Merge pull request #248 from rma-bryson/CWMS-1875_Porting_Cwbi_Auth_Module

CWMS-1875 - Porting over cwbi-auth-http-client module from cumulus repo

Author: rma-bryson

cwbi-auth-http-client/build.gradle

@@ -0,0 +1,52 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2024 Hydrologic Engineering Center
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+plugins {
+    id "cwms-data-api-client.java-conventions"
+    id "cwms-data-api-client.deps-conventions"
+    id "cwms-data-api-client.publishing-conventions"
+}
+
+dependencies {
+    api(project(":cwms-http-client"))
+
+    implementation(libs.jackson.databind)
+
+    testImplementation(testFixtures(project(":cwms-http-client")))
+    testImplementation(libs.junit.api)
+    testImplementation(platform(libs.okhttp.bom))
+    testImplementation(libs.okhttp)
+    testImplementation(libs.okhttp.mockwebserver)
+    testRuntimeOnly(libs.junit.engine)
+}
+
+
+publishing {
+    publications {
+        maven(MavenPublication) {
+            artifactId = "cwbi-auth-http-client"
+            from components.java
+        }
+    }
+}

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthSslSocketFactory.java

@@ -0,0 +1,58 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2024 Hydrologic Engineering Center
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package hec.army.usace.hec.cwbi.auth.http.client;
+
+import hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.util.List;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+public final class CwbiAuthSslSocketFactory {
+
+    private CwbiAuthSslSocketFactory() {
+        throw new AssertionError("Utility class");
+    }
+
+    /**
+     * Builds SSLSocketFactory configured for CWBI Auth and specified KeyManagers.
+     * @param keyManagers - KeyManager list
+     * @return SSLSocketFactory
+     * @throws IOException - thrown if building SSLSocketFactory failed
+     */
+    public static SSLSocketFactory buildSSLSocketFactory(List<KeyManager> keyManagers) throws IOException {
+        try {
+            SSLContext sc = SSLContext.getInstance("TLS");
+            sc.init(keyManagers.toArray(new KeyManager[]{}),
+                new TrustManager[] {CwbiAuthTrustManager.getTrustManager()}, null);
+            return sc.getSocketFactory();
+        } catch (NoSuchAlgorithmException | KeyManagementException e) {
+            throw new IOException(e);
+        }
+    }
+}

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java

@@ -0,0 +1,88 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2024 Hydrologic Engineering Center
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package hec.army.usace.hec.cwbi.auth.http.client;
+
+import java.io.IOException;
+import javax.net.ssl.SSLSocketFactory;
+import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
+import mil.army.usace.hec.cwms.http.client.auth.OAuth2TokenProvider;
+
+public final class CwbiAuthTokenProvider implements OAuth2TokenProvider {
+
+    private OAuth2Token oauth2Token;
+    private final String url;
+    private final String clientId;
+    private final SSLSocketFactory sslSocketFactory;
+
+    /**
+     * Provider for OAuth2Tokens.
+     *
+     * @param url - URL we are fetching token from
+     * @param clientId - client name
+     * @param sslSocketFactory - ssl socket factory
+     */
+    public CwbiAuthTokenProvider(String url, String clientId, SSLSocketFactory sslSocketFactory) {
+        this.url = url;
+        this.clientId = clientId;
+        this.sslSocketFactory = sslSocketFactory;
+    }
+
+    @Override
+    public OAuth2Token getToken() throws IOException {
+        if (oauth2Token == null) {
+            oauth2Token = newToken();
+        }
+        return oauth2Token;
+    }
+
+    @Override
+    public OAuth2Token newToken() throws IOException {
+        return new DirectGrantX509TokenRequestBuilder()
+            .withSSlSocketFactory(sslSocketFactory)
+            .withUrl(url)
+            .withClientId(clientId)
+            .fetchToken();
+    }
+
+    @Override
+    public OAuth2Token refreshToken() throws IOException {
+        OAuth2Token token = new RefreshTokenRequestBuilder()
+            .withRefreshToken(oauth2Token.getRefreshToken())
+            .withUrl(url)
+            .withClientId(clientId)
+            .fetchToken();
+        oauth2Token = token;
+        return token;
+    }
+
+    //package scoped for testing
+    String getUrl() {
+        return url;
+    }
+
+    //package scoped for testing
+    String getClientId() {
+        return clientId;
+    }
+}

