added Credential Secret

2022-06-15 17:56:39 +02:00 · 2022-06-15 17:56:39 +02:00 · 3582aaa4f5
parent cf6981a284
commit 3582aaa4f5
9 changed files with 174 additions and 7 deletions
--- a/.classpath
+++ b/.classpath
@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="test" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="test" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+/target/
--- a/.project
+++ b/.project
@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>gcube-secrets</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+	</natures>
+</projectDescription>
--- a/.settings/org.eclipse.core.resources.prefs
+++ b/.settings/org.eclipse.core.resources.prefs
@ -0,0 +1,6 @@
+eclipse.preferences.version=1
+encoding//src/main/java=UTF-8
+encoding//src/main/resources=UTF-8
+encoding//src/test/java=UTF-8
+encoding//src/test/resources=UTF-8
+encoding/<project>=UTF-8
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@ -0,0 +1,8 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
+org.eclipse.jdt.core.compiler.compliance=1.8
+org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
+org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.source=1.8
--- a/.settings/org.eclipse.m2e.core.prefs
+++ b/.settings/org.eclipse.m2e.core.prefs
@ -0,0 +1,4 @@
+activeProfiles=
+eclipse.preferences.version=1
+resolveWorkspaceProjects=true
+version=1
--- a/pom.xml
+++ b/pom.xml
@ -34,10 +34,18 @@
 			<groupId>org.gcube.common</groupId>
 			<artifactId>keycloak-client</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>keycloak-client-legacy-is</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>common-security</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>authorization-client</artifactId>
+		</dependency>
 	</dependencies>
 </project>
  
--- a/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java
+++ b/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java
@ -5,20 +5,23 @@ import java.util.HashMap;
 import java.util.Map;

 import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
+import org.gcube.common.keycloak.model.AccessToken;
 import org.gcube.common.security.Owner;

 public class AccessTokenSecret extends Secret {
-
+	
 	private String encodedAccessToken;

-	protected Owner owner;
-	protected String context;
+	private Owner owner;
+	private String context;

+	private AccessToken accessToken;

 	private boolean initialised = false;

 	public AccessTokenSecret(String encodedAccessToken) {
 		this.encodedAccessToken = encodedAccessToken;
+				
 	}

 	@Override
@ -36,7 +39,7 @@ public class AccessTokenSecret extends Secret {
 	@Override
 	public Map<String, String> getHTTPAuthorizationHeaders() {
 		Map<String, String> authorizationHeaders = new HashMap<>();
-		authorizationHeaders.put("Authorization", "Bearer " + this.encodedAccessToken.getBytes());
+		authorizationHeaders.put("Authorization", "Bearer " + this.encodedAccessToken);
 		return authorizationHeaders;

 	}
@ -44,10 +47,12 @@ public class AccessTokenSecret extends Secret {
 	protected String getEncodedAccessToken() {
 		return encodedAccessToken;
 	}
-
+	
+		
 	@Override
 	public boolean isExpired() {
-		return false;
+		init();
+		return accessToken.isExpired();
 	}

 	@Override
@ -69,7 +74,10 @@ public class AccessTokenSecret extends Secret {
 				owner.setClientName(obj.getClientName());
 				owner.setContactOrganisation(obj.getContactOrganisation());
 				owner.setClientName(obj.getClientName());
-				context = obj.getContext(); 
+				context = obj.getContext();
+				
+				this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
+				
 				initialised = true;
 			} catch (Exception e) {
 				throw new RuntimeException(e);
--- a/src/main/java/org/gcube/common/security/secrets/CredentialSecret.java
+++ b/src/main/java/org/gcube/common/security/secrets/CredentialSecret.java
@ -0,0 +1,71 @@
+package org.gcube.common.security.secrets;
+
+import java.util.Map;
+
+import org.gcube.common.keycloak.KeycloakClientLegacyIS;
+import org.gcube.common.keycloak.KeycloakClientLegacyISFactory;
+import org.gcube.common.keycloak.model.TokenResponse;
+import org.gcube.common.security.Owner;
+
+public class CredentialSecret extends Secret {
+
+	protected boolean initialised = false;
+
+	private String username;
+	private String password; 
+	private String context;
+	private AccessTokenSecret accessTokenSecret;
+
+
+	public CredentialSecret(String username, String password, String context) {
+		this.username = username;
+		this.password = password;
+		this.context = context;
+		init();
+	}
+
+	private void init() {
+		refreshAccessToken();
+	}
+
+	private void refreshAccessToken() {
+		try {
+			KeycloakClientLegacyIS client = KeycloakClientLegacyISFactory.newInstance();
+			TokenResponse response = client.queryUMAToken(username, password, context, null);
+			this.accessTokenSecret = new AccessTokenSecret(response.getAccessToken());
+		} catch (Exception e) {
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Override
+	public Owner getOwner() {
+		return this.accessTokenSecret.getOwner();
+	}
+
+	@Override
+	public String getContext() {
+		if (this.accessTokenSecret.isExpired())
+			refreshAccessToken();
+		return this.accessTokenSecret.getContext();
+	}
+
+	@Override
+	public Map<String, String> getHTTPAuthorizationHeaders() {
+		if (this.accessTokenSecret.isExpired())
+			refreshAccessToken();
+		return this.accessTokenSecret.getHTTPAuthorizationHeaders();
+	}
+
+	@Override
+	public boolean isExpired() {
+		return false;
+	}
+	
+	
+	@Override
+	public boolean isRefreshable() {
+		return false;
+	}
+
+}