Now audience can be provided in both encoded and not encoded form (starts with "/" check is performed). Ugly test added.

2021-05-06 17:51:46 +02:00 · 2021-05-06 17:51:46 +02:00 · c5a9dca54c
parent 17e503c786
commit c5a9dca54c
2 changed files with 33 additions and 15 deletions
--- a/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
+++ b/src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
@ -166,7 +166,7 @@ public class OpenIdConnectRESTHelper {

    /**
     * Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience
-     * (context) in URLEncoded form and optionally a list of permissions.
+     * (context), in URLEncoded form or not, and optionally a list of permissions.
     * 
     * @param tokenUrl the token endpoint {@link URL} of the OIDC server
     * @param clientId the client id
@ -179,13 +179,14 @@ public class OpenIdConnectRESTHelper {
    public static JWTToken queryUMAToken(URL tokenUrl, String clientId, String clientSecret, String audience,
            List<String> permissions) throws OpenIdConnectRESTHelperException {

-        return queryUMAToken(tokenUrl, "Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()),
+        return queryUMAToken(tokenUrl,
+                "Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()),
                audience, permissions);
    }

    /**
-     * Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context)
-     * in URLEncoded form and optionally a list of permissions.
+     * Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context),
+     * in URLEncoded form or not, and optionally a list of permissions.
     * 
     * @param tokenUrl the token endpoint {@link URL} of the OIDC server
     * @param authorization the auth token (the access token URLEncoded by the "Bearer " string)
@ -199,6 +200,14 @@ public class OpenIdConnectRESTHelper {

        Map<String, List<String>> params = new HashMap<>();
        params.put("grant_type", Arrays.asList("urn:ietf:params:oauth:grant-type:uma-ticket"));
+        if (audience.startsWith("/")) {
+            try {
+                logger.trace("Audience was provided in non URL encoded form, encoding it");
+                audience = URLEncoder.encode(audience, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                logger.error("Cannot URL encode 'audience'", e);
+            }
+        }
        try {
            params.put("audience", Arrays.asList(URLEncoder.encode(audience, "UTF-8")));
        } catch (UnsupportedEncodingException e) {
--- a/src/test/java/org/gcube/oidc/rest/RestHelperTest.java
+++ b/src/test/java/org/gcube/oidc/rest/RestHelperTest.java
@ -8,34 +8,43 @@ public class RestHelperTest {
    public RestHelperTest() {
    }

-    /**
-     * To be re-enabled when the token is took programmatically
-     */
-//    @Test
+    //    @Test
    public void getAvatar() throws MalformedURLException {
        String accessTokenBearer = "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE1OTc0MTc4MzEsImlhdCI6MTU5NzQxNzUzMSwiYXV0aF90aW1lIjoxNTk3NDE3NTI5LCJqdGkiOiI5ZjAwMzM1Yy1jM2NlLTQ3ZTktYTRhZS05MmM4ZDc1NmUyOWMiLCJpc3MiOiJodHRwczovL2FjY291bnRzLmRldi5kNHNjaWVuY2Uub3JnL2F1dGgvcmVhbG1zL2Q0c2NpZW5jZSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIzZTcwMzBhNS00M2MzLTRiNjUtYWMwYS0xNTJkYmU3MDI0NTIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJwcmVwcm9kMi5kNHNjaWVuY2Uub3JnIiwic2Vzc2lvbl9zdGF0ZSI6IjAxOWEzMTVjLTY3MTQtNDQyZi1hNDE2LWM4MjAxNWFhYzFmNSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6Ik1hdXJvIE11Z25haW5pIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGhlbWF4eDc2IiwiZ2l2ZW5fbmFtZSI6Ik1hdXJvIiwiZmFtaWx5X25hbWUiOiJNdWduYWluaSIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQU9oMTRHaUFxUzZRc00xaDNXV1BqMU15VUdlRFA2VnFaQlhtOTZ4cHhZLXNndyIsImVtYWlsIjoidGhlbWF4eDc2QGdtYWlsLmNvbSJ9.WMddlUQujlpmzW07Lrk50vOyWpiT1Tp_RsBWRbzyrQnu5EQQSCq1uGOuSf7Z3VZFv8fbnzWekMZRNzhngEddzOQHgAlsgRdqNI_-ucjmb_8SfR2I5PkYJLTG0jF-Urqi-GvfJtLr2B8dBDnMDO6FLFsg1e5qb-5HkV60eEtY2Wult1PGxlkD05w-K2w513IOMkVIl25ZxKbP61-Iu1qfV_q3QFvUHl_pdqL7uKC5bkl1lqTVeuCwrXrKubHnKc-UzpHtHp8XY0Iao7LdLtON7SODYhU8EkZ860ZlFTSCszmLUpSH4t_shSk9Fiqd8wBKAet5ngmyAPzKx9TT2FK65g";
        URL avatarURL = new URL("https://accounts.dev.d4science.org/auth/realms/d4science/avatar-provider/");

        byte[] avatarBytes = OpenIdConnectRESTHelper.getUserAvatar(avatarURL, accessTokenBearer);
-//        assertNotNull(avatarBytes);
+        //        assertNotNull(avatarBytes);
    }

-//    @Test
+    //  @Test
+    public void getUMATokenWithBasicAuth()
+            throws MalformedURLException, OpenIdConnectRESTHelperException, InterruptedException {
+        URL tokenURL = new URL(
+                "https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token");
+        JWTToken token = OpenIdConnectRESTHelper.queryUMAToken(tokenURL, "robcomp",
+                "0fec31cb-23c3-44e2-9359-d6db6784b7d3",
+                "/gcube/devNext/NextNext", null);
+        System.out.println(token.getAccessTokenString());
+    }
+
+    //    @Test
    public void getExp() throws MalformedURLException, OpenIdConnectRESTHelperException, InterruptedException {
-        URL tokenURL = new URL("https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token");
-        JWTToken token = OpenIdConnectRESTHelper.queryClientToken("lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0",
+        URL tokenURL = new URL(
+                "https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token");
+        JWTToken token = OpenIdConnectRESTHelper.queryClientToken("robcomp", "0fec31cb-23c3-44e2-9359-d6db6784b7d3",
                tokenURL);
        System.out.println(token.getExpAsDate());
        System.out.println(token.getAzp());
-        Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000));
+        //        Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000));
        System.out.println(token.isExpired());
    }

    public static void main(String[] args) throws Exception {
        RestHelperTest rht = new RestHelperTest();
-//        rht.getAvatar();
+        //        rht.getAvatar();
        try {
-            rht.getExp();
+            rht.getUMATokenWithBasicAuth();
        } catch (OpenIdConnectRESTHelperException e) {
            if (e.hasJSONPayload()) {
                System.out.println("JSON response: " + e.getResponseString());