commit c87aba6ed55f0eddbd6aa5c7cbc6b69899399c5c Author: Mauro Mugnaini Date: Fri Mar 17 18:08:28 2023 +0100 [#24701, #23356] First share WIP, still to be tested... diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..da1dad7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,74 @@ +# OS stuff +################### +.DS_Store + +# Intellij +################### +.idea +*.iml + +# Eclipse # +########### +.project +.settings +.classpath +# reverting this as e.g. /distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/ +# should not be ignored +#bin/ +.factorypath + + +# NetBeans # +############ +nbactions.xml +nb-configuration.xml +catalog.xml +nbproject + +# VS Code # +########### +*.code-workspace + +# Compiled source # +################### +*.com +*.class +*.dll +*.exe +*.o +*.so + +# Packages # +############ +# it's better to unpack these files and commit the raw source +# git has its own built in compression methods +*.7z +*.dmg +*.gz +*.iso +*.jar +*.rar +*.tar +*.zip + +# Logs and databases # +###################### +*.log + +# Maven # +######### +target + +# Maven shade +############# +*dependency-reduced-pom.xml + +# nodejs # +########## +# KEYCLOAK-5391: We will re-exclude node_modules when node_modules handling is worked out. +# For now, we keep our js libraries checked into GitHub, so we don't ignore. +#node_modules + +# testsuite # +############# +*offline-token.txt diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..eee6456 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,6 @@ +This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +# Changelog for "d4science-iam-client" + +## [v1.0.0-SNAPSHOT] +- First release (#24701, #23356). diff --git a/FUNDING.md b/FUNDING.md new file mode 100644 index 0000000..6fa9eac --- /dev/null +++ b/FUNDING.md @@ -0,0 +1,26 @@ +# Acknowledgments + +The projects leading to this software have received funding from a series of European Union programmes including: + +- the Sixth Framework Programme for Research and Technological Development + - [DILIGENT](https://cordis.europa.eu/project/id/004260) (grant no. 004260). +- the Seventh Framework Programme for research, technological development and demonstration + - [D4Science](https://cordis.europa.eu/project/id/212488) (grant no. 212488); + - [D4Science-II](https://cordis.europa.eu/project/id/239019) (grant no.239019); + - [ENVRI](https://cordis.europa.eu/project/id/283465) (grant no. 283465); + - [iMarine](https://cordis.europa.eu/project/id/283644) (grant no. 283644); + - [EUBrazilOpenBio](https://cordis.europa.eu/project/id/288754) (grant no. 288754). +- the H2020 research and innovation programme + - [SoBigData](https://cordis.europa.eu/project/id/654024) (grant no. 654024); + - [PARTHENOS](https://cordis.europa.eu/project/id/654119) (grant no. 654119); + - [EGI-Engage](https://cordis.europa.eu/project/id/654142) (grant no. 654142); + - [ENVRI PLUS](https://cordis.europa.eu/project/id/654182) (grant no. 654182); + - [BlueBRIDGE](https://cordis.europa.eu/project/id/675680) (grant no. 675680); + - [PerformFISH](https://cordis.europa.eu/project/id/727610) (grant no. 727610); + - [AGINFRA PLUS](https://cordis.europa.eu/project/id/731001) (grant no. 731001); + - [DESIRA](https://cordis.europa.eu/project/id/818194) (grant no. 818194); + - [ARIADNEplus](https://cordis.europa.eu/project/id/823914) (grant no. 823914); + - [RISIS 2](https://cordis.europa.eu/project/id/824091) (grant no. 824091); + - [EOSC-Pillar](https://cordis.europa.eu/project/id/857650) (grant no. 857650); + - [Blue Cloud](https://cordis.europa.eu/project/id/862409) (grant no. 862409); + - [SoBigData-PlusPlus](https://cordis.europa.eu/project/id/871042) (grant no. 871042); \ No newline at end of file diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..1932b4c --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,311 @@ +#European Union Public Licence V.1.1 + +##*EUPL © the European Community 2007* + + +This **European Union Public Licence** (the **“EUPL”**) applies to the Work or Software +(as defined below) which is provided under the terms of this Licence. Any use of +the Work, other than as authorised under this Licence is prohibited (to the +extent such use is covered by a right of the copyright holder of the Work). + +The Original Work is provided under the terms of this Licence when the Licensor +(as defined below) has placed the following notice immediately following the +copyright notice for the Original Work: + +**Licensed under the EUPL V.1.1** + +or has expressed by any other mean his willingness to license under the EUPL. + + + +##1. Definitions + +In this Licence, the following terms have the following meaning: + +- The Licence: this Licence. + +- The Original Work or the Software: the software distributed and/or + communicated by the Licensor under this Licence, available as