name updated

This commit is contained in:
Lucio Lelii 2023-02-01 11:55:11 +01:00
parent d4a10105c3
commit 335a9454fa
5 changed files with 153 additions and 139 deletions

View File

@ -1,88 +1,84 @@
package org.gcube.common.security.secrets;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.keycloak.KeycloakClient;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.security.Owner;
/**
* @author Luca Frosini (ISTI - CNR)
*/
public class AccessTokenSecret extends Secret {
private static final String AUTH_HEADER = "Authorization";
private static final String USER_HEADER = "d4s-user";
//private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
/**
* The interval of time expressed in milliseconds used as guard to refresh the token before that it expires .
* TimeUnit has been used to in place of just
* using the number to have a clearer code
*/
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
private String accessToken;
private String encodedAccessToken;
private Owner owner;
private String context;
private UmaTokenSecret umaTokenSecret;
private AccessToken accessToken;
protected boolean initialised = false;
private boolean initialised = false;
public AccessTokenSecret(String accessToken, String context) {
this.accessToken = accessToken;
this.context = context;
init();
}
public AccessTokenSecret(String encodedAccessToken) {
this.encodedAccessToken = encodedAccessToken;
private synchronized void init() {
try {
KeycloakClient client = KeycloakClientFactory.newInstance();
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+accessToken, context, null);
this.umaTokenSecret = new UmaTokenSecret(tokenResponse.getAccessToken());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private synchronized void refreshAccessToken() {
try {
KeycloakClient client = KeycloakClientFactory.newInstance();
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+accessToken, context, null);
this.umaTokenSecret = new UmaTokenSecret(tokenResponse.getAccessToken());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Override
public Owner getOwner() {
init();
return this.owner;
return this.umaTokenSecret.getOwner();
}
@Override
public String getContext() {
init();
return this.context;
if (this.umaTokenSecret.isExpired())
refreshAccessToken();
return this.umaTokenSecret.getContext();
}
@Override
public Map<String, String> getHTTPAuthorizationHeaders() {
Map<String, String> authorizationHeaders = new HashMap<>();
authorizationHeaders.put(AUTH_HEADER, "Bearer " + this.encodedAccessToken);
String encodedUser = Base64.getEncoder().encodeToString(this.getOwner().getId().getBytes());
authorizationHeaders.put(USER_HEADER, encodedUser);
return authorizationHeaders;
if (this.umaTokenSecret.isExpired())
refreshAccessToken();
return this.umaTokenSecret.getHTTPAuthorizationHeaders();
}
protected String getEncodedAccessToken() {
return encodedAccessToken;
}
@Override
public boolean isExpired() {
init();
return accessToken.isExpired();
return false;
}
private synchronized void init() {
if (!initialised)
try {
String realAccessTokenEncoded = encodedAccessToken.split("\\.")[1];
String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
ObjectMapper objectMapper = new ObjectMapper();
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
owner.setClientName(obj.getClientName());
owner.setContactOrganisation(obj.getContactOrganisation());
owner.setClientName(obj.getClientName());
context = obj.getContext();
this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
initialised = true;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}

View File

@ -14,7 +14,7 @@ public class CredentialSecret extends Secret {
private String username;
private String password;
private String context;
private AccessTokenSecret accessTokenSecret;
private UmaTokenSecret accessTokenSecret;
public CredentialSecret(String username, String password, String context) {
@ -32,7 +32,7 @@ public class CredentialSecret extends Secret {
try {
KeycloakClient client = KeycloakClientFactory.newInstance();
TokenResponse response = client.queryUMAToken(context, username, password, context, null);
this.accessTokenSecret = new AccessTokenSecret(response.getAccessToken());
this.accessTokenSecret = new UmaTokenSecret(response.getAccessToken());
} catch (Exception e) {
throw new RuntimeException(e);
}

View File

@ -1,83 +0,0 @@
package org.gcube.common.security.secrets;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.gcube.common.keycloak.KeycloakClient;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.security.Owner;
/**
* @author Luca Frosini (ISTI - CNR)
*/
public class JWTSecret extends Secret {
//private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
/**
* The interval of time expressed in milliseconds used as guard to refresh the token before that it expires .
* TimeUnit has been used to in place of just
* using the number to have a clearer code
*/
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
private String jwtToken;
private String context;
private AccessTokenSecret accessTokenSecret;
protected boolean initialised = false;
public JWTSecret(String jwtToken) {
this.jwtToken = jwtToken;
init();
}
private synchronized void init() {
try {
KeycloakClient client = KeycloakClientFactory.newInstance();
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+jwtToken, context, null);
this.accessTokenSecret = new AccessTokenSecret(tokenResponse.getAccessToken());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private synchronized void refreshAccessToken() {
try {
KeycloakClient client = KeycloakClientFactory.newInstance();
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+jwtToken, context, null);
this.accessTokenSecret = new AccessTokenSecret(tokenResponse.getAccessToken());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Override
public Owner getOwner() {
return this.accessTokenSecret.getOwner();
}
@Override
public String getContext() {
if (this.accessTokenSecret.isExpired())
refreshAccessToken();
return this.accessTokenSecret.getContext();
}
@Override
public Map<String, String> getHTTPAuthorizationHeaders() {
if (this.accessTokenSecret.isExpired())
refreshAccessToken();
return this.accessTokenSecret.getHTTPAuthorizationHeaders();
}
@Override
public boolean isExpired() {
return false;
}
}

View File

@ -0,0 +1,87 @@
package org.gcube.common.security.secrets;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.security.Owner;
public class UmaTokenSecret extends Secret {
private static final String AUTH_HEADER = "Authorization";
private static final String USER_HEADER = "d4s-user";
private String encodedUmaToken;
private Owner owner;
private String context;
private AccessToken accessToken;
private boolean initialised = false;
public UmaTokenSecret(String encodedUmaToken) {
this.encodedUmaToken = encodedUmaToken;
}
@Override
public Owner getOwner() {
init();
return this.owner;
}
@Override
public String getContext() {
init();
return this.context;
}
@Override
public Map<String, String> getHTTPAuthorizationHeaders() {
Map<String, String> authorizationHeaders = new HashMap<>();
authorizationHeaders.put(AUTH_HEADER, "Bearer " + this.encodedUmaToken);
String encodedUser = Base64.getEncoder().encodeToString(this.getOwner().getId().getBytes());
authorizationHeaders.put(USER_HEADER, encodedUser);
return authorizationHeaders;
}
protected String getEncodedUmaToken() {
return encodedUmaToken;
}
@Override
public boolean isExpired() {
init();
return accessToken.isExpired();
}
private synchronized void init() {
if (!initialised)
try {
String realAccessTokenEncoded = encodedUmaToken.split("\\.")[1];
String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
ObjectMapper objectMapper = new ObjectMapper();
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
owner.setClientName(obj.getClientName());
owner.setContactOrganisation(obj.getContactOrganisation());
owner.setClientName(obj.getClientName());
context = obj.getContext();
this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
initialised = true;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}

View File

@ -0,0 +1,14 @@
package org.gcube.common.security.secrets;
public class TestSecrets {
/*
public void test(){
new JWTSecret(jwtToken):
new UmaTokenSecret(encodedAccessToken);
new CredentialSecret(username, password, context);
new GCubeSecret(gcubeToken);
SecretManagerProvider.instance.set(secret);
}
*/
}