package code;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import org.apache.commons.codec.binary.Base64;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
public class ObtainToken implements HttpHandler{
private KeyCloak kcs;
private String state;
private String codeVerifier;
public ObtainToken(KeyCloak kcs) {
this.kcs = kcs;
}
@Override
public void handle(HttpExchange exchange) throws IOException {
URI requestURI = exchange.getRequestURI();
String stringURI = requestURI.toString();
boolean wantsRedirectPage = Helper.compareText(stringURI,URI.create("/").toString());
boolean wantsToken = Helper.compareText(stringURI,URI.create("/secured").toString());
if(wantsToken)
System.out.println("URI = "+exchange.getRequestURI().getPath());
if(!wantsRedirectPage && !wantsToken) {
String error = "Invalid URI";
OutputStream os = exchange.getResponseBody();
exchange.sendResponseHeaders(400, error.getBytes().length);
os.write(error.getBytes());
os.close();
return;
}
String requestMethod = exchange.getRequestMethod();
if (Helper.compareText(requestMethod, "GET")) {
if(wantsRedirectPage) {
codeVerifier = createRandomString();
try {
String codeChallenge = createCodeChallenge(codeVerifier);
state = createRandomString(); //An opaque arbitrary alphanumeric string your app adds to the initial request that Auth0 includes when redirecting back to your application.
String nonce = "a81e1a84-8885-4702-b8d1-f6c5a0d1fc4d";
// System.out.println("CODE VERIFIER = "+codeVerifier);
// get the html page
List<String> strlist = new ArrayList<>();
String response = null;
response = getRedirectPage();
strlist.add("text/html");
if(response != null && !Helper.compareText(response, "fail")){
response = response.replace("$DOMAIN", kcs.authServer())
.replace("$REALM", kcs.realm())
.replace("$MY_CODE_CHALLENGE", codeChallenge)
.replace("$MY_CLIENT_ID", kcs.clientId())
.replace("$MY_REDIRECT_URI", kcs.redirectUri())
.replace("$MY_NONCE",nonce)
.replace("$MY_STATE", state);
exchange.getResponseHeaders().put("content-type", strlist);
exchange.sendResponseHeaders(200, response.getBytes().length);
OutputStream os = exchange.getResponseBody();
os.write(response.getBytes());
os.close();
} else {
exchange.sendResponseHeaders(500, response.getBytes().length);
OutputStream os = exchange.getResponseBody();
os.write(response.getBytes());
os.close();
}
} catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
System.out.println("Error during creation of code challenge");
}
}
if(wantsToken) {
// NON FUNZIONA PERCHE' LA
String[] arr = stringURI.split("/secured");
for(int i=0; i<arr.length; i++)
System.out.println(arr[i]);
System.out.println("lunghezza = "+arr.length);
String allParamsString = stringURI.split("/secured")[1];
System.out.println("allParamsString = "+allParamsString);
String[] allParamsArray = allParamsString.split("&");
String state = allParamsArray[0];
if(!this.state.equals(state)) {
Helper.badRequest(exchange);
return;
}
String authCode = allParamsArray[2];
// request token
String httpsURL = "http://"+kcs.authServer()+"/realms/"+kcs.realm()+"/protocol/openid-connect/token";
URL myUrl = new URL(httpsURL);
// SSLUtilities.trustAllHttpsCertificates();
// SSLUtilities.trustAllHostnames();
HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection();
conn.setReadTimeout(7000);
conn.setConnectTimeout(7000);
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestProperty("content-type", "application/x-www-form-urlencoded");
String body = "grant_type=authorization_code"
+ "&client_id="+kcs.clientId()
+ "&code_verifier="+codeVerifier
+ "&code="+authCode
+ "&redirect_uri=https://localhost:3000/secured";
OutputStream outputStream = conn.getOutputStream();
outputStream.write(body.getBytes("UTF-8"));
outputStream.close();
String inputLine;
InputStream is = conn.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String response = "";
while ((inputLine = br.readLine()) != null) {
response += inputLine;
}
br.close();
System.out.println(response);
// String answer = response.replace(remoteHOST,localHOST);
}
} else {
Helper.methodNotAllowed(exchange);
}
}
private static String getRedirectPage() {
String line;
String page = Server.CLIENT_PATH+"/redirect.html";
StringBuilder answer = new StringBuilder();
if (getExtension(page).length() == 0)
page += ".html";
BufferedReader bufferedReader = null;
try {
FileReader fileReader = new FileReader(page);
bufferedReader = new BufferedReader(fileReader);
boolean isComment = false;
while ((line = bufferedReader.readLine()) != null) {
line = line.trim();
if(line.startsWith("<!--") && line.endsWith("-->")) {
continue;
}
if(line.startsWith("<!--")) {
isComment = true;
continue;
}
if(line.endsWith("-->")) {
isComment = false;
continue;
}
if(!isComment && line.length()>0)
answer.append(line).append("\n");
}
} catch (FileNotFoundException ex) {
System.out.println("Unable to open file '" + page + "'");
return "fail";
} catch (IOException ex) {
System.out.println("Error reading file '" + page + "'");
return "fail";
} finally {
try{
if(bufferedReader != null)
bufferedReader.close();
} catch (IOException ex){
System.out.println("Error closing bufferedReader");
}
}
return answer.toString();
}
private static String getExtension(String file) {
int i = file.length() - 1;
while (i > 0 && file.charAt(i) != '.' && file.charAt(i) != '/')
i--;
if (file.charAt(i) == '.')
return file.substring(i + 1);
else
return "";
}
private String createRandomString() {
SecureRandom sr = new SecureRandom();
byte[] code = new byte[32];
sr.nextBytes(code);
return java.util.Base64.getUrlEncoder().withoutPadding().encodeToString(code);
}
private String createCodeChallenge(String verifier) throws UnsupportedEncodingException, NoSuchAlgorithmException {
byte[] bytes = verifier.getBytes("US-ASCII");
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(bytes, 0, bytes.length);
byte[] digest = md.digest();
return Base64.encodeBase64URLSafeString(digest);
}
}