
auditLogger.logErrorMessage("FAILED_CREATE_REFRESH_TOKEN", obs, null);
}
logger.error("Unable to create refresh token: " + refreshToken.getTokenInfo(), e);
throw new ServerException("Could not create token in CTS: " + e.getMessage());
}
request.setToken(RefreshToken.class, refreshToken);
return refreshToken;
}