Merge pull request #5 from indigo-dc/features/issue-4

Features/issue 4
indigo-dc · Oct 23, 2019 · 4f7a516 · 4f7a516
2 parents 7e64589 + 8bf4802
commit 4f7a516
Show file tree

Hide file tree

Showing 7 changed files with 111 additions and 34 deletions.
diff --git a/.gitignore b/.gitignore
@@ -124,3 +124,7 @@ buildNumber.properties
 /.idea/libraries/
 .idea
 .idea/**
+.vscode
+.classpath
+.settings
+.project
diff --git a/README.md b/README.md
@@ -15,13 +15,12 @@ Maven is needed to build the source code. To build a binary just execute `mvn cl
     public void addConnectionFactories(ConnectionFactoryConfigurer connectionFactoryConfigurer, Environment environment) {
 
             connectionFactoryConfigurer.addConnectionFactory(
-                    new OidcConnectionFactory(deepOrchestratorURL, certKeystore, issuer, clientId, clientSecret"));
+                    new OidcConnectionFactory(certKeystore, issuer, clientId, clientSecret));
     }
 ```
 
 Where:
-- `deepOrchestratorURL` is the base URL pointing to a DEEP orchestrator instance.
-- `certKeystore` is the location of a JKS keystore containing the orchestrator certificate in case it's self-signed or invalid. If the orchestrator has a valid certificate then this parameter can be null.
+- `certKeystore` is the location of a JKS keystore containing orchestrators certificates in case it's self-signed or invalid. If the orchestrator has a valid certificate then this parameter can be null.
 - `issuer` is the root URL of the IAM issuer instance 
 - `client-id` and `client-sectet` are the application client identifier and secret to use to authenticate through the code workflow.
 

diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>org.springframework.social</groupId>
     <artifactId>spring-social-oidc-deep</artifactId>
-    <version>1.3</version>
+    <version>1.4</version>
 
     <properties>
         <jackson.version>2.9.5</jackson.version>

diff --git a/src/main/java/org/springframework/social/oidc/deep/api/DeepOrchestrator.java b/src/main/java/org/springframework/social/oidc/deep/api/DeepOrchestrator.java
@@ -3,45 +3,81 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.social.ApiBinding;
 
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+
 public interface DeepOrchestrator extends ApiBinding {
 
+  /**
+   * Adds a certificate to the existing keystore in memory.
+   *
+   * @param alias The alias to apply to this certificate. It must be unique. If the alias already
+   *     exists, the existing certificate will be replaced.
+   * @param cert The certificate to add.
+   * @throws KeyStoreException Thrown if something go wrong.
+   */
+  void addCertificate(String alias, Certificate cert)
+      throws KeyStoreException, KeyManagementException, NoSuchAlgorithmException;
+
+  /**
+   * Removes a certificate from the existing keystore in memory.
+   *
+   * @param alias The alias of the certificate to remove.
+   * @throws KeyStoreException Thrown if something go wrong.
+   */
+  void removeCertificate(String alias)
+      throws KeyStoreException, KeyManagementException, NoSuchAlgorithmException;
+
   /**
    * Returns the profile of the logged user.
+   *
    * @return The profile of the logged user.
    */
   OidcUserProfile getProfile();
 
   /**
    * Gets a list of deployments of the logged user.
+   *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @return The list of deployments in plain text. It must be parsed by the calling client.
    */
-  ResponseEntity<String> callGetDeployments();
+  ResponseEntity<String> callGetDeployments(String orchestrarorUrl);
 
   /**
    * Deploys a template in the orchestrator.
+   *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @param yamlTopology The yaml topology to deploy in plain text.
    * @return The operation result in plain text. It must be parsed by the calling client.
    */
-  ResponseEntity<String> callDeploy(String yamlTopology);
+  ResponseEntity<String> callDeploy(String orchestrarorUrl, String yamlTopology);
 
   /**
    * Gets the status of a deployment.
+   *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @param deploymentId The deployment identifier.
    * @return The deployment status in plain text. It must be parsed by the calling client.
    */
-  ResponseEntity<String> callDeploymentStatus(String deploymentId);
+  ResponseEntity<String> callDeploymentStatus(String orchestrarorUrl, String deploymentId);
 
   /**
    * Undeploys a deployment.
+   *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @param deploymentId The deployment identifier.
    * @return The operation result in plain text. It must be parsed by the calling client.
    */
-  ResponseEntity<String> callUndeploy(String deploymentId);
+  ResponseEntity<String> callUndeploy(String orchestrarorUrl, String deploymentId);
 
   /**
    * Gets the template description associated to a deployment.
+   *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @param deploymentId The deployment identifier.
    * @return The deployment template in plain text. It must be parsed by the calling client.
