Merge branch 'main' into JCL-359-deny-request-method

Author: acoburn

access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantSession.java

@@ -104,6 +104,12 @@ public String getId() {
         return id;
     }
 
+    @Override
+    public void reset() {
+        session.reset();
+        tokenCache.invalidateAll();
+    }
+
     @Override
     public Optional<URI> getPrincipal() {
         return session.getPrincipal();

access-grant/src/test/java/com/inrupt/client/accessgrant/AccessGrantSessionTest.java

@@ -24,8 +24,11 @@
 import static org.junit.jupiter.api.Assertions.*;
 
 import com.inrupt.client.Request;
+import com.inrupt.client.auth.Authenticator;
+import com.inrupt.client.auth.Challenge;
 import com.inrupt.client.auth.Credential;
 import com.inrupt.client.auth.Session;
+import com.inrupt.client.openid.OpenIdAuthenticationProvider;
 import com.inrupt.client.openid.OpenIdSession;
 import com.inrupt.client.util.URIBuilder;
 
@@ -106,6 +109,32 @@ void testAccessGrantSession() throws IOException {
         }
     }
 
+    @Test
+    void testProtectedResource() throws IOException {
+        final Map<String, Object> claims = new HashMap<>();
+        claims.put("webid", WEBID);
+        claims.put("sub", SUB);
+        claims.put("iss", ISS);
+        claims.put("azp", AZP);
+
+        final String token = AccessGrantTestUtils.generateIdToken(claims);
+
+        try (final InputStream resource = AccessGrantTest.class.getResourceAsStream("/access_grant3.json")) {
+            final AccessGrant grant = AccessGrant.ofAccessGrant(resource);
+            final Session session = AccessGrantSession.ofAccessGrant(OpenIdSession.ofIdToken(token), grant);
+            final Request req = Request.newBuilder(URI.create("https://storage.example/protected-resource")).build();
+            final Authenticator auth = new OpenIdAuthenticationProvider().getAuthenticator(Challenge.of("Bearer"));
+
+            final Optional<Credential> credential = session.authenticate(auth, req, Collections.emptySet())
+                .toCompletableFuture().join();
+
+            assertTrue(credential.isPresent());
+            assertTrue(session.fromCache(req).isPresent());
+            session.reset();
+            assertFalse(session.fromCache(req).isPresent());
+        }
+    }
+
     @ParameterizedTest
     @MethodSource
     void ancestors(final URI parent, final URI resource, final boolean expected) {

access-grant/src/test/resources/access_grant3.json

@@ -0,0 +1,31 @@
+{
+    "@context": ["https://www.w3.org/2018/credentials/v1"],
+    "type": ["VerifiablePresentation"],
+    "verifiableCredential": [{
+        "@context":[
+            "https://www.w3.org/2018/credentials/v1",
+            "https://w3id.org/security/suites/ed25519-2020/v1",
+            "https://w3id.org/vc-revocation-list-2020/v1",
+            "https://schema.inrupt.com/credentials/v1.jsonld"],
+        "id":"https://accessgrant.example/credential/5c6060ad-2f16-4bc1-b022-dffb46bff626",
+        "type":["VerifiableCredential","SolidAccessGrant"],
+        "issuer":"https://accessgrant.example",
+        "expirationDate":"2022-08-27T12:00:00Z",
+        "issuanceDate":"2022-08-25T20:34:05.153Z",
+        "credentialSubject":{
+            "id":"https://id.example/grantor",
+            "providedConsent":{
+                "mode":["Read"],
+                "hasStatus":"https://w3id.org/GConsent#ConsentStatusExplicitlyGiven",
+                "isProvidedToPerson":"https://id.example/grantee",
+                "forPurpose":["https://purpose.example/Purpose1"],
+                "forPersonalData":["https://storage.example/protected-resource"]}},
+        "proof":{
+            "created":"2022-08-25T20:34:05.236Z",
+            "proofPurpose":"assertionMethod",
+            "proofValue":"nIeQF44XVik7onnAbdkbp8xxJ2C8JoTw6-VtCkAzxuWYRFsSfYpft5MuAJaivyeKDmaK82Lj_YsME2xgL2WIBQ",
+            "type":"Ed25519Signature2020",
+            "verificationMethod":"https://accessgrant.example/key/1e332728-4af5-46e4-a5db-4f7b89e3f378"}
+    }]
+}
+

api/src/main/java/com/inrupt/client/auth/Session.java

@@ -93,6 +93,11 @@ public interface Session {
      */
     Optional<String> selectThumbprint(Collection<String> algorithms);
 
+    /**
+     * Reset the session state, clearing any internal caches.
+     */
+    void reset();
+
     /**
      * Fetch an authentication token from session values.
      *
@@ -159,6 +164,11 @@ public Optional<String> selectThumbprint(final Collection<String> algorithms) {
                 return Optional.empty();
             }
 
+            @Override
+            public void reset() {
+                // no-op
+            }
+
             @Override
             public CompletionStage<Optional<Credential>> authenticate(final Authenticator authenticator,
                     final Request request, final Set<String> algorithms) {

api/src/main/java/com/inrupt/client/spi/NoopCache.java

@@ -33,23 +33,26 @@
  */
 class NoopCache<T, U> implements ClientCache<T, U> {
 
+    private static final String KEY_NOT_NULL = "cache key may not be null!";
+    private static final String VALUE_NOT_NULL = "cache value may not be null!";
+
     @Override
     public U get(final T key) {
-        Objects.requireNonNull(key, "cache key may not be null!");
+        Objects.requireNonNull(key, KEY_NOT_NULL);
         return null;
     }
 
