gCubeSystem
/
oidc-library
17
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Now audience can be provided in both encoded and not encoded form (starts with "/" check is performed). Ugly test added.

This commit is contained in:
Mauro Mugnaini 2021-05-06 17:51:46 +02:00
parent 17e503c786
commit c5a9dca54c
2 changed files with 33 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
View File

@ -166,7 +166,7 @@ public class OpenIdConnectRESTHelper {
/** /**
* Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience * Queries from the OIDC server an UMA token, by using provided clientId and client secret for the given audience
* (context) in URLEncoded form and optionally a list of permissions. * (context), in URLEncoded form or not, and optionally a list of permissions.
* *
* @param tokenUrl the token endpoint {@link URL} of the OIDC server * @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param clientId the client id * @param clientId the client id
@ -179,13 +179,14 @@ public class OpenIdConnectRESTHelper {
public static JWTToken queryUMAToken(URL tokenUrl, String clientId, String clientSecret, String audience, public static JWTToken queryUMAToken(URL tokenUrl, String clientId, String clientSecret, String audience,
List<String> permissions) throws OpenIdConnectRESTHelperException { List<String> permissions) throws OpenIdConnectRESTHelperException {
return queryUMAToken(tokenUrl, "Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()), return queryUMAToken(tokenUrl,
"Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()),
audience, permissions); audience, permissions);
} }
/** /**
* Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context) * Queries from the OIDC server an UMA token, by using provided access token, for the given audience (context),
* in URLEncoded form and optionally a list of permissions. * in URLEncoded form or not, and optionally a list of permissions.
* *
* @param tokenUrl the token endpoint {@link URL} of the OIDC server * @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param authorization the auth token (the access token URLEncoded by the "Bearer " string) * @param authorization the auth token (the access token URLEncoded by the "Bearer " string)
@ -199,6 +200,14 @@ public class OpenIdConnectRESTHelper {
Map<String, List<String>> params = new HashMap<>(); Map<String, List<String>> params = new HashMap<>();
params.put("grant_type", Arrays.asList("urn:ietf:params:oauth:grant-type:uma-ticket")); params.put("grant_type", Arrays.asList("urn:ietf:params:oauth:grant-type:uma-ticket"));
if (audience.startsWith("/")) {
try {
logger.trace("Audience was provided in non URL encoded form, encoding it");
audience = URLEncoder.encode(audience, "UTF-8");
} catch (UnsupportedEncodingException e) {
logger.error("Cannot URL encode 'audience'", e);
}
}
try { try {
params.put("audience", Arrays.asList(URLEncoder.encode(audience, "UTF-8"))); params.put("audience", Arrays.asList(URLEncoder.encode(audience, "UTF-8")));
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {

