ci: commit oat-sa/environment-management#

src/Converter/LtiPlatformConverter.php

@@ -0,0 +1,41 @@
+<?php
+
+/**
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; under version 2
+ * of the License (non-upgradable).
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Copyright (c) 2022 (original work) Open Assessment Technologies SA;
+ */
+
+declare(strict_types=1);
+
+namespace OAT\Library\EnvironmentManagementClient\Converter;
+
+use OAT\Library\EnvironmentManagementClient\Model\LtiPlatform;
+use OAT\Library\Lti1p3Core\Platform\Platform;
+use OAT\Library\Lti1p3Core\Platform\PlatformInterface;
+
+class LtiPlatformConverter
+{
+    public function convert(LtiPlatform $platform): PlatformInterface
+    {
+        return new Platform(
+            $platform->getId(),
+            $platform->getName(),
+            $platform->getAudience(),
+            $platform->getOidcAuthenticationUrl(),
+            $platform->getOauth2AccessTokenUrl()
+        );
+    }
+}

src/Converter/LtiRegistrationConverter.php

@@ -0,0 +1,110 @@
+<?php
+
+/**
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; under version 2
+ * of the License (non-upgradable).
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Copyright (c) 2022 (original work) Open Assessment Technologies SA;
+ */
+
+declare(strict_types=1);
+
+namespace OAT\Library\EnvironmentManagementClient\Converter;
+
+use InvalidArgumentException;
+use OAT\Library\EnvironmentManagementClient\Model\LtiRegistration;
+use OAT\Library\EnvironmentManagementClient\Model\TenantAwareRegistration;
+use OAT\Library\EnvironmentManagementClient\Model\TenantAwareRegistrationInterface;
+use OAT\Library\Lti1p3Core\Registration\Registration;
+use OAT\Library\Lti1p3Core\Registration\RegistrationInterface;
+use OAT\Library\Lti1p3Core\Security\Key\KeyChainFactoryInterface;
+
+class LtiRegistrationConverter
+{
+    private LtiPlatformConverter $platformConverter;
+    private LtiToolConverter $toolConverter;
+    private KeyChainFactoryInterface $keyChainFactory;
+
+    public function __construct(
+        LtiPlatformConverter $platformConverter,
+        LtiToolConverter $toolConverter,
+        KeyChainFactoryInterface $keyChainFactory,
+    ) {
+        $this->platformConverter = $platformConverter;
+        $this->toolConverter = $toolConverter;
+        $this->keyChainFactory = $keyChainFactory;
+    }
+
+    public function convert(LtiRegistration $ltiRegistration): RegistrationInterface
+    {
+        if (null === $ltiRegistration->getLtiPlatform()) {
+            throw new InvalidArgumentException(sprintf(
+                'LTI Platform not returned for Registration %s',
+                $ltiRegistration->getId()
+            ));
+        }
+
+        if (null === $ltiRegistration->getLtiTool()) {
+            throw new InvalidArgumentException(sprintf(
+                'LTI Tool not returned for Registration %s',
+                $ltiRegistration->getId()
+            ));
+        }
+
+        $ltiPlatformKeyChain = $ltiRegistration->getPlatformKeyChain();
+        $ltiToolKeyChain = $ltiRegistration->getToolKeyChain();
+
+        return new Registration(
+            $ltiRegistration->getId(),
+            $ltiRegistration->getClientId(),
+            $this->platformConverter->convert($ltiRegistration->getLtiPlatform()),
+            $this->toolConverter->convert($ltiRegistration->getLtiTool()),
+            $ltiRegistration->getDeploymentIds(),
+            $ltiPlatformKeyChain
+            && $ltiPlatformKeyChain->getPublicKey()
+            && $ltiPlatformKeyChain->getPrivateKey()
+            && $ltiPlatformKeyChain->getKeySetName()
+                ? $this->keyChainFactory->create(
+                $ltiPlatformKeyChain?->getId(),
+                $ltiPlatformKeyChain?->getKeySetName(),
+                $ltiPlatformKeyChain?->getPublicKey(),
+                $ltiPlatformKeyChain?->getPrivateKey(),
+                $ltiPlatformKeyChain?->getPrivateKeyPassphrase(),
+            )
+                : null,
+            $ltiToolKeyChain
+            && $ltiToolKeyChain->getPublicKey()
+            && $ltiToolKeyChain->getPrivateKey()
+            && $ltiToolKeyChain->getKeySetName()
+                ? $this->keyChainFactory->create(
+                $ltiToolKeyChain->getId(),
+                $ltiToolKeyChain->getKeySetName(),
+                $ltiToolKeyChain->getPublicKey(),
+                $ltiToolKeyChain->getPrivateKey(),
+                $ltiToolKeyChain->getPrivateKeyPassphrase(),
+            )
+                : null,
+            $ltiRegistration->getPlatformJwksUrl(),
+            $ltiRegistration->getToolJwksUrl()
+        );
+    }
+
+    public function convertWithTenantId(LtiRegistration $ltiRegistration): TenantAwareRegistrationInterface
+    {
+        return TenantAwareRegistration::fromBaseRegistration(
+            $this->convert($ltiRegistration),
+            $ltiRegistration->getTenantId()
+        );
+    }
+}