Source Code and + also as Executable Code as the case may be. + +- Derivative Works: the works or software that could be created by the Licensee, + based upon the Original Work or modifications thereof. This Licence does not + define the extent of modification or dependence on the Original Work required + in order to classify a work as a Derivative Work; this extent is determined by + copyright law applicable in the country mentioned in Article 15. + +- The Work: the Original Work and/or its Derivative Works. + +- The Source Code: the human-readable form of the Work which is the most + convenient for people to study and modify. + +- The Executable Code: any code which has generally been compiled and which is + meant to be interpreted by a computer as a program. + +- The Licensor: the natural or legal person that distributes and/or communicates + the Work under the Licence. + +- Contributor(s): any natural or legal person who modifies the Work under the + Licence, or otherwise contributes to the creation of a Derivative Work. + +- The Licensee or “You”: any natural or legal person who makes any usage of the + Software under the terms of the Licence. + +- Distribution and/or Communication: any act of selling, giving, lending, + renting, distributing, communicating, transmitting, or otherwise making + available, on-line or off-line, copies of the Work or providing access to its + essential functionalities at the disposal of any other natural or legal + person. + + + +##2. Scope of the rights granted by the Licence + +The Licensor hereby grants You a world-wide, royalty-free, non-exclusive, +sub-licensable licence to do the following, for the duration of copyright vested +in the Original Work: + +- use the Work in any circumstance and for all usage, reproduce the Work, modify +- the Original Work, and make Derivative Works based upon the Work, communicate +- to the public, including the right to make available or display the Work or +- copies thereof to the public and perform publicly, as the case may be, the +- Work, distribute the Work or copies thereof, lend and rent the Work or copies +- thereof, sub-license rights in the Work or copies thereof. + +Those rights can be exercised on any media, supports and formats, whether now +known or later invented, as far as the applicable law permits so. + +In the countries where moral rights apply, the Licensor waives his right to +exercise his moral right to the extent allowed by law in order to make effective +the licence of the economic rights here above listed. + +The Licensor grants to the Licensee royalty-free, non exclusive usage rights to +any patents held by the Licensor, to the extent necessary to make use of the +rights granted on the Work under this Licence. + + + +##3. Communication of the Source Code + +The Licensor may provide the Work either in its Source Code form, or as +Executable Code. If the Work is provided as Executable Code, the Licensor +provides in addition a machine-readable copy of the Source Code of the Work +along with each copy of the Work that the Licensor distributes or indicates, in +a notice following the copyright notice attached to the Work, a repository where +the Source Code is easily and freely accessible for as long as the Licensor +continues to distribute and/or communicate the Work. + + + +##4. Limitations on copyright + +Nothing in this Licence is intended to deprive the Licensee of the benefits from +any exception or limitation to the exclusive rights of the rights owners in the +Original Work or Software, of the exhaustion of those rights or of other +applicable limitations thereto. + + + +##5. Obligations of the Licensee + +The grant of the rights mentioned above is subject to some restrictions and +obligations imposed on the Licensee. Those obligations are the following: + +Attribution right: the Licensee shall keep intact all copyright, patent or +trademarks notices and all notices that refer to the Licence and to the +disclaimer of warranties. The Licensee must include a copy of such notices and a +copy of the Licence with every copy of the Work he/she distributes and/or +communicates. The Licensee must cause any Derivative Work to carry prominent +notices stating that the Work has been modified and the date of modification. + +Copyleft clause: If the Licensee distributes and/or communicates copies of the +Original Works or Derivative Works based upon the Original Work, this +Distribution and/or Communication will be done under the terms of this Licence +or of a later version of this Licence unless the Original Work is expressly +distributed only under this version of the Licence. The Licensee (becoming +Licensor) cannot offer or impose any additional terms or conditions on the Work +or Derivative Work that alter or restrict the terms of the Licence. + +Compatibility clause: If the