shimondoodkin/OpenIdRawRequestToken.java

## OpenIdRawRequestToken.java
package open_id_raw_request_token;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.StringJoiner;

import org.json.simple.JSONObject;
import org.json.simple.JSONValue;


public class OpenIdRawRequestToken {


	private static String HttpGET_AcceptsJSON_CheckHTTPS(String uri ) throws MalformedURLException, Exception, IOException, NullPointerException {
		URL url = new URL(uri);
		if(!url.getProtocol().equals("https"))
			throw new Exception("OpenIdRawRequestToken - not https "+uri);

		HttpURLConnection connection = (HttpURLConnection) url.openConnection(); //  Open a connection(?) on the URL(??) and cast the response(???)
		connection.setRequestProperty("accept", "application/json"); 			// Now it's "open", we can set the request method, headers etc.

		String strjson=HttpURLConnection_GetResponseBody(connection);
		return strjson;
	}

	private static String queryString(HashMap<String, String> PostFormValues) throws UnsupportedEncodingException {
		StringJoiner sj = new StringJoiner("&");
		for(Map.Entry<String,String> entry : PostFormValues.entrySet())
		    sj.add(URLEncoder.encode(entry.getKey(), "UTF-8") + "="
		         + URLEncoder.encode(entry.getValue(), "UTF-8"));
		String qs=sj.toString();
		return qs;
	}

	private static String HttpPOST_String_AcceptsJSON_CheckHTTPS(String uri,String PostData,String PostContentType) throws MalformedURLException, Exception, IOException, NullPointerException {
		URL url = new URL(uri);
		if(!url.getProtocol().equals("https"))
			throw new Exception("OpenIdRawRequestToken - not https "+uri);

		HttpURLConnection connection = (HttpURLConnection) url.openConnection(); //  Open a connection(?) on the URL(??) and cast the response(???)
		connection.setRequestProperty("accept", "application/json"); 			// Now it's "open", we can set the request method, headers etc.
		connection.setRequestMethod("POST"); // PUT is another valid option
		connection.setDoOutput(true);

		byte[] out = PostData.getBytes(StandardCharsets.UTF_8);
		int length = out.length;

		connection.setFixedLengthStreamingMode(length);
		connection.setRequestProperty("Content-Type", PostContentType);
		connection.connect();
		OutputStream os = connection.getOutputStream();
		os.write(out);


		String strjson=HttpURLConnection_GetResponseBody(connection);
		return strjson;
	}


	private static String HttpPOST_Form_AcceptsJSON_CheckHTTPS(String uri,HashMap<String, String> PostFormValues) throws MalformedURLException, Exception, IOException,NullPointerException {
		return HttpPOST_String_AcceptsJSON_CheckHTTPS( uri,queryString(PostFormValues),"application/x-www-form-urlencoded; charset=UTF-8");
	}

	private static String HttpURLConnection_GetResponseBody(HttpURLConnection connection) throws IOException, NullPointerException
	{
		if (100 <= connection.getResponseCode() && connection.getResponseCode() <= 399) {
			return convertInputStreamToString(connection.getInputStream());
		} else {
			return convertInputStreamToString(connection.getErrorStream());
		}
	}

	private static String convertInputStreamToString(InputStream is) throws IOException {
		BufferedReader br = new BufferedReader(new InputStreamReader(is));;
		StringBuilder sb=new StringBuilder();
	    String line;
		while ((line = br.readLine()) != null) {
	    	sb.append(line);
        }
	    return sb.toString();
	}

	public static Token get_OpenId_Berer_Token(String OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash, String scope, String client_id, String client_secret )
	 throws Exception
	{
		try {

			JSONObject DiscoveryEndpoint_JSON = get_OpenId_Discovery(OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash);

			String url_token_endpoint=(String) DiscoveryEndpoint_JSON.get("token_endpoint");

			return openId_Request_BererToken(url_token_endpoint,  scope,  client_id,  client_secret );

		} catch (MalformedURLException e) {
			//e.printStackTrace();
			throw new Exception("get_OpoenId_Berer_Token - MalformedURLException",e);
		} catch (IOException e) {
			//e.printStackTrace();
			throw new Exception("get_OpoenId_Berer_Token - IOException",e);
		}
	}

	private static Token openId_Request_BererToken(String url_token_endpoint, String scope, String client_id, String client_secret )
			throws MalformedURLException, Exception, IOException, NullPointerException {
		HashMap<String, String> PostValues=new HashMap<String, String>();
		PostValues.put("grant_type", "client_credentials");

