package org.gcube.portlets.admin; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URL; import java.net.URLEncoder; import java.util.ArrayList; import java.util.List; import javax.portlet.PortletException; import javax.portlet.RenderRequest; import javax.portlet.RenderResponse; import javax.portlet.ResourceRequest; import javax.portlet.ResourceResponse; import javax.servlet.http.HttpServletRequest; import java.util.Base64; import org.gcube.common.portal.PortalContext; import org.gcube.common.scope.impl.ScopeBean; import org.gcube.common.scope.impl.ScopeBean.Type; import org.gcube.oidc.rest.JWTToken; import org.gcube.oidc.rest.OpenIdConnectConfiguration; import org.gcube.oidc.rest.OpenIdConnectRESTHelper; //import org.gcube.oidc.rest.OpenIdConnectRESTHelper; import org.gcube.oidc.rest.OpenIdConnectRESTHelperException; import org.gcube.portal.oidc.lr62.JWTCacheProxy; import org.gcube.portal.oidc.lr62.LiferayOpenIdConnectConfiguration; import org.gcube.vomanagement.usermanagement.GroupManager; import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; import org.gcube.vomanagement.usermanagement.model.GCubeGroup; import com.liferay.portal.kernel.json.JSONFactoryUtil; import com.liferay.portal.kernel.json.JSONObject; import com.liferay.portal.kernel.json.JSONArray; import com.liferay.portal.kernel.log.LogFactoryUtil; import com.liferay.portal.kernel.util.ParamUtil; import com.liferay.portal.model.User; import com.liferay.portal.util.PortalUtil; import com.liferay.util.bridges.mvc.MVCPortlet; /** * Portlet implementation class RPTTokenReader */ public class RPTTokenReader extends MVCPortlet { private static com.liferay.portal.kernel.log.Log log = LogFactoryUtil.getLog(RPTTokenReader.class); @Override public void render(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException { GroupManager gm = new LiferayGroupManager(); try { User theUser = PortalUtil.getUser(renderRequest); String currentContext = getCurrentContext(renderRequest); ScopeBean bean = new ScopeBean(currentContext); List userContexts = new ArrayList(); List vreContexts = new ArrayList(); List userGroups = gm.listGroupsByUser(theUser.getUserId()); if (bean.is(Type.VRE)) { userContexts.add(currentContext); vreContexts.add(currentContext); } else { for (GCubeGroup g : userGroups) { // skipping these sites if (!(g.getFriendlyURL().equals("/guest") || g.getFriendlyURL().equals("/global"))) { if (g.getGroupName().equals(PortalContext.getConfiguration().getInfrastructureName())) { String context = gm.getInfrastructureScope(g.getGroupId()); userContexts.add(context); if (context.split("/").length == 4){ vreContexts.add(context); } } if (g.getParentGroupId() > 0) { String context = gm.getInfrastructureScope(g.getGroupId()); userContexts.add(context); if (context.split("/").length == 4){ vreContexts.add(context); } } } } } renderRequest.setAttribute("userGroups", userGroups); renderRequest.setAttribute("userContexts", userContexts); renderRequest.setAttribute("vreContexts", vreContexts); } catch (Exception e) { e.printStackTrace(); } super.render(renderRequest, renderResponse); } public void serveResource(ResourceRequest resourceRequest, ResourceResponse resourceResponse) throws IOException, PortletException { String context = ParamUtil.getString(resourceRequest, "context", null); System.out.println("Selected context=" + context); HttpServletRequest httpReq = PortalUtil .getOriginalServletRequest(PortalUtil.getHttpServletRequest(resourceRequest)); JWTToken umaToken = null; JWTToken exchangedToken = null; GroupManager gm = new LiferayGroupManager(); resourceResponse.setContentType("application/json"); JSONObject jsonObject = JSONFactoryUtil.createJSONObject(); try { User theUser = PortalUtil.getUser(resourceRequest); OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(httpReq); jsonObject.put("token_url", configuration.getTokenURL().toString()); JWTCacheProxy jwtCacheProxy = JWTCacheProxy.getInstance(); String sessionId = httpReq.getSession().getId(); String urlEncodedContext = null; try { urlEncodedContext = URLEncoder.encode(context, "UTF-8"); } catch (UnsupportedEncodingException e) { // Almost impossible log.error("Cannot URL encode context", e); } JWTToken authToken = jwtCacheProxy.getOIDCToken(theUser, sessionId); umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(), authToken.getAccessTokenAsBearer(), urlEncodedContext, null); // URL auth_url = configuration.getTokenURL(); // log.info("auth_url " + auth_url); // log.info("authToken " + authToken.getAccessTokenString()); // log.info("umaToken " + umaToken.getAccessTokenString()); // log.info("context " + context); // log.info("encoded_context " + urlEncodedContext); // log.info("client_id " + configuration.getPortalClientId()); // log.info("client_secret " + configuration.getPortalClientSecret()); exchangedToken = OpenIdConnectRESTHelperExtended.queryExchangeToken( configuration.getTokenURL(), umaToken.getAccessTokenString(), urlEncodedContext, configuration.getPortalClientId(), configuration.getPortalClientSecret(), null); // log.info("exchangedToken " + exchangedToken.getAccessTokenString()); // log.debug("Got a new UMA token " + exchangedToken.getTokenEssentials()); } catch (OpenIdConnectRESTHelperException e) { resourceResponse.setProperty(ResourceResponse.HTTP_STATUS_CODE, "" + e.getStatus()); e.printStackTrace(); jsonObject.put("success", false); jsonObject.put("comment", e.getMessage()); resourceResponse.getWriter().println(jsonObject); super.serveResource(resourceRequest, resourceResponse); return; } catch (Exception e) { e.printStackTrace(); jsonObject.put("success", false); jsonObject.put("comment", e.getMessage()); resourceResponse.getWriter().println(jsonObject); super.serveResource(resourceRequest, resourceResponse); return; } // } catch (Exception e) { // e.printStackTrace(); // JSONObject jsonObject = JSONFactoryUtil.createJSONObject(); // jsonObject.put("success", false); // jsonObject.put("comment", e.getMessage()); // resourceResponse.getWriter().println(jsonObject); // super.serveResource(resourceRequest, resourceResponse); // } jsonObject.put("success", true); jsonObject.put("access_token", exchangedToken.getAccessTokenString()); jsonObject.put("refresh_token", exchangedToken.getRefreshTokenString()); jsonObject.put("raw_token", exchangedToken.getRaw()); jsonObject.put("access_token_exp", exchangedToken.getExp()); jsonObject.put("essential", exchangedToken.getTokenEssentials()); jsonObject.put("client_id", umaToken.getAzp()); JSONArray audiences = JSONFactoryUtil.createJSONArray(); List list_audiences = exchangedToken.getAud(); for (int i = 0; i < list_audiences.size(); i++) { audiences.put((String) list_audiences.get(i)); } jsonObject.put("audience", audiences); resourceResponse.getWriter().println(jsonObject); super.serveResource(resourceRequest, resourceResponse); } private String getCurrentContext(RenderRequest request) { long groupId = -1; try { groupId = PortalUtil.getScopeGroupId(request); return getCurrentContext(groupId); } catch (Exception e) { e.printStackTrace(); } return null; } private String getCurrentContext(long groupId) { try { PortalContext pContext = PortalContext.getConfiguration(); return pContext.getCurrentScope("" + groupId); } catch (Exception e) { e.printStackTrace(); } return null; } }