-
Notifications
You must be signed in to change notification settings - Fork 81
/
Copy pathauthorization_state.cpp
181 lines (163 loc) · 8.44 KB
/
authorization_state.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#include "nmos/authorization_state.h"
#include "nmos/json_fields.h"
namespace nmos
{
namespace experimental
{
web::json::value get_authorization_server_metadata(const authorization_state& authorization_state, const web::uri& authorization_server_uri)
{
auto lock = authorization_state.read_lock();
const auto& issuer = authorization_state.issuers.find(authorization_server_uri);
if (authorization_state.issuers.end() != issuer)
{
return nmos::experimental::fields::authorization_server_metadata(issuer->second.settings);
}
return{};
}
web::json::value get_authorization_server_metadata(const authorization_state& authorization_state)
{
return get_authorization_server_metadata(authorization_state, authorization_state.authorization_server_uri);
}
web::json::value get_client_metadata(const authorization_state& authorization_state, const web::uri& authorization_server_uri)
{
auto lock = authorization_state.read_lock();
const auto& issuer = authorization_state.issuers.find(authorization_server_uri);
if (authorization_state.issuers.end() != issuer)
{
return nmos::experimental::fields::client_metadata(issuer->second.settings);
}
return{};
}
web::json::value get_client_metadata(const authorization_state& authorization_state)
{
return get_client_metadata(authorization_state, authorization_state.authorization_server_uri);
}
web::json::value get_jwks(const authorization_state& authorization_state, const web::uri& authorization_server_uri)
{
auto lock = authorization_state.read_lock();
const auto& issuer = authorization_state.issuers.find(authorization_server_uri);
if (authorization_state.issuers.end() != issuer)
{
return nmos::experimental::fields::jwks(issuer->second.settings);
}
return{};
}
web::json::value get_jwks(const authorization_state& authorization_state)
{
return get_jwks(authorization_state, authorization_state.authorization_server_uri);
}
void update_authorization_server_metadata(authorization_state& authorization_state, const web::uri& authorization_server_uri, const web::json::value& authorization_server_metadata)
{
auto lock = authorization_state.write_lock();
auto issuer = authorization_state.issuers.find(authorization_server_uri);
if (authorization_state.issuers.end() != issuer)
{
// update the relevant issuer's metadata
auto& settings = issuer->second.settings;
settings[nmos::experimental::fields::authorization_server_metadata] = authorization_server_metadata;
}
else
{
// insert a new issuer with metadata
authorization_state.issuers.insert(std::make_pair<web::uri, nmos::experimental::issuer>(
authorization_server_uri.to_string(),
{ web::json::value_of({
{ nmos::experimental::fields::authorization_server_metadata, authorization_server_metadata },
{ nmos::experimental::fields::jwks, {} },
{ nmos::experimental::fields::client_metadata, {} }
}), nmos::experimental::jwt_validator{} }
));
}
}
void update_authorization_server_metadata(authorization_state& authorization_state, const web::json::value& authorization_server_metadata)
{
update_authorization_server_metadata(authorization_state, authorization_state.authorization_server_uri, authorization_server_metadata);
}
void update_client_metadata(authorization_state& authorization_state, const web::uri& authorization_server_uri, const web::json::value& client_metadata)
{
auto lock = authorization_state.write_lock();
auto issuer = authorization_state.issuers.find(authorization_server_uri);
if (authorization_state.issuers.end() != issuer)
{
// update the relevant issuer's client_metadata
auto& settings = issuer->second.settings;
settings[nmos::experimental::fields::client_metadata] = client_metadata;
}
else
{
// insert a new issuer with client_metadata
authorization_state.issuers.insert(std::make_pair<web::uri, nmos::experimental::issuer>(
authorization_server_uri.to_string(),
{ web::json::value_of({
{ nmos::experimental::fields::authorization_server_metadata, {} },
{ nmos::experimental::fields::jwks, {} },
{ nmos::experimental::fields::client_metadata, client_metadata }
}), nmos::experimental::jwt_validator{} }
));
}
}
void update_client_metadata(authorization_state& authorization_state, const web::json::value& client_metadata)
{
update_client_metadata(authorization_state, authorization_state.authorization_server_uri, client_metadata);
}
void update_jwks(authorization_state& authorization_state, const web::uri& authorization_server_uri, const web::json::value& jwks, const nmos::experimental::jwt_validator& jwt_validator)
{
auto lock = authorization_state.write_lock();
auto issuer = authorization_state.issuers.find(authorization_server_uri);
if (authorization_state.issuers.end() != issuer)
{
// update the relevant issuer's jwks
auto& settings = issuer->second.settings;
settings[nmos::experimental::fields::jwks] = jwks;
// update relevant issuer's jwt_validator, which was constructed by the jwks
issuer->second.jwt_validator = jwt_validator;
}
else
{
// insert a new issuer with issuer's jwks and issuer's jwt_validator
authorization_state.issuers.insert(std::make_pair<web::uri, nmos::experimental::issuer>(
authorization_server_uri.to_string(),
{ web::json::value_of({
{ nmos::experimental::fields::authorization_server_metadata,{} },
{ nmos::experimental::fields::jwks, jwks },
{ nmos::experimental::fields::client_metadata,{} }
}), jwt_validator }));
}
}
void update_jwks(authorization_state& authorization_state, const web::json::value& jwks, const nmos::experimental::jwt_validator& jwt_validator)
{
update_jwks(authorization_state, authorization_state.authorization_server_uri, jwks, jwt_validator);
}
void erase_client_metadata(authorization_state& authorization_state, const web::uri& authorization_server_uri)
{
auto lock = authorization_state.write_lock();
auto issuer = authorization_state.issuers.find(authorization_server_uri);
if (authorization_state.issuers.end() != issuer)
{
// erase
auto& settings = issuer->second.settings;
settings[nmos::experimental::fields::client_metadata] = {};
}
}
void erase_client_metadata(authorization_state& authorization_state)
{
erase_client_metadata(authorization_state, authorization_state.authorization_server_uri);
}
void erase_jwks(authorization_state& authorization_state, const web::uri& authorization_server_uri)
{
auto lock = authorization_state.write_lock();
auto issuer = authorization_state.issuers.find(authorization_server_uri);
if (authorization_state.issuers.end() != issuer)
{
// erase
auto& settings = issuer->second.settings;
settings[nmos::experimental::fields::jwks] = {};
issuer->second.jwt_validator = {};
}
}
void erase_jwks(authorization_state& authorization_state)
{
erase_jwks(authorization_state, authorization_state.authorization_server_uri);
}
}
}