		PostValues.put("scope", scope);
		PostValues.put("client_id", client_id);
		PostValues.put("client_secret", client_secret);

		final JSONObject TokenEndpoint_JSON=(JSONObject) JSONValue.parse(HttpPOST_Form_AcceptsJSON_CheckHTTPS(url_token_endpoint,PostValues));

		@SuppressWarnings("unchecked")
		String error=(String) TokenEndpoint_JSON.getOrDefault("error", "");

		if(!error.isEmpty())
			throw new Error("OpenIdRawRequestToken - token request error "+error);

		Token token =new Token();

		token.access_token=(String)TokenEndpoint_JSON.get("access_token");
		token.expires_in=((Long)TokenEndpoint_JSON.get("expires_in")).intValue();
		token.token_type=(String)TokenEndpoint_JSON.get("token_type");
		token.scope=(String)TokenEndpoint_JSON.get("scope");
		token.date=System.currentTimeMillis();
		token.dateExpiers=(System.currentTimeMillis()+(token.expires_in*1000))-60000;
		return token;
	}

	public static class Token {
		public long dateExpiers;
		public long date;
		public String access_token;
		public int expires_in;
		public String token_type;
		public String scope;
		boolean failed=false;
		public boolean isExpierd() {
			return System.currentTimeMillis()>dateExpiers;
		}
		public boolean isFailed() {
			return failed;
		}
		public void Failed() {
			 failed=true;
		}

	}


	private static JSONObject get_OpenId_Discovery(String OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash)
			throws MalformedURLException, Exception, IOException, NullPointerException {
		JSONObject DiscoveryEndpoint_JSON;

		final String DiscoveryEndpoint_Authority = OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash ;


		String openid_default_discovery_endpoint_suffix = "/.well-known/openid-configuration";
		String DiscoveryEndpoint_Url = DiscoveryEndpoint_Authority + openid_default_discovery_endpoint_suffix ;

		DiscoveryEndpoint_JSON =  (JSONObject) JSONValue.parse(HttpGET_AcceptsJSON_CheckHTTPS(DiscoveryEndpoint_Url));

		OpenId_Discovery_doSomeValidations(DiscoveryEndpoint_JSON,DiscoveryEndpoint_Authority);

		return DiscoveryEndpoint_JSON;
	}


	private static void OpenId_Discovery_doSomeValidations(JSONObject DiscoveryEndpoint_JSON,String DiscoveryEndpoint_Authority ) throws Exception,  MalformedURLException {
		// do some validations before returning endpoint

		@SuppressWarnings("unchecked")
		String issuer=(String) DiscoveryEndpoint_JSON.getOrDefault("issuer", "" ) ;
		if( !issuer.equals(DiscoveryEndpoint_Authority))
			throw new Exception("get_OpoenId_Berer_Token issuer error "+issuer + " != "+ DiscoveryEndpoint_Authority);

		ValidateEndpoints(DiscoveryEndpoint_JSON,
				asArrayList(new URL(DiscoveryEndpoint_Authority).getAuthority()),
				new ArrayList<String>(),
				false );
	}

	private static ArrayList<String> asArrayList(String ...args){
		ArrayList<String> list=new ArrayList<String>();
		for(final String el : args)
			list.add(el);
		return list;
	}

	private static void ValidateEndpoints(JSONObject json, ArrayList<String> allowedAuthorities, ArrayList<String> EndpointValidationExcludeList, boolean RequireKeySet) throws MalformedURLException ,Exception
    {
        String OidcConstants_Discovery_JwksUri = "jwks_uri";
        String OidcConstants_Discovery_CheckSessionIframe = "check_session_iframe";


		@SuppressWarnings("rawtypes")
		Iterator it = json.entrySet().iterator();
	    while (it.hasNext()) {
	        @SuppressWarnings("rawtypes")
			Map.Entry pair = (Map.Entry)it.next();

	        String key=((String) pair.getKey()).toLowerCase();

            if (key.endsWith("endpoint") ||
            	key.equals(OidcConstants_Discovery_JwksUri) ||
            	key.equals(OidcConstants_Discovery_CheckSessionIframe))
            {
                String endpoint = (String) pair.getValue();

                // if endpoint is on exclude list, don't validate
                if (EndpointValidationExcludeList.contains(key))
                {
                    continue;
                }