     @Override
     public void put(final T key, final U value) {
         /* no-op */
-        Objects.requireNonNull(key, "cache key may not be null!");
-        Objects.requireNonNull(value, "cache value may not be null!");
+        Objects.requireNonNull(key, KEY_NOT_NULL);
+        Objects.requireNonNull(value, VALUE_NOT_NULL);
     }
 
     @Override
     public void invalidate(final T key) {
         /* no-op */
-        Objects.requireNonNull(key, "cache key may not be null!");
+        Objects.requireNonNull(key, KEY_NOT_NULL);
     }
 
     @Override
@@ -60,7 +63,7 @@ public void invalidateAll() {
     public static class NoopCacheBuilder implements CacheBuilderService {
         @Override
         public <T, U> ClientCache<T, U> build(final int size, final Duration duration) {
-            return new NoopCache<T, U>();
+            return new NoopCache<>();
         }
     }
 }

caffeine/src/main/java/com/inrupt/client/caffeine/CaffeineCacheBuilder.java

@@ -49,7 +49,7 @@ public <T, U> ClientCache<T, U> build(final int maximumSize, final Duration dura
      * @return a cache suitable for use in the Inrupt Client libraries
      */
     public static <T, U> ClientCache<T, U> ofCache(final Cache<T, U> cache) {
-        return new CaffeineCache<T, U>(cache);
+        return new CaffeineCache<>(cache);
     }
 }
 

guava/src/main/java/com/inrupt/client/guava/GuavaCache.java

@@ -33,6 +33,9 @@
  */
 public class GuavaCache<T, U> implements ClientCache<T, U> {
 
+    private static final String KEY_NOT_NULL = "cache key may not be null!";
+    private static final String VALUE_NOT_NULL = "cache value may not be null!";
+
     private final Cache<T, U> cache;
 
     /**
@@ -41,25 +44,25 @@ public class GuavaCache<T, U> implements ClientCache<T, U> {
      * @param cache the guava cache
      */
     public GuavaCache(final Cache<T, U> cache) {
-        this.cache = Objects.requireNonNull(cache, "cache may not be null!");
+        this.cache = Objects.requireNonNull(cache, KEY_NOT_NULL);
     }
 
     @Override
     public U get(final T key) {
-        Objects.requireNonNull(key, "cache key may not be null!");
+        Objects.requireNonNull(key, KEY_NOT_NULL);
         return cache.getIfPresent(key);
     }
 
     @Override
     public void put(final T key, final U value) {
-        Objects.requireNonNull(key, "cache key may not be null!");
-        Objects.requireNonNull(value, "cache value may not be null!");
+        Objects.requireNonNull(key, KEY_NOT_NULL);
+        Objects.requireNonNull(value, VALUE_NOT_NULL);
         cache.put(key, value);
     }
 
     @Override
     public void invalidate(final T key) {
-        Objects.requireNonNull(key, "cache key may not be null!");
+        Objects.requireNonNull(key, KEY_NOT_NULL);
         cache.invalidate(key);
     }
 

guava/src/main/java/com/inrupt/client/guava/GuavaCacheBuilder.java

@@ -50,7 +50,7 @@ public <T, U> ClientCache<T, U> build(final int maximumSize, final Duration dura
      * @return a cache suitable for use in the Inrupt Client libraries
      */
     public static <T, U> ClientCache<T, U> ofCache(final Cache<T, U> cache) {
-        return new GuavaCache<T, U>(cache);
+        return new GuavaCache<>(cache);
     }
 }
 

openid/src/main/java/com/inrupt/client/openid/OpenIdSession.java

@@ -230,6 +230,12 @@ public Optional<Credential> fromCache(final Request request) {
         return Optional.empty();
     }
 
+    @Override
+    public void reset() {
+        credential.set(null);
+        requestCache.invalidateAll();
+    }
+
     @Override
     public CompletionStage<Optional<Credential>> authenticate(final Authenticator auth,
             final Request request, final Set<String> algorithms) {

openid/src/test/java/com/inrupt/client/openid/OpenIdSessionTest.java

@@ -28,6 +28,7 @@
 
 import com.inrupt.client.Request;
 import com.inrupt.client.auth.Authenticator;
+import com.inrupt.client.auth.Challenge;
 import com.inrupt.client.auth.Credential;
 import com.inrupt.client.auth.DPoP;
 import com.inrupt.client.auth.Session;
@@ -158,9 +159,14 @@ void testClientCredentials() {
         final Optional<URI> principal = session.getPrincipal();
         assertEquals(Optional.of(URI.create(WEBID)), principal);
         assertFalse(session.fromCache(null).isPresent());
-        final Optional<Credential> credential = session.authenticate(null, Collections.emptySet())
+        final Authenticator auth = new OpenIdAuthenticationProvider().getAuthenticator(Challenge.of("Bearer"));
+        final Request req = Request.newBuilder(URI.create("https://storage.example")).build();
+        final Optional<Credential> credential = session.authenticate(auth, req, Collections.emptySet())
             .toCompletableFuture().join();
         assertEquals(Optional.of(URI.create(WEBID)), credential.flatMap(Credential::getPrincipal));
+        assertTrue(session.fromCache(req).isPresent());
+        session.reset();
+        assertFalse(session.fromCache(req).isPresent());
     }
 
     @Test