src/Converter/LtiToolConverter.php

@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; under version 2
+ * of the License (non-upgradable).
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Copyright (c) 2022 (original work) Open Assessment Technologies SA;
+ */
+
+declare(strict_types=1);
+
+namespace OAT\Library\EnvironmentManagementClient\Converter;
+
+use OAT\Library\EnvironmentManagementClient\Model\LtiTool;
+use OAT\Library\Lti1p3Core\Tool\Tool;
+use OAT\Library\Lti1p3Core\Tool\ToolInterface;
+
+class LtiToolConverter
+{
+    public function convert(LtiTool $tool): ToolInterface
+    {
+        return new Tool(
+            $tool->getId(),
+            $tool->getName(),
+            $tool->getAudience(),
+            $tool->getOidcInitiationUrl(),
+            $tool->getLaunchUrl(),
+            $tool->getDeepLinkingUrl()
+        );
+    }
+}

src/Grpc/OAuth2ClientRepository.php

@@ -22,11 +22,16 @@
 
 namespace OAT\Library\EnvironmentManagementClient\Grpc;
 
+use Oat\Envmgmt\Common\Oauth2ClientSecret;
+use Oat\Envmgmt\Common\Oauth2UserPassword;
 use Oat\Envmgmt\Sidecar\GetClientRequest;
 use Oat\Envmgmt\Sidecar\GetClientUserRequest;
 use Oat\Envmgmt\Sidecar\Oauth2ClientServiceClient;
+use Oat\Envmgmt\Sidecar\ValidateClientSecretRequest;
+use Oat\Envmgmt\Sidecar\ValidateUserPasswordRequest;
 use OAT\Library\EnvironmentManagementClient\Model\OAuth2Client;
 use OAT\Library\EnvironmentManagementClient\Model\OAuth2User;
+use OAT\Library\EnvironmentManagementClient\Model\ValidationResult;
 use OAT\Library\EnvironmentManagementClient\Repository\OAuth2ClientRepositoryInterface;
 use Psr\Log\LoggerInterface;
 use Psr\Log\NullLogger;
@@ -87,4 +92,60 @@ public function findUser(string $clientId, string $username): Oauth2User
             )
         );
     }
+
+    public function validateClientSecret(string $clientId, string $clientSecret): ValidationResult
+    {
+        $grpcRequest = new ValidateClientSecretRequest();
+        $oauth2ClientSecret = new Oauth2ClientSecret();
+
+        $oauth2ClientSecret
+            ->setId($clientId)
+            ->setSecret($clientSecret);
+
+        $grpcRequest
+            ->setOauth2ClientSecret($oauth2ClientSecret);
+
+        $this->checkClientAvailability($this->grpcClient);
+
+        $this->logger->debug('Validating OAuth2 Secret of Client', [
+            'clientId' => $clientId,
+            'grpc_endpoint' => $this->grpcClient->getTarget(),
+        ]);
+
+        return ValidationResult::fromProtobuf(
+            $this->doUnaryCall(
+                $this->grpcClient->ValidateClientSecret($grpcRequest, [], ['timeout' => 10 * 1000000]),
+                GetClientUserRequest::class,
+            )
+        );
+    }
+
+    public function validateUserPassword(string $clientId, string $username, string $password): ValidationResult
+    {
+        $grpcRequest = new ValidateUserPasswordRequest();
+        $Oauth2UserPassword = new Oauth2UserPassword();
+
+        $Oauth2UserPassword
+            ->setId($clientId)
+            ->setUsername($username)
+            ->setPassword($password);
+
+        $grpcRequest
+            ->setOauth2UserPassword($Oauth2UserPassword);
+
+        $this->checkClientAvailability($this->grpcClient);
+
+        $this->logger->debug('Fetching OAuth2 User password of Client', [
+            'clientId' => $clientId,
+            'username' => $username,
+            'grpc_endpoint' => $this->grpcClient->getTarget(),
+        ]);
+
+        return ValidationResult::fromProtobuf(
+            $this->doUnaryCall(
+                $this->grpcClient->ValidateUserPassword($grpcRequest, [], ['timeout' => 10 * 1000000]),
+                ValidateUserPasswordRequest::class,
+            )
+        );
+    }
 }

