acs-integration-tests/src/test/java/com/ge/predix/test/utils/UAAACSClientsUtil.java - gerrit/www.eclipse.org/keti - Git at Google

 /*******************************************************************************
  * Copyright 2017 General Electric Company
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * SPDX-License-Identifier: Apache-2.0
  *******************************************************************************/

 package com.ge.predix.test.utils;

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;

 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
 import org.springframework.security.oauth2.provider.client.BaseClientDetails;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;

 import com.ge.predix.acs.utils.JsonUtils;

 public class UAAACSClientsUtil {

     private static final JsonUtils JSON_UTILS = new JsonUtils();

     private final OAuth2RestTemplate uaaAdminTemplate;
     private final String uaaUrl;

     public UAAACSClientsUtil(final String uaaUrl, final String adminSecret) {
         this.uaaUrl = uaaUrl;
         this.uaaAdminTemplate = getOAuth2RestTemplateForClient(this.uaaUrl + "/oauth/token", "admin", adminSecret);
     }

     public OAuth2RestTemplate createAcsAdminClient(final List<String> acsZones) {

         ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
         authorities.add(new SimpleGrantedAuthority("acs.zones.admin"));
         authorities.add(new SimpleGrantedAuthority("acs.attributes.read"));
         authorities.add(new SimpleGrantedAuthority("acs.attributes.write"));
         authorities.add(new SimpleGrantedAuthority("acs.policies.read"));
         authorities.add(new SimpleGrantedAuthority("acs.policies.write"));
         authorities.add(new SimpleGrantedAuthority("acs.connectors.read"));
         authorities.add(new SimpleGrantedAuthority("acs.connectors.write"));
         for (int i = 0; i < acsZones.size(); i++) {
             authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(i) + ".admin"));
             authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(i) + ".user"));
         }
         OAuth2RestTemplate restTemplate = createScopeClient(acsZones.get(0), "super-admin");
         this.createClientWithAuthorities(restTemplate.getResource().getClientId(),
                 restTemplate.getResource().getClientSecret(), authorities);
         return restTemplate;
     }

     public OAuth2RestTemplate createAcsAdminClientAndGetTemplate(final String zoneName) {
         OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin");
         this.createAcsAdminClient(restTemplate.getResource().getClientId(),
                 restTemplate.getResource().getClientSecret());
         return restTemplate;
     }

     public OAuth2RestTemplate createZoneClientAndGetTemplate(final String zoneName, final String serviceId) {
         OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "zoneAdmin");
         this.createAcsZoneClient(zoneName, restTemplate.getResource().getClientId(),
                 restTemplate.getResource().getClientSecret(), serviceId);
         return restTemplate;
     }

     public OAuth2RestTemplate createReadOnlyPolicyScopeClient(final String zoneName) {
         OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin", "readonly");
         this.createReadOnlyPolicyScopeClient(restTemplate.getResource().getClientId(),
                 restTemplate.getResource().getClientSecret(), zoneName);
         return restTemplate;
     }

     public OAuth2RestTemplate createNoPolicyScopeClient(final String zoneName) {
         OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin", "nopolicy");
         this.createNoPolicyScopeClient(restTemplate.getResource().getClientId(),
                 restTemplate.getResource().getClientSecret(), zoneName);
         return restTemplate;

     }

     public OAuth2RestTemplate createReadOnlyConnectorScopeClient(final String zoneName) {
         OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin-connector", "readonly");
         this.createReadOnlyConnectorScopeClient(restTemplate.getResource().getClientId(),
                 restTemplate.getResource().getClientSecret(), zoneName);
         return restTemplate;
     }

     public OAuth2RestTemplate createAdminConnectorScopeClient(final String zoneName) {
         OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin-connector");
         this.createAdminConnectorScopeClient(restTemplate.getResource().getClientId(),
                 restTemplate.getResource().getClientSecret(), zoneName);
         return restTemplate;
     }

