ready for release

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portal/portal-auth-library@142112 82a268e6-3cf1-43bd-a215-b396298e98cf

src/main/java/org/gcube/portal/auth/AuthUtil.java

@@ -1,6 +1,8 @@
 package org.gcube.portal.auth;
+import static org.gcube.common.authorization.client.Constants.authorizationService;
 import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
 import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
+import static org.gcube.resources.discovery.icclient.ICFactory.client;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -14,7 +16,9 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.portal.PortalContext;
+import org.gcube.common.resources.gcore.GCoreEndpoint;
 import org.gcube.common.resources.gcore.Resources;
 import org.gcube.common.resources.gcore.ServiceEndpoint;
 import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
@@ -43,6 +47,10 @@ public class AuthUtil  {
 	public final static String TOKEN_ATTR_NAME = "gcube-token";
 	public final static String ENDPOINT_TYPE = "ServiceEndpoint";
 	public final static String ENDPOINT_CATEGORY = "OnlineService";
+	
+	public final static String OAUTH_ENDPOINT_CLASS = "Portal";
+	public final static String OAUTH_ENDPOINT_NAME = "oauth";
+	private static final String OAUTH_ENDPOINT_ENTRYNAME = "jersey-servlet";
 
 	/**
 	 * look for the clientId passes as parameter
@@ -65,7 +73,7 @@ public class AuthUtil  {
 			siteConnection.addRequestProperty(TOKEN_ATTR_NAME, portalToken);
 			InputStream is = null;
 			try {
-			 is =  siteConnection.getInputStream();
+				is =  siteConnection.getInputStream();
 			}
 			catch (IOException e) {
 				_log.warn("The requested clientId does not exist: " + encodedClientId);				
@@ -115,58 +123,96 @@ public class AuthUtil  {
 		}
 		return map;
 	}
+	/**
+	 * <p>
+	 * @return a qualifier token for a given user token or <code>null</code> in case of problems
+	 * </p>
+	 * @param userToken 
+	 */
+	public static String generateAuthorizationQualifierToken(String appName, String userToken) {
+		String qToken;
+		String apiQualifier = "AuthorisedApp-"+appName;		
+		try {
+			String encodedApiQualifier = URLEncoder.encode(apiQualifier, "UTF-8").replaceAll("\\+", "%20");
+			String currToken = SecurityTokenProvider.instance.get();
+			SecurityTokenProvider.instance.set(userToken);		
+			qToken = authorizationService().generateApiKey(encodedApiQualifier);
+			SecurityTokenProvider.instance.set(currToken);
+		} catch (Exception e) {
+			e.printStackTrace();
+			return null;
+		}
+		return qToken;
+	}
 	