src/Http/AuthorizationDetailsHeaderMarker.php

@@ -34,13 +34,17 @@ public function withAuthDetails(
         string $refreshTokenId,
         string $userIdentifier = null,
         string $userRole = null,
+        string $cookieDomain = null,
+        string $ltiToken = null,
         string $mode = self::MODE_COOKIE,
     ): ResponseInterface {
         return $response->withHeader(self::DEFAULT_HEADER_NAME, json_encode([
             'clientId' => $clientId,
             'refreshTokenId' => $refreshTokenId,
             'userIdentifier' => $userIdentifier,
             'userRole' => $userRole,
+            'cookieDomain' => $cookieDomain,
+            'ltiToken' => $ltiToken,
             'mode' => $mode,
         ]));
     }

src/Http/AuthorizationDetailsMarkerInterface.php

@@ -35,6 +35,8 @@ public function withAuthDetails(
         string $refreshTokenId,
         string $userIdentifier = null,
         string $userRole = null,
+        string $cookieDomain = null,
+        string $ltiToken = null,
         string $mode = self::MODE_COOKIE,
     ): ResponseInterface;
 }

src/Http/BearerJWTTokenExtractor.php

@@ -25,7 +25,7 @@
 use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
-use Lcobucci\JWT\Token;
+use Lcobucci\JWT\Token\Plain;
 use OAT\Library\EnvironmentManagementClient\Exception\EnvironmentManagementClientException;
 use OAT\Library\EnvironmentManagementClient\Exception\TokenUnauthorizedException;
 use Psr\Http\Message\ServerRequestInterface;
@@ -37,7 +37,7 @@ final class BearerJWTTokenExtractor implements JWTTokenExtractorInterface
      * @throws TokenUnauthorizedException
      * @throws EnvironmentManagementClientException
      */
-    public function extract(ServerRequestInterface $request): Token
+    public function extract(ServerRequestInterface $request): Plain
     {
         if (false === $request->hasHeader('authorization')) {
             throw new TokenUnauthorizedException('Missing Authorization header');

src/Http/JWTTokenExtractorInterface.php

@@ -22,7 +22,7 @@
 
 namespace OAT\Library\EnvironmentManagementClient\Http;
 
-use Lcobucci\JWT\Token;
+use Lcobucci\JWT\Token\Plain;
 use OAT\Library\EnvironmentManagementClient\Exception\TokenUnauthorizedException;
 use Psr\Http\Message\ServerRequestInterface;
 
@@ -31,5 +31,5 @@ interface JWTTokenExtractorInterface
     /**
      * @throws TokenUnauthorizedException
      */
-    public function extract(ServerRequestInterface $request): Token;
+    public function extract(ServerRequestInterface $request): Plain;
 }