1
|
package eu.dnetlib.openaire.usermanagement;
|
2
|
|
3
|
import com.google.gson.Gson;
|
4
|
import com.google.gson.GsonBuilder;
|
5
|
import com.google.gson.JsonParseException;
|
6
|
import eu.dnetlib.openaire.user.pojos.RegisteredService;
|
7
|
import eu.dnetlib.openaire.usermanagement.utils.RegisteredServicesUtils;
|
8
|
import eu.dnetlib.openaire.usermanagement.utils.TokenUtils;
|
9
|
import org.apache.commons.validator.routines.UrlValidator;
|
10
|
import org.apache.http.HttpResponse;
|
11
|
import org.apache.log4j.Logger;
|
12
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
13
|
import org.springframework.beans.factory.annotation.Autowired;
|
14
|
import org.springframework.security.access.method.P;
|
15
|
import org.springframework.security.core.context.SecurityContextHolder;
|
16
|
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
|
17
|
|
18
|
import javax.servlet.ServletConfig;
|
19
|
import javax.servlet.ServletException;
|
20
|
import javax.servlet.http.HttpServlet;
|
21
|
import javax.servlet.http.HttpServletRequest;
|
22
|
import javax.servlet.http.HttpServletResponse;
|
23
|
import java.io.IOException;
|
24
|
import java.sql.SQLException;
|
25
|
|
26
|
|
27
|
public class RegisterServiceServlet extends HttpServlet {
|
28
|
|
29
|
private Logger logger = Logger.getLogger(RegisterServiceServlet.class);
|
30
|
|
31
|
public void init(ServletConfig config) throws ServletException {
|
32
|
super.init(config);
|
33
|
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
|
34
|
config.getServletContext());
|
35
|
}
|
36
|
|
37
|
@Autowired
|
38
|
private RegisteredServicesUtils registeredServicesUtils;
|
39
|
|
40
|
@Autowired
|
41
|
private TokenUtils tokenUtils;
|
42
|
|
43
|
public void doGet(HttpServletRequest request, HttpServletResponse response)
|
44
|
throws ServletException, IOException {
|
45
|
|
46
|
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.
|
47
|
getContext().getAuthentication();
|
48
|
String userid = authentication.getSub();
|
49
|
|
50
|
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
|
51
|
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
|
52
|
request.getSession().setAttribute("name", name.toString());
|
53
|
|
54
|
String idParam = request.getParameter("id");
|
55
|
|
56
|
if (idParam != null && !idParam.isEmpty()) { // EDIT CASE
|
57
|
System.out.println("In edit");
|
58
|
try {
|
59
|
int id = Integer.parseInt(idParam);
|
60
|
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(id);
|
61
|
|
62
|
if (registeredService != null && registeredServicesUtils.isAuthorized(userid, id)) {
|
63
|
ServiceResponse serviceResponse = tokenUtils.getRegisteredService(registeredService.getClientId(), registeredService.getRegistrationAccessToken());
|
64
|
|
65
|
updateFormFields(request, registeredService.getName(), registeredService.getKeyType(), serviceResponse);
|
66
|
|
67
|
} else {
|
68
|
if (registeredService == null) {
|
69
|
System.out.println("No service found!");
|
70
|
request.getSession().setAttribute("message", "Not valid registered service with given id " + id + ".");
|
71
|
response.sendRedirect("./registeredServices");
|
72
|
logger.warn("Not valid registered service with " + id + "id.");
|
73
|
|
74
|
} else {
|
75
|
System.out.println("Not authorized");
|
76
|
request.getSession().setAttribute("message", "Not authorized to edit the registered service with id " + id + ".");
|
77
|
response.sendRedirect("./registeredServices");
|
78
|
logger.warn("Not authorized to edit the service with " + id + "id.");
|
79
|
}
|
80
|
}
|
81
|
|
82
|
} catch (NumberFormatException nfe) {
