/**
* Sets the authorization levels on the token
*
* @param token an EzSecurityToken to populate with authorizations
* @param level the authorization level. if null, defaultAuthorizationLevel will be used
* @param auths the auths. if null, defaultAuthorizations will be used
*/
public static void populateAuthorizations(
final EzSecurityToken token, String level, Set<String> auths) {
token
.getAuthorizations()
.setFormalAuthorizations((auths == null) ? defaultAuthorizations : auths);
token.setAuthorizationLevel((level == null) ? defaultAuthorizationLevel : level);
}
/**
* Sets the appropriate fields on the EzSecurityToken for the passed in application information
*
* @param token an EzSecurityToken to populate with AppInfo. This object will only have AppInfo
* updated on it
* @param appId the application security id, defaultSecurityId will be used if null
* @param appPrincipal the application's principal, defaultSecurityId will be used if null
*/
public static void populateAppInfo(
final EzSecurityToken token, String appId, String appPrincipal) {
token.getValidity().setIssuedTo((appId == null) ? defaultSecurityId : appId);
token.getTokenPrincipal().setPrincipal((appId == null) ? defaultSecurityId : appId);
token
.getTokenPrincipal()
.setExternalID((appPrincipal == null) ? defaultSecurityId : appPrincipal);
}
public static EzSecurityToken getMockUserToken(
String principal,
String authorizationLevel,
Set<String> auths,
Map<String, List<String>> projectGroups,
boolean admin) {
EzSecurityToken token = getBlankToken(null, null, 0);
token.setType(TokenType.USER);
populateUserInfo(token, principal, null, null);
populateAuthorizations(token, authorizationLevel, auths);
populateExternalProjectGroups(token, projectGroups, admin);
return token;
}
public static EzSecurityToken getMockAppToken(
String appId,
String appPrincipal,
String authorizationLevel,
Set<String> authorizations,
Map<String, List<String>> projectGroups) {
EzSecurityToken ezToken = getBlankToken(null, null, 0);
ezToken.setType(TokenType.APP);
populateAppInfo(ezToken, appId, appPrincipal);
populateAuthorizations(ezToken, authorizationLevel, authorizations);
populateExternalProjectGroups(ezToken, projectGroups, false);
return ezToken;
}
@Override
public EzSecurityToken refreshSecurityToken(EzSecurityToken token)
throws EzSecurityTokenException {
EzSecurityToken refreshedToken;
EzSecurity.Client client = null;
try {
TokenRequest request =
new TokenRequest(securityId, System.currentTimeMillis(), token.getType());
request.setTokenPrincipal(token);
client = pool.get().getClient(ezsecurityConstants.SERVICE_NAME, EzSecurity.Client.class);
refreshedToken = client.refreshToken(request, "");
} catch (AppNotRegisteredException e) {
log.error("Application {} is not registered with EzSecurity", securityId, e);
throw new EzSecurityTokenException("Application not registered " + e.getMessage());
} catch (TException e) {
log.error("Unexpected thrift exception getting security token: {}", e.getMessage());
throw new EzSecurityTokenException("TException getting security token: " + e.getMessage());
} finally {
if (client != null) {
pool.get().returnToPool(client);
}
}
return refreshedToken;
}
/**
* Sets the external project groups no an EzSecurityToken
*
* @param token an EzSecurityToken to populate. This object will only have externalProjectGroups
* updated on it
* @param projectGroups optional project groups to add to the token, mockProjectGroups will be
* applied if null
* @param admin if true, admin project groups will be added to the token
*/
public static void populateExternalProjectGroups(
final EzSecurityToken token, Map<String, List<String>> projectGroups, boolean admin) {
Map<String, List<String>> pgs = new HashMap<>();
if (projectGroups != null) {
pgs.putAll(projectGroups);
} else {
pgs.putAll(mockProjectGroups);
}
if (admin) {
pgs.putAll(mockAdminProjectGroups);
}
token.setExternalProjectGroups(pgs);
}
/**
* Generate an EzSecurityToken with just the basics set on it
*
* @param securityId the apps security ID, if null, defaultSecurityId will be used
* @param targetSecurityId the target security ID, if null, securityId will be used
* @param expiration how long the token should live before expiring
* @return the initialized EzSecurityToken
*/
public static EzSecurityToken getBlankToken(
String securityId, String targetSecurityId, long expiration) {
EzSecurityToken token = new EzSecurityToken();
token.setValidity(
new ValidityCaveats(
"EzSecurity",
securityId == null ? defaultSecurityId : securityId,
getExpires(expiration),
""));
token
.getValidity()
.setIssuedFor(
(targetSecurityId == null) ? token.getValidity().getIssuedTo() : targetSecurityId);
token.setTokenPrincipal(new EzSecurityPrincipal("", token.getValidity()));
token.setAuthorizations(new Authorizations());
return token;
}
public static EzSecurityToken getMockEzSecurityToken(
String applicationSecurityId,
String targetApplicationSecurityId,
String principal,
String appPrincipal,
String citizenship,
String organization,
String authorizationLevel,
Set<String> authorizations,
Map<String, List<String>> projectGroups,
TokenType type,
long tokenExpiration,
boolean admin,
boolean validForExternalRequests) {
EzSecurityToken ezToken = new EzSecurityToken();
ezToken.setValidity(
new ValidityCaveats(
"EzSecurity", applicationSecurityId, System.currentTimeMillis() + tokenExpiration, ""));
ezToken.getValidity().setIssuedFor(targetApplicationSecurityId);
ezToken.getAuthorizations().setFormalAuthorizations(authorizations);
ezToken.setAuthorizationLevel(authorizationLevel);
ezToken.setType(type);
switch (type) {
case USER:
populateUserInfo(ezToken, principal, citizenship, organization);
break;
case APP:
populateAppInfo(ezToken, applicationSecurityId, appPrincipal);
break;
}
populateExternalProjectGroups(ezToken, projectGroups, admin);
return ezToken;
}
/**
* Set the appropriate fields on the EzSecurityToken for the passed in fields
*
* @param token an EzSecurityToken to populate with UserInfo. This object will only have UserInfo
* updated on it
* @param principal user principal, defaultUserPrincipal will be used if null
* @param citizenship user citizenship, defaultUserCitizenship will be used if null
* @param organization user organization, defaultUserOrganization will be used if null
*/
public static void populateUserInfo(
final EzSecurityToken token, String principal, String citizenship, String organization) {
token.getTokenPrincipal().setPrincipal((principal == null) ? defaultUserPrincipal : principal);
token.setCitizenship((citizenship == null) ? defaultUserCitizenship : citizenship);
token.setOrganization((organization == null) ? defaultUserOrganization : organization);
}
