From e034f868d3859e7e78e3f699e3853bd3c28edcbd Mon Sep 17 00:00:00 2001 From: Luca Frosini Date: Tue, 30 Nov 2021 17:39:26 +0100 Subject: [PATCH] Initial implementation --- .gitignore | 4 + CHANGELOG.md | 8 + LICENSE.md | 312 ++++++++++++++++++ README.md | 71 +++- pom.xml | 49 +++ .../utils/manager/SecretHolder.java | 53 +++ .../utils/manager/SecretManager.java | 80 +++++ .../provider/ClientIDSecretProvider.java | 16 + .../utils/provider/GCubeSecretProvider.java | 21 ++ .../utils/provider/JWTSecretProvider.java | 21 ++ .../utils/provider/SecretProvider.java | 12 + .../utils/secret/ClienIDSecret.java | 64 ++++ .../utils/secret/GCubeSecret.java | 69 ++++ .../authorization/utils/secret/JWTSecret.java | 42 +++ .../authorization/utils/secret/Secret.java | 78 +++++ 15 files changed, 899 insertions(+), 1 deletion(-) create mode 100644 .gitignore create mode 100644 CHANGELOG.md create mode 100644 LICENSE.md create mode 100644 pom.xml create mode 100644 src/main/java/org/gcube/common/authorization/utils/manager/SecretHolder.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/provider/GCubeSecretProvider.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/provider/JWTSecretProvider.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/provider/SecretProvider.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java create mode 100644 src/main/java/org/gcube/common/authorization/utils/secret/Secret.java diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0bc3c3c --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +/target/ +/.project +/.classpath +/.settings diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..2551052 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,8 @@ +This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +# Changelog for Authorization utils + +## [v1.0.0] + +- First Release + diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..3af0507 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,312 @@ +# European Union Public Licence V. 1.1 + + +EUPL © the European Community 2007 + + +This European Union Public Licence (the “EUPL”) applies to the Work or Software +(as defined below) which is provided under the terms of this Licence. Any use of +the Work, other than as authorised under this Licence is prohibited (to the +extent such use is covered by a right of the copyright holder of the Work). + +The Original Work is provided under the terms of this Licence when the Licensor +(as defined below) has placed the following notice immediately following the +copyright notice for the Original Work: + +Licensed under the EUPL V.1.1 + +or has expressed by any other mean his willingness to license under the EUPL. + + + +## 1. Definitions + +In this Licence, the following terms have the following meaning: + +- The Licence: this Licence. + +- The Original Work or the Software: the software distributed and/or + communicated by the Licensor under this Licence, available as Source Code and + also as Executable Code as the case may be. + +- Derivative Works: the works or software that could be created by the Licensee, + based upon the Original Work or modifications thereof. This Licence does not + define the extent of modification or dependence on the Original Work required + in order to classify a work as a Derivative Work; this extent is determined by + copyright law applicable in the country mentioned in Article 15. + +- The Work: the Original Work and/or its Derivative Works. + +- The Source Code: the human-readable form of the Work which is the most + convenient for people to study and modify. + +- The Executable Code: any code which has generally been compiled and which is + meant to be interpreted by a computer as a program. + +- The Licensor: the natural or legal person that distributes and/or communicates + the Work under the Licence. + +- Contributor(s): any natural or legal person who modifies the Work under the + Licence, or otherwise contributes to the creation of a Derivative Work. + +- The Licensee or “You”: any natural or legal person who makes any usage of the + Software under the terms of the Licence. + +- Distribution and/or Communication: any act of selling, giving, lending, + renting, distributing, communicating, transmitting, or otherwise making + available, on-line or off-line, copies of the Work or providing access to its + essential functionalities at the disposal of any other natural or legal + person. + + + +## 2. Scope of the rights granted by the Licence + +The Licensor hereby grants You a world-wide, royalty-free, non-exclusive, +sub-licensable licence to do the following, for the duration of copyright vested +in the Original Work: + +- use the Work in any circumstance and for all usage, reproduce the Work, modify +- the Original Work, and make Derivative Works based upon the Work, communicate +- to the public, including the right to make available or display the Work or +- copies thereof to the public and perform publicly, as the case may be, the +- Work, distribute the Work or copies thereof, lend and rent the Work or copies +- thereof, sub-license rights in the Work or copies thereof. + +Those rights can be exercised on any media, supports and formats, whether now +known or later invented, as far as the applicable law permits so. + +In the countries where moral rights apply, the Licensor