|
83
|
System.out.println("WRONG FORMAT");
|
84
|
request.getSession().setAttribute("message", "Invalid service id.");
|
85
|
response.sendRedirect("./registeredServices");
|
86
|
logger.error("Invalid service id.", nfe);
|
87
|
|
88
|
} catch (SQLException sqle) {
|
89
|
System.out.println("SQL PROBLEM");
|
90
|
request.getSession().setAttribute("message", "Could not fetch registered service.");
|
91
|
response.sendRedirect("./registeredServices");
|
92
|
logger.error("Could not fetch registered service.", sqle);
|
93
|
}
|
94
|
|
95
|
} else {// NEW SERVICE CASE
|
96
|
//Careful! Redirects in method
|
97
|
request.getSession().setAttribute("first_name", null);
|
98
|
request.getSession().setAttribute("key_type", null);
|
99
|
request.getSession().setAttribute("jwksUri", null);
|
100
|
request.getSession().setAttribute("value", null);
|
101
|
checkNumberOfRegisteredServices(request, response, authentication);
|
102
|
}
|
103
|
|
104
|
response.setContentType("text/html");
|
105
|
request.getRequestDispatcher("./registerService.jsp").include(request, response);
|
106
|
}
|
107
|
|
108
|
private void updateFormFields(HttpServletRequest request, String serviceName, String keyType, ServiceResponse serviceResponse) {
|
109
|
System.out.println("UPDATING FORM");
|
110
|
request.getSession().setAttribute("first_name", serviceName);
|
111
|
System.out.println("Service response URI " + serviceResponse.getJwksUri());
|
112
|
request.getSession().setAttribute("key_type", keyType);
|
113
|
if (keyType != null) {
|
114
|
if (keyType.equals("uri")) {
|
115
|
request.getSession().setAttribute("jwksUri", serviceResponse.getJwksUri());
|
116
|
} else {
|
117
|
Key key;
|
118
|
if (serviceResponse.getJwks() != null) {
|
119
|
key = serviceResponse.getJwks().keys[0];
|
120
|
} else {
|
121
|
key = new Key();
|
122
|
}
|
123
|
System.out.println("Service response keys " + serviceResponse.getJwksUri());
|
124
|
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
125
|
request.getSession().setAttribute("value", gson.toJson(key));
|
126
|
}
|
127
|
}
|
128
|
}
|
129
|
|
130
|
public void doPost(HttpServletRequest request, HttpServletResponse response)
|
131
|
throws ServletException, IOException {
|
132
|
|
133
|
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.
|
134
|
getContext().getAuthentication();
|
135
|
|
136
|
response.setContentType("text/html");
|
137
|
boolean canProceed = true;
|
138
|
|
139
|
String mode = request.getParameter("mode").trim();
|
140
|
System.out.println("Mode was " + mode);
|
141
|
checkmode(mode);
|
142
|
System.out.println("Mode is " + mode);
|
143
|
|
144
|
String serviceId = request.getParameter("id");
|
145
|
|
146
|
String name = request.getParameter("first_name").trim();
|
147
|
if (name.isEmpty()) {
|
148
|
request.getSession().setAttribute("first_name_error", true);
|
149
|
canProceed = false;
|
150
|
}
|
151
|
String keyType = request.getParameter("key_type");
|
152
|
String jwksUri = null;
|
153
|
String jwksString = null;
|
154
|
Jwks jwks = null;
|
155
|
if(keyType != null) {
|
156
|
keyType = keyType.trim();
|
157
|
if (keyType.equals("uri")) {
|
158
|
jwksUri = request.getParameter("uri");
|
159
|
request.getSession().setAttribute("jwksUri", jwksUri);
|
160
|
|
161
|
String[] schemes = {"https"};
|
162
|
UrlValidator urlValidator = new UrlValidator(schemes);
|
163
|
if (!urlValidator.isValid(jwksUri)) {
|
164
|
request.getSession().setAttribute("uri_error", true);
|
165
|
canProceed = false;
|
166
|
}
|
167
|
} else {
|
168
|
jwksString = request.getParameter("value");
|
169
|
try {
|
170
|