                URL uri =  new URL(endpoint); // throws if invalid url

                if (!uri.getProtocol().equals("https"))
                {
                    throw new Exception("OpenIdRawRequestToken - Malformed endpoint url from discovery: "+key+" not https url "+endpoint);
                }

                boolean isAllowed = false;
                for(String host : allowedAuthorities)
                {
                    if (host.equals(uri.getAuthority()))
                    {
                        isAllowed = true;
                    }
                }

                if (!isAllowed)
                {
                    throw new Exception("OpenIdRawRequestToken - an Endpoint has a different host than authority: "+key+" not https url "+endpoint);
                }
            }
        }

        if (RequireKeySet)
        {
        	@SuppressWarnings("unchecked")
			String JwksUri=(String) json.getOrDefault(OidcConstants_Discovery_JwksUri, "");
            if (JwksUri.isEmpty())
            {
            	 throw new Exception("OpenIdRawRequestToken - KeySet endpoint is missing");
            }
        }
    }


	public static HashMap<String,Token> TokenCache=new HashMap<String, Token>();
	public static Token get_OpenId_Berer_Token_cached(String OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash, String scope, String client_id, String client_secret )throws Exception
	{
		final String key=OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash;
		if(TokenCache.containsKey(key))
		{
			Token token=TokenCache.get(key);
			if(token.isExpierd()||token.isFailed())
				TokenCache.remove(key);
			else
				return token;
		}

		Token token = get_OpenId_Berer_Token( OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash,  scope,  client_id,  client_secret );
		TokenCache.put(key,token);
		return token;
	}


	public static void main(String[] args) {

		//example:

		Token token=null;
		try {
					token=get_OpenId_Berer_Token_cached(
						"https://identity.server.com",
						"myscope",
						"myid",
						"mysecret"
					);

					System.out.println(token.access_token);


					URL url = new URL("https://api.server.com");
					HttpURLConnection connection = (HttpURLConnection) url.openConnection();
					connection.setRequestProperty("Authorization", "Bearer "+token.access_token);
					connection.setRequestProperty("accept", "application/json");

					String strjson=HttpURLConnection_GetResponseBody(connection);

					System.out.println(strjson);


		}catch(Exception e) {
			if(token!=null) token.Failed();
			e.printStackTrace();
		}

	}

}
	package open_id_raw_request_token;

	import java.io.BufferedReader;
	import java.io.IOException;
	import java.io.InputStream;
	import java.io.InputStreamReader;
	import java.io.OutputStream;
	import java.io.UnsupportedEncodingException;
	import java.net.HttpURLConnection;
	import java.net.MalformedURLException;
	import java.net.URL;
	import java.net.URLEncoder;
	import java.nio.charset.StandardCharsets;
	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.HashMap;
	import java.util.Iterator;
	import java.util.Map;
	import java.util.StringJoiner;

	import org.json.simple.JSONObject;
	import org.json.simple.JSONValue;


	public class OpenIdRawRequestToken {




	private static String HttpGET_AcceptsJSON_CheckHTTPS(String uri ) throws MalformedURLException, Exception, IOException, NullPointerException {
	URL url = new URL(uri);
	if(!url.getProtocol().equals("https"))
	throw new Exception("OpenIdRawRequestToken - not https "+uri);

	HttpURLConnection connection = (HttpURLConnection) url.openConnection(); // Open a connection(?) on the URL(??) and cast the response(???)
	connection.setRequestProperty("accept", "application/json"); // Now it's "open", we can set the request method, headers etc.

	String strjson=HttpURLConnection_GetResponseBody(connection);
	return strjson;
	}

	private static String queryString(HashMap<String, String> PostFormValues) throws UnsupportedEncodingException {
	StringJoiner sj = new StringJoiner("&");
	for(Map.Entry<String,String> entry : PostFormValues.entrySet())
	sj.add(URLEncoder.encode(entry.getKey(), "UTF-8") + "="
	+ URLEncoder.encode(entry.getValue(), "UTF-8"));
	String qs=sj.toString();
	return qs;
	}

	private static String HttpPOST_String_AcceptsJSON_CheckHTTPS(String uri,String PostData,String PostContentType) throws MalformedURLException, Exception, IOException, NullPointerException {
	URL url = new URL(uri);
	if(!url.getProtocol().equals("https"))
	throw new Exception("OpenIdRawRequestToken - not https "+uri);

	HttpURLConnection connection = (HttpURLConnection) url.openConnection(); // Open a connection(?) on the URL(??) and cast the response(???)
	connection.setRequestProperty("accept", "application/json"); // Now it's "open", we can set the request method, headers etc.
	connection.setRequestMethod("POST"); // PUT is another valid option
	connection.setDoOutput(true);

	byte[] out = PostData.getBytes(StandardCharsets.UTF_8);
	int length = out.length;

	connection.setFixedLengthStreamingMode(length);
	connection.setRequestProperty("Content-Type", PostContentType);
	connection.connect();
	OutputStream os = connection.getOutputStream();
	os.write(out);


