Package org.oa4mp.server.loader.oauth2.storage.transactions

Class OA2ServiceTransaction

  • All Implemented Interfaces:
    edu.uiuc.ncsa.security.core.cache.Cacheable, edu.uiuc.ncsa.security.core.DateComparable, edu.uiuc.ncsa.security.core.Identifiable, Serializable, Cloneable, org.oa4mp.delegation.server.server.OA2TransactionScopes, org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface
    public class OA2ServiceTransaction
extends OA4MPServiceTransaction
implements org.oa4mp.delegation.server.server.OA2TransactionScopes, org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface, edu.uiuc.ncsa.security.core.DateComparable

    Created by Jeff Gaynor
    on 2/28/14 at 1:46 PM

    See Also:
    Serialized Form

    • Field Detail

      • FLOW_STATE_KEY

        public String FLOW_STATE_KEY

      • CLAIMS_SOURCES_STATE_KEY

        public String CLAIMS_SOURCES_STATE_KEY

      • CLAIMS_SOURCES_STATE_KEY2

        public String CLAIMS_SOURCES_STATE_KEY2

      • CREATED_CALLBACK_KEY

        public String CREATED_CALLBACK_KEY

      • LOCAL_CONSENT_URI

        public String LOCAL_CONSENT_URI

      • PROXY_ACCESS_TOKEN_COMPLETE

        public String PROXY_ACCESS_TOKEN_COMPLETE

      • CLAIMS_KEY

        public String CLAIMS_KEY

      • SCRIPT_STATE_KEY

        public String SCRIPT_STATE_KEY

      • SCRIPT_STATE_SERIALZATION_VERSION_KEY

        public String SCRIPT_STATE_SERIALZATION_VERSION_KEY

      • AUDIENCE_KEY

        public String AUDIENCE_KEY

      • USE_TEMPLATES_KEY

        public String USE_TEMPLATES_KEY

      • RESOURCE_KEY

        public String RESOURCE_KEY

      • QUERIED_ACCESS_TOKEN_SCOPES_KEY

        public String QUERIED_ACCESS_TOKEN_SCOPES_KEY

      • RETURNED_ACCESS_TOKEN_JWT_KEY

        public String RETURNED_ACCESS_TOKEN_JWT_KEY

      • RETURNED_REFRESH_TOKEN_JWT_KEY

        public String RETURNED_REFRESH_TOKEN_JWT_KEY

      • RESPONSE_TYPE_KEY

        public static String RESPONSE_TYPE_KEY

      • proxyId

        public String proxyId

      • RFC862_STATE_KEY

        public static String RFC862_STATE_KEY

    • Constructor Detail

      • OA2ServiceTransaction

        public OA2ServiceTransaction​(edu.uiuc.ncsa.security.core.Identifier identifier)

    • Method Detail

      • isProxyAccessTokenComplete

        public boolean isProxyAccessTokenComplete()

      • setProxyAccessTokenComplete

        public void setProxyAccessTokenComplete​(boolean proxyAccessTokenComplete)

      • hasCreatedCallback

        public boolean hasCreatedCallback()

      • getCreatedCallback

        public String getCreatedCallback()
        This is the callback generated by the system during authorization and exactly what the user's browser is redirected to, if applicable.
        Returns:

      • setCreatedCallback

        public void setCreatedCallback​(String createdCallback)

      • hasLocalConsentUri

        public boolean hasLocalConsentUri()

      • getLocalConsentUri

        public String getLocalConsentUri()
        When this OA4MP instance is functioning as a proxy, the requesting service can have this client (optionally) forward the user back to an consent page on the reuqester. This means the user see two consent pages, one for this service (which probably has general scopes like openid, email) and one on the requester that has the specific scopes there (such as for SciTokens or WLCG).
        Returns:

      • setLocalConsentURI

        public void setLocalConsentURI​(String localConsentURI)

      • getProxyId

        public String getProxyId()
        Specified by:
        getProxyId in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setProxyId

        public void setProxyId​(String proxyId)
        Specified by:
        setProxyId in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • getCreationTS

        public Date getCreationTS()
        Specified by:
        getCreationTS in interface edu.uiuc.ncsa.security.core.DateComparable

      • getUserCode

        public String getUserCode()