Gson gson = new GsonBuilder().registerTypeAdapter(Jwks.class, new JwksDeserializer()).create();
|
171
|
String jwksSet = String.format("{\"keys\":[%s]}", jwksString);
|
172
|
jwks = gson.fromJson(jwksSet, Jwks.class);
|
173
|
request.getSession().setAttribute("value", jwksString);
|
174
|
|
175
|
if (jwks.getKeys() == null || jwks.getKeys().length == 0) {
|
176
|
System.out.println("Something wrong with the keys.");
|
177
|
request.getSession().setAttribute("value_error", true);
|
178
|
canProceed = false;
|
179
|
}
|
180
|
|
181
|
|
182
|
} catch (JsonParseException jpe) {
|
183
|
request.getSession().setAttribute("value_error", true);
|
184
|
canProceed = false;
|
185
|
}
|
186
|
}
|
187
|
}
|
188
|
String userid = authentication.getSub();
|
189
|
String email = authentication.getUserInfo().getEmail();
|
190
|
ServiceResponse serviceResponse = null;
|
191
|
|
192
|
if (nameIsValid(name) && userInfoIsValid(userid, email) && keyIsValid(keyType, jwksUri, jwksString) && canProceed) {
|
193
|
|
194
|
String serverMessage;
|
195
|
|
196
|
if (mode.equals("create")) {
|
197
|
//Careful! Redirects in method
|
198
|
checkNumberOfRegisteredServices(request, response, authentication);
|
199
|
String serverRequestJSON = null;
|
200
|
if(keyType == null) {
|
201
|
serverRequestJSON = createServiceJson(null, name, email);
|
202
|
} else if (keyType.equals("uri")) {
|
203
|
serverRequestJSON = createServiceJson(null, name, email, jwksUri);
|
204
|
} else if (keyType.equals("value")){
|
205
|
serverRequestJSON = createServiceJson(null, name, email, jwks);
|
206
|
}
|
207
|
if(serverRequestJSON != null) {
|
208
|
System.out.println("SERVER JSON " + serverRequestJSON);
|
209
|
serverMessage = tokenUtils.registerService(serverRequestJSON);
|
210
|
logger.debug(serverMessage);
|
211
|
if (serverMessage == null) {
|
212
|
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
213
|
response.sendRedirect("./registeredServices");
|
214
|
return;
|
215
|
}
|
216
|
serviceResponse = new Gson().fromJson(serverMessage, ServiceResponse.class);
|
217
|
String client_id = serviceResponse.getClientId();
|
218
|
|
219
|
RegisteredService registeredService = new RegisteredService(client_id, userid, name, serviceResponse.getRegistrationAccessToken(), keyType);
|
220
|
|
221
|
try {
|
222
|
registeredServicesUtils.addRegistedService(registeredService);
|
223
|
if(registeredService.getKeyType() != null) {
|
224
|
request.getSession().setAttribute("success",
|
225
|
"Your service has been successfully registered!<br>" +
|
226
|
"<b>Client ID<b>: " + serviceResponse.getClientId());
|
227
|
} else {
|
228
|
request.getSession().setAttribute("success",
|
229
|
"Your service has been successfully registered!<br>" +
|
230
|
"<b>Client ID</b>: " + serviceResponse.getClientId() +
|
231
|
"<br><span style=\"word-wrap: break-word\"><b>Client Secret</b>:" + serviceResponse.getClientSecret() + "</span>");
|
232
|
}
|
233
|
|
234
|
} catch (SQLException sqle) {
|
235
|
logger.error("Fail to save service.", sqle);
|
236
|
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
237
|
response.sendRedirect("./registeredServices");
|
238
|
return;
|
239
|
}
|
240
|
} else {
|
241
|
logger.error("Service request JSON is null");
|
242
|
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
243
|
response.sendRedirect("./registeredServices");
|
244
|
return;
|
245
|
}
|
246
|
} else {
|
247
|
int serviceIdInt = 0;
|
248
|
if (serviceId == null || serviceId.isEmpty()) { //TODO WRONG MESSAGE
|
249
|
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
250
|
response.sendRedirect("./registeredServices");
