001/* 002 * (C) Copyright 2014 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Arnaud Kervern 018 */ 019package org.nuxeo.ecm.platform.oauth2.request; 020 021import static org.nuxeo.ecm.platform.oauth2.Constants.ASSERTION_PARAM; 022import static org.nuxeo.ecm.platform.oauth2.Constants.AUTHORIZATION_CODE_PARAM; 023import static org.nuxeo.ecm.platform.oauth2.Constants.CLIENT_SECRET_PARAM; 024import static org.nuxeo.ecm.platform.oauth2.Constants.CODE_VERIFIER_PARAM; 025import static org.nuxeo.ecm.platform.oauth2.Constants.GRANT_TYPE_PARAM; 026import static org.nuxeo.ecm.platform.oauth2.Constants.REFRESH_TOKEN_PARAM; 027 028import javax.servlet.http.HttpServletRequest; 029 030/** 031 * @author <a href="mailto:ak@nuxeo.com">Arnaud Kervern</a> 032 * @since 5.9.2 033 */ 034public class TokenRequest extends OAuth2Request { 035 036 protected static final String BASIC_AUTHENTICATION_HEADER_PREFIX = "basic "; 037 038 protected String grantType; 039 040 protected String code; 041 042 protected String clientSecret; 043 044 protected String refreshToken; 045 046 protected String codeVerifier; 047 048 protected String assertion; 049 050 public TokenRequest(HttpServletRequest request) { 051 super(request); 052 grantType = request.getParameter(GRANT_TYPE_PARAM); 053 code = request.getParameter(AUTHORIZATION_CODE_PARAM); 054 clientSecret = request.getParameter(CLIENT_SECRET_PARAM); 055 refreshToken = request.getParameter(REFRESH_TOKEN_PARAM); 056 codeVerifier = request.getParameter(CODE_VERIFIER_PARAM); 057 assertion = request.getParameter(ASSERTION_PARAM); 058 059 checkAuthorization(request); 060 } 061 062 protected void checkAuthorization(HttpServletRequest request) { 063 final String authorization = request.getHeader("Authorization"); 064 if (authorization != null && authorization.toLowerCase().startsWith(BASIC_AUTHENTICATION_HEADER_PREFIX)) { 065 // Authorization: Basic base64credentials 066 String base64Credentials = authorization.substring(BASIC_AUTHENTICATION_HEADER_PREFIX.length()).trim(); 067 byte[] decodedCredentials = java.util.Base64.getDecoder().decode(base64Credentials); 068 String credentials = new String(decodedCredentials, java.nio.charset.StandardCharsets.UTF_8); 069 // credentials = client_id:secret 070 String[] values = credentials.split(":", 2); 071 if (values.length == 2) { 072 clientId = values[0]; 073 clientSecret = values[1]; 074 } 075 } 076 } 077 078 public String getGrantType() { 079 return grantType; 080 } 081 082 public String getCode() { 083 return code; 084 } 085 086 public String getClientSecret() { 087 return clientSecret; 088 } 089 090 public String getRefreshToken() { 091 return refreshToken; 092 } 093 094 public String getCodeVerifier() { 095 return codeVerifier; 096 } 097 098 /** 099 * @since 11.1 100 */ 101 public String getAssertion() { 102 return assertion; 103 } 104}