正在查看: Meine NEW v2.0.3616 应用的 TokenShareUtility.java JAVA 源代码文件
本页面展示 JAVA 反编译生成的源代码文件,支持语法高亮显示。 仅供安全研究与技术分析使用,严禁用于任何非法用途。请遵守相关法律法规。
页面标题
页面副标题
Meine NEW v2.0.3616 - TokenShareUtility.java 源代码
package com.microsoft.identity.common.adal.internal.tokensharing;
import android.net.Uri;
import android.support.v4.media.a;
import android.util.Pair;
import com.microsoft.identity.common.BaseAccount;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ServiceException;
import com.microsoft.identity.common.internal.authscheme.BearerAuthenticationSchemeInternal;
import com.microsoft.identity.common.internal.cache.ADALTokenCacheItem;
import com.microsoft.identity.common.internal.cache.ICacheRecord;
import com.microsoft.identity.common.internal.cache.MsalOAuth2TokenCache;
import com.microsoft.identity.common.internal.dto.AccountRecord;
import com.microsoft.identity.common.internal.dto.IdTokenRecord;
import com.microsoft.identity.common.internal.dto.RefreshTokenRecord;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.migration.AdalMigrationAdapter;
import com.microsoft.identity.common.internal.migration.TokenCacheItemMigrationAdapter;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftAccount;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftRefreshToken;
import com.microsoft.identity.common.internal.providers.oauth2.IDToken;
import com.microsoft.identity.common.internal.providers.oauth2.RefreshToken;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.PlainHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;
public class TokenShareUtility implements ITokenShareInternal {
private static final String AUDIENCE_PATH_CONSUMERS = "/consumers";
private static final String TAG = "TokenShareUtility";
private static final Map<String, String> sClaimRemapper = new HashMap();
private static final String sHomeTenantAuthority = "https://login.windows.net/common";
private final String mClientId;
private final String mDefaultAuthority;
private final String mRedirectUri;
private final MsalOAuth2TokenCache mTokenCache;
static {
applyV1ToV2Mappings();
}
public TokenShareUtility(String str, String str2, String str3, MsalOAuth2TokenCache msalOAuth2TokenCache) {
this.mClientId = str;
this.mRedirectUri = str2;
this.mDefaultAuthority = str3;
this.mTokenCache = msalOAuth2TokenCache;
}
private static ADALTokenCacheItem adapt(IdTokenRecord idTokenRecord, RefreshTokenRecord refreshTokenRecord) {
ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
aDALTokenCacheItem.setClientId(refreshTokenRecord.getClientId());
aDALTokenCacheItem.setRefreshToken(refreshTokenRecord.getSecret());
aDALTokenCacheItem.setRawIdToken(mintV1IdTokenFromRawV2IdToken(idTokenRecord.getSecret()));
aDALTokenCacheItem.setFamilyClientId(refreshTokenRecord.getFamilyId());
aDALTokenCacheItem.setAuthority(isFromHomeTenant(idTokenRecord) ? sHomeTenantAuthority : idTokenRecord.getAuthority());
return aDALTokenCacheItem;
}
private static void applyV1ToV2Mappings() {
sClaimRemapper.put("preferred_username", "upn");
}
public ADALTokenCacheItem createTokenCacheItem(String str, String str2) {
ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
aDALTokenCacheItem.setAuthority(str2);
aDALTokenCacheItem.setClientId(this.mClientId);
aDALTokenCacheItem.setRefreshToken(str);
return aDALTokenCacheItem;
}
private AccountRecord getAccountRecordForIdentifier(String str) {
AccountRecord accountByLocalAccountId = this.mTokenCache.getAccountByLocalAccountId(null, this.mClientId, str);
if (accountByLocalAccountId == null) {
List<AccountRecord> accountsByUsername = this.mTokenCache.getAccountsByUsername(null, this.mClientId, str);
if (!accountsByUsername.isEmpty()) {
accountByLocalAccountId = accountsByUsername.get(0);
}
}
if (accountByLocalAccountId != null) {
return accountByLocalAccountId;
}
throw new ClientException(ClientException.TOKEN_CACHE_ITEM_NOT_FOUND);
}
private ICacheRecord getCacheRecordForIdentifier(String str) {
return this.mTokenCache.load(this.mClientId, null, getAccountRecordForIdentifier(str), new BearerAuthenticationSchemeInternal());
