2016-10-03 12:21:52 +02:00
|
|
|
package org.gcube.informationsystem.icproxy.resources;
|
|
|
|
|
|
|
|
import static org.gcube.resources.discovery.icclient.ICFactory.client;
|
|
|
|
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
|
|
|
|
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
2023-01-27 15:42:42 +01:00
|
|
|
import java.util.ArrayList;
|
2016-10-03 12:21:52 +02:00
|
|
|
import java.util.List;
|
2023-01-25 17:38:05 +01:00
|
|
|
import java.util.Objects;
|
2016-10-03 12:21:52 +02:00
|
|
|
import javax.validation.constraints.NotNull;
|
2023-01-27 15:42:42 +01:00
|
|
|
import javax.ws.rs.*;
|
2016-10-03 12:21:52 +02:00
|
|
|
import javax.ws.rs.core.MediaType;
|
|
|
|
import lombok.extern.slf4j.Slf4j;
|
2023-02-03 17:33:25 +01:00
|
|
|
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
|
|
|
|
import org.gcube.common.keycloak.model.ModelUtils;
|
2023-01-25 17:38:05 +01:00
|
|
|
import org.gcube.common.resources.gcore.*;
|
2023-02-15 16:50:27 +01:00
|
|
|
import org.gcube.common.resources.gcore.common.Platform;
|
2023-01-27 15:42:42 +01:00
|
|
|
import org.gcube.common.resources.gcore.utils.Group;
|
2016-10-03 12:21:52 +02:00
|
|
|
import org.gcube.common.scope.api.ScopeProvider;
|
2023-02-15 16:50:27 +01:00
|
|
|
import org.gcube.informationsystem.icproxy.profiles.ServiceEndpointProfile;
|
|
|
|
import org.gcube.informationsystem.publisher.RegistryPublisher;
|
|
|
|
import org.gcube.informationsystem.publisher.RegistryPublisherFactory;
|
2016-10-03 12:21:52 +02:00
|
|
|
import org.gcube.resources.discovery.client.api.DiscoveryClient;
|
|
|
|
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
|
2023-01-27 15:42:42 +01:00
|
|
|
import org.gcube.common.encryption.StringEncrypter;
|
2016-10-03 12:21:52 +02:00
|
|
|
|
|
|
|
@Slf4j
|
|
|
|
@Path("ServiceEndpoint")
|
|
|
|
public class ServiceEndpointResource {
|
2021-06-08 10:37:16 +02:00
|
|
|
|
2023-02-16 17:25:40 +01:00
|
|
|
public static final String ENABLED_ROLE="service-endpoint-key";
|
|
|
|
|
2021-06-08 10:37:16 +02:00
|
|
|
@GET
|
|
|
|
@Path("/{category}")
|
|
|
|
@Produces(MediaType.APPLICATION_XML)
|
|
|
|
public List<ServiceEndpoint> retrieve(@NotNull @PathParam("category") String resourceCategory) {
|
|
|
|
log.info("ServiceEndpoint called with category {} in context {}",resourceCategory, ScopeProvider.instance.get());
|
|
|
|
|
|
|
|
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
|
|
|
|
|
|
|
List<ServiceEndpoint> endpoints = client.submit(getQuery(resourceCategory));
|
|
|
|
log.debug("retrieved resources are "+endpoints.size());
|
|
|
|
return endpoints;
|
|
|
|
}
|
2016-10-03 12:21:52 +02:00
|
|
|
|
|
|
|
@GET
|
|
|
|
@Path("/{category}/{name}")
|
|
|
|
@Produces(MediaType.APPLICATION_XML)
|
2023-01-27 15:42:42 +01:00
|
|
|
public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String resourceName,
|
|
|
|
@NotNull @PathParam("category") String resourceCategory, @QueryParam("decrypt") boolean isDecrypt) {
|
2016-10-03 12:21:52 +02:00
|
|
|
