ws-thredds/src/main/java/org/gcube/usecases/ws/thredds/engine/impl/security/Security.java

package org.gcube.usecases.ws.thredds.engine.impl.security;

import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.usecases.ws.thredds.model.SynchFolderConfiguration;

import lombok.extern.slf4j.Slf4j;

@Slf4j
public class Security {

	
	
	public static User getCurrent() throws SecurityException {
		String context=ScopeProvider.instance.get();
		if(context==null) throw new SecurityException("Cannot determine context");
		
		log.debug("Context is {}, checking tokens..",context);
		
		ClientInfo client = null;
		try{
			AuthorizationProvider.instance.get().getClient();
		}catch(Exception e) {
			log.warn("Unable to get client info ",e);
		}
		User toReturn = new User(client,UmaJWTProvider.instance.get(),SecurityTokenProvider.instance.get(),context);
		
		log.info("Current User is {} ",toReturn);
		return toReturn;
	}
	
	
	public static void set(User toSet) {
		log.debug("Setting User {} ",toSet);
		if(toSet.getUma_token()!=null)UmaJWTProvider.instance.set(toSet.getUma_token());
		if(toSet.getGcube_token()!=null)UmaJWTProvider.instance.set(toSet.getUma_token());
		if(ScopeProvider.instance.get()==null)ScopeProvider.instance.set(toSet.getContext());
	}
	
	public static void checkOperator(SynchFolderConfiguration config) throws SecurityException{
		User current=getCurrent();
		log.debug("Checking if current user {} can synch {} ",getCurrent(), config);
		
		// check same vre 
		String expectedContext=config.getTargetContext();
		String currentContext=current.getContext();
		
		if(!expectedContext.equals(currentContext)) 
			throw new SecurityException("Illegal access to folder [root : "+config.getRootFolderId()+", expected context : "+expectedContext+"] from context "+currentContext);
			
		
	}
	
	
	
	public static String getContextFromgcubeToken(String token) throws ObjectNotFound, Exception {
		log.debug("Checking context of gcube-token {}...",token.substring(0,6));
		User caller=getCurrent();		
		try {
			SecurityTokenProvider.instance.reset();
			UmaJWTProvider.instance.reset();
			SecurityTokenProvider.instance.set(token);
			return ScopeProvider.instance.get();
		}finally {
			log.debug("Resetting user "+caller);
			set(caller);
		}
	}
}
security management [#21370] 2021-05-07 16:11:57 +02:00			`package org.gcube.usecases.ws.thredds.engine.impl.security;`

			`import org.gcube.common.authorization.client.exceptions.ObjectNotFound;`
			`import org.gcube.common.authorization.library.provider.AuthorizationProvider;`
			`import org.gcube.common.authorization.library.provider.ClientInfo;`
test fixes 2021-05-10 17:41:57 +02:00			`import org.gcube.common.authorization.library.provider.SecurityTokenProvider;`
security management [#21370] 2021-05-07 16:11:57 +02:00			`import org.gcube.common.authorization.library.provider.UmaJWTProvider;`
			`import org.gcube.common.scope.api.ScopeProvider;`
			`import org.gcube.usecases.ws.thredds.model.SynchFolderConfiguration;`

			`import lombok.extern.slf4j.Slf4j;`

			`@Slf4j`
			`public class Security {`



test fixes 2021-05-10 17:41:57 +02:00			`public static User getCurrent() throws SecurityException {`
			`String context=ScopeProvider.instance.get();`
			`if(context==null) throw new SecurityException("Cannot determine context");`

			`log.debug("Context is {}, checking tokens..",context);`

			`ClientInfo client = null;`
			`try{`
			`AuthorizationProvider.instance.get().getClient();`
			`}catch(Exception e) {`
			`log.warn("Unable to get client info ",e);`
			`}`
			`User toReturn = new User(client,UmaJWTProvider.instance.get(),SecurityTokenProvider.instance.get(),context);`

			`log.info("Current User is {} ",toReturn);`
security management [#21370] 2021-05-07 16:11:57 +02:00			`return toReturn;`
			`}`


			`public static void set(User toSet) {`
			`log.debug("Setting User {} ",toSet);`
test fixes 2021-05-10 17:41:57 +02:00			`if(toSet.getUma_token()!=null)UmaJWTProvider.instance.set(toSet.getUma_token());`
			`if(toSet.getGcube_token()!=null)UmaJWTProvider.instance.set(toSet.getUma_token());`
			`if(ScopeProvider.instance.get()==null)ScopeProvider.instance.set(toSet.getContext());`
security management [#21370] 2021-05-07 16:11:57 +02:00			`}`

			`public static void checkOperator(SynchFolderConfiguration config) throws SecurityException{`
			`User current=getCurrent();`
			`log.debug("Checking if current user {} can synch {} ",getCurrent(), config);`

			`// check same vre`
			`String expectedContext=config.getTargetContext();`
			`String currentContext=current.getContext();`

			`if(!expectedContext.equals(currentContext))`
			`throw new SecurityException("Illegal access to folder [root : "+config.getRootFolderId()+", expected context : "+expectedContext+"] from context "+currentContext);`


			`}`



			`public static String getContextFromgcubeToken(String token) throws ObjectNotFound, Exception {`
			`log.debug("Checking context of gcube-token {}...",token.substring(0,6));`
test fixes 2021-05-10 17:41:57 +02:00			`User caller=getCurrent();`
			`try {`
			`SecurityTokenProvider.instance.reset();`
			`UmaJWTProvider.instance.reset();`
			`SecurityTokenProvider.instance.set(token);`
			`return ScopeProvider.instance.get();`
			`}finally {`
			`log.debug("Resetting user "+caller);`
			`set(caller);`
			`}`
security management [#21370] 2021-05-07 16:11:57 +02:00			`}`
			`}`