      • setUserCode

        public void setUserCode​(String userCode)

      • getOA2Client

        public OA2Client getOA2Client()
        Convenience cast.
        Returns:

      • getFlowStates

        public FlowStates2 getFlowStates()
        Specified by:
        getFlowStates in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setProxyState

        public void setProxyState​(net.sf.json.JSONObject proxyState)
        Specified by:
        setProxyState in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • getProxyState

        public net.sf.json.JSONObject getProxyState()
        Specified by:
        getProxyState in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setRFC8628State

        public void setRFC8628State​(RFC8628State rfc8628State)

      • getAccessTokenLifetime

        public long getAccessTokenLifetime()
        Specified by:
        getAccessTokenLifetime in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setAccessTokenLifetime

        public void setAccessTokenLifetime​(long access_token_lifetime)

      • getIDTokenLifetime

        public long getIDTokenLifetime()

      • setIDTokenLifetime

        public void setIDTokenLifetime​(long idTokenLifetime)

      • getAudience

        public List<String> getAudience()
        Clients may send an audience which is used by some components (notable SciTokens) but is generally optional. This is a list of them. This is returned as the OA2Claims.AUDIENCE claim in JWT access tokens.

        Note: These are simply logical names that describe the audience, such as "ALL" or "ligo_cluster." Compare with getResource() which has a list of URIs for the same purpose.
        Specified by:
        getAudience in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface
        Returns:

      • setAudience

        public void setAudience​(List<String> audience)
        Specified by:
        setAudience in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • hasAudience

        public boolean hasAudience()

      • getUseTemplates

        public List<String> getUseTemplates()

      • setUseTemplates

        public void setUseTemplates​(List<String> templates)

      • hasUseTemplates

        public boolean hasUseTemplates()

      • getATReturnedOriginalScopes

        public Collection<String> getATReturnedOriginalScopes()
        The first set of returned scopes from the token endpoint. These are the maximum set of scopes that can be returned in an access token.
        Returns:

      • setATReturnedOriginalScopes

        public void setATReturnedOriginalScopes​(String s)

      • setATReturnedOriginalScopes

        public void setATReturnedOriginalScopes​(Collection<String> s)

      • hasATReturnedOriginalScopes

        public boolean hasATReturnedOriginalScopes()

      • getRefreshTokenExpiresAt

        public long getRefreshTokenExpiresAt()
        The actual time the refresh token in the transaction expires.
        Returns:

      • setRefreshTokenExpiresAt

        public void setRefreshTokenExpiresAt​(long refreshTokenExpiresAt)

      • isRFC8628Request

        public boolean isRFC8628Request()

      • setRFC8628Request

        public void setRFC8628Request​(boolean b)

      • getResource

        public List<String> getResource()
        Resources are URIs that are used as part of the OA2Claims.AUDIENCE claim in a (compound) access token.
        Specified by:
        getResource in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface
        Returns:

      • hasResource

        public boolean hasResource()

      • setResource

        public void setResource​(List<String> r)
        Specified by:
        setResource in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • getExtendedAttributes

        public net.sf.json.JSONObject getExtendedAttributes()
        Extended attributes are sent over the wire as specific requests.
        Specified by:
        getExtendedAttributes in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface
        Returns:

      • getAuthzGrantLifetime

        public long getAuthzGrantLifetime()
        Specified by:
        getAuthzGrantLifetime in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setAuthGrantLifetime

        public void setAuthGrantLifetime​(long lifetime)

      • setExtendedAttributes

        public void setExtendedAttributes​(net.sf.json.JSONObject jsonObject)
        Specified by:
        setExtendedAttributes in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setFlowStates

        public void setFlowStates​(org.oa4mp.delegation.server.jwt.FlowStates flowStates)
        Specified by:
        setFlowStates in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setClaimsSources

        public void setClaimsSources​(List<org.oa4mp.delegation.server.server.claims.ClaimSource> sources)
        Specified by:
        setClaimsSources in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • newCSSerialize

        protected void newCSSerialize​(List<org.oa4mp.delegation.server.server.claims.ClaimSource> sources)

      • oldCSSerialize

        protected void oldCSSerialize​(List<org.oa4mp.delegation.server.server.claims.ClaimSource> sources)

