From 8b68b6d9517025807ac08f3790f2d7d2dd8486af Mon Sep 17 00:00:00 2001 From: Dillon Nys Date: Thu, 1 Oct 2020 15:22:51 -0700 Subject: [PATCH 1/3] Clear access and refresh tokens separately --- .../java/com/ca/mas/core/context/MssoContext.java | 7 ++++++- .../ca/mas/core/policy/AccessTokenAssertion.java | 15 ++++++++------- .../ca/mas/core/policy/SecureLockAssertion.java | 2 +- .../ca/mas/core/store/OAuthTokenContainer.java | 2 ++ .../ca/mas/core/store/PrivateTokenStorage.java | 6 ++++++ 5 files changed, 23 insertions(+), 9 deletions(-) diff --git a/mas-foundation/src/main/java/com/ca/mas/core/context/MssoContext.java b/mas-foundation/src/main/java/com/ca/mas/core/context/MssoContext.java index 41b64208e..7a13ebce1 100755 --- a/mas-foundation/src/main/java/com/ca/mas/core/context/MssoContext.java +++ b/mas-foundation/src/main/java/com/ca/mas/core/context/MssoContext.java @@ -325,9 +325,14 @@ public void onAccessTokenAvailable(String accessToken, String refreshToken, long * Clear the access token, forcing the next request to obtain a new one. */ public void clearAccessToken() { - privateTokens.clear(); + privateTokens.clearAccessToken(); } + /** + * Clears the access token and refresh token, leaving the ID token, if present. + */ + public void clearAccessAndRefreshTokens() { privateTokens.clear(); } + /** * Get an access token, if one is presently available. * diff --git a/mas-foundation/src/main/java/com/ca/mas/core/policy/AccessTokenAssertion.java b/mas-foundation/src/main/java/com/ca/mas/core/policy/AccessTokenAssertion.java index f3ac84637..b56b5d952 100755 --- a/mas-foundation/src/main/java/com/ca/mas/core/policy/AccessTokenAssertion.java +++ b/mas-foundation/src/main/java/com/ca/mas/core/policy/AccessTokenAssertion.java @@ -122,14 +122,15 @@ private String findAccessToken(MssoContext mssoContext, MAGInternalRequest reque } else { accessToken = null; } + } - String refreshToken = mssoContext.getRefreshToken(); - if (refreshToken != null) { - accessToken = obtainAccessTokenUsingRefreshToken(mssoContext, refreshToken); - } + String refreshToken = mssoContext.getRefreshToken(); + if (refreshToken != null) { + accessToken = obtainAccessTokenUsingRefreshToken(mssoContext, refreshToken); + } - if (accessToken != null) - return accessToken; + if (accessToken != null) { + return accessToken; } // Obtain an access token from the token server. @@ -258,7 +259,7 @@ private String obtainAccessTokenUsingRefreshToken(MssoContext mssoContext, Strin if(tse.getResponse()!= null){ //The access token and refresh token are no longer valid. - mssoContext.clearAccessToken(); + mssoContext.clearAccessAndRefreshTokens(); } accessToken = null; if (DEBUG) Log.w(TAG, diff --git a/mas-foundation/src/main/java/com/ca/mas/core/policy/SecureLockAssertion.java b/mas-foundation/src/main/java/com/ca/mas/core/policy/SecureLockAssertion.java index 247c5b0f8..16bb1fc02 100644 --- a/mas-foundation/src/main/java/com/ca/mas/core/policy/SecureLockAssertion.java +++ b/mas-foundation/src/main/java/com/ca/mas/core/policy/SecureLockAssertion.java @@ -44,7 +44,7 @@ public void processRequest(MssoContext mssoContext, RequestInfo request) { if (revokeRequest != null) { MAS.invoke(OAuthClientUtil.getRevokeRequest(), null); } - mssoContext.clearAccessToken(); + mssoContext.clearAccessAndRefreshTokens(); throw new SecureLockException("The session is currently locked."); } } diff --git a/mas-foundation/src/main/java/com/ca/mas/core/store/OAuthTokenContainer.java b/mas-foundation/src/main/java/com/ca/mas/core/store/OAuthTokenContainer.java index 5e7630f9b..1710934bd 100755 --- a/mas-foundation/src/main/java/com/ca/mas/core/store/OAuthTokenContainer.java +++ b/mas-foundation/src/main/java/com/ca/mas/core/store/OAuthTokenContainer.java @@ -25,6 +25,8 @@ public interface OAuthTokenContainer { */ long getExpiry(); + void clearAccessToken(); + void clear(); void clearAll(); diff --git a/mas-foundation/src/main/java/com/ca/mas/core/store/PrivateTokenStorage.java b/mas-foundation/src/main/java/com/ca/mas/core/store/PrivateTokenStorage.java index 4b5d5360a..45d4e39d2 100755 --- a/mas-foundation/src/main/java/com/ca/mas/core/store/PrivateTokenStorage.java +++ b/mas-foundation/src/main/java/com/ca/mas/core/store/PrivateTokenStorage.java @@ -96,6 +96,12 @@ public long getExpiry() { } } + @Override + public void clearAccessToken() { + storage.remove(getKey(KEY.PREF_ACCESS_TOKEN.name())); + storage.remove(getKey(KEY.PREF_EXPIRY_UNIXTIME.name())); + } + @Override public void clear() { for (KEY k : KEY.values()) { From fe7e000b34d2e64c1e3d87c95f42cd998567b82e Mon Sep 17 00:00:00 2001 From: Dillon Nys Date: Mon, 5 Oct 2020 08:11:17 -0700 Subject: [PATCH 2/3] Fix all usages of old method --- .../policy/exceptions/InvalidClientCredentialException.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mas-foundation/src/main/java/com/ca/mas/core/policy/exceptions/InvalidClientCredentialException.java b/mas-foundation/src/main/java/com/ca/mas/core/policy/exceptions/InvalidClientCredentialException.java index 904036cef..4a749946a 100644 --- a/mas-foundation/src/main/java/com/ca/mas/core/policy/exceptions/InvalidClientCredentialException.java +++ b/mas-foundation/src/main/java/com/ca/mas/core/policy/exceptions/InvalidClientCredentialException.java @@ -27,7 +27,7 @@ public InvalidClientCredentialException(Throwable throwable) { @Override public void recover(MssoContext context) { - context.clearAccessToken(); + context.clearAccessAndRefreshTokens(); context.clearClientCredentials(); } } From a25e4ddc782f57b82cc3f4cf88d3d14641716e07 Mon Sep 17 00:00:00 2001 From: Dillon Nys Date: Mon, 5 Oct 2020 08:11:22 -0700 Subject: [PATCH 3/3] Update formatting --- .../src/main/java/com/ca/mas/core/context/MssoContext.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mas-foundation/src/main/java/com/ca/mas/core/context/MssoContext.java b/mas-foundation/src/main/java/com/ca/mas/core/context/MssoContext.java index 7a13ebce1..141d9545a 100755 --- a/mas-foundation/src/main/java/com/ca/mas/core/context/MssoContext.java +++ b/mas-foundation/src/main/java/com/ca/mas/core/context/MssoContext.java @@ -331,7 +331,9 @@ public void clearAccessToken() { /** * Clears the access token and refresh token, leaving the ID token, if present. */ - public void clearAccessAndRefreshTokens() { privateTokens.clear(); } + public void clearAccessAndRefreshTokens() { + privateTokens.clear(); + } /** * Get an access token, if one is presently available.