     public void createAcsAdminClient(final String clientId, final String clientSecret) {
         createClientWithAuthorities(clientId, clientSecret,
                 Collections.singletonList(new SimpleGrantedAuthority("acs.zones.admin")));
     }

     public void createNoPolicyScopeClient(final String clientId, final String clientSecret, final String zone) {
         this.createClientWithAuthorities(clientId, clientSecret,
                 Collections.singletonList(new SimpleGrantedAuthority("predix-acs.zones." + zone + ".user")));
     }

     public void createReadOnlyPolicyScopeClient(final String clientId, final String clientSecret, final String zone) {
         this.createClientWithAuthorities(clientId, clientSecret,
                 Arrays.asList(new SimpleGrantedAuthority("predix-acs.zones." + zone + ".user"),
                         new SimpleGrantedAuthority("acs.policies.read")));
     }

     public void createReadOnlyConnectorScopeClient(final String clientId, final String clientSecret,
             final String zone) {
         this.createClientWithAuthorities(clientId, clientSecret,
                 Arrays.asList(new SimpleGrantedAuthority("predix-acs.zones." + zone + ".user"),
                         new SimpleGrantedAuthority("acs.connectors.read")));
     }

     public void createAdminConnectorScopeClient(final String clientId, final String clientSecret, final String zone) {
         this.createClientWithAuthorities(clientId, clientSecret,
                 Arrays.asList(new SimpleGrantedAuthority("predix-acs.zones." + zone + ".user"),
                         new SimpleGrantedAuthority("acs.connectors.read"),
                         new SimpleGrantedAuthority("acs.connectors.write")));
     }

     public void createAcsZoneClient(final String acsZone, final String clientId, final String clientSecret,
             final String serviceId) {
         ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>() {
             {
                 add(new SimpleGrantedAuthority("acs.attributes.read"));
                 add(new SimpleGrantedAuthority("acs.attributes.write"));
                 add(new SimpleGrantedAuthority("acs.policies.read"));
                 add(new SimpleGrantedAuthority("acs.policies.write"));
                 add(new SimpleGrantedAuthority(serviceId + ".zones." + acsZone + ".user"));
                 add(new SimpleGrantedAuthority(serviceId + ".zones." + acsZone + ".admin"));
             }
         };
         createClientWithAuthorities(clientId, clientSecret, authorities);
     }

     private void createClientWithAuthorities(final String clientId, final String clientSecret,
             final Collection<? extends GrantedAuthority> authorities) {
         BaseClientDetails client = new BaseClientDetails();
         client.setAuthorities(authorities);
         client.setAuthorizedGrantTypes(Collections.singletonList("client_credentials"));
         client.setClientId(clientId);
         client.setClientSecret(clientSecret);
         client.setResourceIds(Collections.singletonList("uaa.none"));
         createOrUpdateClient(client);
     }

     private BaseClientDetails createOrUpdateClient(final BaseClientDetails client) {

         MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
         headers.add("Accept", MediaType.APPLICATION_JSON_VALUE);
         headers.add("Content-Type", MediaType.APPLICATION_JSON_VALUE);
         HttpEntity<String> postEntity = new HttpEntity<>(JSON_UTILS.serialize(client), headers);

         ResponseEntity<String> clientCreate = null;
         try {
             clientCreate = this.uaaAdminTemplate.exchange(this.uaaUrl + "/oauth/clients", HttpMethod.POST, postEntity,
                     String.class);
             if (clientCreate.getStatusCode() == HttpStatus.CREATED) {
                 return JSON_UTILS.deserialize(clientCreate.getBody(), BaseClientDetails.class);
             } else {
                 throw new RuntimeException("Unexpected return code for client create: " + clientCreate.getStatusCode());
             }
         } catch (InvalidClientException ex) {
             if (ex.getMessage().equals("Client already exists: " + client.getClientId())) {
                 HttpEntity<String> putEntity = new HttpEntity<String>(JSON_UTILS.serialize(client), headers);
                 ResponseEntity<String> clientUpdate = this.uaaAdminTemplate.exchange(
                         this.uaaUrl + "/oauth/clients/" + client.getClientId(), HttpMethod.PUT, putEntity,
                         String.class);
                 if (clientUpdate.getStatusCode() == HttpStatus.OK) {
                     return JSON_UTILS.deserialize(clientUpdate.getBody(), BaseClientDetails.class);
                 } else {
                     throw new RuntimeException(
                             "Unexpected return code for client update: " + clientUpdate.getStatusCode());
                 }
             }
         }
         throw new RuntimeException("Unexpected return code for client creation: " + clientCreate.getStatusCode());
     }

