Draft showing WIP testing approach.

2020-10-13 12:02:46 -07:00 · 2020-10-13 12:02:46 -07:00 · 9ed4d33b3a
parent 5d25da1a8d
commit 9ed4d33b3a
2 changed files with 203 additions and 0 deletions
--- a/google/internal/oauth/stsExchange.go
+++ b/google/internal/oauth/stsExchange.go
@ -0,0 +1,90 @@
+package externalaccount
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+)
+
+func ExchangeToken(endpoint string, request *STSTokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*STSTokenExchangeResponse, error) {
+
+	client := &http.Client{}
+
+	data := url.Values{}
+	data.Set("audience", request.Audience)
+	data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange")
+	data.Set("requested_token_type", "urn:ietf:params:oauth:token-type:access_token")
+	data.Set("subject_token_type", request.SubjectTokenType)
+	data.Set("subject_token", request.SubjectToken)
+	data.Set("scope", strings.Join(request.Scope, " "))
+
+	//req, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode()))
+	//if err != nil {
+	//	fmt.Errorf("oauth2/google: failed to properly build http request")
+	//}
+	//for key, _ := range headers {
+	//	for _, val := range headers.Values(key) {
+	//		req.Header.Add(key, val)
+	//	}
+	//}
+	//if authentication.ClientID != "" && authentication.ClientSecret != "" {
+	//	plainHeader := authentication.ClientID + ":" + authentication.ClientSecret
+	//	req.Header.Add("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(plainHeader)))
+	//}
+	//req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
+	authentication.InjectAuthentication(&data, &headers)
+	req, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode()))
+	if err != nil {
+		fmt.Errorf("oauth2/google: failed to properly build http request")
+	}
+	for key, _ := range headers {
+		for _, val := range headers.Values(key) {
+			req.Header.Add(key, val)
+		}
+	}
+	req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
+
+
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Errorf("oauth2/google: invalid response from Secure Token Server: #{err}")
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		fmt.Errorf("oauth2/google: invalid body in Secute Token Server response: #{err}")
+	}
+	var stsResp STSTokenExchangeResponse
+	err = json.Unmarshal(body, &stsResp)
+	if err != nil {
+		fmt.Println(err)
+	}
+	return &stsResp, nil
+}
+
+type STSTokenExchangeRequest struct {
+	ActingParty struct {
+		ActorToken     string
+		ActorTokenType string
+	}
+	GrantType          string
+	Resource           string
+	Audience           string
+	Scope              []string
+	RequestedTokenType string
+	SubjectToken       string
+	SubjectTokenType   string
+}
+
+type STSTokenExchangeResponse struct {
+	AccessToken     string `json:"access_token"`
+	IssuedTokenType string `json:"issued_token_type"`
+	TokenType       string `json:"token_type"`
+	ExpiresIn       int    `json:"expires_in"`
+	Scope           string `json:"scope"`
+	RefreshToken    string `json:"refresh_token"`
+}
--- a/google/internal/oauth/stsExchange_test.go
+++ b/google/internal/oauth/stsExchange_test.go
@ -0,0 +1,113 @@
+package externalaccount
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+stsExchange_test.go
+
+package externalaccount
+
+import (
+"github.com/google/go-cmp/cmp"
+"golang.org/x/oauth2"
+"net/http"
+"net/http/httptest"
+"testing"
+)
+
+var auth = ClientAuthentication{
+	AuthStyle: oauth2.AuthStyleInHeader,
+	ClientID: clientID,
+	ClientSecret: clientSecret,
+}
+
+var tokenRequest = STSTokenExchangeRequest{
+	ActingParty: struct {
+		ActorToken     string
+		ActorTokenType string
+	}{},