31
src/test/java/org/gcube/oidc/rest/RestHelperTest.java
View File

@ -8,34 +8,43 @@ public class RestHelperTest {
public RestHelperTest() { public RestHelperTest() {
} }
/** // @Test
* To be re-enabled when the token is took programmatically
*/
// @Test
public void getAvatar() throws MalformedURLException { public void getAvatar() throws MalformedURLException {
String accessTokenBearer = "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE1OTc0MTc4MzEsImlhdCI6MTU5NzQxNzUzMSwiYXV0aF90aW1lIjoxNTk3NDE3NTI5LCJqdGkiOiI5ZjAwMzM1Yy1jM2NlLTQ3ZTktYTRhZS05MmM4ZDc1NmUyOWMiLCJpc3MiOiJodHRwczovL2FjY291bnRzLmRldi5kNHNjaWVuY2Uub3JnL2F1dGgvcmVhbG1zL2Q0c2NpZW5jZSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIzZTcwMzBhNS00M2MzLTRiNjUtYWMwYS0xNTJkYmU3MDI0NTIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJwcmVwcm9kMi5kNHNjaWVuY2Uub3JnIiwic2Vzc2lvbl9zdGF0ZSI6IjAxOWEzMTVjLTY3MTQtNDQyZi1hNDE2LWM4MjAxNWFhYzFmNSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6Ik1hdXJvIE11Z25haW5pIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGhlbWF4eDc2IiwiZ2l2ZW5fbmFtZSI6Ik1hdXJvIiwiZmFtaWx5X25hbWUiOiJNdWduYWluaSIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQU9oMTRHaUFxUzZRc00xaDNXV1BqMU15VUdlRFA2VnFaQlhtOTZ4cHhZLXNndyIsImVtYWlsIjoidGhlbWF4eDc2QGdtYWlsLmNvbSJ9.WMddlUQujlpmzW07Lrk50vOyWpiT1Tp_RsBWRbzyrQnu5EQQSCq1uGOuSf7Z3VZFv8fbnzWekMZRNzhngEddzOQHgAlsgRdqNI_-ucjmb_8SfR2I5PkYJLTG0jF-Urqi-GvfJtLr2B8dBDnMDO6FLFsg1e5qb-5HkV60eEtY2Wult1PGxlkD05w-K2w513IOMkVIl25ZxKbP61-Iu1qfV_q3QFvUHl_pdqL7uKC5bkl1lqTVeuCwrXrKubHnKc-UzpHtHp8XY0Iao7LdLtON7SODYhU8EkZ860ZlFTSCszmLUpSH4t_shSk9Fiqd8wBKAet5ngmyAPzKx9TT2FK65g"; String accessTokenBearer = "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE1OTc0MTc4MzEsImlhdCI6MTU5NzQxNzUzMSwiYXV0aF90aW1lIjoxNTk3NDE3NTI5LCJqdGkiOiI5ZjAwMzM1Yy1jM2NlLTQ3ZTktYTRhZS05MmM4ZDc1NmUyOWMiLCJpc3MiOiJodHRwczovL2FjY291bnRzLmRldi5kNHNjaWVuY2Uub3JnL2F1dGgvcmVhbG1zL2Q0c2NpZW5jZSIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIzZTcwMzBhNS00M2MzLTRiNjUtYWMwYS0xNTJkYmU3MDI0NTIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJwcmVwcm9kMi5kNHNjaWVuY2Uub3JnIiwic2Vzc2lvbl9zdGF0ZSI6IjAxOWEzMTVjLTY3MTQtNDQyZi1hNDE2LWM4MjAxNWFhYzFmNSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6Ik1hdXJvIE11Z25haW5pIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGhlbWF4eDc2IiwiZ2l2ZW5fbmFtZSI6Ik1hdXJvIiwiZmFtaWx5X25hbWUiOiJNdWduYWluaSIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQU9oMTRHaUFxUzZRc00xaDNXV1BqMU15VUdlRFA2VnFaQlhtOTZ4cHhZLXNndyIsImVtYWlsIjoidGhlbWF4eDc2QGdtYWlsLmNvbSJ9.WMddlUQujlpmzW07Lrk50vOyWpiT1Tp_RsBWRbzyrQnu5EQQSCq1uGOuSf7Z3VZFv8fbnzWekMZRNzhngEddzOQHgAlsgRdqNI_-ucjmb_8SfR2I5PkYJLTG0jF-Urqi-GvfJtLr2B8dBDnMDO6FLFsg1e5qb-5HkV60eEtY2Wult1PGxlkD05w-K2w513IOMkVIl25ZxKbP61-Iu1qfV_q3QFvUHl_pdqL7uKC5bkl1lqTVeuCwrXrKubHnKc-UzpHtHp8XY0Iao7LdLtON7SODYhU8EkZ860ZlFTSCszmLUpSH4t_shSk9Fiqd8wBKAet5ngmyAPzKx9TT2FK65g";
URL avatarURL = new URL("https://accounts.dev.d4science.org/auth/realms/d4science/avatar-provider/"); URL avatarURL = new URL("https://accounts.dev.d4science.org/auth/realms/d4science/avatar-provider/");
byte[] avatarBytes = OpenIdConnectRESTHelper.getUserAvatar(avatarURL, accessTokenBearer); byte[] avatarBytes = OpenIdConnectRESTHelper.getUserAvatar(avatarURL, accessTokenBearer);
// assertNotNull(avatarBytes); // assertNotNull(avatarBytes);
} }
// @Test // @Test
public void getUMATokenWithBasicAuth()
throws MalformedURLException, OpenIdConnectRESTHelperException, InterruptedException {
URL tokenURL = new URL(
"https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token");
JWTToken token = OpenIdConnectRESTHelper.queryUMAToken(tokenURL, "robcomp",
"0fec31cb-23c3-44e2-9359-d6db6784b7d3",
"/gcube/devNext/NextNext", null);
System.out.println(token.getAccessTokenString());
}
// @Test
public void getExp() throws MalformedURLException, OpenIdConnectRESTHelperException, InterruptedException { public void getExp() throws MalformedURLException, OpenIdConnectRESTHelperException, InterruptedException {
URL tokenURL = new URL("https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token"); URL tokenURL = new URL(
JWTToken token = OpenIdConnectRESTHelper.queryClientToken("lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0", "https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token");
JWTToken token = OpenIdConnectRESTHelper.queryClientToken("robcomp", "0fec31cb-23c3-44e2-9359-d6db6784b7d3",
tokenURL); tokenURL);
System.out.println(token.getExpAsDate()); System.out.println(token.getExpAsDate());
System.out.println(token.getAzp()); System.out.println(token.getAzp());
Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000)); // Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000));
System.out.println(token.isExpired()); System.out.println(token.isExpired());
} }
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
RestHelperTest rht = new RestHelperTest(); RestHelperTest rht = new RestHelperTest();
// rht.getAvatar(); // rht.getAvatar();
try { try {
rht.getExp(); rht.getUMATokenWithBasicAuth();
} catch (OpenIdConnectRESTHelperException e) { } catch (OpenIdConnectRESTHelperException e) {
if (e.hasJSONPayload()) { if (e.hasJSONPayload()) {
System.out.println("JSON response: " + e.getResponseString()); System.out.println("JSON response: " + e.getResponseString());