Source code

001/*******************************************************************************
002 * Copyright 2017 The MIT Internet Trust Consortium
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *   http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *******************************************************************************/
016
017package org.mitre.oauth2.assertion.impl;
018
019import java.text.ParseException;
020import java.util.Set;
021
022import org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory;
023import org.springframework.security.oauth2.common.util.OAuth2Utils;
024import org.springframework.security.oauth2.provider.ClientDetails;
025import org.springframework.security.oauth2.provider.OAuth2Request;
026import org.springframework.security.oauth2.provider.TokenRequest;
027
028import com.google.common.collect.Sets;
029import com.nimbusds.jwt.JWT;
030import com.nimbusds.jwt.JWTClaimsSet;
031
032/**
033 * Takes an assertion from a trusted source, looks for the fields:
034 *
035 *  - scope, space-separated list of strings
036 *  - aud, array of audience IDs
037 *
038 * @author jricher
039 *
040 */
041public class DirectCopyRequestFactory implements AssertionOAuth2RequestFactory {
042
043        /* (non-Javadoc)
044         * @see org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory#createOAuth2Request(org.springframework.security.oauth2.provider.ClientDetails, org.springframework.security.oauth2.provider.TokenRequest, com.nimbusds.jwt.JWT)
045         */
046        @Override
047        public OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest, JWT assertion) {
048
049                try {
050                        JWTClaimsSet claims = assertion.getJWTClaimsSet();
051                        Set<String> scope = OAuth2Utils.parseParameterList(claims.getStringClaim("scope"));
052
053                        Set<String> resources = Sets.newHashSet(claims.getAudience());
054
055                        return new OAuth2Request(tokenRequest.getRequestParameters(), client.getClientId(), client.getAuthorities(), true, scope, resources, null, null, null);
056                } catch (ParseException e) {
057                        return null;
058                }
059
060        }
061
062}