From 061159b6cd672b679b894cdb80f3c8345b0fc978 Mon Sep 17 00:00:00 2001
From: Luca Frosini <luca.frosini@isti.cnr.it>
Date: Wed, 15 Dec 2021 15:58:32 +0100
Subject: [PATCH] Setting TokenResponse in place of RefreshToken

---
 .../utils/clientid/ClienIDManager.java        |  9 +++-----
 .../authorization/utils/secret/JWTSecret.java | 23 +++++++++++++------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java b/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java
index 5e9f394..ecaf4f7 100644
--- a/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java
+++ b/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDManager.java
@@ -3,8 +3,6 @@ package org.gcube.common.authorization.utils.clientid;
 import org.gcube.common.authorization.utils.secret.JWTSecret;
 import org.gcube.common.authorization.utils.secret.Secret;
 import org.gcube.common.keycloak.KeycloakClientFactory;
-import org.gcube.common.keycloak.model.ModelUtils;
-import org.gcube.common.keycloak.model.RefreshToken;
 import org.gcube.common.keycloak.model.TokenResponse;
 
 /**
@@ -21,13 +19,12 @@ public class ClienIDManager implements RenewalProvider {
 	}
 	
 	public Secret getSecret() throws Exception {
-		TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
+		TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
 		
-		JWTSecret jwtSecret = new JWTSecret(tr.getAccessToken());
+		JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
 		jwtSecret.setRenewalProvider(this);
 		
-		RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(tr);
-		jwtSecret.setRefreshToken(refreshToken);
+		jwtSecret.setTokenResponse(tokenResponse);
 		
 		return jwtSecret;
 	}
diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
index fdc8c0a..2dfe86d 100644
--- a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
@@ -19,7 +19,9 @@ import org.gcube.common.authorization.utils.user.KeycloakUser;
 import org.gcube.common.authorization.utils.user.User;
 import org.gcube.common.keycloak.KeycloakClientFactory;
 import org.gcube.common.keycloak.model.AccessToken;
+import org.gcube.common.keycloak.model.ModelUtils;
 import org.gcube.common.keycloak.model.RefreshToken;
+import org.gcube.common.keycloak.model.TokenResponse;
 import org.gcube.common.keycloak.model.util.Time;
 import org.gcube.common.scope.impl.ScopeBean;
 import org.slf4j.Logger;
@@ -40,7 +42,7 @@ public class JWTSecret extends Secret {
 	public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
 	
 	protected AccessToken accessToken;
-	protected RefreshToken refreshToken;
+	protected TokenResponse tokenResponse;
 	protected RenewalProvider renewalProvider; 
 	
 	public JWTSecret(String token) {
@@ -54,10 +56,9 @@ public class JWTSecret extends Secret {
 			
 			if(Time.currentTimeMillis()>=(accessToken.getExp()-TOLERANCE)) {
 				expired = true;
-				if(refreshToken!=null) {
+				if(tokenResponse!=null) {
 					try {
-						ObjectMapper mapper = new ObjectMapper();
-						KeycloakClientFactory.newInstance().refreshToken(getUsername(), mapper.writeValueAsString(refreshToken));
+						KeycloakClientFactory.newInstance().refreshToken(getUsername(), tokenResponse);
 						expired = false;
 					}catch (Exception e) {
 						logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e);
@@ -153,8 +154,8 @@ public class JWTSecret extends Secret {
 		this.renewalProvider = renewalProvider;
 	}
 
-	public void setRefreshToken(RefreshToken refreshToken) {
-		this.refreshToken = refreshToken;
+	public void setTokenResponse(TokenResponse tokenResponse) {
+		this.tokenResponse = tokenResponse;
 	}
 	
 	protected boolean isExpired(AccessToken accessToken) {
@@ -168,7 +169,15 @@ public class JWTSecret extends Secret {
 
 	@Override
 	public boolean isRefreshable() {
-		return refreshToken!=null && isExpired(refreshToken);
+		if(tokenResponse!=null) {
+			try {
+				RefreshToken  refreshToken = ModelUtils.getRefreshTokenFrom(tokenResponse);
+				return isExpired(refreshToken);
+			} catch (Exception e) {
+				return false;
+			}
+		}
+		return false;
 	}
 	
 	@Override