d4science-iam-client/src/main/java/org/gcube/common/iam/AbstractIAMResponse.java

package org.gcube.common.iam;

import java.util.HashSet;
import java.util.Set;

import org.gcube.common.keycloak.KeycloakClientException;
import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.RefreshToken;
import org.gcube.common.keycloak.model.TokenResponse;

public class AbstractIAMResponse implements IAMResponse {

    private D4ScienceIAMClient iamClient;
    private TokenResponse tokenResponse;

    public AbstractIAMResponse(D4ScienceIAMClient iamClient, TokenResponse tokenResponse) {
        setIamClient(iamClient);
        setTokenResponse(tokenResponse);
    }

    public void setIamClient(D4ScienceIAMClient iamClient) {
        this.iamClient = iamClient;
    }

    public D4ScienceIAMClient getIamClient() {
        return iamClient;
    }

    public void setTokenResponse(TokenResponse tokenResponse) {
        this.tokenResponse = tokenResponse;
    }

    protected TokenResponse getTokenResponse() {
        return tokenResponse;
    }

    @Override
    public AccessToken getAccessToken() throws D4ScienceIAMClientException {
        try {
            return ModelUtils.getAccessTokenFrom(getTokenResponse());
        } catch (Exception e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    public String getAccessTokenString() {
        return getTokenResponse().getAccessToken();
    }

    @Override
    public boolean isExpired() throws D4ScienceIAMClientException {
        try {
            return ModelUtils.getAccessTokenFrom(getTokenResponse()).isExpired();
        } catch (Exception e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    @Override
    public boolean canBeRefreshed() throws D4ScienceIAMClientException {
        try {
            RefreshToken refreshToken = ModelUtils.getRefreshTokenFrom(getTokenResponse());
            return refreshToken != null && !refreshToken.isExpired();
        } catch (Exception e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    @Override
    public void refresh() throws D4ScienceIAMClientException {
        try {
            this.tokenResponse = getIamClient().getKeycloakClient().refreshToken(getIamClient().getTokenEndpointURL(),
                    getTokenResponse());

        } catch (KeycloakClientException e) {
            throw new D4ScienceIAMClientException(e);
        }
    }

    @Override
    public Set<String> getRealmRoles() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        return accessToken.getRealmAccess() != null ? accessToken.getRealmAccess().getRoles() : new HashSet<>();
    }

    @Override
    public Set<String> getRoles() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        Set<String> roles = getRealmRoles();
        accessToken.getResourceAccess().forEach((r, a) -> roles.addAll(a.getRoles()));
        return roles;
    }

    @Override
    public Set<String> getResourceRoles(String resource) throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        return accessToken.getResourceAccess() != null ? (accessToken.getResourceAccess().get(resource) != null
                ? accessToken.getResourceAccess().get(resource).getRoles()
                : new HashSet<>()) : new HashSet<>();
    }

    @Override
    public Set<String> getAudienceResourceRoles() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        return accessToken.getResourceAccess() != null
                ? (accessToken.getResourceAccess().get(accessToken.getAudience()[0]) != null
                        ? accessToken.getResourceAccess().get(accessToken.getAudience()[0]).getRoles()
                        : new HashSet<>())
                : new HashSet<>();
    }

    @Override
    public String getName() throws D4ScienceIAMClientException {
        return getAccessToken().getName();
    }

    @Override
    public String getContactPerson() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        return (String) (accessToken.getOtherClaims() != null
                ? accessToken.getOtherClaims()
                        .get(D4ScienceCustomClaims.CLIENT_CONTACT_PERSON)
                : null);
    }

    @Override
    public String getContactOrganization() throws D4ScienceIAMClientException {
        AccessToken accessToken = getAccessToken();
        return (String) (accessToken.getOtherClaims() != null
                ? accessToken.getOtherClaims()
                        .get(D4ScienceCustomClaims.CLIENT_CONTACT_ORGANISATION)
                : null);
    }

}