     public void deleteClient(final String clientId) {
         this.uaaAdminTemplate.delete(this.uaaUrl + "/oauth/clients/" + clientId);
     }

     private OAuth2RestTemplate createScopeClient(final String zoneName, final String clientRole) {
         return this.createScopeClient(zoneName, clientRole, null);
     }

     private OAuth2RestTemplate createScopeClient(final String zoneName, final String clientRole,
             final String clientType) {
         String clientId = clientRole + '-' + zoneName;
         if (clientType != null) {
             clientId += '-' + clientType;
         }
         String clientSecret = clientId + "-secret";
         return this.getOAuth2RestTemplateForClient(this.uaaUrl + "/oauth/token", clientId, clientSecret);
     }

     private OAuth2RestTemplate getOAuth2RestTemplateForClient(final String tokenUrl, final String clientId,
             final String clientSecret) {
         ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
         resource.setAccessTokenUri(tokenUrl);
         resource.setClientId(clientId);
         resource.setClientSecret(clientSecret);
         OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource);
         CloseableHttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
         HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
         restTemplate.setRequestFactory(requestFactory);

         return restTemplate;
     }
 }
	/*******************************************************************************
	* Copyright 2017 General Electric Company
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	* SPDX-License-Identifier: Apache-2.0
	*******************************************************************************/

	package com.ge.predix.test.utils;

	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.Collection;
	import java.util.Collections;
	import java.util.List;

	import org.apache.http.impl.client.CloseableHttpClient;
	import org.apache.http.impl.client.HttpClientBuilder;
	import org.springframework.http.HttpEntity;
	import org.springframework.http.HttpMethod;
	import org.springframework.http.HttpStatus;
	import org.springframework.http.MediaType;
	import org.springframework.http.ResponseEntity;
	import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
	import org.springframework.security.core.GrantedAuthority;
	import org.springframework.security.core.authority.SimpleGrantedAuthority;
	import org.springframework.security.oauth2.client.OAuth2RestTemplate;
	import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
	import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
	import org.springframework.security.oauth2.provider.client.BaseClientDetails;
	import org.springframework.util.LinkedMultiValueMap;
	import org.springframework.util.MultiValueMap;

	import com.ge.predix.acs.utils.JsonUtils;

	public class UAAACSClientsUtil {

	private static final JsonUtils JSON_UTILS = new JsonUtils();

	private final OAuth2RestTemplate uaaAdminTemplate;
	private final String uaaUrl;

	public UAAACSClientsUtil(final String uaaUrl, final String adminSecret) {
	this.uaaUrl = uaaUrl;
	this.uaaAdminTemplate = getOAuth2RestTemplateForClient(this.uaaUrl + "/oauth/token", "admin", adminSecret);
	}

	public OAuth2RestTemplate createAcsAdminClient(final List<String> acsZones) {

	ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
	authorities.add(new SimpleGrantedAuthority("acs.zones.admin"));
	authorities.add(new SimpleGrantedAuthority("acs.attributes.read"));
	authorities.add(new SimpleGrantedAuthority("acs.attributes.write"));
	authorities.add(new SimpleGrantedAuthority("acs.policies.read"));
	authorities.add(new SimpleGrantedAuthority("acs.policies.write"));
	authorities.add(new SimpleGrantedAuthority("acs.connectors.read"));
	authorities.add(new SimpleGrantedAuthority("acs.connectors.write"));
	for (int i = 0; i < acsZones.size(); i++) {
	authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(i) + ".admin"));
	authorities.add(new SimpleGrantedAuthority("predix-acs.zones." + acsZones.get(i) + ".user"));
	}
	OAuth2RestTemplate restTemplate = createScopeClient(acsZones.get(0), "super-admin");
	this.createClientWithAuthorities(restTemplate.getResource().getClientId(),
	restTemplate.getResource().getClientSecret(), authorities);
	return restTemplate;
	}