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthUtil.java

@@ -0,0 +1,54 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2024 Hydrologic Engineering Center
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package hec.army.usace.hec.cwbi.auth.http.client;
+
+
+import static hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager.TOKEN_URL;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.Objects;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLSocketFactory;
+import mil.army.usace.hec.cwms.http.client.auth.OAuth2TokenProvider;
+
+public final class CwbiAuthUtil {
+
+    private CwbiAuthUtil() {
+        throw new AssertionError("Utility class");
+    }
+
+    /**
+     * Builds CumulusTokenProvider for retrieving and refreshing tokens for cumulus authentication.
+     * @param keyManager - KeyManager for client
+     * @return OAuth2TokenProvider - CumulusTokenProvider
+     * @throws IOException - thrown if failed to build CumulusTokenProvider
+     */
+    public static OAuth2TokenProvider buildCwbiAuthTokenProvider(String clientId, KeyManager keyManager) throws IOException {
+        SSLSocketFactory sslSocketFactory = CwbiAuthSslSocketFactory.buildSSLSocketFactory(
+            Collections.singletonList(Objects.requireNonNull(keyManager, "Missing required KeyManager")));
+        return new CwbiAuthTokenProvider(TOKEN_URL, clientId, sslSocketFactory);
+    }
+
+}

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/DirectGrantX509TokenRequestBuilder.java

@@ -0,0 +1,76 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2024 Hydrologic Engineering Center
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package hec.army.usace.hec.cwbi.auth.http.client;
+
+import hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager;
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfoBuilder;
+import mil.army.usace.hec.cwms.http.client.HttpRequestBuilderImpl;
+import mil.army.usace.hec.cwms.http.client.HttpRequestResponse;
+import mil.army.usace.hec.cwms.http.client.SslSocketData;
+import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
+import mil.army.usace.hec.cwms.http.client.request.HttpRequestExecutor;
+
+import javax.net.ssl.SSLSocketFactory;
+import java.io.IOException;
+import java.util.Objects;
+
+public final class DirectGrantX509TokenRequestBuilder implements DirectGrantX509TokenRequestFluentBuilder {
+
+    private SslSocketData sslSocketData;
+
+    @Override
+    public TokenRequestFluentBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory) {
+        this.sslSocketData = new SslSocketData(Objects.requireNonNull(sslSocketFactory, "Missing required SSLSocketFactory"),
+            CwbiAuthTrustManager.getTrustManager());
+        return new TokenRequestBuilderImpl();
+    }
+
+    private class TokenRequestBuilderImpl extends TokenRequestBuilder {
+
+        @Override
+        OAuth2Token retrieveToken() throws IOException {
+            OAuth2Token retVal = null;
+            String formBody = new UrlEncodedFormData()
+                .addPassword("")
+                .addGrantType("password")
+                .addScopes("openid", "profile")
+                .addClientId(getClientId())
+                .addUsername("")
+                .buildEncodedString();
+            HttpRequestExecutor executor =
+                new HttpRequestBuilderImpl(new ApiConnectionInfoBuilder(getUrl())
+                    .withSslSocketData(sslSocketData).build())
+                    .post()
+                    .withBody(formBody)
+                    .withMediaType(MEDIA_TYPE);
+            try (HttpRequestResponse response = executor.execute()) {
+                String body = response.getBody();
+                if (body != null) {
+                    retVal = OAuth2ObjectMapper.mapJsonToObject(body, OAuth2Token.class);
+                }
+            }
+            return retVal;
+        }
+    }
+}

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/DirectGrantX509TokenRequestFluentBuilder.java

@@ -0,0 +1,31 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2024 Hydrologic Engineering Center
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package hec.army.usace.hec.cwbi.auth.http.client;
+
+import javax.net.ssl.SSLSocketFactory;
+
+public interface DirectGrantX509TokenRequestFluentBuilder {
+
+    TokenRequestFluentBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory);
+}