From e8103dfe33e1b9b7a5be5370623769a29140db9b Mon Sep 17 00:00:00 2001
From: "francesco.mangiacrapa" <francesco.mangiacrapa@isti.cnr.it>
Date: Wed, 3 Jul 2024 15:01:18 +0200
Subject: [PATCH] Updated Geoportal Service account

---
 .../GeoportalToCatalogueBatchPublisher.java   |  17 ++-
 .../GeoportalServiceAccount.java              | 102 +++++++++++++++---
 .../IAMClientCredentialsReader.java           |  28 +++--
 3 files changed, 112 insertions(+), 35 deletions(-)

diff --git a/catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java b/catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java
index 97b98ec..cf70242 100644
--- a/catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java
+++ b/catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java
@@ -35,6 +35,10 @@ import org.gcube.application.geoportalcommon.shared.SearchingFilter.ORDER;
 import org.gcube.application.geoportalcommon.shared.WhereClause;
 import org.gcube.application.geoportalcommon.shared.geoportal.config.ItemFieldDV;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.utils.manager.SecretManager;
+import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
+import org.gcube.common.authorization.utils.secret.GCubeSecret;
+import org.gcube.common.authorization.utils.secret.Secret;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.junit.Test;
 
@@ -61,7 +65,7 @@ import test.TestContextConfig;
  *         Jun 25, 2024
  */
 @Slf4j
-public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
+public class GeoportalToCatalogueBatchPublisher {
 
 	public final static String profileID = "profiledConcessioni";
 	public final static Integer MAX_ITEMS = 1;
@@ -81,8 +85,7 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
 	 */
 	//@Test
 	public void testPublish() {
-		//org.junit.Assume.assumeTrue(GCubeTest.isTestInfrastructureEnabled());
-		//CatalogueBindingPlugin plugin = (CatalogueBindingPlugin) plugins.get(CatalogueBindingPlugin.DESCRIPTOR.getId());
+
 		procedureToPublishProjectsOnCatalogue();
 
 		// String projectId = " 6663016a312dc236d217be5c";
@@ -218,6 +221,14 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
 
 								ScopeProvider.instance.set(targetScope);
 								SecurityTokenProvider.instance.set(targetToken);
+								
+								
+								
+								SecretManager secretManager = new SecretManager();
+								Secret secret = new GCubeSecret(targetToken);
+								secretManager.addSecret(secret);
+								SecretManagerProvider.instance.set(secretManager);
+								
 								log.info("\n publishOnCatalogue the PROJECT N. " + counter + " with id: "
 										+ theProject.getId());
 
diff --git a/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java b/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java
index c3bfdb7..bd9c3c7 100644
--- a/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java
+++ b/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java
@@ -5,47 +5,117 @@ import java.util.Map.Entry;
 
 import javax.ws.rs.InternalServerErrorException;
 
+import org.gcube.common.authorization.utils.manager.SecretManager;
 import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
 import org.gcube.common.authorization.utils.secret.JWTSecret;
 import org.gcube.common.authorization.utils.secret.Secret;
 import org.gcube.common.keycloak.KeycloakClientFactory;
 import org.gcube.common.keycloak.model.TokenResponse;
+import org.gcube.common.scope.api.ScopeProvider;
 
 import lombok.extern.slf4j.Slf4j;
 
+/**
+ * The Class GeoportalServiceAccount.
+ *
+ * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
+ * 
+ *         Jul 3, 2024
+ */
 @Slf4j
 public class GeoportalServiceAccount {
 