      • getClaimSources

        public List<org.oa4mp.delegation.server.server.claims.ClaimSource> getClaimSources​(OA2SE oa2SE)

      • getConfigToCS

        public ConfigtoCS getConfigToCS()

      • newCSDeserialize

        protected List<org.oa4mp.delegation.server.server.claims.ClaimSource> newCSDeserialize​(OA2SE oa2SE)
                                                                                throws Throwable
        Throws:
        Throwable

      • oldCSDeserialize

        protected List<org.oa4mp.delegation.server.server.claims.ClaimSource> oldCSDeserialize​(OA2SE oa2SE)
                                                                                throws Throwable
        Throws:
        Throwable

      • setScriptState

        public void setScriptState​(String scriptState)
        Script engines have the option to save their state between calls too. The argument is a (probably base 64 encoded) string that will be returned on request.
        Parameters:
        scriptState -

      • hasScriptStateSerializationVersion

        public boolean hasScriptStateSerializationVersion()

      • getScriptStateSerializationVersion

        public String getScriptStateSerializationVersion()

      • setScriptStateSerialzationVersion

        public void setScriptStateSerialzationVersion​(String version)

      • hasScriptState

        public boolean hasScriptState()

      • getScriptState

        public String getScriptState()

      • getUserMetaData

        public net.sf.json.JSONObject getUserMetaData()
        Specified by:
        getUserMetaData in interface org.oa4mp.delegation.server.server.OA2TransactionScopes
        Specified by:
        getUserMetaData in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setUserMetaData

        public void setUserMetaData​(net.sf.json.JSONObject claims)
        Specified by:
        setUserMetaData in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • getATData

        public net.sf.json.JSONObject getATData()
        Specified by:
        getATData in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setATData

        public void setATData​(net.sf.json.JSONObject atData)
        Specified by:
        setATData in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • getProvisioningAdminID

        public edu.uiuc.ncsa.security.core.Identifier getProvisioningAdminID()

      • setProvisioningAdminID

        public void setProvisioningAdminID​(edu.uiuc.ncsa.security.core.Identifier provisioningAdminID)
        Sets the provisioning admin partly so we don't have to look it up again and partly so that for very, very long lived transactions, there is absolutely no possibility that the VI can change.
        Parameters:
        provisioningAdminID -

      • getProvisioningClientID

        public edu.uiuc.ncsa.security.core.Identifier getProvisioningClientID()
        Set if this transaction is from a substitution. This is the ID of the client that originally started the flow.
        Returns:

      • setProvisioningClientID

        public void setProvisioningClientID​(edu.uiuc.ncsa.security.core.Identifier provisioningClientID)

      • setRTData

        public void setRTData​(net.sf.json.JSONObject rtData)

      • getRTData

        public net.sf.json.JSONObject getRTData()
        Specified by:
        getRTData in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • getResponseMode

        public String getResponseMode()

      • setResponseMode

        public void setResponseMode​(String mode)

      • hasResponseMode

        public boolean hasResponseMode()

      • getRequestedATLifetime

        public long getRequestedATLifetime()

      • getRequestedIDTLifetime

        public long getRequestedIDTLifetime()

      • setRequestedIDTLifetime

        public void setRequestedIDTLifetime​(long idtLifetime)

      • hasRequestedATLifetime

        public boolean hasRequestedATLifetime()

      • hasRequestedIDTLifetime

        public boolean hasRequestedIDTLifetime()

      • setRequestedATLifetime

        public void setRequestedATLifetime​(long atLifetime)

      • getRequestedRTLifetime

        public long getRequestedRTLifetime()

      • setRequestedRTLifetime

        public void setRequestedRTLifetime​(long rtLifetime)

      • hasRequestedRTLifetime

        public boolean hasRequestedRTLifetime()

      • getMaxAtLifetime

        public long getMaxAtLifetime()

      • setMaxATLifetime

        public void setMaxATLifetime​(long max)

      • getMaxIDTLifetime

        public long getMaxIDTLifetime()

      • setMaxIDTLifetime

        public void setMaxIDTLifetime​(long max)

      • hasMaxATLifetime

        public boolean hasMaxATLifetime()

      • hasMaxIDTLifetime

        public boolean hasMaxIDTLifetime()

      • getMaxRtLifetime

        public long getMaxRtLifetime()