}
private static boolean isFromHomeTenant(IdTokenRecord idTokenRecord) {
String homeAccountId = idTokenRecord.getHomeAccountId();
boolean z = false;
try {
String str = (String) IDToken.parseJWT(idTokenRecord.getSecret()).get("oid");
if (str != null) {
z = homeAccountId.contains(str);
} else {
Logger.warn(TAG + ":isFromHomeTenant", "OID claims was missing from token.");
}
} catch (ServiceException unused) {
a.y(new StringBuilder(), TAG, ":isFromHomeTenant", "Failed to parse IdToken.");
}
return z;
}
private static String mintV1IdTokenFromRawV2IdToken(String str) {
Map<String, ?> parseJWT = IDToken.parseJWT(str);
JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
for (Map.Entry<String, ?> entry : parseJWT.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if ("ver".equals(key)) {
value = "1";
}
builder.claim(remap(key), value);
}
return new PlainJWT(new PlainHeader(JOSEObjectType.JWT, null, null, null, null), builder.build()).serialize();
}
private static String remap(String str) {
String str2 = sClaimRemapper.get(str);
return str2 == null ? str : str2;
}
private void saveResult(Pair<MicrosoftAccount, MicrosoftRefreshToken> pair) {
if (pair != null) {
this.mTokenCache.setSingleSignOnState((BaseAccount) pair.first, (RefreshToken) pair.second);
}
}
private void throwIfCacheRecordIncomplete(String str, ICacheRecord iCacheRecord) {
if (iCacheRecord.getRefreshToken() == null || iCacheRecord.getIdToken() == null) {
Logger.warn(a.l(new StringBuilder(), TAG, ":throwIfCacheRecordIncomplete"), "That's strange, we had an AccountRecord for identifier: " + str + " but couldn't find tokens for them.");
throw new ClientException(ClientException.TOKEN_CACHE_ITEM_NOT_FOUND);
}
}
@Override
public String getMsaFamilyRefreshToken(String str) {
ICacheRecord cacheRecordForIdentifier = getCacheRecordForIdentifier(str);
throwIfCacheRecordIncomplete(str, cacheRecordForIdentifier);
return cacheRecordForIdentifier.getRefreshToken().getSecret();
}
@Override
public String getOrgIdFamilyRefreshToken(String str) {
ICacheRecord cacheRecordForIdentifier = getCacheRecordForIdentifier(str);
throwIfCacheRecordIncomplete(str, cacheRecordForIdentifier);
return SSOStateSerializer.serialize(adapt(cacheRecordForIdentifier.getIdToken(), cacheRecordForIdentifier.getRefreshToken()));
}
@Override
public void saveMsaFamilyRefreshToken(final String str) {
saveResult((Pair) TokenCacheItemMigrationAdapter.sBackgroundExecutor.submit(new Callable<Pair<MicrosoftAccount, MicrosoftRefreshToken>>() {
@Override
public Pair<MicrosoftAccount, MicrosoftRefreshToken> call() {
String path = Uri.parse(TokenShareUtility.this.mDefaultAuthority).getPath();
ADALTokenCacheItem createTokenCacheItem = TokenShareUtility.this.createTokenCacheItem(str, path != null ? TokenShareUtility.this.mDefaultAuthority.replace(path, TokenShareUtility.AUDIENCE_PATH_CONSUMERS) : TokenShareUtility.this.mDefaultAuthority);
if (AdalMigrationAdapter.loadCloudDiscoveryMetadata()) {
return TokenCacheItemMigrationAdapter.renewToken(TokenShareUtility.this.mRedirectUri, createTokenCacheItem);
}
Logger.warn(TokenShareUtility.TAG + "saveMsaFamilyRefreshToken", "Failed to load cloud metadata, aborting.");
return null;
}
}).get());
}
@Override
public void saveOrgIdFamilyRefreshToken(final String str) {
saveResult((Pair) TokenCacheItemMigrationAdapter.sBackgroundExecutor.submit(new Callable<Pair<MicrosoftAccount, MicrosoftRefreshToken>>() {
@Override
public Pair<MicrosoftAccount, MicrosoftRefreshToken> call() {
ADALTokenCacheItem deserialize = SSOStateSerializer.deserialize(str);
deserialize.setClientId(TokenShareUtility.this.mClientId);
deserialize.setResource(null);
if (AdalMigrationAdapter.loadCloudDiscoveryMetadata()) {
return TokenCacheItemMigrationAdapter.renewToken(TokenShareUtility.this.mRedirectUri, deserialize);
}
Logger.warn(TokenShareUtility.TAG + "saveOrgIdFamilyRefreshToken", "Failed to load cloud metadata, aborting.");
return null;
}
}).get());
}
}