From 69250b3ea0bf24c4d972964744b7683e3db857cd Mon Sep 17 00:00:00 2001
From: Mauro Mugnaini <mauro.mugnaini@nubisware.com>
Date: Fri, 25 Jun 2021 10:52:41 +0200
Subject: [PATCH] RootVO part of the provided scope is used for discovery,
 since the endpoint is always registered there and added check for its
 existance in the prvoider and its format. Also checked that all the mandatory
 parameters are not null.

---
 .../keycloak/DefaultKeycloakClient.java       | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java b/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
index 3bbbc60..9e6f2d0 100644
--- a/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
+++ b/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
@@ -33,6 +33,17 @@ public class DefaultKeycloakClient implements KeycloakClient {
 
     @Override
     public URL findTokenEndpointURL() throws KeycloakClientException {
+        logger.debug("Checking ScopeProvider's scope presence and format");
+        String originalScope = ScopeProvider.instance.get();
+        if (originalScope == null || !originalScope.startsWith("/") || originalScope.length() < 2) {
+            throw new KeycloakClientException(originalScope == null ? "Scope not found in ScopeProvider"
+                    : "Bad scope name found: " + originalScope);
+        }
+        logger.debug("Assuring use the rootVO to query the endpoint simple query. Actual scope is: {}", originalScope);
+        String rootVOScope = "/" + originalScope.split("/")[1];
+        logger.debug("Setting rootVO scope into provider as: {}", rootVOScope);
+        ScopeProvider.instance.set(rootVOScope);
+
         logger.debug("Creating simple query");
         SimpleQuery query = queryFor(ServiceEndpoint.class);
         query.addCondition(
@@ -46,6 +57,9 @@ public class DefaultKeycloakClient implements KeycloakClient {
         logger.trace("Submitting query: {}", query);
         List<AccessPoint> accessPoints = client.submit(query);
 
+        logger.debug("Restting scope into provider to the original value: {}", originalScope);
+        ScopeProvider.instance.set(originalScope);
+
         if (accessPoints.size() == 0) {
             throw new KeycloakClientException("Service endpoint not found");
         } else if (accessPoints.size() > 1) {
@@ -66,6 +80,7 @@ public class DefaultKeycloakClient implements KeycloakClient {
 
         return queryUMAToken(clientId, clientSecret, ScopeProvider.instance.get(), permissions);
     }
+
     @Override
     public TokenResponse queryUMAToken(String clientId, String clientSecret, String audience,
             List<String> permissions) throws KeycloakClientException {
@@ -86,6 +101,18 @@ public class DefaultKeycloakClient implements KeycloakClient {
     public TokenResponse queryUMAToken(URL tokenURL, String authorization, String audience,
             List<String> permissions) throws KeycloakClientException {
 
+        if (tokenURL == null) {
+            throw new KeycloakClientException("'tokenURL' parameter must be not null");
+        }
+
+        if (authorization == null || "".equals(authorization)) {
+            throw new KeycloakClientException("'authorization' parameter must be not null nor empty");
+        }
+
+        if (audience == null || "".equals(audience)) {
+            throw new KeycloakClientException("'audience' parameter must be not null nor empty");
+        }
+
         logger.debug("Querying token from Keycloak server with URL: {}", tokenURL);
 
         Map<String, List<String>> params = new HashMap<>();