      • setMaxRTLifetime

        public void setMaxRTLifetime​(long max)

      • hasMaxRTLifetime

        public boolean hasMaxRTLifetime()

      • hasCodeChallenge

        public boolean hasCodeChallenge()

      • getCodeChallenge

        public String getCodeChallenge()

      • setCodeChallenge

        public void setCodeChallenge​(String codeChallenge)

      • getCodeChallengeMethod

        public String getCodeChallengeMethod()

      • setCodeChallengeMethod

        public void setCodeChallengeMethod​(String codeChallengeMethod)

      • hasAuthTime

        public boolean hasAuthTime()

      • getAuthTime

        public Date getAuthTime()

      • setAuthTime

        public void setAuthTime​(Date authTime)

      • getScopes

        public Collection<String> getScopes()
        The resolved scopes for this transaction. This means that the intersection of the client's allowed scopes, the client's requested scopes and the scopes enabled on the server are placed here. This should be passed to anything that needs the scopes (e.g. a ClaimSource.
        Specified by:
        getScopes in interface org.oa4mp.delegation.server.server.OA2TransactionScopes
        Specified by:
        getScopes in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface
        Returns:

      • setScopes

        public void setScopes​(Collection<String> scopes)
        The scopes requested by the client. This does not mean they are all allowed, just so we have a list of them. This does cut out repeated scopes, since some client do things like send "openid openid openid email email email email email"
        Specified by:
        setScopes in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface
        Parameters:
        scopes -

      • getNonce

        public String getNonce()

      • setNonce

        public void setNonce​(String nonce)

      • isRefreshTokenValid

        public boolean isRefreshTokenValid()

      • setRefreshTokenValid

        public void setRefreshTokenValid​(boolean refreshTokenValid)

      • getRefreshTokenLifetime

        public long getRefreshTokenLifetime()
        This is, unfortunately, overloaded. It is the initial lifetime allowed by the client and may be set in the registration. If <=0 then refresh tokens are disabled. The actual expiration for the refresh token in the transaction is found in refreshTokenExpiresAt.
        Specified by:
        getRefreshTokenLifetime in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface
        Returns:

      • setRefreshTokenLifetime

        public void setRefreshTokenLifetime​(long refreshTokenLifetime)

      • getRequestState

        public String getRequestState()
        This is the state parameter in the initial request, if present
        Returns:

      • setRequestState

        public void setRequestState​(String requestState)

      • hasRefreshToken

        public boolean hasRefreshToken()

      • setRefreshToken

        public void setRefreshToken​(RefreshToken refreshToken)

      • toString

        public String toString()
        Overrides:
        toString in class org.oa4mp.delegation.server.ServiceTransaction

      • getValidatedScopes

        public Collection<String> getValidatedScopes()
        The scopes that the user actually consented to on the user consent page. These are set once and never updated to prevent up scoping.
        Returns:

      • setValidatedScopes

        public void setValidatedScopes​(Collection<String> validatedScopes)

      • setQueriedATScopes

        public void setQueriedATScopes​(Collection<String> queriedATScopes)

      • getATJWT

        public String getATJWT()
        If an JWT access token was returned, a copy is saved here.
        Returns:

      • setATJWT

        public void setATJWT​(String atJWT)

      • getRTJWT

        public String getRTJWT()
        If an JWT refresh token was returned, a copy is saved here.
        Returns:

      • setRTJWT

        public void setRTJWT​(String rtJWT)

      • firstSix

        protected String firstSix​(URI id)
        Get the last 6 characters of the unique part of an identifer
        Parameters:
        id -
        Returns:

      • getIDTokenIdentifier

        public String getIDTokenIdentifier()
        Specified by:
        getIDTokenIdentifier in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • setIDTokenIdentifier

        public void setIDTokenIdentifier​(String idTokenIdentifier)
        Specified by:
        setIDTokenIdentifier in interface org.oa4mp.delegation.server.server.OIDCServiceTransactionInterface

      • summary

        public String summary()
        Summary for debugging.
        Returns:

      • getResponseTypes

        public List<String> getResponseTypes()
        Overrides:
        getResponseTypes in class org.oa4mp.delegation.server.ServiceTransaction

      • setResponseTypes

        public void setResponseTypes​(List<String> responseTypes)