OpenIDConnectKeyProvider.java example

Explorer
eucalyptus-master
- clc
  - modules
/*************************************************************************
 * (c) Copyright 2016 Hewlett Packard Enterprise Development Company LP
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; version 3 of the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see http://www.gnu.org/licenses/.
 ************************************************************************/
package com.eucalyptus.auth.euare.policy;

import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import com.eucalyptus.auth.policy.key.Key;
import com.eucalyptus.auth.policy.key.Key.EvaluationConstraint;
import com.eucalyptus.auth.policy.key.KeyProvider;
import com.eucalyptus.auth.tokens.RoleSecurityTokenAttributes.RoleWithWebIdSecurityTokenAttributes;
import com.google.common.base.Optional;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;

/**
 *
 */
@SuppressWarnings( "Guava" )
public class OpenIDConnectKeyProvider implements KeyProvider {

  private static final Map<String,Function<String,Key>> SUFFIX_TO_BUILDER_MAP =
      ImmutableMap.<String,Function<String,Key>>builder( )
          .put( "aud", OpenIDConnectAudKey::new )
          .put( "sub", OpenIDConnectSubKey::new )
          .build( );

  @Override
  public String getName( ) {
    return "OpenIDConnect";
  }

  @Override
  public boolean provides( final String name ) {
    return SUFFIX_TO_BUILDER_MAP.containsKey( suffix( name ) );
  }

  @Override
  public Key getKey( final String name ) {
    return SUFFIX_TO_BUILDER_MAP.get( suffix( name ) ).apply( name );
  }

  @Override
  public Map<String, Key> getKeyInstances( final EvaluationConstraint constraint ) {
    final Map<String,Key> keyInstances = Maps.newHashMap( );
    if ( constraint == EvaluationConstraint.ReceivingHost ) {
      final Optional<RoleWithWebIdSecurityTokenAttributes> attributes =
          OpenIDConnectProviderKeySupport.getRoleAttributes( );
      if ( attributes.isPresent( ) ) {
        final String providerUrl = attributes.get( ).getProviderUrl( );
        keyInstances.putAll( SUFFIX_TO_BUILDER_MAP.entrySet( ).stream( )
            .map( entry -> entry.getValue( ).apply( providerUrl + ":" + entry.getKey( ) ) )
            .collect( Collectors.toMap( Key::name, key -> key ) ) );
      }
    }
    return keyInstances;
  }

  private String suffix( String name ) {
    final int index = name == null ? -1 : name.lastIndexOf( ":" );
    if ( index > 0 && index < name.length( ) ) {
      return name.substring( index + 1 );
    } else {
      return "";
    }
  }
}