Licensee Distributes and/or Communicates Derivative +Works or copies thereof based upon both the Original Work and another work +licensed under a Compatible Licence, this Distribution and/or Communication can +be done under the terms of this Compatible Licence. For the sake of this clause, +“Compatible Licence” refers to the licences listed in the appendix attached to +this Licence. Should the Licensee’s obligations under the Compatible Licence +conflict with his/her obligations under this Licence, the obligations of the +Compatible Licence shall prevail. + +Provision of Source Code: When distributing and/or communicating copies of the +Work, the Licensee will provide a machine-readable copy of the Source Code or +indicate a repository where this Source will be easily and freely available for +as long as the Licensee continues to distribute and/or communicate the Work. + +Legal Protection: This Licence does not grant permission to use the trade names, +trademarks, service marks, or names of the Licensor, except as required for +reasonable and customary use in describing the origin of the Work and +reproducing the content of the copyright notice. + + + +##6. Chain of Authorship + +The original Licensor warrants that the copyright in the Original Work granted +hereunder is owned by him/her or licensed to him/her and that he/she has the +power and authority to grant the Licence. + +Each Contributor warrants that the copyright in the modifications he/she brings +to the Work are owned by him/her or licensed to him/her and that he/she has the +power and authority to grant the Licence. + +Each time You accept the Licence, the original Licensor and subsequent +Contributors grant You a licence to their contributions to the Work, under the +terms of this Licence. + + + +##7. Disclaimer of Warranty + +The Work is a work in progress, which is continuously improved by numerous +contributors. It is not a finished work and may therefore contain defects or +“bugs” inherent to this type of software development. + +For the above reason, the Work is provided under the Licence on an “as is” basis +and without warranties of any kind concerning the Work, including without +limitation merchantability, fitness for a particular purpose, absence of defects +or errors, accuracy, non-infringement of intellectual property rights other than +copyright as stated in Article 6 of this Licence. + +This disclaimer of warranty is an essential part of the Licence and a condition +for the grant of any rights to the Work. + + + +##8. Disclaimer of Liability + +Except in the cases of wilful misconduct or damages directly caused to natural +persons, the Licensor will in no event be liable for any direct or indirect, +material or moral, damages of any kind, arising out of the Licence or of the use +of the Work, including without limitation, damages for loss of goodwill, work +stoppage, computer failure or malfunction, loss of data or any commercial +damage, even if the Licensor has been advised of the possibility of such +damage. However, the Licensor will be liable under statutory product liability +laws as far such laws apply to the Work. + + + +##9. Additional agreements + +While distributing the Original Work or Derivative Works, You may choose to +conclude an additional agreement to offer, and charge a fee for, acceptance of +support, warranty, indemnity, or other liability obligations and/or services +consistent with this Licence. However, in accepting such obligations, You may +act only on your own behalf and on your sole responsibility, not on behalf of +the original Licensor or any other Contributor, and only if You agree to +indemnify, defend, and hold each Contributor harmless for any liability incurred +by, or claims asserted against such Contributor by the fact You have accepted +any such warranty or additional liability. + + + +##10. Acceptance of the Licence + +The provisions of this Licence can be accepted by clicking on an icon “I agree” +placed under the bottom of a window displaying the text of this Licence or by +affirming consent in any other similar way, in accordance with the rules of +applicable law. Clicking on that icon indicates your clear and irrevocable +acceptance of this Licence and all of its terms and conditions. + +Similarly, you irrevocably accept this Licence and all of its terms and +conditions by exercising any rights granted to You by Article 2 of this Licence, +such as the use of the Work, the creation by You of a Derivative Work or the +Distribution and/or Communication by You of the Work or copies thereof. + + + +##11. Information to the public + +In case of any Distribution and/or Communication of the Work by means of +electronic communication by You (for example, by offering to download the Work +from a remote location) the distribution channel or media (for