func (this *environment) getInfo(isMain bool, idp idpdb.Element, codTok *codeToken) (frTa string, tok *token.Element, tagToAttrs map[string]map[string]interface{}, err error) { params := map[string]interface{}{} // grant_type params[tagGrant_type] = tagCooperation_code // code params[tagCode] = codTok.code() // claims if isMain { // TODO 受け取り方を考えないと。 } // user_claims // TODO 受け取り方を考えないと。 // client_assertion_type params[tagClient_assertion_type] = cliAssTypeJwt_bearer // client_assertion keys, err := this.keyDb.Get() if err != nil { return "", nil, nil, erro.Wrap(err) } ass, err := makeAssertion(this.handler, keys, idp.CoopToUri()) if err != nil { return "", nil, nil, erro.Wrap(err) } params[tagClient_assertion] = string(ass) data, err := json.Marshal(params) if err != nil { return "", nil, nil, erro.Wrap(err) } r, err := http.NewRequest("POST", idp.CoopToUri(), bytes.NewReader(data)) r.Header.Set(tagContent_type, contTypeJson) log.Debug(this.logPref, "Made main cooperation-to request") server.LogRequest(level.DEBUG, r, this.debug, this.logPref) resp, err := this.conn.Do(r) if err != nil { return "", nil, nil, erro.Wrap(err) } defer resp.Body.Close() server.LogResponse(level.DEBUG, resp, this.debug, this.logPref) if resp.StatusCode != http.StatusOK { var buff struct { Error string Error_description string } if err := json.NewDecoder(resp.Body).Decode(&buff); err != nil { return "", nil, nil, erro.Wrap(err) } return "", nil, nil, erro.Wrap(idperr.New(buff.Error, buff.Error_description, resp.StatusCode, nil)) } coopResp, err := parseCoopResponse(resp) if err != nil { return "", nil, nil, erro.Wrap(idperr.New(idperr.Access_denied, erro.Unwrap(err).Error(), http.StatusForbidden, err)) } idsTok, err := parseIdsToken(coopResp.idsToken()) if err != nil { return "", nil, nil, erro.Wrap(idperr.New(idperr.Access_denied, erro.Unwrap(err).Error(), http.StatusForbidden, err)) } else if err := idsTok.verify(idp.Keys()); err != nil { return "", nil, nil, erro.Wrap(idperr.New(idperr.Access_denied, erro.Unwrap(err).Error(), http.StatusForbidden, err)) } tagToAttrs = map[string]map[string]interface{}{} for acntTag := range codTok.accountTags() { attrs := idsTok.attributes()[acntTag] if attrs == nil { return "", nil, nil, erro.Wrap(idperr.New(idperr.Access_denied, "cannot get sub account tagged by "+acntTag, http.StatusForbidden, nil)) } tagToAttrs[acntTag] = attrs } if isMain { attrs := idsTok.attributes()[codTok.accountTag()] if attrs == nil { return "", nil, nil, erro.Wrap(idperr.New(idperr.Access_denied, "cannot get main account tagged by "+codTok.accountTag(), http.StatusForbidden, nil)) } tagToAttrs[codTok.accountTag()] = attrs if coopResp.token() == "" { return "", nil, nil, erro.Wrap(idperr.New(idperr.Access_denied, "cannot get token", http.StatusForbidden, nil)) } now := time.Now() tok = token.New(coopResp.token(), this.idGen.String(this.tokTagLen), now.Add(coopResp.expiresIn()), idsTok.idProvider(), coopResp.scope()) log.Info(this.logPref, "Got access token "+logutil.Mosaic(tok.Id())) if err := this.tokDb.Save(tok, now.Add(this.tokDbExpIn)); err != nil { return "", nil, nil, erro.Wrap(err) } log.Info(this.logPref, "Saved access token "+logutil.Mosaic(tok.Id())) } return idsTok.fromTa(), tok, tagToAttrs, nil }