|
251
|
|
252
|
} else {
|
253
|
System.out.println("In edit...");
|
254
|
try {
|
255
|
serviceIdInt = Integer.parseInt(serviceId);
|
256
|
if (!registeredServicesUtils.isAuthorized(authentication.getSub(), serviceIdInt)) {
|
257
|
request.getSession().setAttribute("message", "You have no permission to edit the service.");
|
258
|
response.sendRedirect("./registeredServices");
|
259
|
}
|
260
|
|
261
|
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(serviceIdInt);
|
262
|
if (registeredService != null && registeredService.getClientId() != null) {
|
263
|
String serverRequestJSON = null;
|
264
|
if (keyType == null) {
|
265
|
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email);
|
266
|
} else if (keyType.equals("uri")) {
|
267
|
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwksUri);
|
268
|
} else if (keyType.equals("value")) {
|
269
|
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwks);
|
270
|
}
|
271
|
if (serverRequestJSON != null) {
|
272
|
System.out.println("SERVER JSON " + serverRequestJSON);
|
273
|
HttpResponse resp = tokenUtils.updateService(registeredService.getClientId(), serverRequestJSON, registeredService.getRegistrationAccessToken());
|
274
|
if (resp.getStatusLine().getStatusCode() == 200) {
|
275
|
System.out.println("NAME >>>>" + name);
|
276
|
registeredService.setName(name);
|
277
|
|
278
|
System.out.println("Client Id " + registeredService.getClientId());
|
279
|
try {
|
280
|
registeredServicesUtils.getRegisteredServiceDao().update(registeredService);
|
281
|
} catch (SQLException sqle) {
|
282
|
logger.error("Unable to contact db.", sqle);
|
283
|
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
|
284
|
response.setContentType("text/html");
|
285
|
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
|
286
|
return;
|
287
|
}
|
288
|
request.getSession().setAttribute("success",
|
289
|
"Your service has been successfully updated!<br>" +
|
290
|
"<b>Client ID</b>: " + registeredService.getClientId());
|
291
|
}
|
292
|
|
293
|
} else {
|
294
|
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
295
|
response.sendRedirect("./registeredServices");
|
296
|
return;
|
297
|
}
|
298
|
} else {
|
299
|
logger.error("Service request JSON is null");
|
300
|
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
301
|
response.sendRedirect("./registeredServices");
|
302
|
return;
|
303
|
}
|
304
|
} catch(SQLException sqle){
|
305
|
logger.error("Unable to access service with id " + serviceId, sqle);
|
306
|
request.getSession().setAttribute("message", "There was an error accessing your service.");
|
307
|
response.sendRedirect("./registeredServices");
|
308
|
|
309
|
} catch(NumberFormatException nfe){
|
310
|
logger.error("Unable to access service with id " + serviceId, nfe);
|
311
|
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
312
|
response.sendRedirect("./registeredServices");
|
313
|
}
|
314
|
}
|
315
|
}
|
316
|
|
317
|
} else {
|
318
|
//something is wrong with the form and the error messages will appear
|
319
|
request.getSession().setAttribute("first_name", name);
|
320
|
request.getSession().setAttribute("key_type", keyType);
|
321
|
request.getSession().setAttribute("uri", jwksUri);
|
322
|
request.getSession().setAttribute("value", jwksString);
|
323
|
|
324
|
if (serviceId != null && !serviceId.isEmpty()) {
|
325
|
request.getRequestDispatcher("./registerService.jsp?id=" + serviceId).forward(request, response);
|
326
|
|
327
|
} else {
|
328
|
request.getRequestDispatcher("./registerService.jsp").include(request, response);
|
329
|
|
330
|
}
|
331
|
return;
|
