package org.gcube.common.iam; import java.util.HashSet; import java.util.Set; import org.gcube.common.keycloak.KeycloakClientException; import org.gcube.common.keycloak.model.AccessToken; import org.gcube.common.keycloak.model.ModelUtils; import org.gcube.common.keycloak.model.RefreshToken; import org.gcube.common.keycloak.model.TokenResponse; public class AbstractIAMResponse implements IAMResponse { private D4ScienceIAMClient iamClient; private TokenResponse tokenResponse; public AbstractIAMResponse(D4ScienceIAMClient iamClient, TokenResponse tokenResponse) { setIamClient(iamClient); setTokenResponse(tokenResponse); } public void setIamClient(D4ScienceIAMClient iamClient) { this.iamClient = iamClient; } public D4ScienceIAMClient getIamClient() { return iamClient; } public void setTokenResponse(TokenResponse tokenResponse) { this.tokenResponse = tokenResponse; } protected TokenResponse getTokenResponse() { return tokenResponse; } @Override public AccessToken getAccessToken() throws D4ScienceIAMClientException { try { return ModelUtils.getAccessTokenFrom(getTokenResponse()); } catch (Exception e) { throw new D4ScienceIAMClientException(e); } } public String getAccessTokenString() { return getTokenResponse().getAccessToken(); } @Override public boolean isExpired() throws D4ScienceIAMClientException { try { return ModelUtils.getAccessTokenFrom(getTokenResponse()).isExpired(); } catch (Exception e) { throw new D4ScienceIAMClientException(e); } } @Override public boolean canBeRefreshed() throws D4ScienceIAMClientException { try { RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(getTokenResponse()); return refreshToken != null && !refreshToken.isExpired(); } catch (Exception e) { throw new D4ScienceIAMClientException(e); } } @Override public void refresh() throws D4ScienceIAMClientException { try { this.tokenResponse = getIamClient().getKeycloakClient().refreshToken(getIamClient().getTokenEndpointURL(), getTokenResponse()); } catch (KeycloakClientException e) { throw new D4ScienceIAMClientException(e); } } @Override public Set getRealmRoles() throws D4ScienceIAMClientException { AccessToken accessToken = getAccessToken(); return accessToken.getRealmAccess() != null ? accessToken.getRealmAccess().getRoles() : new HashSet<>(); } @Override public Set getRoles() throws D4ScienceIAMClientException { AccessToken accessToken = getAccessToken(); Set roles = getRealmRoles(); accessToken.getResourceAccess().forEach((r, a) -> roles.addAll(a.getRoles())); return roles; } @Override public Set getResourceRoles(String resource) throws D4ScienceIAMClientException { AccessToken accessToken = getAccessToken(); return accessToken.getResourceAccess() != null ? (accessToken.getResourceAccess().get(resource) != null ? accessToken.getResourceAccess().get(resource).getRoles() : new HashSet<>()) : new HashSet<>(); } @Override public Set getAudienceResourceRoles() throws D4ScienceIAMClientException { AccessToken accessToken = getAccessToken(); return accessToken.getResourceAccess() != null ? (accessToken.getResourceAccess().get(accessToken.getAudience()[0]) != null ? accessToken.getResourceAccess().get(accessToken.getAudience()[0]).getRoles() : new HashSet<>()) : new HashSet<>(); } @Override public String getName() throws D4ScienceIAMClientException { return getAccessToken().getName(); } @Override public String getContactPerson() throws D4ScienceIAMClientException { AccessToken accessToken = getAccessToken(); return (String) (accessToken.getOtherClaims() != null ? accessToken.getOtherClaims() .get(D4ScienceCustomClaims.CLIENT_CONTACT_PERSON) : null); } @Override public String getContactOrganization() throws D4ScienceIAMClientException { AccessToken accessToken = getAccessToken(); return (String) (accessToken.getOtherClaims() != null ? accessToken.getOtherClaims() .get(D4ScienceCustomClaims.CLIENT_CONTACT_ORGANISATION) : null); } }