/**
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.airavata.api.server.security;
import org.apache.airavata.api.server.security.oauth.DefaultOAuthClient;
import org.apache.airavata.api.server.security.xacml.DefaultXACMLPEP;
import org.apache.airavata.common.utils.Constants;
import org.apache.airavata.model.error.AuthenticationException;
import org.apache.airavata.model.security.AuthzToken;
import org.apache.airavata.security.AiravataSecurityException;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.codehaus.jackson.map.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
import java.util.HashMap;
import java.util.Map;
public class Main {
private final static Logger logger = LoggerFactory.getLogger(Main.class);
private static String username = "scigap_admin";
private static String password = "sci9067@min";
private static String hostName = "https://idp.scigap.org:7443";
// private static String clientId = "KUu0a74dFbrwvSxD3C_GhwKeNrQa";
private static String clientId = "O3iUdkkVYyHgzWPiVTQpY_tb96Ma";
// private static String clientSecret = "UTKb9nDOPsuWB4lEX39TwhkW8qIa";
private static String clientSecret = "6Ck1jZoa2oRtrzodSqkUZ2iINkUa";
public static void main(String[] args) throws AuthenticationException, AiravataSecurityException, AxisFault {
String accessToken = authenticate("master@master.airavata", "master").getAccess_token();
ConfigurationContext configContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
DefaultOAuthClient defaultOAuthClient = new DefaultOAuthClient(hostName+"/services/",username,password, configContext);
OAuth2TokenValidationResponseDTO tokenValidationRequestDTO = defaultOAuthClient.validateAccessToken(accessToken);
String authorizedUser = tokenValidationRequestDTO.getAuthorizedUser();
AuthzToken authzToken = new AuthzToken();
authzToken.setAccessToken(accessToken);
Map<String, String> claimsMap = new HashMap<>();
claimsMap.put(Constants.USER_NAME, "scigap_admin");
claimsMap.put(Constants.API_METHOD_NAME, "/airavata/getAPIVersion");
authzToken.setClaimsMap(claimsMap);
DefaultXACMLPEP defaultXACMLPEP = new DefaultXACMLPEP(hostName+"/services/",username,password,configContext);
HashMap<String, String> metaDataMap = new HashMap();
boolean result = defaultXACMLPEP.getAuthorizationDecision(authzToken, metaDataMap);
System.out.println(result);
}
public static AuthResponse authenticate(String username,String password) throws AuthenticationException {
try {
OAuthClientRequest request = OAuthClientRequest.tokenLocation(hostName+"/oauth2/token").
setClientId(clientId).setClientSecret(clientSecret).
setGrantType(GrantType.PASSWORD).
setRedirectURI("").
setUsername(username).
setPassword(password).
setScope("openid").
buildBodyMessage();
URLConnectionClient ucc = new URLConnectionClient();
org.apache.oltu.oauth2.client.OAuthClient oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc);
OAuthResourceResponse resp = oAuthClient.resource(request, OAuth.HttpMethod.POST, OAuthResourceResponse.class);
//converting JSON to object
ObjectMapper mapper = new ObjectMapper();
AuthResponse authResponse;
try{
authResponse = mapper.readValue(resp.getBody(), AuthResponse.class);
}catch (Exception e){
return null;
}
String accessToken = authResponse.getAccess_token();
if(accessToken != null && !accessToken.isEmpty()){
request = new OAuthBearerClientRequest(hostName + "/oauth2/userinfo?schema=openid").
buildQueryMessage();
ucc = new URLConnectionClient();
request.setHeader("Authorization","Bearer "+accessToken);
oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc);
resp = oAuthClient.resource(request, OAuth.HttpMethod.GET,
OAuthResourceResponse.class);
Map<String,String> profile = mapper.readValue(resp.getBody(), Map.class);
return authResponse;
}
}catch (Exception ex){
throw new AuthenticationException(ex.getMessage());
}
return null;
}
}
class AuthResponse{
private String token_type;
private int expires_in;
private String refresh_token;
private String access_token;
public String id_token;
private String scope;
public String getToken_type() {
return token_type;
}
public void setToken_type(String token_type) {
this.token_type = token_type;
}
public int getExpires_in() {
return expires_in;
}
public void setExpires_in(int expires_in) {
this.expires_in = expires_in;
}
public String getRefresh_token() {
return refresh_token;
}
public void setRefresh_token(String refresh_token) {
this.refresh_token = refresh_token;
}
public String getAccess_token() {
return access_token;
}
public void setAccess_token(String access_token) {
this.access_token = access_token;
}
public String getId_token() {
return id_token;
}
public void setId_token(String id_token) {
this.id_token = id_token;
}
public String getScope() {
return scope;
}
public void setScope(String scope) {
this.scope = scope;
}
}