332
|
}
|
333
|
|
334
|
response.sendRedirect("./registeredServices");
|
335
|
}
|
336
|
|
337
|
private void checkmode(String mode) {
|
338
|
if (mode != null && !mode.isEmpty()) {
|
339
|
if (!mode.equals("edit") || mode.equals("create")) {
|
340
|
mode = "create";
|
341
|
}
|
342
|
} else {
|
343
|
mode = "create";
|
344
|
}
|
345
|
}
|
346
|
|
347
|
private boolean keyIsValid(String keyType, String jwksUri, String jwksString) {
|
348
|
return keyType == null || (keyType.equals("uri") && jwksUri != null && !jwksUri.isEmpty()) ||
|
349
|
keyType.equals("value") && jwksString != null && !jwksString.isEmpty();
|
350
|
}
|
351
|
|
352
|
private boolean userInfoIsValid(String userid, String email) {
|
353
|
return userid != null && !userid.isEmpty() &&
|
354
|
email != null && !email.isEmpty();
|
355
|
}
|
356
|
|
357
|
private boolean nameIsValid(String name) {
|
358
|
return name != null && !name.isEmpty();
|
359
|
}
|
360
|
|
361
|
private void checkNumberOfRegisteredServices(HttpServletRequest request, HttpServletResponse response, OIDCAuthenticationToken authentication) throws IOException {
|
362
|
try {
|
363
|
long numberOfRegisteredServices =
|
364
|
registeredServicesUtils.getRegisteredServiceDao().countRegisteredServices(authentication.getSub());
|
365
|
|
366
|
if (numberOfRegisteredServices >= 5) {
|
367
|
response.sendRedirect("./registeredServices"); // The message there already exists.
|
368
|
}
|
369
|
|
370
|
} catch (SQLException sqle) {
|
371
|
logger.error("Unable to count registered services.", sqle);
|
372
|
request.getSession().setAttribute("message", "Unable to contact DB. Please try again later.");
|
373
|
response.sendRedirect("./registeredServices");
|
374
|
return;
|
375
|
}
|
376
|
}
|
377
|
|
378
|
private static String createServiceJson(String clientId, String name, String email) {
|
379
|
ServiceRequest serviceJSON = new ServiceRequest();
|
380
|
serviceJSON.setClientId(clientId);
|
381
|
serviceJSON.setClientName(name);
|
382
|
serviceJSON.setContacts(new String[]{email});
|
383
|
serviceJSON.setToken_endpoint_auth_method("client_secret_basic");
|
384
|
serviceJSON.setTokenEndpointAuthSigningAlg(null);
|
385
|
GsonBuilder builder = new GsonBuilder();
|
386
|
builder.serializeNulls();
|
387
|
Gson gson = builder.create();
|
388
|
System.out.println("Created json " + serviceJSON);
|
389
|
return gson.toJson(serviceJSON);
|
390
|
}
|
391
|
|
392
|
private static String createServiceJson(String clientId, String name, String email, String jwksURI) {
|
393
|
ServiceRequest serviceJSON = new ServiceRequest();
|
394
|
serviceJSON.setClientId(clientId);
|
395
|
serviceJSON.setClientName(name);
|
396
|
serviceJSON.setContacts(new String[]{email});
|
397
|
serviceJSON.setJwksUri(jwksURI);
|
398
|
|
399
|
GsonBuilder builder = new GsonBuilder();
|
400
|
builder.serializeNulls();
|
401
|
Gson gson = builder.create();
|
402
|
System.out.println("Created json " + serviceJSON);
|
403
|
return gson.toJson(serviceJSON);
|
404
|
}
|
405
|
|
406
|
private static String createServiceJson(String clientId, String name, String email, Jwks jwks) {
|
407
|
ServiceRequest serviceJSON = new ServiceRequest();
|
408
|
serviceJSON.setClientId(clientId);
|
409
|
serviceJSON.setClientName(name);
|
410
|
serviceJSON.setContacts(new String[]{email});
|
411
|
serviceJSON.setJwks(jwks);
|
412
|
|
413
|
GsonBuilder builder = new GsonBuilder();
|
414
|
builder.serializeNulls();
|
415
|
Gson gson = builder.create();
|
416
|
System.out.println("Created json " + serviceJSON);
|
417
|
return gson.toJson(serviceJSON);
|
418
|
}
|
419
|
|
420
|
}
|