example, a +website) must at least provide to the public the information requested by the +applicable law regarding the Licensor, the Licence and the way it may be +accessible, concluded, stored and reproduced by the Licensee. + + + +##12. Termination of the Licence + +The Licence and the rights granted hereunder will terminate automatically upon +any breach by the Licensee of the terms of the Licence. + +Such a termination will not terminate the licences of any person who has +received the Work from the Licensee under the Licence, provided such persons +remain in full compliance with the Licence. + + + +##13. Miscellaneous + +Without prejudice of Article 9 above, the Licence represents the complete +agreement between the Parties as to the Work licensed hereunder. + +If any provision of the Licence is invalid or unenforceable under applicable +law, this will not affect the validity or enforceability of the Licence as a +whole. Such provision will be construed and/or reformed so as necessary to make +it valid and enforceable. + +The European Commission may publish other linguistic versions and/or new +versions of this Licence, so far this is required and reasonable, without +reducing the scope of the rights granted by the Licence. New versions of the +Licence will be published with a unique version number. + +All linguistic versions of this Licence, approved by the European Commission, +have identical value. Parties can take advantage of the linguistic version of +their choice. + + + +##14. Jurisdiction + +Any litigation resulting from the interpretation of this License, arising +between the European Commission, as a Licensor, and any Licensee, will be +subject to the jurisdiction of the Court of Justice of the European Communities, +as laid down in article 238 of the Treaty establishing the European Community. + +Any litigation arising between Parties, other than the European Commission, and +resulting from the interpretation of this License, will be subject to the +exclusive jurisdiction of the competent court where the Licensor resides or +conducts its primary business. + + + +##15. Applicable Law + +This Licence shall be governed by the law of the European Union country where +the Licensor resides or has his registered office. + +This licence shall be governed by the Belgian law if: + +- a litigation arises between the European Commission, as a Licensor, and any +- Licensee; the Licensor, other than the European Commission, has no residence +- or registered office inside a European Union country. + + +--- + + +##Appendix + + +**“Compatible Licences”** according to article 5 EUPL are: + + +- GNU General Public License (GNU GPL) v. 2 + +- Open Software License (OSL) v. 2.1, v. 3.0 + +- Common Public License v. 1.0 + +- Eclipse Public License v. 1.0 + +- Cecill v. 2.0 diff --git a/README.md b/README.md new file mode 100644 index 0000000..d88098a --- /dev/null +++ b/README.md @@ -0,0 +1,44 @@ +# d4science-iam-client + +**d4science-iam-client** + +## Structure of the project + +The source code is present in `src` folder. + +## Built With + +* [OpenJDK](https://openjdk.java.net/) - The JDK used +* [Maven](https://maven.apache.org/) - Dependency Management + +## Documentation + +To build the library JAR it is sufficient to type + + mvn clean package + +## Change log + +See [Releases](https://code-repo.d4science.org/gCubeSystem/authorization-client/releases). + +## Authors + +* **Mauro Mugnaini** ([Nubisware S.r.l.](http://www.nubisware.com)) + +## How to Cite this Software +[Intentionally left blank] + +## License + +This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details. + +## About the gCube Framework +This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an +open-source software toolkit used for building and operating Hybrid Data +Infrastructures enabling the dynamic deployment of Virtual Research Environments +by favouring the realisation of reuse oriented policies. + +The projects leading to this software have received funding from a series of European Union programmes see [FUNDING.md](FUNDING.md) + +## Acknowledgments +[Intentionally left blank] diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..27400e1 --- /dev/null +++ b/pom.xml @@ -0,0 +1,72 @@ + + + 4.0.0 + + + maven-parent + org.gcube.tools + 1.1.0 + + + + org.gcube.common + d4science-iam-client + 1.0.0-SNAPSHOT + + + + + org.gcube.distribution + gcube-bom + 3.0.0-SNAPSHOT + pom + import + + + + + + scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git + scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git + https://code-repo.d4science.org/gCubeSystem/${project.artifactId} + + + + + + org.slf4j + slf4j-api + + + + org.gcube.common + keycloak-client + 2.0.0-SNAPSHOT + + + + org.slf4j + slf4j-log4j12 + 1.7.25 + test + + + + log4j + log4j + 1.2.16 + test + + + + junit + junit + 4.12 + test + + + + + + + diff --git a/src/main/java/org/gcube/common/iam/D4ScienceCustomClaims.java b/src/main/java/org/gcube/common/iam/D4ScienceCustomClaims.java new file mode 100644 index 0000000..5e10ae3 --- /dev/null +++ b/src/main/java/org/gcube/common/iam/D4ScienceCustomClaims.java @@ -0,0 +1,20 @@ +package org.gcube.common.iam; + +public class D4ScienceCustomClaims { + + /** + * The display name of a client with service account + */ + public static final String CLIENT_NAME = "name"; + + /** + * The registered contact person of a client with service account + */ + public static final String CLIENT_CONTACT_PERSON = "contact_person"; + + /** + * The registered contact organization of a client with service account + */ + public static final String CLIENT_CONTACT_ORGANIZATION = "contact_person"; + +} diff --git a/src/main/java/org/gcube/common/iam/D4ScienceIAMClient.java b/src/main/java/org/gcube/common/iam/D4ScienceIAMClient.java new file mode 100644 index 0000000..93da3d8 --- /dev/null +++ b/src/main/java/org/gcube/common/iam/D4ScienceIAMClient.java @@ -0,0 +1,235 @@ +package org.gcube.common.iam; + +import java.net.URL; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import org.gcube.common.keycloak.KeycloakClient; +import org.gcube.common.keycloak.KeycloakClientException; +import org.gcube.common.keycloak.KeycloakClientFactory; +import org.gcube.common.keycloak.model.AccessToken; +import org.gcube.common.keycloak.model.ModelUtils; +import org.gcube.common.keycloak.model.RefreshToken; +import org.gcube.common.keycloak.model.TokenResponse; + +/** + * Helper class that acts as IAM client providing + * + * @author Mauro Mugnaini + * + */ +public class D4ScienceIAMClient { + + private KeycloakClient keycloakClient; + + public static D4ScienceIAMClient newInstance() { + return new D4ScienceIAMClient(); + } + + private D4ScienceIAMClient() { + keycloakClient = KeycloakClientFactory.newInstance(); + } + + private KeycloakClient getKeycloakClient() { + return keycloakClient; + } + + public D4ScienceIAMClientAutentication authenticate(String context, String clientId, String clientSecret) + throws D4ScienceIAMClientException { + + return new D4ScienceIAMClientAutentication(this, context, clientId, clientSecret); + } + + public D4ScienceIAMClientAutentication authenticate(URL tokenURL, String clientId, String clientSecret) + throws D4ScienceIAMClientException { + + return new D4ScienceIAMClientAutentication(this, tokenURL, clientId, clientSecret); + } + + public URL getTokenEndpointURL(String context) throws D4ScienceIAMClientException { + try { + return getKeycloakClient().getRealmBaseURL(context); + } catch (KeycloakClientException e) { + throw new D4ScienceIAMClientException(e); + } + } + + public class D4ScienceIAMClientAutentication { + + private URL tokenURL; + private TokenResponse tokenResponse; + + private D4ScienceIAMClientAutentication(D4ScienceIAMClient client, String context, String clientId, + String clientSecret) throws D4ScienceIAMClientException { + + this(client, client.getTokenEndpointURL(context), clientId, clientSecret); + } + + private D4ScienceIAMClientAutentication(D4ScienceIAMClient client, URL tokenURL, String clientId, + String clientSecret) + throws D4ScienceIAMClientException { + + this.tokenURL = tokenURL; + try { + this.tokenResponse = getKeycloakClient().queryOIDCToken(tokenURL, clientId, clientSecret); + } catch (KeycloakClientException e) { + throw new D4ScienceIAMClientException(e); + } + } + + private TokenResponse getAuthenticationTokenResponse() { + return tokenResponse; + } + + public String getAccessToken() { + return getAuthenticationTokenResponse().getAccessToken(); + } + + public boolean isExpired() throws D4ScienceIAMClientException { + try { + return ModelUtils.getAccessTokenFrom(getAuthenticationTokenResponse()).isExpired(); + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + } + + public boolean canBeRefreshed() throws D4ScienceIAMClientException { + try { + RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(getAuthenticationTokenResponse()); + return refreshToken != null && !refreshToken.isExpired(); + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + } + + public void refreshAuthentication() throws D4ScienceIAMClientException { + try { + this.tokenResponse = getKeycloakClient().refreshToken(tokenURL, getAuthenticationTokenResponse()); + } catch (KeycloakClientException e) { + throw new D4ScienceIAMClientException(e); + } + } + + public D4ScienceIAMClientAuthorization authorize(String audience, List permissions) + throws D4ScienceIAMClientException { + + return new D4ScienceIAMClientAuthorization(audience, permissions); + } + + public class D4ScienceIAMClientAuthorization { + TokenResponse tokenResponse; + + private D4ScienceIAMClientAuthorization(String audience, List permissions) + throws D4ScienceIAMClientException { + try { + this.tokenResponse = getKeycloakClient().queryUMAToken(tokenURL, getAuthenticationTokenResponse(), + audience, permissions); + + } catch (KeycloakClientException e) { + throw new D4ScienceIAMClientException(e); + } + } + + private TokenResponse getAuthorizationTokenResponse() { + return tokenResponse; + } + + public String getAccessToken() { + return getAuthorizationTokenResponse().getAccessToken(); + } + + public boolean isExpired() throws D4ScienceIAMClientException { + try { + return ModelUtils.getAccessTokenFrom(getAuthorizationTokenResponse()).isExpired(); + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + } + + public boolean canBeRefreshed() throws D4ScienceIAMClientException { + try { + RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(getAuthorizationTokenResponse()); + return refreshToken != null && !refreshToken.isExpired(); + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + } + + public void refreshAuthorization() throws D4ScienceIAMClientException { + try { + this.tokenResponse = getKeycloakClient().refreshToken(tokenURL, getAuthorizationTokenResponse()); + } catch (KeycloakClientException e) { + throw new D4ScienceIAMClientException(e); + } + } + + public Set getRoles() throws D4ScienceIAMClientException { + AccessToken accessToken; + try { + accessToken = ModelUtils.getAccessTokenFrom(getAuthorizationTokenResponse()); + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + Set allRoles = new HashSet<>(accessToken.getRealmAccess().getRoles()); + accessToken.getResourceAccess().forEach((r, a) -> allRoles.addAll(a.getRoles())); + return allRoles; + } + + public Set getResourceRoles(String resource) throws D4ScienceIAMClientException { + AccessToken accessToken; + try { + accessToken = ModelUtils.getAccessTokenFrom(getAuthorizationTokenResponse()); + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + Set resourceRoles = new HashSet<>(accessToken.getResourceAccess().get(resource).getRoles()); + return resourceRoles; + } + + public Set getAudienceResourceRoles() throws D4ScienceIAMClientException { + AccessToken accessToken; + try { + accessToken = ModelUtils.getAccessTokenFrom(getAuthorizationTokenResponse()); + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + Set resourceRoles = new HashSet<>( + accessToken.getResourceAccess().get(accessToken.getAudience()[0]).getRoles()); + return resourceRoles; + } + + public String getName() throws D4ScienceIAMClientException { + try { + return (String) ModelUtils.getAccessTokenFrom(getAuthorizationTokenResponse()).getOtherClaims() + .get(D4ScienceCustomClaims.CLIENT_NAME); + + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + } + + public String getContactPerson() throws D4ScienceIAMClientException { + try { + return (String) ModelUtils.getAccessTokenFrom(getAuthorizationTokenResponse()).getOtherClaims() + .get(D4ScienceCustomClaims.CLIENT_CONTACT_PERSON); + + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + } + + public String getContactOrganization() throws D4ScienceIAMClientException { + try { + return (String) ModelUtils.getAccessTokenFrom(getAuthorizationTokenResponse()).getOtherClaims() + .get(D4ScienceCustomClaims.CLIENT_CONTACT_ORGANIZATION); + + } catch (Exception e) { + throw new D4ScienceIAMClientException(e); + } + } + } + + } + +} \ No newline at end of file diff --git a/src/main/java/org/gcube/common/iam/D4ScienceIAMClientException.java b/src/main/java/org/gcube/common/iam/D4ScienceIAMClientException.java new file mode 100644 index 0000000..7ce3fe9 --- /dev/null +++ b/src/main/java/org/gcube/common/iam/D4ScienceIAMClientException.java @@ -0,0 +1,37 @@ +package org.gcube.common.iam; + +import org.gcube.common.keycloak.KeycloakClientException; + +public class D4ScienceIAMClientException extends Exception { + + private static final long serialVersionUID = 468793481934475559L; + + public D4ScienceIAMClientException(Throwable cause) { + super(cause); + } + + public D4ScienceIAMClientException(String message, Throwable cause) { + super(message, cause); + } + + public int getStatus() { + return getCause() instanceof KeycloakClientException ? ((KeycloakClientException) getCause()).getStatus() : -1; + } + + public String getContentType() { + return getCause() instanceof KeycloakClientException ? ((KeycloakClientException) getCause()).getContentType() + : null; + } + + public boolean hasJSONPayload() { + return getCause() instanceof KeycloakClientException ? ((KeycloakClientException) getCause()).hasJSONPayload() + : false; + } + + public String getResponseString() { + return getCause() instanceof KeycloakClientException + ? ((KeycloakClientException) getCause()).getResponseString() + : null; + } + +} diff --git a/src/test/java/org/gcube/common/iam/TestD4ScienceIAMClient.java b/src/test/java/org/gcube/common/iam/TestD4ScienceIAMClient.java new file mode 100644 index 