implementation of IDP renew transaction

i4mi · Jun 19, 2024 · 09be824 · 09be824
1 parent 07565dc
commit 09be824
Show file tree

Hide file tree

Showing 11 changed files with 613 additions and 11 deletions.
diff --git a/pom.xml b/pom.xml
@@ -17,7 +17,7 @@
 		<maven.compiler.target>1.11</maven.compiler.target>
 		<maven.build.timestamp.format>yyyy-MM-dd HH:mm:ss</maven.build.timestamp.format>
 
-		<java.version>11</java.version>
+		<java.version>15</java.version>
 
 		<!-- plugins -->
 		<compiler-plugin-version>3.10.1</compiler-plugin-version>
@@ -258,6 +258,11 @@
           <artifactId>opensaml</artifactId>
           <version>${opensaml-version}</version>
         </dependency>
+		<dependency>
+			<groupId>org.glassfish.jersey.core</groupId>
+			<artifactId>jersey-common</artifactId>
+			<version>2.43</version>
+		</dependency>
 
         <dependency>
           <groupId>org.apache.camel</groupId>

diff --git a/src/main/java/ch/bfh/ti/i4mi/mag/xua/AssertionFromIdpTokenRouteBuilder.java b/src/main/java/ch/bfh/ti/i4mi/mag/xua/AssertionFromIdpTokenRouteBuilder.java
@@ -60,7 +60,7 @@ public void configure() throws Exception {
 		    // identity provider assertions cached in spring security session
 		    // this is unrelated to the IDP provider cookie set by the IDP itself
 		    .process(Utils.endHttpSession())
-
+		    .setProperty("oauthrequest").method(TokenRenew.class, "emptyAuthRequest")		    
 		    .bean(AuthRequestConverter.class, "buildAssertionRequestFromIdp")
 			.bean(Iti40RequestGenerator.class, "buildAssertion")			
 			.removeHeaders("*", "scope")

diff --git a/src/main/java/ch/bfh/ti/i4mi/mag/xua/AuthRequestConverter.java b/src/main/java/ch/bfh/ti/i4mi/mag/xua/AuthRequestConverter.java
@@ -16,12 +16,15 @@
 
 package ch.bfh.ti.i4mi.mag.xua;
 
+import java.io.UnsupportedEncodingException;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 import java.util.Map;
 
 import javax.ws.rs.BadRequestException;
 
 import org.apache.camel.Body;
+import org.apache.camel.ExchangeProperty;
 import org.apache.camel.Header;
 import org.apache.camel.Headers;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -31,6 +34,7 @@
 import org.springframework.stereotype.Component;
 
 import ca.uhn.fhir.rest.server.exceptions.InvalidRequestException;
+import net.sourceforge.plantuml.utils.Log;
 
 /**
  * Convert OAuth2 request to SAML Assertion Request
@@ -86,7 +90,7 @@ public AuthenticationRequest buildAuthenticationRequest(
 		return request;
 	}
 
-	public AssertionRequest buildAssertionRequest(@Header("response_type") String responseType, @Header("oauthrequest") AuthenticationRequest request) throws AuthException {
+	public AssertionRequest buildAssertionRequest(@Header("response_type") String responseType, @ExchangeProperty("oauthrequest") AuthenticationRequest request) throws AuthException {
 
 		if (!"code".equals(responseType)) throw new AuthException(400, "invalid_request", "response_type must be 'code'");
 
@@ -107,6 +111,15 @@ private String decode(String in) {
 	public AssertionRequest buildAssertionRequestFromIdp(@Body String authorization, @Header("scope") String scope) throws AuthException {
 		return buildAssertionRequestInternal(authorization, scope);
 	}
+
+	public AssertionRequest buildAssertionRequestFromToken(@Body String authorization, @Header("scope") String scope) throws AuthException {
+
+	    try {
+	    authorization = new String(Base64.getDecoder().decode(authorization), "UTF-8");
+	    } catch (UnsupportedEncodingException e) {}
+
+        return buildAssertionRequestInternal(authorization, scope);
+    }
 
 	private AssertionRequest buildAssertionRequestInternal(Object authorization, String scope) throws AuthException {
 