log.info("ServiceEndpoint called with category {} and name {} in scope {}",resourceCategory, resourceName, ScopeProvider.instance.get());
|
|
|
|
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
|
|
|
List<ServiceEndpoint> endpoints = client.submit(getQuery(resourceName, resourceCategory));
|
2023-01-27 15:42:42 +01:00
|
|
|
if(Objects.nonNull(endpoints)) {
|
|
|
|
log.debug("retrieved resources are "+endpoints.size());
|
2023-02-09 10:28:26 +01:00
|
|
|
return getServiceEndpoints(isDecrypt, endpoints);
|
|
|
|
}else{
|
|
|
|
log.error("ServiceEndpoint called with category {} and name {} in scope {}, return NULL",resourceCategory, resourceName, ScopeProvider.instance.get());
|
|
|
|
return null;
|
2023-01-27 15:42:42 +01:00
|
|
|
}
|
2016-10-03 12:21:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
@GET
|
|
|
|
@Path("/{category}/{name}/Result/{result:([^$\\?]+)}")
|
|
|
|
@Produces(MediaType.TEXT_XML)
|
|
|
|
public String retrieveCustom(@NotNull @PathParam("name") String resourceName,
|
|
|
|
@NotNull @PathParam("category") String resourceCategory, @NotNull @PathParam("result") String resultXPath) {
|
|
|
|
log.info("ServiceEndpoint called with category {} and name {} and result {} in scope {}"
|
|
|
|
,resourceCategory, resourceName, resultXPath, ScopeProvider.instance.get());
|
|
|
|
|
|
|
|
SimpleQuery query = getQuery(resourceName, resourceCategory);
|
|
|
|
|
|
|
|
if (resultXPath.startsWith("/"))
|
|
|
|
query.setResult("$resource"+resultXPath);
|
|
|
|
else
|
|
|
|
query.setResult("$resource/"+resultXPath);
|
|
|
|
|
|
|
|
DiscoveryClient<String> client = client();
|
|
|
|
List<String> endpoints = client.submit(query);
|
|
|
|
StringBuilder builder = new StringBuilder("<Results>");
|
|
|
|
for (String single: endpoints)
|
|
|
|
builder.append("<Result>").append(single.replaceAll("\n", "")).append("</Result>");
|
|
|
|
|
|
|
|
builder.append("</Results>");
|
|
|
|
|
|
|
|
log.debug("retrieved resources are "+endpoints.size());
|
|
|
|
return builder.toString();
|
|
|
|
}
|
|
|
|
|
2023-02-15 16:50:27 +01:00
|
|
|
@POST
|
|
|
|
@Produces(MediaType.APPLICATION_XML)
|
2023-02-17 15:30:35 +01:00
|
|
|
@Consumes(MediaType.APPLICATION_XML)
|
2023-02-16 14:21:32 +01:00
|
|
|
public ServiceEndpoint create(ServiceEndpoint resourceProfile) {
|
2023-02-16 16:40:13 +01:00
|
|
|
log.debug("Try to create new serviceEndpoint profile {} in {}",resourceProfile, ScopeProvider.instance.get());
|
2023-02-15 16:50:27 +01:00
|
|
|
if (Objects.nonNull(resourceProfile) && isRoleEnabled()){
|
2023-02-16 16:02:23 +01:00
|
|
|
log.debug("going to encrypt and push");
|
2023-02-16 14:41:42 +01:00
|
|
|
registerSE(encryptResource(resourceProfile));
|
2023-02-16 16:02:23 +01:00
|
|
|
log.debug("pushed on IS");
|
2023-02-16 14:21:32 +01:00
|
|
|
return resourceProfile;
|
2023-02-15 16:50:27 +01:00
|
|
|
}else{
|
|
|
|
throw new RuntimeException("ServiceEndpoint profile is null or user not enabled");
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2023-02-17 15:30:35 +01:00
|
|
|