waives his right to +exercise his moral right to the extent allowed by law in order to make effective +the licence of the economic rights here above listed. + +The Licensor grants to the Licensee royalty-free, non exclusive usage rights to +any patents held by the Licensor, to the extent necessary to make use of the +rights granted on the Work under this Licence. + + + +## 3. Communication of the Source Code + +The Licensor may provide the Work either in its Source Code form, or as +Executable Code. If the Work is provided as Executable Code, the Licensor +provides in addition a machine-readable copy of the Source Code of the Work +along with each copy of the Work that the Licensor distributes or indicates, in +a notice following the copyright notice attached to the Work, a repository where +the Source Code is easily and freely accessible for as long as the Licensor +continues to distribute and/or communicate the Work. + + + +## 4. Limitations on copyright + +Nothing in this Licence is intended to deprive the Licensee of the benefits from +any exception or limitation to the exclusive rights of the rights owners in the +Original Work or Software, of the exhaustion of those rights or of other +applicable limitations thereto. + + + +## 5. Obligations of the Licensee + +The grant of the rights mentioned above is subject to some restrictions and +obligations imposed on the Licensee. Those obligations are the following: + +Attribution right: the Licensee shall keep intact all copyright, patent or +trademarks notices and all notices that refer to the Licence and to the +disclaimer of warranties. The Licensee must include a copy of such notices and a +copy of the Licence with every copy of the Work he/she distributes and/or +communicates. The Licensee must cause any Derivative Work to carry prominent +notices stating that the Work has been modified and the date of modification. + +Copyleft clause: If the Licensee distributes and/or communicates copies of the +Original Works or Derivative Works based upon the Original Work, this +Distribution and/or Communication will be done under the terms of this Licence +or of a later version of this Licence unless the Original Work is expressly +distributed only under this version of the Licence. The Licensee (becoming +Licensor) cannot offer or impose any additional terms or conditions on the Work +or Derivative Work that alter or restrict the terms of the Licence. + +Compatibility clause: If the Licensee Distributes and/or Communicates Derivative +Works or copies thereof based upon both the Original Work and another work +licensed under a Compatible Licence, this Distribution and/or Communication can +be done under the terms of this Compatible Licence. For the sake of this clause, +“Compatible Licence” refers to the licences listed in the appendix attached to +this Licence. Should the Licensee’s obligations under the Compatible Licence +conflict with his/her obligations under this Licence, the obligations of the +Compatible Licence shall prevail. + +Provision of Source Code: When distributing and/or communicating copies of the +Work, the Licensee will provide a machine-readable copy of the Source Code or +indicate a repository where this Source will be easily and freely available for +as long as the Licensee continues to distribute and/or communicate the Work. + +Legal Protection: This Licence does not grant permission to use the trade names, +trademarks, service marks, or names of the Licensor, except as required for +reasonable and customary use in describing the origin of the Work and +reproducing the content of the copyright notice. + + + +## 6. Chain of Authorship + +The original Licensor warrants that the copyright in the Original Work granted +hereunder is owned by him/her or licensed to him/her and that he/she has the +power and authority to grant the Licence. + +Each Contributor warrants that the copyright in the modifications he/she brings +to the Work are owned by him/her or licensed to him/her and that he/she has the +power and authority to grant the Licence. + +Each time You accept the Licence, the original Licensor and subsequent +Contributors grant You a licence to their contributions to the Work, under the +terms of this Licence. + + + +## 7. Disclaimer of Warranty + +The Work is a work in progress, which is continuously improved by numerous +contributors. It is not a finished work and may therefore contain defects or +“bugs” inherent to this type of software development. + +For the above reason, the Work is provided under the Licence on an “as is” basis +and without warranties of any kind concerning the Work, including without +limitation merchantability, fitness for a particular purpose, absence of defects +or errors, accuracy, non-infringement of intellectual property rights other than +copyright as stated in Article 6 of this Licence. + +This disclaimer of warranty is an essential part of the Licence and a condition +for the grant of any rights to the Work. + + + +## 8. Disclaimer of Liability + +Except in the cases of wilful misconduct or damages directly caused to natural +persons, the Licensor will in no event be liable for any direct or indirect, +material or moral, damages of any kind, arising out of the Licence or of the use +of the Work, including without limitation, damages