/*
  http-oauth - OAuth Extensions to jdk.httpserver
  Copyright (C) 2021  Ulrich Hilger

  This program is free software: you can redistribute it and/or modify
  it under the terms of the GNU Affero General Public License as
  published by the Free Software Foundation, either version 3 of the
  License, or (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU Affero General Public License for more details.

  You should have received a copy of the GNU Affero General Public License
  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
package de.uhilger.httpserver.oauth;

import com.sun.net.httpserver.HttpContext;
import com.sun.net.httpserver.HttpExchange;
import de.uhilger.httpserver.base.HttpHelper;
import static de.uhilger.httpserver.oauth.BearerLoginHandler.ATTR_AUTHENTICATOR;
import java.io.IOException;

/**
 * Einen abgelaufenen Token mit Hilfe eines Refresh Token erneuern
 * 
 * Gemaess
 * https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/
 * sieht die HTTP Anfrage zum Refresh wie folgt aus:
 * 
 * POST /oauth/token HTTP/1.1
 * Host: authorization-server.com
 *
 * grant_type=refresh_token
 * &amp;refresh_token=xxxxxxxxxxx
 * &amp;client_id=xxxxxxxxxx
 * &amp;client_secret=xxxxxxxxxx
 * 
 * @author Ulrich Hilger
 * @version 1, 08.06.2021
 */
public class BearerRefreshHandler extends BearerLoginHandler {

  /**
   * Refresh-Anfrage ausfuehren
   * 
   * @param exchange das Objekt mit Informationen zu HTTP-Anfrage und -Antwort
   * @throws IOException 
   */
  @Override
  public void handle(HttpExchange exchange) throws IOException {
    HttpHelper h = new HttpHelper();
    String body = h.bodyLesen(exchange);
    String[] parts = body.split("&");
    for(String part : parts) {
      String[] keyVals = part.split("=");
      if(keyVals[0].equalsIgnoreCase("refresh_token")) {
        HttpContext context = exchange.getHttpContext();
        Object o = context.getAttributes().get(ATTR_AUTHENTICATOR);
        if (o instanceof BearerAuthenticator) {
          BearerAuthenticator auth = (BearerAuthenticator) o;
          LoginResponse response = auth.refresh(keyVals[1]);
          handleLoginResponse(exchange, response);
        }        
      } 
    }            
  }
  
}