gcube-secrets/src/main/java/org/gcube/common/security/secrets/CredentialSecret.java

package org.gcube.common.security.secrets;

import java.util.Map;

import org.gcube.common.keycloak.KeycloakClientLegacyIS;
import org.gcube.common.keycloak.KeycloakClientLegacyISFactory;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.security.Owner;

public class CredentialSecret extends Secret {

	protected boolean initialised = false;

	private String username;
	private String password; 
	private String context;
	private AccessTokenSecret accessTokenSecret;


	public CredentialSecret(String username, String password, String context) {
		this.username = username;
		this.password = password;
		this.context = context;
		init();
	}

	private void init() {
		refreshAccessToken();
	}

	private void refreshAccessToken() {
		try {
			KeycloakClientLegacyIS client = KeycloakClientLegacyISFactory.newInstance();
			TokenResponse response = client.queryUMAToken(username, password, context, null);
			this.accessTokenSecret = new AccessTokenSecret(response.getAccessToken());
		} catch (Exception e) {
			throw new RuntimeException(e);
		}
	}

	@Override
	public Owner getOwner() {
		return this.accessTokenSecret.getOwner();
	}

	@Override
	public String getContext() {
		if (this.accessTokenSecret.isExpired())
			refreshAccessToken();
		return this.accessTokenSecret.getContext();
	}

	@Override
	public Map<String, String> getHTTPAuthorizationHeaders() {
		if (this.accessTokenSecret.isExpired())
			refreshAccessToken();
		return this.accessTokenSecret.getHTTPAuthorizationHeaders();
	}

	@Override
	public boolean isExpired() {
		return false;
	}
	
	
	@Override
	public boolean isRefreshable() {
		return false;
	}

}