    */
-  ResponseEntity<String> callGetTemplate(String deploymentId);
+  ResponseEntity<String> callGetTemplate(String orchestrarorUrl, String deploymentId);
 }
diff --git a/src/main/java/org/springframework/social/oidc/deep/api/impl/DeepOrchestratorTemplate.java b/src/main/java/org/springframework/social/oidc/deep/api/impl/DeepOrchestratorTemplate.java
@@ -18,10 +18,12 @@
 import org.springframework.social.support.URIBuilder;
 
 import java.net.URI;
+
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
 
 import javax.net.ssl.SSLContext;
 
@@ -31,7 +33,8 @@ public class DeepOrchestratorTemplate extends AbstractOAuth2ApiBinding implement
 
   private OidcConfiguration configuration;
 
-  private URI baseUrl;
+  private KeyStore keystore;
+
   /** Web service path for deployments operations; It is appended to the orchestrator endpoint. */
   public static final String WS_PATH_DEPLOYMENTS = "/deployments";
 
@@ -42,14 +45,11 @@ public class DeepOrchestratorTemplate extends AbstractOAuth2ApiBinding implement
    * @param accessToken Obtained access token
    */
   public DeepOrchestratorTemplate(
-      String orchestratorBaseUrl,
-      KeyStore orchestratorCert,
-      OidcConfiguration configuration,
-      String accessToken)
+      KeyStore orchestratorCert, OidcConfiguration configuration, String accessToken)
       throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
     super(accessToken);
+    this.keystore = orchestratorCert;
     this.configuration = configuration;
-    this.baseUrl = URI.create(orchestratorBaseUrl + WS_PATH_DEPLOYMENTS);
     if (orchestratorCert != null) {
       setSslContext(orchestratorCert);
     }
@@ -77,6 +77,40 @@ public void setSslContext(KeyStore cert)
     }
   }
 
+  private String baseUrl(String orchestrarorUrl) {
+    return orchestrarorUrl + WS_PATH_DEPLOYMENTS;
+  }
+
+  /**
+   * Adds a certificate to the existing keystore in memory.
+   *
+   * @param alias The alias to apply to this certificate. It must be unique. If the alias already
+   *     exists, the existing certificate will be replaced.
+   * @param cert The certificate to add.
+   * @throws KeyStoreException Thrown if something go wrong.
+   */
+  public void addCertificate(String alias, Certificate cert)
+      throws KeyStoreException, KeyManagementException, NoSuchAlgorithmException {
+    if (this.keystore != null) {
+      this.keystore.setCertificateEntry(alias, cert);
+      setSslContext(this.keystore);
+    }
+  }
+
+  /**
+   * Removes a certificate from the existing keystore in memory.
+   *
+   * @param alias The alias of the certificate to remove.
+   * @throws KeyStoreException Thrown if something go wrong.
+   */
+  public void removeCertificate(String alias)
+      throws KeyStoreException, KeyManagementException, NoSuchAlgorithmException {
+    if (this.keystore != null) {
+      this.keystore.deleteEntry(alias);
+      setSslContext(this.keystore);
+    }
+  }
+
   /**
    * Returns the profile of the logged user.
    *
@@ -90,10 +124,11 @@ public OidcUserProfile getProfile() {
   /**
    * Gets a list of deployments of the logged user.
    *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @return The list of deployments in plain text. It must be parsed by the calling client.
    */
-  public ResponseEntity<String> callGetDeployments() {
-    URIBuilder builder = URIBuilder.fromUri(baseUrl);
+  public ResponseEntity<String> callGetDeployments(String orchestrarorUrl) {
+    URIBuilder builder = URIBuilder.fromUri(baseUrl(orchestrarorUrl));
     builder.queryParam("createdBy", "me");
 
     return getRestTemplate().getForEntity(builder.build().toString(), String.class);
@@ -102,49 +137,57 @@ public ResponseEntity<String> callGetDeployments() {
   /**
    * Deploys a template in the orchestrator.
    *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @param yamlTopology The yaml topology to deploy in plain text.
    * @return The operation result in plain text. It must be parsed by the calling client.
    */
-  public ResponseEntity<String> callDeploy(String yamlTopology) {
+  public ResponseEntity<String> callDeploy(String orchestrarorUrl, String yamlTopology) {
     HttpHeaders headers = new HttpHeaders();
     headers.setContentType(MediaType.APPLICATION_JSON);
 
     HttpEntity<String> entity = new HttpEntity<String>(yamlTopology, headers);
-    return getRestTemplate().postForEntity(baseUrl, entity, String.class);
+    return getRestTemplate().postForEntity(baseUrl(orchestrarorUrl), entity, String.class);
   }
 
   /**
    * Gets the status of a deployment.
    *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @param deploymentId The deployment identifier.
    * @return The deployment status in plain text. It must be parsed by the calling client.