for loss of goodwill, work +stoppage, computer failure or malfunction, loss of data or any commercial +damage, even if the Licensor has been advised of the possibility of such +damage. However, the Licensor will be liable under statutory product liability +laws as far such laws apply to the Work. + + + +## 9. Additional agreements + +While distributing the Original Work or Derivative Works, You may choose to +conclude an additional agreement to offer, and charge a fee for, acceptance of +support, warranty, indemnity, or other liability obligations and/or services +consistent with this Licence. However, in accepting such obligations, You may +act only on your own behalf and on your sole responsibility, not on behalf of +the original Licensor or any other Contributor, and only if You agree to +indemnify, defend, and hold each Contributor harmless for any liability incurred +by, or claims asserted against such Contributor by the fact You have accepted +any such warranty or additional liability. + + + +## 10. Acceptance of the Licence + +The provisions of this Licence can be accepted by clicking on an icon “I agree” +placed under the bottom of a window displaying the text of this Licence or by +affirming consent in any other similar way, in accordance with the rules of +applicable law. Clicking on that icon indicates your clear and irrevocable +acceptance of this Licence and all of its terms and conditions. + +Similarly, you irrevocably accept this Licence and all of its terms and +conditions by exercising any rights granted to You by Article 2 of this Licence, +such as the use of the Work, the creation by You of a Derivative Work or the +Distribution and/or Communication by You of the Work or copies thereof. + + + +## 11. Information to the public + +In case of any Distribution and/or Communication of the Work by means of +electronic communication by You (for example, by offering to download the Work +from a remote location) the distribution channel or media (for example, a +website) must at least provide to the public the information requested by the +applicable law regarding the Licensor, the Licence and the way it may be +accessible, concluded, stored and reproduced by the Licensee. + + + +## 12. Termination of the Licence + +The Licence and the rights granted hereunder will terminate automatically upon +any breach by the Licensee of the terms of the Licence. + +Such a termination will not terminate the licences of any person who has +received the Work from the Licensee under the Licence, provided such persons +remain in full compliance with the Licence. + + + +## 13. Miscellaneous + +Without prejudice of Article 9 above, the Licence represents the complete +agreement between the Parties as to the Work licensed hereunder. + +If any provision of the Licence is invalid or unenforceable under applicable +law, this will not affect the validity or enforceability of the Licence as a +whole. Such provision will be construed and/or reformed so as necessary to make +it valid and enforceable. + +The European Commission may publish other linguistic versions and/or new +versions of this Licence, so far this is required and reasonable, without +reducing the scope of the rights granted by the Licence. New versions of the +Licence will be published with a unique version number. + +All linguistic versions of this Licence, approved by the European Commission, +have identical value. Parties can take advantage of the linguistic version of +their choice. + + + +## 14. Jurisdiction + +Any litigation resulting from the interpretation of this License, arising +between the European Commission, as a Licensor, and any Licensee, will be +subject to the jurisdiction of the Court of Justice of the European Communities, +as laid down in article 238 of the Treaty establishing the European Community. + +Any litigation arising between Parties, other than the European Commission, and +resulting from the interpretation of this License, will be subject to the +exclusive jurisdiction of the competent court where the Licensor resides or +conducts its primary business. + + + +## 15. Applicable Law + +This Licence shall be governed by the law of the European Union country where +the Licensor resides or has his registered office. + +This licence shall be governed by the Belgian law if: + +- a litigation arises between the European Commission, as a Licensor, and any +- Licensee; the Licensor, other than the European Commission, has no residence +- or registered office inside a European Union country. + + + +## Appendix + + + +“Compatible Licences” according to article 5 EUPL are: + + +- GNU General Public License (GNU GPL) v. 2 + +- Open Software License (OSL) v. 2.1, v. 3.0 + +- Common Public License v. 1.0 + +- Eclipse Public License v. 1.0 + +- Cecill v. 2.0 + diff --git a/README.md b/README.md index d16af03..9df9587 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,71 @@ -# authorization-utils +# Authorization utils + +This library provides facilities to deal with different authorization tokens + +## Built With + +* [OpenJDK](https://openjdk.java.net/) - The JDK used +* [Maven](https://maven.apache.org/) - Dependency Management + +## Documentation + +N/A + +## Change log + +See [Releases](https://code-repo.d4science.org/gCubeSystem/gcat/releases). + +## Authors + +* **Luca Frosini** ([ORCID](https://orcid.org/0000-0003-3183-2291)) - [ISTI-CNR Infrascience Group](http://nemis.isti.cnr.it/groups/infrascience) + +## How to Cite this Software + +Tell people how to cite this software. +* Cite an associated paper? +* Use a specific BibTeX entry for the software? + + + @Manual{, + title = {Authorization Utils}, + author = {{Frosini, Luca}}, + organization = {ISTI - CNR}, + address = {Pisa, Italy}, + year = 2021, + url = {http://www.gcube-system.org/} + } + +## License + +This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details. + + +## About the gCube Framework +This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an +open-source software toolkit used for building and operating Hybrid Data +Infrastructures enabling the dynamic deployment of Virtual Research Environments +by favouring the realisation of reuse oriented policies. + +The projects leading to this software have received funding from a series of European Union programmes including: + +- the Sixth Framework Programme for Research and Technological Development + - DILIGENT (grant no. 004260). +- the Seventh Framework Programme for research, technological development and demonstration + - D4Science (grant no. 212488); + - D4Science-II (grant no.239019); + - ENVRI (grant no. 283465); + - iMarine(grant no. 283644); + - EUBrazilOpenBio (grant no. 288754). +- the H2020 research and innovation programme + - SoBigData (grant no. 654024); + - PARTHENOS (grant no. 654119); + - EGIEngage (grant no. 654142); + - ENVRIplus (grant no. 654182); + - BlueBRIDGE (grant no. 675680); + - PerformFish (grant no. 727610); + - AGINFRAplus (grant no. 731001); + - DESIRA (grant no. 818194); + - ARIADNEplus (grant no. 823914); + - RISIS2 (grant no. 824091); + diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..d29855b --- /dev/null +++ b/pom.xml @@ -0,0 +1,49 @@ + + 4.0.0 + + org.gcube.tools + maven-parent + 1.1.0 + + + org.gcube.common + authorization-utils + 1.0.0-SNAPSHOT + + + UTF-8 + + + + scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git + scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git + https://code-repo.d4science.org/gCubeSystem/${project.artifactId} + + + + + + org.gcube.distribution + gcube-bom + 2.1.0-SNAPSHOT + pom + import + + + + + + + org.slf4j + slf4j-api + + + org.gcube.common + authorization-client + + + + + \ No newline at end of file diff --git a/src/main/java/org/gcube/common/authorization/utils/manager/SecretHolder.java b/src/main/java/org/gcube/common/authorization/utils/manager/SecretHolder.java new file mode 100644 index 0000000..e98a256 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/manager/SecretHolder.java @@ -0,0 +1,53 @@ +package org.gcube.common.authorization.utils.manager; + +import java.util.Collection; +import java.util.SortedSet; +import java.util.TreeSet; + +import org.gcube.common.authorization.utils.secret.Secret; + +public class SecretHolder { + + private SortedSet authorizationSecrets; + + public SecretHolder() { + this.authorizationSecrets = new TreeSet(); + } + + public SecretHolder(Collection authorizationSecrets) { + this.authorizationSecrets = new TreeSet(authorizationSecrets); + } + + public void addAuthorizationSecret(Secret authorizationSecret) { + if(authorizationSecret!=null) { + authorizationSecrets.add(authorizationSecret); + } + } + + public SortedSet getAuthorizationSecrets() { + return authorizationSecrets; + } + + public String getUsername() { + for(Secret authorizationSecret : authorizationSecrets) { + try { + return authorizationSecret.getUsername(); + }catch (Exception e) { + // trying the next one + } + } + return null; + } + + public String getContext() { + for(Secret authorizationSecret : authorizationSecrets) { + try { + return authorizationSecret.getContext(); + }catch (Exception e) { + // trying the next one + } + } + return null; + } + +} diff --git a/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java b/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java new file mode 100644 index 0000000..405a6be --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java @@ -0,0 +1,80 @@ +package org.gcube.common.authorization.utils.manager; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.gcube.common.authorization.utils.provider.SecretProvider; +import org.gcube.common.authorization.utils.provider.ClientIDSecretProvider; +import org.gcube.common.authorization.utils.provider.GCubeSecretProvider; +import org.gcube.common.authorization.utils.secret.Secret; +import org.gcube.common.authorization.utils.secret.JWTSecret; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public class SecretManager { + + public static final InheritableThreadLocal instance = new InheritableThreadLocal() { + + @Override + protected SecretManager initialValue() { + return new SecretManager(); + } + + }; + + private List authorizationSecretProviders; + private SecretHolder secretHolder; + + private SecretManager(){ + authorizationSecretProviders = new ArrayList<>(); + secretHolder = new SecretHolder(); + } + + public List getAuthorizationSecretProviders(){ + if(authorizationSecretProviders == null) { + authorizationSecretProviders = new ArrayList<>(); + + @SuppressWarnings("unchecked") + Class[] classes = new Class[]{ + JWTSecret.class, GCubeSecretProvider.class, ClientIDSecretProvider.class + }; + + for(Class clz : classes) { + try { + SecretProvider authorizationSecretProvider = clz.newInstance(); + addAuthorizationSecretProvider(authorizationSecretProvider); + } catch (Exception e) { + + } + } + } + return authorizationSecretProviders; + } + + public void addAuthorizationSecretProvider(SecretProvider authorizationSecretProvider) { + authorizationSecretProviders.add(authorizationSecretProvider); + Secret authorizationSecret = authorizationSecretProvider.getAuthorizationSecret(); + secretHolder.addAuthorizationSecret(authorizationSecret); + } + + public void startSession(Secret authorizationSecrets) throws Exception { + authorizationSecrets.set(); + } + + public void startSession(Collection authorizationSecrets) throws Exception { + setAll(authorizationSecrets); + } + + public void endSession() throws Exception { + setAll(secretHolder.getAuthorizationSecrets()); + } + + private void setAll(Collection authorizationSecrets) throws Exception { + for(Secret authorizationSecret : authorizationSecrets) { + authorizationSecret.set(); + } + } + +} diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java new file mode 100644 index 0000000..860881f --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java @@ -0,0 +1,16 @@ +package org.gcube.common.authorization.utils.provider; + +import org.gcube.common.authorization.utils.secret.Secret; +import org.gcube.common.authorization.utils.secret.ClienIDSecret; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public class ClientIDSecretProvider implements SecretProvider { + + @Override + public Secret getAuthorizationSecret() { + return new ClienIDSecret("", ""); + } + +} diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/GCubeSecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/provider/GCubeSecretProvider.java new file mode 100644 index 0000000..4bcd56f --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/provider/GCubeSecretProvider.java @@ -0,0 +1,21 @@ +package org.gcube.common.authorization.utils.provider; + +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.authorization.utils.secret.Secret; +import org.gcube.common.authorization.utils.secret.GCubeSecret; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public class GCubeSecretProvider implements SecretProvider { + + @Override + public Secret getAuthorizationSecret() { + String token = SecurityTokenProvider.instance.get(); + if(token!=null) { + return new GCubeSecret(token); + } + return null; + } + +} diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/JWTSecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/provider/JWTSecretProvider.java new file mode 100644 index 0000000..8833798 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/provider/JWTSecretProvider.java @@ -0,0 +1,21 @@ +package org.gcube.common.authorization.utils.provider; + +import org.gcube.common.authorization.library.provider.AccessTokenProvider; +import org.gcube.common.authorization.utils.secret.Secret; +import org.gcube.common.authorization.utils.secret.JWTSecret; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public class JWTSecretProvider implements SecretProvider { + + @Override + public Secret getAuthorizationSecret() { + String token = AccessTokenProvider.instance.get(); + if(token!=null) { + return new JWTSecret(token); + } + return null; + } + +} diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/SecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/provider/SecretProvider.java new file mode 100644 index 0000000..b676669 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/provider/SecretProvider.java @@ -0,0 +1,12 @@ +package org.gcube.common.authorization.utils.provider; + +import org.gcube.common.authorization.utils.secret.Secret; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public interface SecretProvider { + + public Secret getAuthorizationSecret(); + +} diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java new file mode 100644 index 0000000..46587f1 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java @@ -0,0 +1,64 @@ +package org.gcube.common.authorization.utils.secret; + +import java.util.Map; +import java.util.Objects; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public class ClienIDSecret extends Secret { + + protected String clientID; + + public ClienIDSecret(String clientID, String token) { + super(30, token); + this.clientID = clientID; + } + + @Override + public void set() throws Exception { +// TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, contextToAuthorise, null); +// System.out.println(tr.getAccessToken()); + } + + @Override + public String getContext() throws Exception { + return null; + } + + @Override + public String getUsername() throws Exception { + return clientID; + } + + @Override + public Map getHTTPAuthorizationHeaders() { + return null; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = super.hashCode(); + result = prime * result + Objects.hash(clientID); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (!super.equals(obj)) + return false; + if (getClass() != obj.getClass()) + return false; + ClienIDSecret other = (ClienIDSecret) obj; + return Objects.equals(clientID, other.clientID); + } + + @Override + public int compareTo(Secret obj) { + int res = super.compareTo(obj); + return res == 0 ? clientID.compareTo(clientID) : res; + } +} diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java new file mode 100644 index 0000000..3a1f8e6 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java @@ -0,0 +1,69 @@ +package org.gcube.common.authorization.utils.secret; + +import java.util.HashMap; +import java.util.Map; +import java.util.regex.Pattern; + +import org.gcube.common.authorization.client.Constants; +import org.gcube.common.authorization.library.AuthorizationEntry; +import org.gcube.common.authorization.library.exception.AuthorizationException; +import org.gcube.common.authorization.library.provider.AuthorizationProvider; +import org.gcube.common.authorization.library.provider.ClientInfo; +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.authorization.library.utils.Caller; +import org.gcube.common.scope.api.ScopeProvider; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public class GCubeSecret extends Secret { + + public static final String TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$"; + + @Override + protected void check(String token) throws AuthorizationException { + super.check(token); + if(!Pattern.matches(GCubeSecret.TOKEN_REGEX, token)) { + throw new AuthorizationException("The GUCBE token must comply with the regex " + TOKEN_REGEX); + } + } + + public GCubeSecret(String token) { + super(20, token); + } + + @Override + public void set() throws Exception { + SecurityTokenProvider.instance.set(token); + AuthorizationEntry authorizationEntry = Constants.authorizationService().get(token); + ClientInfo clientInfo = authorizationEntry.getClientInfo(); + logger.debug("User : {} - Type : {}", clientInfo.getId(), clientInfo.getType().name()); + String qualifier = authorizationEntry.getQualifier(); + Caller caller = new Caller(clientInfo, qualifier); + AuthorizationProvider.instance.set(caller); + ScopeProvider.instance.set(getContext()); + } + + protected ClientInfo getClientInfo() throws Exception { + return Constants.authorizationService().get(token).getClientInfo(); + } + + @Override + public String getContext() throws Exception { + return Constants.authorizationService().get(token).getContext(); + } + + @Override + public String getUsername() throws Exception { + return getClientInfo().getId(); + } + + + @Override + public Map getHTTPAuthorizationHeaders() { + Map authorizationHeaders = new HashMap<>(); + authorizationHeaders.put(org.gcube.common.authorization.client.Constants.TOKEN_HEADER_ENTRY, token); + return authorizationHeaders; + } + +} diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java new file mode 100644 index 0000000..46fabfc --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java @@ -0,0 +1,42 @@ +package org.gcube.common.authorization.utils.secret; + +import java.util.HashMap; +import java.util.Map; + +import org.gcube.common.authorization.library.provider.AccessTokenProvider; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public class JWTSecret extends Secret { + + public JWTSecret(String token) { + super(10, token); + } + + @Override + public void set() throws Exception { + AccessTokenProvider.instance.set(token); + + } + + @Override + public String getContext() throws Exception { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getHTTPAuthorizationHeaders() { + Map authorizationHeaders = new HashMap<>(); + authorizationHeaders.put("Authorization", "Bearer " + token); + return authorizationHeaders; + } + + @Override + public String getUsername() throws Exception { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java b/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java new file mode 100644 index 0000000..80cc239 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java @@ -0,0 +1,78 @@ +package org.gcube.common.authorization.utils.secret; + +import java.util.Map; +import java.util.Objects; + +import org.gcube.common.authorization.library.exception.AuthorizationException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * @author Luca Frosini (ISTI - CNR) + */ +public abstract class Secret implements Comparable { + + protected static final Logger logger = LoggerFactory.getLogger(Secret.class); + + protected int priority; + protected String token; + + protected void check(String token) throws AuthorizationException { + if(token == null) { + throw new AuthorizationException("token cannot be null"); + } + if(token.compareTo("")==0) { + throw new AuthorizationException("token cannot be an empty string"); + } + } + + protected Secret(int priority, String token) { + this.priority = priority; + check(token); + this.token = token; + } + + public String getToken() { + return token; + } + + public abstract void set() throws Exception; + + public abstract String getContext() throws Exception; + + public abstract String getUsername() throws Exception; + + public abstract Map getHTTPAuthorizationHeaders(); + + @Override + public int hashCode() { + return Objects.hash(priority, token); + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + Secret other = (Secret) obj; + return priority == other.priority && Objects.equals(token, other.token); + } + + @Override + public int compareTo(Secret obj) { + if (this == obj) { + return 0; + } + if (obj == null) { + return priority; + } + if (getClass() != obj.getClass()) { + return priority; + } + return token.compareTo(obj.token); + } + +}