	public OAuth2RestTemplate createAcsAdminClientAndGetTemplate(final String zoneName) {
	OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin");
	this.createAcsAdminClient(restTemplate.getResource().getClientId(),
	restTemplate.getResource().getClientSecret());
	return restTemplate;
	}

	public OAuth2RestTemplate createZoneClientAndGetTemplate(final String zoneName, final String serviceId) {
	OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "zoneAdmin");
	this.createAcsZoneClient(zoneName, restTemplate.getResource().getClientId(),
	restTemplate.getResource().getClientSecret(), serviceId);
	return restTemplate;
	}

	public OAuth2RestTemplate createReadOnlyPolicyScopeClient(final String zoneName) {
	OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin", "readonly");
	this.createReadOnlyPolicyScopeClient(restTemplate.getResource().getClientId(),
	restTemplate.getResource().getClientSecret(), zoneName);
	return restTemplate;
	}

	public OAuth2RestTemplate createNoPolicyScopeClient(final String zoneName) {
	OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin", "nopolicy");
	this.createNoPolicyScopeClient(restTemplate.getResource().getClientId(),
	restTemplate.getResource().getClientSecret(), zoneName);
	return restTemplate;

	}

	public OAuth2RestTemplate createReadOnlyConnectorScopeClient(final String zoneName) {
	OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin-connector", "readonly");
	this.createReadOnlyConnectorScopeClient(restTemplate.getResource().getClientId(),
	restTemplate.getResource().getClientSecret(), zoneName);
	return restTemplate;
	}

	public OAuth2RestTemplate createAdminConnectorScopeClient(final String zoneName) {
	OAuth2RestTemplate restTemplate = createScopeClient(zoneName, "admin-connector");
	this.createAdminConnectorScopeClient(restTemplate.getResource().getClientId(),
	restTemplate.getResource().getClientSecret(), zoneName);
	return restTemplate;
	}

	public void createAcsAdminClient(final String clientId, final String clientSecret) {
	createClientWithAuthorities(clientId, clientSecret,
	Collections.singletonList(new SimpleGrantedAuthority("acs.zones.admin")));
	}

	public void createNoPolicyScopeClient(final String clientId, final String clientSecret, final String zone) {
	this.createClientWithAuthorities(clientId, clientSecret,
	Collections.singletonList(new SimpleGrantedAuthority("predix-acs.zones." + zone + ".user")));
	}

	public void createReadOnlyPolicyScopeClient(final String clientId, final String clientSecret, final String zone) {
	this.createClientWithAuthorities(clientId, clientSecret,
	Arrays.asList(new SimpleGrantedAuthority("predix-acs.zones." + zone + ".user"),
	new SimpleGrantedAuthority("acs.policies.read")));
	}

	public void createReadOnlyConnectorScopeClient(final String clientId, final String clientSecret,
	final String zone) {
	this.createClientWithAuthorities(clientId, clientSecret,
	Arrays.asList(new SimpleGrantedAuthority("predix-acs.zones." + zone + ".user"),
	new SimpleGrantedAuthority("acs.connectors.read")));
	}

	public void createAdminConnectorScopeClient(final String clientId, final String clientSecret, final String zone) {
	this.createClientWithAuthorities(clientId, clientSecret,
	Arrays.asList(new SimpleGrantedAuthority("predix-acs.zones." + zone + ".user"),
	new SimpleGrantedAuthority("acs.connectors.read"),
	new SimpleGrantedAuthority("acs.connectors.write")));
	}

