From 245bd08a109a2e09bb6891326914b65ac31bbb0b Mon Sep 17 00:00:00 2001
From: zachmann <gabriel.zachmann@kit.edu>
Date: Wed, 5 Oct 2022 14:18:41 +0200
Subject: [PATCH] update lib; add mytoken support

---
 go.mod          |  3 +-
 go.sum          | 13 ++++++--
 liboidcagent.go | 87 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 99 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 377131b..086d868 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,7 @@ go 1.11
 
 require (
 	github.com/adrg/xdg v0.4.0
-	github.com/stretchr/testify v1.7.0
+	github.com/oidc-mytoken/api v0.8.0
+	github.com/stretchr/testify v1.8.0
 	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
 )
diff --git a/go.sum b/go.sum
index 534aadc..7983044 100644
--- a/go.sum
+++ b/go.sum
@@ -1,12 +1,18 @@
 github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
 github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/oidc-mytoken/api v0.8.0 h1:V/8LyLcVtYX1xxj+r6KyShDYUhl1giHLPVB6dTZyQtk=
+github.com/oidc-mytoken/api v0.8.0/go.mod h1:DBIlUbaIgGlf607VZx8zFC97VR3WNN0kaMVO1AqyTdE=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -18,5 +24,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/liboidcagent.go b/liboidcagent.go
index ff7fa57..04b123f 100644
--- a/liboidcagent.go
+++ b/liboidcagent.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/adrg/xdg"
+	mytoken "github.com/oidc-mytoken/api/v0"
 )
 
 // TokenResponse is a parsed response from the oidc-agent
@@ -19,6 +20,16 @@ type TokenResponse struct {
 	ExpiresAt time.Time
 }
 
+// MytokenResponse is a parse response from the oidc-agent compatible with the struct from the mytoken api,
+// but with ExpiresAt set instead of ExpiresIn
+type MytokenResponse struct {
+	mytoken.MytokenResponse
+	OIDCIssuer    string
+	MytokenIssuer string
+	// The time when the token expires
+	ExpiresAt time.Time
+}
+
 // TokenRequest is used to request an access token from the agent
 type TokenRequest struct {
 	// ShortName that should be used (Can be omitted if IssuerURL is specified)
@@ -39,11 +50,27 @@ type TokenRequest struct {
 	ApplicationHint string
 }
 
+// MytokenRequest is used to request a  mytoken from the agent
+type MytokenRequest struct {
+	// ShortName that should be used
+	ShortName string
+	// A mytoken profile describing the properties of the requested mytoken
+	MytokenProfile string
+	// A string describing the requesting application (i.e. its name). It might
+	// be displayed to the user, if the request must be confirmed or an account
+	// configuration loaded.
+	ApplicationHint string
+}
+
 type tokenResponse struct {
 	Token     string `json:"access_token"`
 	Issuer    string `json:"issuer"`
 	ExpiresAt int64  `json:"expires_at"`
 
+	mytoken.MytokenResponse
+	OIDCIssuer    string `json:"oidc_issuer"`
+	MytokenIssuer string `json:"mytoken_issuer"`
+
 	Status string `json:"status,omitempty"`
 	Error  string `json:"error,omitempty"`
 	Help   string `json:"info,omitempty"`
@@ -57,6 +84,7 @@ type tokenRequest struct {
 	Audience        string `json:"audience,omitempty"`
 	ApplicationHint string `json:"application_hint,omitempty"`
 	MinValidPeriod  uint64 `json:"min_valid_period"`
+	MytokenProfile  string `json:"mytoken_profile"`
 }
 
 func (c *agentConnection) parseTokenResponse(rawResponse tokenResponse) (res TokenResponse, err error) {
@@ -83,6 +111,31 @@ func (c *agentConnection) parseTokenResponse(rawResponse tokenResponse) (res Tok
 	return
 }
 
+func (c *agentConnection) parseMytokenResponse(rawResponse tokenResponse) (res MytokenResponse, err error) {
+	if rawResponse.Error != "" {
+		err = OIDCAgentError{
+			err:    rawResponse.Error,
+			help:   rawResponse.Help,
+			remote: c.Socket.Remote,
+		}
+		return
+	}
+	if rawResponse.Status == "failure" {
+		err = OIDCAgentError{
+			err:    "unknown error",
+			remote: c.Socket.Remote,
+		}
+		return
+	}
+	res = MytokenResponse{
+		MytokenResponse: rawResponse.MytokenResponse,
+		OIDCIssuer:      rawResponse.OIDCIssuer,
+		MytokenIssuer:   rawResponse.MytokenIssuer,
+		ExpiresAt:       time.Unix(rawResponse.ExpiresAt, 0),
+	}
+	return
+}
+
 // GetTokenResponse gets a TokenResponse
 func GetTokenResponse(req TokenRequest) (resp TokenResponse, err error) {
 	if req.ShortName == "" && req.IssuerURL == "" {
@@ -120,6 +173,40 @@ func GetAccessToken(req TokenRequest) (string, error) {
 	return res.Token, err
 }
 
+// GetMytokenResponse gets a mytoken response from the agent
+func GetMytokenResponse(req MytokenRequest) (resp MytokenResponse, err error) {
+	if req.ShortName == "" {
+		err = OIDCAgentError{err: "'Shortname' not provided"}
+		return
+	}
+	conn, err := newEncryptedConn()
+	if err != nil {
+		return
+	}
+	defer conn.close()
+
+	rawReq := tokenRequest{
+		Request:         "mytoken",
+		AccountName:     req.ShortName,
+		MytokenProfile:  req.MytokenProfile,
+		ApplicationHint: req.ApplicationHint,
+	}
+	var rawResp tokenResponse
+	err = conn.sendJSONRequest(rawReq, &rawResp)
+	if err != nil {
+		return
+	}
+
+	resp, err = conn.parseMytokenResponse(rawResp)
+	return
+}
+
+// GetMytoken gets an mytoken
+func GetMytoken(req MytokenRequest) (string, error) {
+	res, err := GetMytokenResponse(req)
+	return res.Mytoken, err
+}
+
 func getLoadedAccounts() (accountNames []string, err error) {
 	conn, err := newEncryptedConn()
 	if err != nil {