2018-05-17 12:52:17 +02:00
|
|
|
package org.gcube.dataharvest.utils;
|
|
|
|
|
|
|
|
import java.util.HashMap;
|
|
|
|
import java.util.LinkedHashMap;
|
|
|
|
import java.util.Map;
|
|
|
|
import java.util.Properties;
|
2018-05-18 12:00:10 +02:00
|
|
|
import java.util.SortedSet;
|
|
|
|
import java.util.TreeSet;
|
2018-05-17 12:52:17 +02:00
|
|
|
|
2022-09-01 14:08:36 +02:00
|
|
|
import javax.ws.rs.InternalServerErrorException;
|
|
|
|
|
|
|
|
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
|
|
|
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
|
|
|
import org.gcube.common.authorization.utils.secret.Secret;
|
|
|
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
|
|
|
import org.gcube.common.keycloak.model.TokenResponse;
|
2018-05-17 12:52:17 +02:00
|
|
|
import org.gcube.common.scope.impl.ScopeBean;
|
2019-12-03 16:46:46 +01:00
|
|
|
import org.gcube.dataharvest.AccountingDashboardHarvesterPlugin;
|
2018-05-18 16:05:11 +02:00
|
|
|
import org.gcube.resourcemanagement.support.server.managers.context.ContextManager;
|
2018-05-17 12:52:17 +02:00
|
|
|
import org.slf4j.Logger;
|
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
|
2018-05-18 14:17:54 +02:00
|
|
|
/**
|
|
|
|
* @author Luca Frosini (ISTI - CNR)
|
|
|
|
*/
|
2018-05-17 12:52:17 +02:00
|
|
|
public class ContextAuthorization {
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2018-05-17 12:52:17 +02:00
|
|
|
private static Logger logger = LoggerFactory.getLogger(ContextAuthorization.class);
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2022-09-01 14:08:36 +02:00
|
|
|
public static final String CLIENT_ID = "accounting-dashboard-harvester-se-plugin";
|
|
|
|
|
|
|
|
protected String clientSecret;
|
|
|
|
|
2018-05-17 12:52:17 +02:00
|
|
|
/**
|
|
|
|
* Contains Context full name as key and Token as Value
|
|
|
|
*/
|
2022-09-01 14:08:36 +02:00
|
|
|
protected Map<String,Secret> contextToToken;
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2018-05-17 12:52:17 +02:00
|
|
|
/**
|
|
|
|
* Contains Token as key and Context full name as Value
|
|
|
|
*/
|
2022-09-01 14:08:36 +02:00
|
|
|
protected Map<Secret,String> tokenToContext;
|
|
|
|
|
|
|
|
protected Properties properties;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Contains Properties used to generate tokens
|
|
|
|
*/
|
|
|
|
public ContextAuthorization(Properties properties) throws Exception {
|
|
|
|
this.properties = properties;
|
|
|
|
this.contextToToken = new HashMap<>();
|
|
|
|
this.tokenToContext = new HashMap<>();
|
|
|
|
retrieveContextsAndTokens();
|
|
|
|
|
|
|
|
}
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2018-05-17 12:52:17 +02:00
|
|
|
/**
|
|
|
|
* Contains Properties used to generate tokens
|
|
|
|
*/
|
2018-05-17 16:04:22 +02:00
|
|
|
public ContextAuthorization() throws Exception {
|
2022-09-01 14:08:36 +02:00
|
|
|
this.properties = AccountingDashboardHarvesterPlugin.getProperties().get();
|
2018-05-18 12:00:10 +02:00
|
|
|
this.contextToToken = new HashMap<>();
|
2018-05-17 12:52:17 +02:00
|
|
|
this.tokenToContext = new HashMap<>();
|
2018-05-17 16:04:22 +02:00
|
|
|
retrieveContextsAndTokens();
|
2018-05-17 12:52:17 +02:00
|
|
|
}
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2022-09-01 14:08:36 +02:00
|
|
|
private String getClientSecret(String context) {
|
|
|
|
try {
|
|
|
|
if(clientSecret==null) {
|
|
|
|
int index = context.indexOf('/', 1);
|
|
|
|
String root = context.substring(0, index == -1 ? context.length() : index);
|
|
|
|
clientSecret = properties.getProperty(root);
|
|
|
|
}
|
|
|
|
return clientSecret;
|
|
|
|
} catch(Exception e) {
|
|
|
|
throw new InternalServerErrorException(
|
|
|
|
"Unable to retrieve Application Token for context " + SecretManagerProvider.instance.get().getContext(), e);
|
2018-11-12 16:30:20 +01:00
|
|
|
}
|
2022-09-01 14:08:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
private TokenResponse getJWTAccessToken(String context) throws Exception {
|
|
|
|
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, getClientSecret(context), context, null);
|
|
|
|
return tr;
|
|
|
|
}
|
|
|
|
|
|
|
|
public Secret getCatalogueSecretForContext(String context) throws Exception {
|
|
|
|
TokenResponse tr = getJWTAccessToken(context);
|
|
|
|
Secret secret = new JWTSecret(tr.getAccessToken());
|
|
|
|
return secret;
|
2018-11-12 16:30:20 +01:00
|
|
|
}
|
|
|
|
|
2018-05-17 12:52:17 +02:00
|
|
|
protected void retrieveContextsAndTokens() throws Exception {
|
|
|
|
try {
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2018-05-18 16:05:11 +02:00
|
|
|
LinkedHashMap<String,ScopeBean> map = ContextManager.readContexts();
|
2022-09-01 14:08:36 +02:00
|
|
|
|
2018-05-17 12:52:17 +02:00
|
|
|
for(String scope : map.keySet()) {
|
|
|
|
try {
|
|
|
|
String context = map.get(scope).toString();
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2022-09-01 14:08:36 +02:00
|
|
|
Secret secret = getCatalogueSecretForContext(context);
|
2018-11-12 16:30:20 +01:00
|
|
|
|
2022-09-01 14:08:36 +02:00
|
|
|
contextToToken.put(context, secret);
|
|
|
|
tokenToContext.put(secret, context);
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2018-05-18 14:17:54 +02:00
|
|
|
} catch(Exception e) {
|
2018-05-17 12:52:17 +02:00
|
|
|
logger.error("Error while elaborating {}", scope, e);
|
|
|
|
throw e;
|
2022-09-01 14:08:36 +02:00
|
|
|
}
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2018-05-17 12:52:17 +02:00
|
|
|
}
|
2018-05-18 14:17:54 +02:00
|
|
|
} catch(Exception ex) {
|
2018-05-17 12:52:17 +02:00
|
|
|
throw ex;
|
2022-09-01 14:08:36 +02:00
|
|
|
}
|
2018-05-17 12:52:17 +02:00
|
|
|
}
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2022-09-01 14:08:36 +02:00
|
|
|
public Secret getSecretForContext(String context) {
|
|
|
|
return contextToToken.get(context);
|
2018-05-17 12:52:17 +02:00
|
|
|
}
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2022-09-01 14:08:36 +02:00
|
|
|
public String getContextFromSecret(Secret secret) {
|
|
|
|
return tokenToContext.get(secret);
|
2018-05-17 12:52:17 +02:00
|
|
|
}
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2018-05-18 14:17:54 +02:00
|
|
|
public SortedSet<String> getContexts() {
|
2018-05-18 12:00:10 +02:00
|
|
|
return new TreeSet<String>(contextToToken.keySet());
|
|
|
|
}
|
2018-05-28 16:22:44 +02:00
|
|
|
|
2018-05-17 12:52:17 +02:00
|
|
|
}
|