0000000..605e70c --- /dev/null +++ b/src/test/java/org/gcube/common/iam/TestD4ScienceIAMClient.java @@ -0,0 +1,29 @@ +package org.gcube.common.iam; + +import org.junit.After; +import org.junit.Before; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class TestD4ScienceIAMClient { + + protected static final Logger logger = LoggerFactory.getLogger(TestD4ScienceIAMClient.class); + + @Before + public void setUp() throws Exception { + } + + @After + public void tearDown() throws Exception { + } + + @Test + public void test1() throws Exception { + logger.info("*** [1] "); + } + +} diff --git a/src/test/resources/log4j.xml b/src/test/resources/log4j.xml new file mode 100644 index 0000000..3c7aad1 --- /dev/null +++ b/src/test/resources/log4j.xml @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/test/resources/oidc-access-token.json b/src/test/resources/oidc-access-token.json new file mode 100644 index 0000000..00692a9 --- /dev/null +++ b/src/test/resources/oidc-access-token.json @@ -0,0 +1,40 @@ +{ + "exp": 1622216161, + "iat": 1622215861, + "jti": "d391d814-a1f6-4a40-9aa3-3f51ec59988c", + "iss": "https://accounts.dev.d4science.org/auth/realms/d4science", + "aud": "account", + "sub": "1c84108a-201d-4e20-8ad2-d72b08d58f8a", + "typ": "Bearer", + "azp": "lr62_portal", + "session_state": "1a054bb7-4d87-44a9-ad1f-1746ef2dd522", + "acr": "1", + "allowed-origins": [ + "https://dev.d4science.org" + ], + "realm_access": { + "roles": [ + "offline_access", + "Infrastructure-Client", + "uma_authorization" + ] + }, + "resource_access": { + "account": { + "roles": [ + "manage-account", + "manage-account-links", + "view-profile" + ] + } + }, + "scope": "email profile", + "email_verified": true, + "name": "Gino Stilla", + "groups": [], + "preferred_username": "gino.stilla", + "given_name": "Gino", + "locale": "it", + "family_name": "Stilla", + "email": "gino@stilla.com" +} \ No newline at end of file diff --git a/src/test/resources/oidc-token-response.json b/src/test/resources/oidc-token-response.json new file mode 100644 index 0000000..9cb40c5 --- /dev/null +++ b/src/test/resources/oidc-token-response.json @@ -0,0 +1,10 @@ +{ + "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE2MjIyMTYxNjEsImlhdCI6MTYyMjIxNTg2MSwianRpIjoiZDM5MWQ4MTQtYTFmNi00YTQwLTlhYTMtM2Y1MWVjNTk5ODhjIiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMWM4NDEwOGEtMjAxZC00ZTIwLThhZDItZDcyYjA4ZDU4ZjhhIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibHI2Ml9wb3J0YWwiLCJzZXNzaW9uX3N0YXRlIjoiMWEwNTRiYjctNGQ4Ny00NGE5LWFkMWYtMTc0NmVmMmRkNTIyIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2Rldi5kNHNjaWVuY2Uub3JnIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsIkluZnJhc3RydWN0dXJlLUNsaWVudCIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJHaW5vIFN0aWxsYSIsImdyb3VwcyI6W10sInByZWZlcnJlZF91c2VybmFtZSI6Imdpbm8uc3RpbGxhIiwiZ2l2ZW5fbmFtZSI6Ikdpbm8iLCJsb2NhbGUiOiJpdCIsImZhbWlseV9uYW1lIjoiU3RpbGxhIiwiZW1haWwiOiJnaW5vQHN0aWxsYS5jb20ifQ.C43CAMgoHFhRNPACXPKDr_b1ytZeYeB2_AxTOl0jhG5YUpzoigtjwdrYptJbDtlO0fO3Ex9-KgKKBpUROMb0tC7YjuVgK6uGmaBcXGvA2S9mMLVlpl8u0KWJrrvzjPSSBHqH1fKZ6RHhZYkukMAeEeN5nT5SJoftiBNfnQi0wdjsN6fWUDLVQ3kYFQ_8C2RuO-yivSc9TyVpV-1M6ij7PEplWf2UjoygJKchs9R6x_sLHbaQHPTE24PMEY7GcEsgUwBXR3bkcWZ9cVuxAnbcIYITT-qC6V4YXodS2cYew3WoSaMl8LfTmIl7oFiv3lIDYvQ3dd-X8h1QkkbTPlVLOQ", + "expires_in": 300, + "refresh_expires_in": 1800, + "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjOTk5YmVjNC1iNDc4LTQ4Y2YtYmI5OS0wMWMxODY5NzcwNGIifQ.eyJleHAiOjE2MjIyMTc2NjEsImlhdCI6MTYyMjIxNTg2MSwianRpIjoiNzA2YzEyZjUtZDk3OS00MjVmLWI1NzctMzgxNWU4ZTdlNWM2IiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJodHRwczovL2FjY291bnRzLmRldi5kNHNjaWVuY2Uub3JnL2F1dGgvcmVhbG1zL2Q0c2NpZW5jZSIsInN1YiI6IjFjODQxMDhhLTIwMWQtNGUyMC04YWQyLWQ3MmIwOGQ1OGY4YSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJscjYyX3BvcnRhbCIsInNlc3Npb25fc3RhdGUiOiIxYTA1NGJiNy00ZDg3LTQ0YTktYWQxZi0xNzQ2ZWYyZGQ1MjIiLCJzY29wZSI6ImVtYWlsIHByb2ZpbGUifQ.2nYaWSEIbzr56vKx39AxomfiWoSQweAnepf7p3maZMs", + "token_type": "bearer", + "not-before-policy": 1618317421, + "session_state": "1a054bb7-4d87-44a9-ad1f-1746ef2dd522", + "scope": "email profile" +} \ No newline at end of file diff --git a/src/test/resources/uma-access-token.json b/src/test/resources/uma-access-token.json new file mode 100644 index 0000000..11c9ea3 --- /dev/null +++ b/src/test/resources/uma-access-token.json @@ -0,0 +1,63 @@ +{ + "exp": 1621960710, + "iat": 1621960410, + "jti": "5a2a2240-8a32-40c9-8cc2-456dd8b089d9", + "iss": "https://accounts.dev.d4science.org/auth/realms/d4science", + "aud": "conductor-server", + "sub": "a47dfe16-b4ed-44ed-a1d9-97ecd504360c", + "typ": "Bearer", + "azp": "keycloak-client", + "session_state": "1550e4ef-5a92-430d-aa0f-242e5f8048de", + "acr": "1", + "realm_access": { + "roles": [ + "offline_access", + "Infrastructure-Client", + "uma_authorization" + ] + }, + "resource_access": { + "keycloak-client": { + "roles": [ + "uma_protection" + ] + }, + "account": { + "roles": [ + "manage-account", + "manage-account-links", + "view-profile" + ] + } + }, + "authorization": { + "permissions": [ + { + "scopes": [ + "get" + ], + "rsid": "249fd469-79c5-4b85-b195-f29b3eb60345", + "rsname": "metadata" + }, + { + "scopes": [ + "get", + "start", + "terminate" + ], + "rsid": "a6f3eade-7404-4e5d-9070-800adb5aac4e", + "rsname": "workflow" + }, + { + "rsid": "1b6c00b7-9139-4eaa-aac7-20231fee05a5", + "rsname": "Default Resource" + } + ] + }, + "scope": "email profile", + "clientId": "keycloak-client", + "clientHost": "2.231.31.240", + "email_verified": false, + "preferred_username": "service-account-keycloak-client", + "clientAddress": "2.231.31.240" +} \ No newline at end of file diff --git a/src/test/resources/uma-refresh-token.json b/src/test/resources/uma-refresh-token.json new file mode 100644 index 0000000..0d61fcf --- /dev/null +++ b/src/test/resources/uma-refresh-token.json @@ -0,0 +1,36 @@ +{ + "exp": 1621962210, + "iat": 1621960410, + "jti": "ca223961-22a2-4171-af3e-f109749e83ea", + "iss": "https://accounts.dev.d4science.org/auth/realms/d4science", + "aud": "https://accounts.dev.d4science.org/auth/realms/d4science", + "sub": "a47dfe16-b4ed-44ed-a1d9-97ecd504360c", + "typ": "Refresh", + "azp": "keycloak-client", + "session_state": "1550e4ef-5a92-430d-aa0f-242e5f8048de", + "authorization": { + "permissions": [ + { + "scopes": [ + "get" + ], + "rsid": "249fd469-79c5-4b85-b195-f29b3eb60345", + "rsname": "metadata" + }, + { + "scopes": [ + "get", + "start", + "terminate" + ], + "rsid": "a6f3eade-7404-4e5d-9070-800adb5aac4e", + "rsname": "workflow" + }, + { + "rsid": "1b6c00b7-9139-4eaa-aac7-20231fee05a5", + "rsname": "Default Resource" + } + ] + }, + "scope": "email profile" +} \ No newline at end of file diff --git a/src/test/resources/uma-token-response.json b/src/test/resources/uma-token-response.json new file mode 100644 index 0000000..02c0e39 --- /dev/null +++ b/src/test/resources/uma-token-response.json @@ -0,0 +1,9 @@ +{ + "upgraded": false, + "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE2MjE5NjA3MTAsImlhdCI6MTYyMTk2MDQxMCwianRpIjoiNWEyYTIyNDAtOGEzMi00MGM5LThjYzItNDU2ZGQ4YjA4OWQ5IiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJjb25kdWN0b3Itc2VydmVyIiwic3ViIjoiYTQ3ZGZlMTYtYjRlZC00NGVkLWExZDktOTdlY2Q1MDQzNjBjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjE1NTBlNGVmLTVhOTItNDMwZC1hYTBmLTI0MmU1ZjgwNDhkZSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJJbmZyYXN0cnVjdHVyZS1DbGllbnQiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImtleWNsb2FrLWNsaWVudCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbImdldCJdLCJyc2lkIjoiMjQ5ZmQ0NjktNzljNS00Yjg1LWIxOTUtZjI5YjNlYjYwMzQ1IiwicnNuYW1lIjoibWV0YWRhdGEifSx7InNjb3BlcyI6WyJnZXQiLCJzdGFydCIsInRlcm1pbmF0ZSJdLCJyc2lkIjoiYTZmM2VhZGUtNzQwNC00ZTVkLTkwNzAtODAwYWRiNWFhYzRlIiwicnNuYW1lIjoid29ya2Zsb3cifSx7InJzaWQiOiIxYjZjMDBiNy05MTM5LTRlYWEtYWFjNy0yMDIzMWZlZTA1YTUiLCJyc25hbWUiOiJEZWZhdWx0IFJlc291cmNlIn1dfSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiY2xpZW50SWQiOiJrZXljbG9hay1jbGllbnQiLCJjbGllbnRIb3N0IjoiMi4yMzEuMzEuMjQwIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQta2V5Y2xvYWstY2xpZW50IiwiY2xpZW50QWRkcmVzcyI6IjIuMjMxLjMxLjI0MCJ9.UKcREwcaJc9tpfUIsIfqbN-uON1lrtAcVQSoZan29hyQ-t8o6tjWS4-ix8JnWN8YBxU0Gbo1XcGx2NEnX7QCcAt9R46I9jpd5D9LBF-DF1G5zTVc1Cwm9-XcQ9vU_KDJ_qOzhcbPe1ZeAkYV4LpRXuPS7bBSUiNYExHoWBQTUTjNUc7rJRGWk14YKNjEgvri46RZw3ZZQ19JdjktyLz4WNGF8asSAmLXTeJ4q7O1kWttDzxjiz6QMW1378lYCb_GfXWsnAWbm7zpfz2-Fs3NmZO35BUw_jba_l_8Uog35X9qhsgcw2-_sWEB0vGLEHvz2zowpy70zjpoeHZYq6LeBw", + "expires_in": 300, + "refresh_expires_in": 1800, + "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjOTk5YmVjNC1iNDc4LTQ4Y2YtYmI5OS0wMWMxODY5NzcwNGIifQ.eyJleHAiOjE2MjE5NjIyMTAsImlhdCI6MTYyMTk2MDQxMCwianRpIjoiY2EyMjM5NjEtMjJhMi00MTcxLWFmM2UtZjEwOTc0OWU4M2VhIiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJodHRwczovL2FjY291bnRzLmRldi5kNHNjaWVuY2Uub3JnL2F1dGgvcmVhbG1zL2Q0c2NpZW5jZSIsInN1YiI6ImE0N2RmZTE2LWI0ZWQtNDRlZC1hMWQ5LTk3ZWNkNTA0MzYwYyIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJrZXljbG9hay1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiMTU1MGU0ZWYtNWE5Mi00MzBkLWFhMGYtMjQyZTVmODA0OGRlIiwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbImdldCJdLCJyc2lkIjoiMjQ5ZmQ0NjktNzljNS00Yjg1LWIxOTUtZjI5YjNlYjYwMzQ1IiwicnNuYW1lIjoibWV0YWRhdGEifSx7InNjb3BlcyI6WyJnZXQiLCJzdGFydCIsInRlcm1pbmF0ZSJdLCJyc2lkIjoiYTZmM2VhZGUtNzQwNC00ZTVkLTkwNzAtODAwYWRiNWFhYzRlIiwicnNuYW1lIjoid29ya2Zsb3cifSx7InJzaWQiOiIxYjZjMDBiNy05MTM5LTRlYWEtYWFjNy0yMDIzMWZlZTA1YTUiLCJyc25hbWUiOiJEZWZhdWx0IFJlc291cmNlIn1dfSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIn0.63dE64hNYpxQRV-M5zOrLLWt9cehJI4DcIbHia977r4", + "token_type": "Bearer", + "not-before-policy": 1618317421 +} \ No newline at end of file