	String strjson=HttpURLConnection_GetResponseBody(connection);
	return strjson;
	}


	private static String HttpPOST_Form_AcceptsJSON_CheckHTTPS(String uri,HashMap<String, String> PostFormValues) throws MalformedURLException, Exception, IOException,NullPointerException {
	return HttpPOST_String_AcceptsJSON_CheckHTTPS( uri,queryString(PostFormValues),"application/x-www-form-urlencoded; charset=UTF-8");
	}

	private static String HttpURLConnection_GetResponseBody(HttpURLConnection connection) throws IOException, NullPointerException
	{
	if (100 <= connection.getResponseCode() && connection.getResponseCode() <= 399) {
	return convertInputStreamToString(connection.getInputStream());
	} else {
	return convertInputStreamToString(connection.getErrorStream());
	}
	}

	private static String convertInputStreamToString(InputStream is) throws IOException {
	BufferedReader br = new BufferedReader(new InputStreamReader(is));;
	StringBuilder sb=new StringBuilder();
	String line;
	while ((line = br.readLine()) != null) {
	sb.append(line);
	}
	return sb.toString();
	}

	public static Token get_OpenId_Berer_Token(String OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash, String scope, String client_id, String client_secret )
	throws Exception
	{
	try {

	JSONObject DiscoveryEndpoint_JSON = get_OpenId_Discovery(OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash);

	String url_token_endpoint=(String) DiscoveryEndpoint_JSON.get("token_endpoint");

	return openId_Request_BererToken(url_token_endpoint, scope, client_id, client_secret );

	} catch (MalformedURLException e) {
	//e.printStackTrace();
	throw new Exception("get_OpoenId_Berer_Token - MalformedURLException",e);
	} catch (IOException e) {
	//e.printStackTrace();
	throw new Exception("get_OpoenId_Berer_Token - IOException",e);
	}
	}

	private static Token openId_Request_BererToken(String url_token_endpoint, String scope, String client_id, String client_secret )
	throws MalformedURLException, Exception, IOException, NullPointerException {
	HashMap<String, String> PostValues=new HashMap<String, String>();
	PostValues.put("grant_type", "client_credentials");

	PostValues.put("scope", scope);
	PostValues.put("client_id", client_id);
	PostValues.put("client_secret", client_secret);

	final JSONObject TokenEndpoint_JSON=(JSONObject) JSONValue.parse(HttpPOST_Form_AcceptsJSON_CheckHTTPS(url_token_endpoint,PostValues));

	@SuppressWarnings("unchecked")
	String error=(String) TokenEndpoint_JSON.getOrDefault("error", "");

	if(!error.isEmpty())
	throw new Error("OpenIdRawRequestToken - token request error "+error);

	Token token =new Token();

	token.access_token=(String)TokenEndpoint_JSON.get("access_token");
	token.expires_in=((Long)TokenEndpoint_JSON.get("expires_in")).intValue();
	token.token_type=(String)TokenEndpoint_JSON.get("token_type");
	token.scope=(String)TokenEndpoint_JSON.get("scope");
	token.date=System.currentTimeMillis();
	token.dateExpiers=(System.currentTimeMillis()+(token.expires_in*1000))-60000;
	return token;
	}

	public static class Token {
	public long dateExpiers;
	public long date;
	public String access_token;
	public int expires_in;
	public String token_type;
	public String scope;
	boolean failed=false;
	public boolean isExpierd() {
	return System.currentTimeMillis()>dateExpiers;
	}
	public boolean isFailed() {
	return failed;
	}
	public void Failed() {
	failed=true;
	}

	}


	private static JSONObject get_OpenId_Discovery(String OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash)
	throws MalformedURLException, Exception, IOException, NullPointerException {
	JSONObject DiscoveryEndpoint_JSON;

	final String DiscoveryEndpoint_Authority = OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash ;


	String openid_default_discovery_endpoint_suffix = "/.well-known/openid-configuration";
	String DiscoveryEndpoint_Url = DiscoveryEndpoint_Authority + openid_default_discovery_endpoint_suffix ;

	DiscoveryEndpoint_JSON = (JSONObject) JSONValue.parse(HttpGET_AcceptsJSON_CheckHTTPS(DiscoveryEndpoint_Url));