	public void createAcsZoneClient(final String acsZone, final String clientId, final String clientSecret,
	final String serviceId) {
	ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>() {
	{
	add(new SimpleGrantedAuthority("acs.attributes.read"));
	add(new SimpleGrantedAuthority("acs.attributes.write"));
	add(new SimpleGrantedAuthority("acs.policies.read"));
	add(new SimpleGrantedAuthority("acs.policies.write"));
	add(new SimpleGrantedAuthority(serviceId + ".zones." + acsZone + ".user"));
	add(new SimpleGrantedAuthority(serviceId + ".zones." + acsZone + ".admin"));
	}
	};
	createClientWithAuthorities(clientId, clientSecret, authorities);
	}

	private void createClientWithAuthorities(final String clientId, final String clientSecret,
	final Collection<? extends GrantedAuthority> authorities) {
	BaseClientDetails client = new BaseClientDetails();
	client.setAuthorities(authorities);
	client.setAuthorizedGrantTypes(Collections.singletonList("client_credentials"));
	client.setClientId(clientId);
	client.setClientSecret(clientSecret);
	client.setResourceIds(Collections.singletonList("uaa.none"));
	createOrUpdateClient(client);
	}

	private BaseClientDetails createOrUpdateClient(final BaseClientDetails client) {

	MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
	headers.add("Accept", MediaType.APPLICATION_JSON_VALUE);
	headers.add("Content-Type", MediaType.APPLICATION_JSON_VALUE);
	HttpEntity<String> postEntity = new HttpEntity<>(JSON_UTILS.serialize(client), headers);

	ResponseEntity<String> clientCreate = null;
	try {
	clientCreate = this.uaaAdminTemplate.exchange(this.uaaUrl + "/oauth/clients", HttpMethod.POST, postEntity,
	String.class);
	if (clientCreate.getStatusCode() == HttpStatus.CREATED) {
	return JSON_UTILS.deserialize(clientCreate.getBody(), BaseClientDetails.class);
	} else {
	throw new RuntimeException("Unexpected return code for client create: " + clientCreate.getStatusCode());
	}
	} catch (InvalidClientException ex) {
	if (ex.getMessage().equals("Client already exists: " + client.getClientId())) {
	HttpEntity<String> putEntity = new HttpEntity<String>(JSON_UTILS.serialize(client), headers);
	ResponseEntity<String> clientUpdate = this.uaaAdminTemplate.exchange(
	this.uaaUrl + "/oauth/clients/" + client.getClientId(), HttpMethod.PUT, putEntity,
	String.class);
	if (clientUpdate.getStatusCode() == HttpStatus.OK) {
	return JSON_UTILS.deserialize(clientUpdate.getBody(), BaseClientDetails.class);
	} else {
	throw new RuntimeException(
	"Unexpected return code for client update: " + clientUpdate.getStatusCode());
	}
	}
	}
	throw new RuntimeException("Unexpected return code for client creation: " + clientCreate.getStatusCode());
	}

	public void deleteClient(final String clientId) {
	this.uaaAdminTemplate.delete(this.uaaUrl + "/oauth/clients/" + clientId);
	}

	private OAuth2RestTemplate createScopeClient(final String zoneName, final String clientRole) {
	return this.createScopeClient(zoneName, clientRole, null);
	}

	private OAuth2RestTemplate createScopeClient(final String zoneName, final String clientRole,
	final String clientType) {
	String clientId = clientRole + '-' + zoneName;
	if (clientType != null) {
	clientId += '-' + clientType;
	}
	String clientSecret = clientId + "-secret";
	return this.getOAuth2RestTemplateForClient(this.uaaUrl + "/oauth/token", clientId, clientSecret);
	}

	private OAuth2RestTemplate getOAuth2RestTemplateForClient(final String tokenUrl, final String clientId,
	final String clientSecret) {
	ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
	resource.setAccessTokenUri(tokenUrl);
	resource.setClientId(clientId);
	resource.setClientSecret(clientSecret);
	OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource);
	CloseableHttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
	HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
	restTemplate.setRequestFactory(requestFactory);

	return restTemplate;
	}
	}