|
|
|
|
@POST
|
|
|
|
@Produces(MediaType.APPLICATION_XML)
|
|
|
|
@Consumes(MediaType.APPLICATION_JSON)
|
|
|
|
public ServiceEndpoint create(ServiceEndpointProfile resourceProfile) {
|
|
|
|
log.debug("Try to create new serviceEndpoint profile {} in {}",resourceProfile, ScopeProvider.instance.get());
|
|
|
|
if (Objects.nonNull(resourceProfile) && isRoleEnabled()){
|
|
|
|
ServiceEndpoint newResource= new ServiceEndpoint();
|
|
|
|
ServiceEndpoint.Profile profile=newResource.newProfile().category(resourceProfile.getCategory()).name(resourceProfile.getName());
|
2023-02-17 15:34:44 +01:00
|
|
|
profile.newPlatform().name(resourceProfile.getPlatform()).version((short)1).minorVersion((short)0).revisionVersion((short)0).buildVersion((short)0);
|
2023-02-17 15:41:21 +01:00
|
|
|
profile.newRuntime().hostedOn(resourceProfile.getHost());
|
2023-02-17 15:30:35 +01:00
|
|
|
ServiceEndpoint.AccessPoint ap=new ServiceEndpoint.AccessPoint();
|
|
|
|
ap.name(resourceProfile.getAccessPointName());
|
|
|
|
ap.address(resourceProfile.getAccessPointAddress());
|
|
|
|
ap.credentials(resourceProfile.getAccessPointPass(), resourceProfile.getAccessPointUsername());
|
|
|
|
profile.accessPoints().add(ap);
|
|
|
|
log.debug("going to encrypt and push");
|
|
|
|
registerSE(encryptResource(newResource));
|
|
|
|
log.debug("pushed on IS");
|
|
|
|
return newResource;
|
|
|
|
}else{
|
|
|
|
throw new RuntimeException("ServiceEndpoint profile is null or user not enabled");
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2023-02-15 16:50:27 +01:00
|
|
|
|
2016-10-03 12:21:52 +02:00
|
|
|
private SimpleQuery getQuery(String resourceName, String resourceCategory){
|
|
|
|
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
|
|
|
query.addCondition(String.format("$resource/Profile/Name/text() eq '%s'",resourceName));
|
|
|
|
query.addCondition(String.format("$resource/Profile/Category/text() eq '%s'",resourceCategory));
|
|
|
|
return query;
|
|
|
|
}
|
|
|
|
|
2021-06-08 10:37:16 +02:00
|
|
|
private SimpleQuery getQuery(String resourceCategory){
|
|
|
|
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
|
|
|
query.addCondition(String.format("$resource/Profile/Category/text() eq '%s'",resourceCategory));
|
|
|
|
return query;
|
|
|
|
}
|
2023-01-25 17:38:05 +01:00
|
|
|
|
2023-01-27 15:42:42 +01:00
|
|
|
private ServiceEndpoint decryptResource(ServiceEndpoint resource) {
|
2023-02-17 10:01:57 +01:00
|
|
|
log.debug("encrypting serviceEndpoint {} ", resource.id());
|
2023-01-27 15:42:42 +01:00
|
|
|
Group<ServiceEndpoint.AccessPoint> aps=resource.profile().accessPoints();
|
|
|
|
for (ServiceEndpoint.AccessPoint ap : aps){
|
|
|
|
String decrypted =decryptString(ap.password());
|
|
|
|
String user= ap.username();
|
|
|
|
|
|
|
|
ap.credentials(decrypted, user);
|
|
|
|
}
|
|
|
|
return resource;
|
|
|
|
}
|
2023-02-16 14:41:42 +01:00
|
|
|
|
|
|
|
private ServiceEndpoint encryptResource(ServiceEndpoint resource) {
|
2023-02-17 10:01:57 +01:00
|
|
|