	OpenId_Discovery_doSomeValidations(DiscoveryEndpoint_JSON,DiscoveryEndpoint_Authority);

	return DiscoveryEndpoint_JSON;
	}


	private static void OpenId_Discovery_doSomeValidations(JSONObject DiscoveryEndpoint_JSON,String DiscoveryEndpoint_Authority ) throws Exception, MalformedURLException {
	// do some validations before returning endpoint

	@SuppressWarnings("unchecked")
	String issuer=(String) DiscoveryEndpoint_JSON.getOrDefault("issuer", "" ) ;
	if( !issuer.equals(DiscoveryEndpoint_Authority))
	throw new Exception("get_OpoenId_Berer_Token issuer error "+issuer + " != "+ DiscoveryEndpoint_Authority);

	ValidateEndpoints(DiscoveryEndpoint_JSON,
	asArrayList(new URL(DiscoveryEndpoint_Authority).getAuthority()),
	new ArrayList<String>(),
	false );
	}

	private static ArrayList<String> asArrayList(String ...args){
	ArrayList<String> list=new ArrayList<String>();
	for(final String el : args)
	list.add(el);
	return list;
	}

	private static void ValidateEndpoints(JSONObject json, ArrayList<String> allowedAuthorities, ArrayList<String> EndpointValidationExcludeList, boolean RequireKeySet) throws MalformedURLException ,Exception
	{
	String OidcConstants_Discovery_JwksUri = "jwks_uri";
	String OidcConstants_Discovery_CheckSessionIframe = "check_session_iframe";


	@SuppressWarnings("rawtypes")
	Iterator it = json.entrySet().iterator();
	while (it.hasNext()) {
	@SuppressWarnings("rawtypes")
	Map.Entry pair = (Map.Entry)it.next();

	String key=((String) pair.getKey()).toLowerCase();

	if (key.endsWith("endpoint") \|\|
	key.equals(OidcConstants_Discovery_JwksUri) \|\|
	key.equals(OidcConstants_Discovery_CheckSessionIframe))
	{
	String endpoint = (String) pair.getValue();

	// if endpoint is on exclude list, don't validate
	if (EndpointValidationExcludeList.contains(key))
	{
	continue;
	}

	URL uri = new URL(endpoint); // throws if invalid url

	if (!uri.getProtocol().equals("https"))
	{
	throw new Exception("OpenIdRawRequestToken - Malformed endpoint url from discovery: "+key+" not https url "+endpoint);
	}

	boolean isAllowed = false;
	for(String host : allowedAuthorities)
	{
	if (host.equals(uri.getAuthority()))
	{
	isAllowed = true;
	}
	}

	if (!isAllowed)
	{
	throw new Exception("OpenIdRawRequestToken - an Endpoint has a different host than authority: "+key+" not https url "+endpoint);
	}
	}
	}

	if (RequireKeySet)
	{
	@SuppressWarnings("unchecked")
	String JwksUri=(String) json.getOrDefault(OidcConstants_Discovery_JwksUri, "");
	if (JwksUri.isEmpty())
	{
	throw new Exception("OpenIdRawRequestToken - KeySet endpoint is missing");
	}
	}
	}


	public static HashMap<String,Token> TokenCache=new HashMap<String, Token>();
	public static Token get_OpenId_Berer_Token_cached(String OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash, String scope, String client_id, String client_secret )throws Exception
	{
	final String key=OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash;
	if(TokenCache.containsKey(key))
	{
	Token token=TokenCache.get(key);
	if(token.isExpierd()\|\|token.isFailed())
	TokenCache.remove(key);
	else
	return token;
	}

	Token token = get_OpenId_Berer_Token( OpenId_DiscoveryEndpoint_Authority_Url_base_url_without_trailing_slash, scope, client_id, client_secret );
	TokenCache.put(key,token);
	return token;
	}


	public static void main(String[] args) {

	//example:

	Token token=null;
	try {
	token=get_OpenId_Berer_Token_cached(
	"https://identity.server.com",
	"myscope",
	"myid",
	"mysecret"
	);

	System.out.println(token.access_token);


	URL url = new URL("https://api.server.com");
	HttpURLConnection connection = (HttpURLConnection) url.openConnection();
	connection.setRequestProperty("Authorization", "Bearer "+token.access_token);
	connection.setRequestProperty("accept", "application/json");

	String strjson=HttpURLConnection_GetResponseBody(connection);

	System.out.println(strjson);


	}catch(Exception e) {
	if(token!=null) token.Failed();
	e.printStackTrace();
	}

	}

	}