@ -3,19 +3,13 @@ package org.gcube.informationsystem.icproxy.resources;
import static org.gcube.resources.discovery.icclient.ICFactory.client ;
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor ;
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor ;
import java.util.ArrayList ;
import java.util.List ;
import java.util.Objects ;
import javax.validation.constraints.NotNull ;
import javax.ws.rs.* ;
import javax.ws.rs.core.MediaType ;
import lombok.extern.slf4j.Slf4j ;
//import org.gcube.common.authorization.library.provider.AccessTokenProvider;
//import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.authorization.library.provider.AccessTokenProvider ;
import org.gcube.common.keycloak.model.ModelUtils ;
import org.gcube.common.resources.gcore.* ;
@ -23,7 +17,6 @@ import org.gcube.common.resources.gcore.utils.Group;
import org.gcube.common.scope.api.ScopeProvider ;
import org.gcube.resources.discovery.client.api.DiscoveryClient ;
import org.gcube.resources.discovery.client.queries.api.SimpleQuery ;
//import org.gcube.resources.discovery.client.queries.impl.XQuery;
import org.gcube.common.encryption.StringEncrypter ;
@Slf4j
@ -43,20 +36,6 @@ public class ServiceEndpointResource {
return endpoints ;
}
// @GET
// @Path("/{category}/{name}")
// @Produces(MediaType.APPLICATION_XML)
// public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String resourceName,
// @NotNull @PathParam("category") String resourceCategory) {
// log.info("ServiceEndpoint called with category {} and name {} in scope {}",resourceCategory, resourceName, ScopeProvider.instance.get());
//
// DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
//
// List<ServiceEndpoint> endpoints = client.submit(getQuery(resourceName, resourceCategory));
// log.debug("retrieved resources are "+endpoints.size());
// return endpoints;
// }
@GET
@Path ( "/{category}/{name}" )
@Produces ( MediaType . APPLICATION_XML )
@ -67,56 +46,13 @@ public class ServiceEndpointResource {
List < ServiceEndpoint > endpoints = client . submit ( getQuery ( resourceName , resourceCategory ) ) ;
if ( Objects . nonNull ( endpoints ) ) {
log . debug ( "retrieved resources are " + endpoints . size ( ) ) ;
if ( isDecrypt ) {
if ( isRoleEnabled ( ) ) {
List < ServiceEndpoint > ses = new ArrayList < > ( endpoints . size ( ) ) ;
for ( ServiceEndpoint resource : endpoints ) {
ses . add ( decryptResource ( resource ) ) ;
}
return ses ;
} else {
log . info ( "user not enabled to see the resource free to air, sorry" ) ;
}
}
return getServiceEndpoints ( isDecrypt , endpoints ) ;
} else {
log . error ( "ServiceEndpoint called with category {} and name {} in scope {}, return NULL" , resourceCategory , resourceName , ScopeProvider . instance . get ( ) ) ;
return null ;
}
return endpoints ;
}
private boolean isRoleEnabled ( ) {
String at = AccessTokenProvider . instance . get ( ) ;
try {
if ( ModelUtils . getAccessTokenFrom ( at ) . getRealmAccess ( ) . getRoles ( ) . contains ( "service-endpoint-key" ) ) {
log . info ( "The client is authorized to see the resource as 'free-to-air'" ) ;
return true ;
}
} catch ( Exception e ) {
log . error ( "token not retrieved properly: " + e . getMessage ( ) ) ;
e . printStackTrace ( ) ;
}
log . info ( "user not authorized, sorry" ) ;
return false ;
}
// @GET
// @Path("/{category}/{name}/{ap}")
// @Produces(MediaType.TEXT_XML)
// public String retrieve(@NotNull @PathParam("name") String resourceName,
// @NotNull @PathParam("category") String resourceCategory,
// @NotNull @PathParam("ap") String accessPoint) {
// log.info("ServiceEndpoint called with category {}, name {} and accessPoint {} in scope {}",resourceCategory, resourceName, accessPoint, ScopeProvider.instance.get());
// XQuery query=queryFor(ServiceEndpoint.class);
// query.addCondition(String.format("$resource/Profile/Name/text() eq '%s'",resourceName));
// query.addCondition(String.format("$resource/Profile/Category/text() eq '%s'",resourceCategory));
// query.setResult("$resource/Profile/AccessPoint/Interface/Endpoint[@EntryName='"+accessPoint+"']/text()");
// DiscoveryClient<String> client = client();
// List<String> accessList= client.submit(query);
// if (Objects.nonNull(accessList))
// return accessList.get(0).toString();
// else
// log.warn("endpoint not found with following coordinates: {} {} and accesspoint: {}", resourceCategory, resourceName,accessPoint);
// return null;
// }
@GET
@Path ( "/{category}/{name}/Result/{result:([^$\\?]+)}" )
@Produces ( MediaType . TEXT_XML )
@ -168,12 +104,40 @@ public class ServiceEndpointResource {
return resource ;
}
p ublic static String decryptString ( String toDecrypt ) {
p rivate static String decryptString ( String toDecrypt ) {
try {
return StringEncrypter . getEncrypter ( ) . decrypt ( toDecrypt ) ;
} catch ( Exception e ) {
throw new RuntimeException ( "Unable to decrypt : " + toDecrypt , e ) ;
}
}
private List < ServiceEndpoint > getServiceEndpoints ( boolean isDecrypt , List < ServiceEndpoint > endpoints ) {
if ( isDecrypt ) {
if ( isRoleEnabled ( ) ) {
List < ServiceEndpoint > ses = new ArrayList < > ( endpoints . size ( ) ) ;
for ( ServiceEndpoint resource : endpoints ) {
ses . add ( decryptResource ( resource ) ) ;
}
return ses ;
} else {
log . info ( "user not enabled to see the resource free to air, sorry" ) ;
}
}
return null ;
}
}
private boolean isRoleEnabled ( ) {
String at = AccessTokenProvider . instance . get ( ) ;
try {
if ( ModelUtils . getAccessTokenFrom ( at ) . getRealmAccess ( ) . getRoles ( ) . contains ( "service-endpoint-key" ) ) {
log . info ( "The client is authorized to see the resource as 'free-to-air'" ) ;
return true ;
}
} catch ( Exception e ) {
log . error ( "token not retrieved properly: " + e . getMessage ( ) ) ;
e . printStackTrace ( ) ;
}
log . info ( "user not authorized, sorry" ) ;
return false ;
}
}