log.debug("encrypting serviceEndpoint {} ", resource.id());
|
2023-02-16 14:41:42 +01:00
|
|
|
Group<ServiceEndpoint.AccessPoint> aps=resource.profile().accessPoints();
|
|
|
|
for (ServiceEndpoint.AccessPoint ap : aps){
|
|
|
|
String decrypted =encryptString(ap.password());
|
|
|
|
String user= ap.username();
|
|
|
|
ap.credentials(decrypted, user);
|
|
|
|
}
|
|
|
|
return resource;
|
|
|
|
}
|
|
|
|
|
2023-01-27 15:42:42 +01:00
|
|
|
|
2023-02-09 10:28:26 +01:00
|
|
|
private static String decryptString(String toDecrypt){
|
2023-02-16 17:20:04 +01:00
|
|
|
log.debug("decrypting string");
|
2023-01-27 15:42:42 +01:00
|
|
|
try{
|
|
|
|
return StringEncrypter.getEncrypter().decrypt(toDecrypt);
|
|
|
|
}catch(Exception e) {
|
|
|
|
throw new RuntimeException("Unable to decrypt : "+toDecrypt,e);
|
2023-01-25 17:38:05 +01:00
|
|
|
}
|
|
|
|
}
|
2023-02-16 14:41:42 +01:00
|
|
|
|
|
|
|
private static String encryptString(String toEncrypt){
|
2023-02-16 16:57:07 +01:00
|
|
|
log.debug("encrypting string");
|
2023-02-16 14:41:42 +01:00
|
|
|
try{
|
|
|
|
return StringEncrypter.getEncrypter().encrypt(toEncrypt);
|
|
|
|
}catch(Exception e) {
|
|
|
|
throw new RuntimeException("Unable to encrypt : "+toEncrypt,e);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-09 10:28:26 +01:00
|
|
|
private List<ServiceEndpoint> getServiceEndpoints(boolean isDecrypt, List<ServiceEndpoint> endpoints) {
|
|
|
|
if (isDecrypt) {
|
|
|
|
if (isRoleEnabled()){
|
|
|
|
List<ServiceEndpoint> ses = new ArrayList<>(endpoints.size());
|
|
|
|
for (ServiceEndpoint resource : endpoints) {
|
|
|
|
ses.add(decryptResource(resource));
|
|
|
|
}
|
|
|
|
return ses;
|
|
|
|
}else{
|
2023-02-09 11:19:23 +01:00
|
|
|
log.warn("user not enabled to see the resource free to air, sorry");
|
2023-02-09 10:28:26 +01:00
|
|
|
}
|
|
|
|
}
|
2023-02-09 11:19:23 +01:00
|
|
|
return endpoints;
|
2023-02-09 10:28:26 +01:00
|
|
|
}
|
2023-01-25 17:38:05 +01:00
|
|
|
|
2023-02-09 10:28:26 +01:00
|
|
|
private boolean isRoleEnabled(){
|
2023-02-16 17:15:58 +01:00
|
|
|
log.debug("checking role");
|
2023-02-09 10:28:26 +01:00
|
|
|
String at= AccessTokenProvider.instance.get();
|
|
|
|
try{
|
2023-02-16 17:25:40 +01:00
|
|
|
if (ModelUtils.getAccessTokenFrom(at).getRealmAccess().getRoles().contains(ENABLED_ROLE )) {
|
2023-02-09 10:28:26 +01:00
|
|
|
log.info("The client is authorized to see the resource as 'free-to-air'");
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}catch (Exception e){
|
|
|
|
log.error("token not retrieved properly: "+e.getMessage());
|
|
|
|
e.printStackTrace();
|
|
|
|
}
|
|
|
|
log.info("user not authorized, sorry");
|
|
|
|
return false;
|
|
|
|
}
|
2023-02-15 16:50:27 +01:00
|
|
|
private static String registerSE(ServiceEndpoint toRegister) {
|
|
|
|
RegistryPublisher rp= RegistryPublisherFactory.create();
|
|
|
|
if(log.isDebugEnabled())
|
|
|
|
Resources.print(toRegister);
|
|
|
|
Resource r=rp.create(toRegister);
|
|
|
|
return r.id();
|
|
|
|
}
|
|
|
|
|
2023-02-09 10:28:26 +01:00
|
|
|
}
|