+	GrantType:          "urn:ietf:params:oauth:grant-type:token-exchange",
+	Resource:           "",
+	Audience:           "32555940559.apps.googleusercontent.com",  //TODO: Make sure audience is correct in this test (might be mismatched)
+	Scope:              []string{"https://www.googleapis.com/auth/devstorage.full_control"},
+	RequestedTokenType: "urn:ietf:params:oauth:token-type:access_token",
+	SubjectToken:       "eyJhbGciOiJSUzI1NiIsImtpZCI6IjJjNmZhNmY1OTUwYTdjZTQ2NWZjZjI0N2FhMGIwOTQ4MjhhYzk1MmMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF1ZCI6IjMyNTU1OTQwNTU5LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTEzMzE4NTQxMDA5MDU3Mzc4MzI4IiwiaGQiOiJnb29nbGUuY29tIiwiZW1haWwiOiJpdGh1cmllbEBnb29nbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJyWUtBTjZwX21rS0U4U2ItN3ZGalBBIiwiaWF0IjoxNjAxNTk0NDY1LCJleHAiOjE2MDE1OTgwNjV9.mWOLjD6ghfgrFNcm_1h-wrpLlKFc2WSS13lu2L5t4549uYhX5DEbI7MmeUEwXSffrns1ljcdbJm4nXymXK3AH6ftRV17O3BnOsWngxKj5eKhzOMF308YNXjBKTDiu_crzjCpf_2ng03IIGbFsTvAUx4wvWhnFO-z4xl2tb13OMCxpkw52dO1ZcFhw0d_1iUj_q0UL9E15ADL4SOr-BVtXerWPhNVBplTw8gzL4HHmo2GGUA_ilQpJzD528BKLygemqy1taXZwOGJEAUYkcKm8DhA0NJWneUyqHN6qbs0wm_d_nZsiFx9CIDblt1dUkgfuPIsno-xrkkkwubcv1WlgA",
+	SubjectTokenType:   "urn:ietf:params:oauth:token-type:jwt",
+}
+
+var serverReq = http.Request{
+	Method:           "POSTURL:/",
+	URL:              nil,
+	Proto:            "HTTP/1.1",
+	ProtoMajor:       1,
+	ProtoMinor:       1,
+	Header:           map[string][]string{
+		"Accept-Encoding": []string{"gzip"},
+		"Authorization": []string{"Basic cmJyZ25vZ25yaG9uZ28zYmk0Z2I5Z2hnOWc6bm90c29zZWNyZXQ="},
+		"Content-Length": []string{"1192"},
+		"Content-Type": []string{"application/x-www-form-urlencoded"},
+		"User-Agent": []string{"Go-http-client/1.1"},
+	},
+	Body:             nil, //TODO: Oh god how do I get this...
+	ContentLength:    1192,
+	Close:            false,
+	Host:             "127.0.0.1:41147", //TODO: Does this conflict due to separate addresses?
+	Form:             nil,  //TODO: Should Form, PostForm, TransferEncoding, etc be initialized with Make?
+	PostForm:         nil,
+	MultipartForm:    nil,
+	Trailer:          nil,
+	RemoteAddr:       "127.0.0.1:52760",
+	RequestURI:       "/",
+	TLS:              nil,
+	Cancel:           nil,
+	Response:         nil,
+	//TODO: I hope to God that I don't need to set ctx for the comparison...
+}
+
+var serverResp = http.Response{
+	Status:           "200 OK",
+	StatusCode:       200,
+	Proto:            "HTTP/1.1",
+	ProtoMajor:       1,
+	ProtoMinor:       1,
+	Header:           map[string][]string{
+		"Connection":[]string{"keep-alive"},
+		"Content-Length":[]string{"362"},
+		"Content-Type":[]string{"application/json; charset=utf-8"},
+		"Date":[]string{"Wed, 07 Oct 2020 21:54:27 GMT"},
+		"X-Powered-By":[]string{"Express"},
+	},
+	Body:             nil,
+	ContentLength:    0,
+	TransferEncoding: nil,
+	Close:            false,
+	Uncompressed:     false,
+	Trailer:          nil,
+	Request:          nil,
+	TLS:              nil,
+}
+
+func TestExchangeToken(t *testing.T) {
+
+
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if diff := cmp.Diff(*r, serverReq); diff != "" {
+			t.Errorf("mismatched messages received by mock server (-want +got): \n%s", diff)
+		}
+
+		return
+	}))
+
+	headers := make(map[string][]string)
+	headers["Content-Type"] = []string{"application/x-www-form-urlencoded"}
+
+	//TODO: Call TokenExchange, make sure I get the right results
+	resp, err := ExchangeToken(ts.URL, &tokenRequest, auth, headers, nil)
+	if err != nil {
+		t.Errorf("ExchangeToken failed with error: %s", err)
+	}
+}