-	//geoportal service account config property file
+	// geoportal service account config property file
 	protected static final String CLIENT_ID_PROPERTY_NAME = "clientId";
-	
+
+	private static final String SE_PROFILE_NAME = "geoportal";
+	private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
+
 	private static String clientId = "geoportal";
-	
+
+	/**
+	 * Gets the client id and client secret.
+	 *
+	 * @param context the context
+	 * @return the client id and client secret
+	 */
 	private static Entry<String, String> getClientIdAndClientSecret(String context) {
 		try {
-			IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials();
-			
-			clientId = credentials.getClientId()==null?clientId:credentials.getClientId();
+			IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials(context,
+					SE_PROFILE_NAME, SE_CATEGORY_NAME);
+
+			clientId = credentials.getClientId() == null ? clientId : credentials.getClientId();
 			String clientSecret = credentials.getClientSecret();
 			SimpleEntry<String, String> entry = new SimpleEntry<String, String>(clientId, clientSecret);
 			return entry;
-		} catch(Exception e) {
-			throw new InternalServerErrorException(
-					"Unable to retrieve Application Token for context " + SecretManagerProvider.instance.get().getContext(), e);
+		} catch (Exception e) {
+			throw new InternalServerErrorException("Unable to retrieve Application Token for context "
+					+ SecretManagerProvider.instance.get().getContext(), e);
 		}
 	}
-	
+
+	/**
+	 * Gets the JWT access token.
+	 *
+	 * @return the JWT access token
+	 * @throws Exception the exception
+	 */
 	private static TokenResponse getJWTAccessToken() throws Exception {
-		String context = SecretManagerProvider.instance.get().getContext();
-		Entry<String,String> entry = getClientIdAndClientSecret(context);
-		TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(), entry.getValue(), context, null);
-	    return tr;
+		SecretManager secretManager = SecretManagerProvider.instance.get();
+		if (secretManager != null) {
+			String context = getContext();
+			log.info("Context is {}", context);
+			Entry<String, String> entry = getClientIdAndClientSecret(context);
+			TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(),
+					entry.getValue(), context, null);
+			return tr;
+		} else {
+			throw new Exception(SecretManager.class.getSimpleName() + " is null!! Please set it");
+		}
 	}
-	
+
+	/**
+	 * Gets the context.
+	 *
+	 * @return the context
+	 */
+	public static String getContext() {
+		String context = null;
+		SecretManager secretManager = SecretManagerProvider.instance.get();
+
+		// Test case
+		if (secretManager == null) {
+			log.info(SecretManager.class.getSimpleName() + " is null trying to read the scope from "
+					+ ScopeProvider.class.getSimpleName());
+			context = ScopeProvider.instance.get();
+			log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
+			return context;
+		}
+
+		context = secretManager.getContext();
+
+		if (context == null) {
+			log.info(SecretManager.class.getSimpleName() + " has getContext null trying to read the scope from "
+					+ ScopeProvider.class.getSimpleName());
+			context = ScopeProvider.instance.get();
+			log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
+			return context;
+		}
+
+		log.info("Returning scope {} read from {}", context, SecretManager.class.getSimpleName());
+		return context;
+	}
+
+	/**
+	 * Gets the geoportal secret.
+	 *
+	 * @return the geoportal secret
+	 * @throws Exception the exception
+	 */
 	public static Secret getGeoportalSecret() throws Exception {
 		TokenResponse tr = getJWTAccessToken();
 		Secret secret = new JWTSecret(tr.getAccessToken());
 		return secret;
 	}
-	
+
 }
diff --git a/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java b/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java
index 18a72a3..26a37b7 100644
--- a/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java
+++ b/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java
@@ -6,7 +6,6 @@ import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
 import java.util.Collection;
 import java.util.List;
 
-import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
 import org.gcube.common.encryption.StringEncrypter;
 import org.gcube.common.resources.gcore.ServiceEndpoint;
 import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
@@ -16,34 +15,31 @@ import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * The Class GNABaseMapsResourceReader.
+ * The Class IAMClientCredentialsReader.
  *
  * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
  * 
- *         Sep 23, 2021
+ *         Jul 3, 2024
  */
 @Slf4j
 public class IAMClientCredentialsReader {
 
-	private static final String SE_PROFILE_NAME = "geoportal";
-	private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
-
 	/**
 	 * Gets the credentials.
 	 *
+	 * @param currentContext the current context
 	 * @return the credentials
 	 * @throws Exception the exception
 	 */
-	public static IAMClientCredentials getCredentials() throws Exception {
+	public static IAMClientCredentials getCredentials(String currentContext, String seProfileName,
+			String seCategoryName) throws Exception {
 
-		String currentContext = SecretManagerProvider.instance.get().getContext();
-
-		log.info("Searching SE in the scope: " + currentContext + " with profile name: " + SE_PROFILE_NAME
-				+ " and category name: " + SE_CATEGORY_NAME);
+		log.info("Searching SE in the scope: " + currentContext + " with profile name: " + seProfileName
+				+ " and category name: " + seCategoryName);
 
 		SimpleQuery query = queryFor(ServiceEndpoint.class);
-		query.addCondition("$resource/Profile/Name/text() eq '" + SE_PROFILE_NAME + "'");
-		query.addCondition("$resource/Profile/Category/text() eq '" + SE_CATEGORY_NAME + "'");
+		query.addCondition("$resource/Profile/Name/text() eq '" + seProfileName + "'");
+		query.addCondition("$resource/Profile/Category/text() eq '" + seCategoryName + "'");
 
 		DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
 		List<ServiceEndpoint> resources = client.submit(query);
@@ -51,8 +47,8 @@ public class IAMClientCredentialsReader {
 		if (resources.size() > 0)
 			log.info("The query returned " + resources.size() + " ServiceEndpoint/s");
 		else
-			throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + SE_PROFILE_NAME
-					+ "' and category name '" + SE_CATEGORY_NAME + "' in the scope: " + currentContext);
+			throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + seProfileName
+					+ "' and category name '" + seCategoryName + "' in the scope: " + currentContext);
 
 		ServiceEndpoint se = resources.get(0);
 		Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection();
@@ -74,7 +70,7 @@ public class IAMClientCredentialsReader {
 			}
 		}
 
-		log.info("Returning keycloack credentials for SE {} read from SE", SE_PROFILE_NAME);
+		log.info("Returning keycloack credentials for SE {} read from SE", seProfileName);
 		return new IAMClientCredentials(clientId, secredPwd);
 
 	}