    */
-  public ResponseEntity<String> callDeploymentStatus(String deploymentId) {
+  public ResponseEntity<String> callDeploymentStatus(String orchestrarorUrl, String deploymentId) {
     return getRestTemplate()
-        .getForEntity(URI.create(baseUrl.toString() + "/" + deploymentId), String.class);
+        .getForEntity(
+            URI.create(baseUrl(orchestrarorUrl).toString() + "/" + deploymentId), String.class);
   }
 
   /**
    * Undeploys a deployment.
    *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @param deploymentId The deployment identifier.
    * @return The operation result in plain text. It must be parsed by the calling client.
    */
-  public ResponseEntity<String> callUndeploy(String deploymentId) {
+  public ResponseEntity<String> callUndeploy(String orchestrarorUrl, String deploymentId) {
     RequestEntity<Void> requestEntity =
         new RequestEntity<Void>(
-            HttpMethod.DELETE, URI.create(baseUrl.toString() + "/" + deploymentId));
+            HttpMethod.DELETE,
+            URI.create(baseUrl(orchestrarorUrl).toString() + "/" + deploymentId));
     return getRestTemplate().exchange(requestEntity, String.class);
   }
 
   /**
    * Gets the template description associated to a deployment.
+   *
+   * @param orchestrarorUrl The URL of the DEEP orchestrator to contact.
    * @param deploymentId The deployment identifier.
    * @return The deployment template in plain text. It must be parsed by the calling client.
    */
-  public ResponseEntity<String> callGetTemplate(String deploymentId) {
+  public ResponseEntity<String> callGetTemplate(String orchestrarorUrl, String deploymentId) {
     return getRestTemplate()
-            .getForEntity(URI.create(baseUrl.toString() + "/" + deploymentId + "/template"),
-                    String.class);
+        .getForEntity(
+            URI.create(baseUrl(orchestrarorUrl).toString() + "/" + deploymentId + "/template"),
+            String.class);
   }
 }
diff --git a/src/main/java/org/springframework/social/oidc/deep/connect/OidcConnectionFactory.java b/src/main/java/org/springframework/social/oidc/deep/connect/OidcConnectionFactory.java
@@ -10,7 +10,6 @@ public class OidcConnectionFactory extends OAuth2ConnectionFactory<DeepOrchestra
   /**
    * Main constructor used by Spring applications.
    *
-   * @param orchestratorUrl An URL pointing to the DEEP Orchestrator.
    * @param orchestratorCert A JKS keystore containing the orchestrator certificate in case it's
    *     self-signed or not valid. If the orchestrator is using a valid certificate, this parameter
    *     can be null.
@@ -19,14 +18,13 @@ public class OidcConnectionFactory extends OAuth2ConnectionFactory<DeepOrchestra
    * @param clientSecret The client secret of the above client identifier.
    */
   public OidcConnectionFactory(
-      String orchestratorUrl,
       KeyStore orchestratorCert,
       String baseUrl,
       String clientId,
       String clientSecret) {
     super(
         "oidc",
-        new OidcProvider(orchestratorUrl, orchestratorCert, baseUrl, clientId, clientSecret),
+        new OidcProvider(orchestratorCert, baseUrl, clientId, clientSecret),
         new OidcAdapter());
   }
 }
diff --git a/src/main/java/org/springframework/social/oidc/deep/connect/OidcProvider.java b/src/main/java/org/springframework/social/oidc/deep/connect/OidcProvider.java
@@ -15,24 +15,22 @@ public class OidcProvider extends AbstractOAuth2ServiceProvider<DeepOrchestrator
   private static final Log logger = LogFactory.getLog(OidcProvider.class);
 
   private OidcConfiguration configuration;
-  private String orchestratorUrl;
   private KeyStore orchestratorCert;
 
   /**
    * Creates a OIDC provider configuration.
    *
+   * @param orchestratorCert A keystore containing certificates for the orchestrators.
    * @param providerUrl The provider URL.
    * @param clientId Client ID to use.
    * @param clientSecret Client Secret to use.
    */
   public OidcProvider(
-      String orchestratorUrl,
       KeyStore orchestratorCert,
       String providerUrl,
       String clientId,
       String clientSecret) {
     super(createOidc2Template(providerUrl, clientId, clientSecret));
-    this.orchestratorUrl = orchestratorUrl;
     this.orchestratorCert = orchestratorCert;
     configuration =
         ((org.springframework.social.oidc.deep.connect.OidcTemplate) getOAuthOperations())
@@ -69,8 +67,7 @@ private static org.springframework.social.oidc.deep.connect.OidcTemplate createO
    */
   public DeepOrchestrator getApi(String accessToken) {
     try {
-      return new DeepOrchestratorTemplate(
-          orchestratorUrl, orchestratorCert, configuration, accessToken);
+      return new DeepOrchestratorTemplate(orchestratorCert, configuration, accessToken);
     } catch (Exception e) {
       logger.error("Error reading orchestrator keystore", e);
     }