 	/**
 	 * look for the clientId passes as parameter
 	 * @param clientId
 	 * @return a <code>RequestingApp</code> contanining the application name, the description and the application logo URL if any, or <code>null</code> if non existent
 	 */
-	public static List<ServiceEndpoint> getAuthorisedApplicationInfoFromIsICClient(String infrastructureName, String clientId) throws Exception  {
-			String scope = "/" + infrastructureName;
-			String currScope = 	ScopeProvider.instance.get();
-			ScopeProvider.instance.set(scope);
-			String encodedClientId = URLEncoder.encode(clientId, "UTF-8").replaceAll("\\+", "%20");
-			SimpleQuery query = queryFor(ServiceEndpoint.class);
-			query.addCondition("$resource/ID/text() eq '"+ encodedClientId +"'");
-			DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
-			List<ServiceEndpoint> toReturn = client.submit(query);
-			ScopeProvider.instance.set(currScope);
-			return toReturn;
-		}	
-	/**
-	 * look for the clientId AccessEndpoint passes as parameter
-	 * @param gatewayName
-	 * @param clientId
-	 * @return the client secret related to the id, or null if non existent
-	 */
-	public static  List<String> getAuthorisedRedirectURLsFromIs(String clientId) {
-		PortalContext pContext = PortalContext.getConfiguration();		
-		String scope = "/"+pContext.getInfrastructureName();
-		List<String> autRedirectURLs = new ArrayList<>();
-		try {
-			List<ServiceEndpoint> list = getAuthorisedApplicationInfoFromIsICClient(pContext.getInfrastructureName(), clientId);
-			if (list.size() > 1) {
-				_log.error("Too many Service Endpoints having name " + clientId +" in this scope having Category " + SERVICE_ENDPOINT_CATEGORY);
-			}
-			else if (list.size() == 0){
-				_log.warn("There is no Service Endpoint having name " + clientId +" and Category " + SERVICE_ENDPOINT_CATEGORY + " in this scope: " + scope);
-			}
-			else {
-				for (ServiceEndpoint res : list) {
-					Group<AccessPoint> apGroup =  res.profile().accessPoints();
-					AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
-					for (int i = 0; i < accessPoints.length; i++) {
-						if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) {
-							AccessPoint found = accessPoints[i];
-							autRedirectURLs.add(found.address());
-						}
-					}
-				}
-			}
-		} catch (Exception e) {
-			e.printStackTrace();
+	public static ServiceEndpoint getAuthorisedApplicationInfoFromIsICClient(String infrastructureName, String clientId) throws Exception  {
+		String scope = "/" + infrastructureName;
+		String currScope = 	ScopeProvider.instance.get();
+		ScopeProvider.instance.set(scope);
+		String encodedClientId = URLEncoder.encode(clientId, "UTF-8").replaceAll("\\+", "%20");
+		SimpleQuery query = queryFor(ServiceEndpoint.class);
+		query.addCondition("$resource/ID/text() eq '"+ encodedClientId +"'");
+		DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
+		List<ServiceEndpoint> toReturn = client.submit(query);
+		ScopeProvider.instance.set(currScope);
+		if (toReturn.size() > 0)
+			return toReturn.get(0);
+		else 
 			return null;
+	}	
+	/**
+	 * <p>
+	 *  return the authorised redirect for the service endpoint of type OnlineService 
+	 * </p>
+	 * @param toLookFor an instance of <code>ServiceEndpoint</code>
+	 * @return the list of authorised redirectURLs or <code>null
+	 */
+	public static List<String> getAuthorisedRedirectURLsFromIs(ServiceEndpoint toLookFor) {
+		List<String> autRedirectURLs = new ArrayList<>();
+		Group<AccessPoint> apGroup =  toLookFor.profile().accessPoints();
+		AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
+		for (int i = 0; i < accessPoints.length; i++) {
+			if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) {
+				AccessPoint found = accessPoints[i];
+				autRedirectURLs.add(found.address());
+			}
 		}
 		return autRedirectURLs;
 	}
+	/**
+	 * Instantiates a new gcore endpoint reader.
+	 *
+	 * @param scope the scope
+	 * @throws Exception the exception
+	 */
+	public static String getOAuthServiceEndPoint(String infrastructureName) throws Exception {
+		String scope = "/" + infrastructureName;
+		String currScope = 	ScopeProvider.instance.get();
+		ScopeProvider.instance.set(scope);
+
+		
+		SimpleQuery query = queryFor(GCoreEndpoint.class);
+		query.addCondition(String.format("$resource/Profile/ServiceClass/text() eq '%s'",OAUTH_ENDPOINT_CLASS));
+		query.addCondition("$resource/Profile/DeploymentData/Status/text() eq 'ready'");
+		query.addCondition(String.format("$resource/Profile/ServiceName/text() eq '%s'",OAUTH_ENDPOINT_NAME));
+		query.setResult("$resource/Profile/AccessPoint/RunningInstanceInterfaces//Endpoint[@EntryName/string() eq \""+OAUTH_ENDPOINT_ENTRYNAME+"\"]/text()");
+
+			
+		DiscoveryClient<String> client = client();
+		List<String> toReturn = client.submit(query);
+		if (toReturn == null || toReturn.isEmpty()) throw new Exception("Cannot retrieve the GCoreEndpoint serviceName: "+OAUTH_ENDPOINT_NAME +", serviceClass: " +OAUTH_ENDPOINT_CLASS +", in scope: "+scope);
+
+		
+		ScopeProvider.instance.set(currScope);
+		if (toReturn.size() > 0)
+			return toReturn.get(0);
+		else 
+			return null;
+	}
+
 }

src/test/java/org/gcube/portal/auth/AppTest.java

@@ -2,8 +2,17 @@ package org.gcube.portal.auth;
 
 import java.util.List;
 
-import org.gcube.portal.auth.AuthUtil;
-import org.gcube.portal.auth.RequestingApp;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.LaxRedirectStrategy;
+import org.gcube.common.portal.PortalContext;
+import org.gcube.common.resources.gcore.ServiceEndpoint;
+
+import com.liferay.portal.kernel.json.JSONObject;
 
 import junit.framework.Test;
 import junit.framework.TestCase;
@@ -35,21 +44,22 @@ public class AppTest extends TestCase {
 	 * Rigourous Test :-)
 	 */
 	public void testApp() {
-//		RequestingApp app = AuthUtil.getAuthorisedApplicationInfoFromIs("c96d4477-236c-4f98-ba7d-7897991ef412");
-//		if (app != null) {
-//			System.out.println(app.getApplicationId());
-//			System.out.println(app.getLogoURL());
-//		} 
-//		assertTrue( app != null );
 		System.out.println("getAuthorisedRedirectURLsFromIs ... ");
 		try {
-			List<String> authreds = AuthUtil.getAuthorisedRedirectURLsFromIs("c96d4477-236c-4f98-ba7d-7897991ef412");
-			for (String red : authreds) {
+			ServiceEndpoint authorisedApp = AuthUtil.getAuthorisedApplicationInfoFromIsICClient(PortalContext.getConfiguration().getInfrastructureName(), "c96d4477-236c-4f98-ba7d-7897991ef412");
+			List<String> authorisedRedirectURLs = AuthUtil.getAuthorisedRedirectURLsFromIs(authorisedApp);
+
+			for (String red : authorisedRedirectURLs) {
 				System.out.println(red);
 			}
+			
+			String oauthendPoint = AuthUtil.getOAuthServiceEndPoint(PortalContext.getConfiguration().getInfrastructureName());
+			System.out.println(oauthendPoint);
 		} catch (Exception e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		}
 	}
+	
+	
 }