diff --git a/src/main/java/ch/bfh/ti/i4mi/mag/xua/AuthResponseConverter.java b/src/main/java/ch/bfh/ti/i4mi/mag/xua/AuthResponseConverter.java
@@ -21,6 +21,7 @@
 import java.net.URLEncoder;
 
 import org.apache.camel.Body;
+import org.apache.camel.ExchangeProperty;
 import org.apache.camel.Header;
 import org.apache.commons.lang.RandomStringUtils;
 import org.apache.cxf.binding.soap.SoapFault;
@@ -37,7 +38,7 @@ public class AuthResponseConverter {
 	@Autowired
 	private Cache<String, AuthenticationRequest> codeToToken;	
 
-	public String handle(@Body String assertion, @Header("oauthrequest") AuthenticationRequest request) throws UnsupportedEncodingException  {
+	public String handle(@Body String assertion, @ExchangeProperty("oauthrequest") AuthenticationRequest request) throws UnsupportedEncodingException  {
 
 		String returnurl = request.getRedirect_uri();
 		String state = request.getState();		
@@ -54,7 +55,7 @@ public String handle(@Body String assertion, @Header("oauthrequest") Authenticat
 		return returnurl;
 	}
 
-	public String handleerror(@Header("oauthrequest") AuthenticationRequest request, @Body AuthException exception) throws UnsupportedEncodingException{
+	public String handleerror(@ExchangeProperty("oauthrequest") AuthenticationRequest request, @Body AuthException exception) throws UnsupportedEncodingException{
 
 		String returnurl = request.getRedirect_uri();
 		String state = request.getState();		
@@ -68,7 +69,7 @@ public String handleerror(@Header("oauthrequest") AuthenticationRequest request,
 		return returnurl;
 	}
 
-	public String handlesoaperror(@Header("oauthrequest") AuthenticationRequest request, @Body SoapFault exception) throws UnsupportedEncodingException{
+	public String handlesoaperror(@ExchangeProperty("oauthrequest") AuthenticationRequest request, @Body SoapFault exception) throws UnsupportedEncodingException{
 
 		String returnurl = request.getRedirect_uri();
 		String state = request.getState();		

diff --git a/src/main/java/ch/bfh/ti/i4mi/mag/xua/AuthenticationRequest.java b/src/main/java/ch/bfh/ti/i4mi/mag/xua/AuthenticationRequest.java
@@ -39,6 +39,8 @@ public class AuthenticationRequest {
 
 	private String assertion;
 
+	private String idpAssertion;
+
 	private String code_challenge;
 
 }
diff --git a/src/main/java/ch/bfh/ti/i4mi/mag/xua/Iti71RouteBuilder.java b/src/main/java/ch/bfh/ti/i4mi/mag/xua/Iti71RouteBuilder.java
@@ -64,16 +64,16 @@ public void configure() throws Exception {
 
 		from(String.format("servlet://%s?matchOnUriPrefix=true", AUTHORIZE_PATH)).routeId("iti71")
 		.doTry()
-		    .setHeader("oauthrequest").method(converter, "buildAuthenticationRequest")
+		    .setProperty("oauthrequest").method(converter, "buildAuthenticationRequest")
 
 		    // end spring security session in order to prevent use of already expired
 		    // identity provider assertions cached in spring security session
 		    // this is unrelated to the IDP provider cookie set by the IDP itself
 		    .process(Utils.endHttpSession())
 
 		    .bean(AuthRequestConverter.class, "buildAssertionRequest")
-			.bean(Iti40RequestGenerator.class, "buildAssertion")
-
+		    .bean(TokenRenew.class, "keepIdpAssertion")
+			.bean(Iti40RequestGenerator.class, "buildAssertion")			
 			.removeHeaders("*","oauthrequest")
 			.setHeader(CxfConstants.OPERATION_NAME,
 			        constant("Issue"))

diff --git a/src/main/java/ch/bfh/ti/i4mi/mag/xua/OAuth2TokenResponse.java b/src/main/java/ch/bfh/ti/i4mi/mag/xua/OAuth2TokenResponse.java
@@ -29,6 +29,8 @@ public class OAuth2TokenResponse {
 
 	private String access_token;
 
+	private String refresh_token;
+
 	private String token_type;
 
 	private long expires_in;