Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 34 |
|
0.00% |
0 / 10 |
CRAP | |
0.00% |
0 / 1 |
Security | |
0.00% |
0 / 34 |
|
0.00% |
0 / 10 |
182 | |
0.00% |
0 / 1 |
oauth | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
6 | |||
jwks | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
oidc | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
6 | |||
oidcInitiation | |
0.00% |
0 / 7 |
|
0.00% |
0 / 1 |
6 | |||
getKeyChainRepository | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getPlatformKeyChainRepository | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getAuthorizationServerFactory | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getJwksRepository | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getOidcLoginAuthenticator | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getAccessTokenGenerator | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | |
3 | /** |
4 | * This program is free software; you can redistribute it and/or |
5 | * modify it under the terms of the GNU General Public License |
6 | * as published by the Free Software Foundation; under version 2 |
7 | * of the License (non-upgradable). |
8 | * |
9 | * This program is distributed in the hope that it will be useful, |
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
12 | * GNU General Public License for more details. |
13 | * |
14 | * You should have received a copy of the GNU General Public License |
15 | * along with this program; if not, write to the Free Software |
16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
17 | * |
18 | * Copyright (c) 2020 (original work) Open Assessment Technologies SA; |
19 | */ |
20 | |
21 | namespace oat\taoLti\controller; |
22 | |
23 | use League\OAuth2\Server\Exception\OAuthServerException; |
24 | use OAT\Library\Lti1p3Core\Exception\LtiBadRequestException; |
25 | use OAT\Library\Lti1p3Core\Registration\RegistrationRepositoryInterface; |
26 | use OAT\Library\Lti1p3Core\Security\Key\KeyChainRepositoryInterface; |
27 | use OAT\Library\Lti1p3Core\Security\OAuth2\Factory\AuthorizationServerFactory; |
28 | use OAT\Library\Lti1p3Core\Security\OAuth2\Generator\AccessTokenResponseGenerator; |
29 | use OAT\Library\Lti1p3Core\Security\OAuth2\Generator\AccessTokenResponseGeneratorInterface; |
30 | use OAT\Library\Lti1p3Core\Security\Oidc\OidcInitiator; |
31 | use oat\tao\model\http\Controller; |
32 | use oat\tao\model\security\Business\Contract\JwksRepositoryInterface; |
33 | use oat\taoLti\models\classes\Platform\Service\Oidc\OidcLoginAuthenticatorInterface; |
34 | use oat\taoLti\models\classes\Platform\Service\Oidc\OidcLoginAuthenticatorProxy; |
35 | use oat\taoLti\models\classes\Security\DataAccess\Repository\CachedPlatformJwksRepository; |
36 | use oat\taoLti\models\classes\Security\DataAccess\Repository\CachedPlatformKeyChainRepository; |
37 | use oat\taoLti\models\classes\Security\DataAccess\Repository\PlatformKeyChainRepository; |
38 | use Zend\ServiceManager\ServiceLocatorAwareInterface; |
39 | use Zend\ServiceManager\ServiceLocatorAwareTrait; |
40 | use common_exception_BadRequest; |
41 | |
42 | use function GuzzleHttp\Psr7\stream_for; |
43 | |
44 | class Security extends Controller implements ServiceLocatorAwareInterface |
45 | { |
46 | use ServiceLocatorAwareTrait; |
47 | |
48 | public function oauth(): void |
49 | { |
50 | try { |
51 | $this->setResponse( |
52 | $this->getAccessTokenGenerator()->generate( |
53 | $this->getPsrRequest(), |
54 | $this->getPsrResponse(), |
55 | $this->getPlatformKeyChainRepository()->getDefaultKeyId() |
56 | ) |
57 | ); |
58 | } catch (OAuthServerException $exception) { |
59 | $this->setResponse($exception->generateHttpResponse($this->getPsrResponse())); |
60 | } |
61 | } |
62 | |
63 | public function jwks(): void |
64 | { |
65 | $response = $this->getPsrResponse() |
66 | ->withHeader('ContentType', 'application/json') |
67 | ->withBody(stream_for(json_encode($this->getJwksRepository()->find()))); |
68 | |
69 | $this->setResponse($response); |
70 | } |
71 | |
72 | public function oidc(): void |
73 | { |
74 | try { |
75 | $response = $this->getOidcLoginAuthenticator() |
76 | ->authenticate($this->getPsrRequest(), $this->getPsrResponse()); |
77 | |
78 | $this->setResponse($response); |
79 | } catch (LtiBadRequestException $exception) { |
80 | throw new common_exception_BadRequest($exception->getMessage()); |
81 | } |
82 | } |
83 | |
84 | public function oidcInitiation(): void |
85 | { |
86 | try { |
87 | // Create the OIDC initiator |
88 | $initiator = new OidcInitiator( |
89 | $this->getPsrContainer()->get(RegistrationRepositoryInterface::class) |
90 | ); |
91 | |
92 | // Perform the OIDC initiation (including state generation) |
93 | $message = $initiator->initiate($this->getPsrRequest()); |
94 | |
95 | $this->redirect($message->toUrl()); |
96 | } catch (LtiBadRequestException $exception) { |
97 | throw new common_exception_BadRequest($exception->getMessage()); |
98 | } |
99 | } |
100 | |
101 | private function getKeyChainRepository(): KeyChainRepositoryInterface |
102 | { |
103 | return $this->getServiceLocator()->get(CachedPlatformKeyChainRepository::class); |
104 | } |
105 | |
106 | private function getPlatformKeyChainRepository(): PlatformKeyChainRepository |
107 | { |
108 | return $this->getServiceLocator()->get(PlatformKeyChainRepository::SERVICE_ID); |
109 | } |
110 | |
111 | private function getAuthorizationServerFactory(): AuthorizationServerFactory |
112 | { |
113 | return $this->getServiceLocator()->getContainer()->get(AuthorizationServerFactory::class); |
114 | } |
115 | |
116 | private function getJwksRepository(): JwksRepositoryInterface |
117 | { |
118 | return $this->getServiceLocator()->get(CachedPlatformJwksRepository::class); |
119 | } |
120 | |
121 | private function getOidcLoginAuthenticator(): OidcLoginAuthenticatorInterface |
122 | { |
123 | return $this->getServiceLocator()->get(OidcLoginAuthenticatorProxy::class); |
124 | } |
125 | |
126 | private function getAccessTokenGenerator(): AccessTokenResponseGeneratorInterface |
127 | { |
128 | return new AccessTokenResponseGenerator( |
129 | $this->getKeyChainRepository(), |
130 | $this->getAuthorizationServerFactory() |
131 | ); |
132 | } |
133 | } |