CAIP-79 WIP added basic logic for SKD

Author: broHeryk

symphony/bdk/core/auth/auth_session.py

@@ -5,10 +5,13 @@
 import logging
 
 from symphony.bdk.core.auth.exception import AuthInitializationError
+from symphony.bdk.core.auth.jwt_helper import extract_session_token_claims
+
 
 logger = logging.getLogger(__name__)
 
 EXPIRATION_SAFETY_BUFFER_SECONDS = 5
+SKD_FLAG_NAME = "canUseSimplifiedKeyDelivery"
 
 
 class AuthSession:
@@ -71,6 +74,10 @@ async def key_manager_token(self):
 
         :return: the key manager token
         """
+
+        if await self.skd_enabled:
+            return None
+
         if self._key_manager_token is None:
             self._key_manager_token = await self._authenticator.retrieve_key_manager_token()
         return self._key_manager_token
@@ -91,6 +98,15 @@ def key_manager_token(self, value):
         """
         self._key_manager_token = value
 
+    @property
+    async def skd_enabled(self):
+
+        token_data = extract_session_token_claims(await self.session_token)
+        if not token_data.get(SKD_FLAG_NAME, False):
+            return False
+        return self._authenticator.agent_version_service.is_skd_supported()
+
+
 
 class OboAuthSession(AuthSession):
     """RSA OBO Authentication session handle to get the OBO session token from.

symphony/bdk/core/auth/bot_authenticator.py

@@ -8,6 +8,7 @@
 from symphony.bdk.core.config.model.bdk_retry_config import BdkRetryConfig
 from symphony.bdk.core.retry import retry
 from symphony.bdk.core.retry.strategy import authentication_retry
+from symphony.bdk.core.service.version.agent_version_service import AgentVersionService
 from symphony.bdk.gen.api_client import ApiClient
 from symphony.bdk.gen.auth_api.certificate_authentication_api import CertificateAuthenticationApi
 from symphony.bdk.gen.login_api.authentication_api import AuthenticationApi
@@ -24,6 +25,7 @@ def __init__(self, session_auth_client: ApiClient, key_manager_auth_client: ApiC
         self._session_auth_client = session_auth_client
         self._key_manager_auth_client = key_manager_auth_client
         self._retry_config = retry_config
+        self._agent_version_service = None
 
     async def retrieve_session_token(self) -> str:
         """Authenticates and retrieves a new session token.
@@ -59,6 +61,15 @@ async def _authenticate_and_get_token(self, api_client: ApiClient) -> str:
         :return: the token as a string
         """
 
+    @property
+    def agent_version_service(self) -> Optional[AgentVersionService]:
+        return self._agent_version_service
+
+    @agent_version_service.setter
+    def agent_version_service(self, agent_version_service: AgentVersionService):
+        self._agent_version_service = agent_version_service
+
+
 
 class BotAuthenticatorRsa(BotAuthenticator):
     """Bot authenticator RSA implementation.

symphony/bdk/core/auth/jwt_helper.py

@@ -83,3 +83,10 @@ def _parse_public_key_from_x509_cert(certificate: str) -> str:
         return public_key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo).decode()
     except ValueError as exc:
         raise AuthInitializationError("Unable to parse the certificate. Check certificate format.") from exc
+
+
+def extract_session_token_claims(session_token):
+    return jwt.decode(session_token,
+                      algorithms=["RS512"],
+                      options={"verify_signature": False}
+                      )

symphony/bdk/core/service/version/__init__.py

@@ -0,0 +1,45 @@
+import re
+
+from symphony.bdk.core.auth.auth_session import AuthSession
+from symphony.bdk.core.config.model.bdk_retry_config import BdkRetryConfig
+from symphony.bdk.core.retry import retry
+from symphony.bdk.gen.agent_api.signals_api import SignalsApi
+from symphony.bdk.gen.exceptions import ApiException
+
+MIN_MAJOR_VERSION = 24
+MIN_MINOR_VERSION = 12
+VERSION_REGEXP = r"Agent-(\d+)\.(\d+)\..*"
+
+
+class AgentVersionService:
+    """Service class has one purpose only. It checks if version of agents supports simplified key delivery mechanism
+
+    """
+
+    def __init__(self, signals_api: SignalsApi, auth_session: AuthSession, retry_config: BdkRetryConfig):
+        self._signals_api = signals_api
+        self._retry_config = retry_config
+
+    @retry
+    async def is_skd_supported(self) -> bool:
+        """
+        :return: boolean flag if skd supported for agent
+        """
+        try:
+            agent_info = await self._signals_api.v1_info_get()
+        except ApiException:
+            return False
+        agent_major_version, agent_minor_version = self._parse_version(agent_info.version)
+        if not agent_major_version:
+            return False
+        if agent_major_version == MIN_MAJOR_VERSION:
+            return agent_minor_version >= MIN_MINOR_VERSION
+        return agent_major_version > MIN_MAJOR_VERSION
+
+    @staticmethod
+    def _parse_version(version_string):
+        match = re.match(r"Agent-(\d+)\.(\d+)\..*", version_string)
+        if match:
+            return int(match.group(1)), int(match.group(2))
+
+        return None, None

symphony/bdk/core/service/version/agent_version_service.py

@@ -18,6 +18,7 @@
 from symphony.bdk.core.service.signal.signal_service import SignalService, OboSignalService
 from symphony.bdk.core.service.stream.stream_service import StreamService, OboStreamService
 from symphony.bdk.core.service.user.user_service import UserService, OboUserService
+from symphony.bdk.core.service.version.agent_version_service import AgentVersionService
 from symphony.bdk.gen.agent_api.attachments_api import AttachmentsApi
 from symphony.bdk.gen.agent_api.audit_trail_api import AuditTrailApi
 from symphony.bdk.gen.agent_api.datafeed_api import DatafeedApi
@@ -203,6 +204,14 @@ def get_presence_service(self) -> PresenceService:
             self._config.retry
         )
 
+    def get_agent_version_service(self) -> AgentVersionService:
+        """Returns a fully initialized AgentVersionService
+
+        :return: a new AgentVersionService instance
+        """
+        return AgentVersionService(SignalsApi(self._agent_client),
+                                   self._config.retry)
+
 
 class OboServiceFactory:
     """Factory responsible for creating BDK service instances for OBO-enabled endpoints only:

symphony/bdk/core/service_factory.py

@@ -105,7 +105,8 @@ def __init__(self, config):
                          "You can however use services in OBO mode if app authentication is configured.")
 
     def _initialize_bot_services(self):
-        self._bot_session = AuthSession(self._authenticator_factory.get_bot_authenticator())
+        bot_authenticator = self._authenticator_factory.get_bot_authenticator()
+        self._bot_session = AuthSession(bot_authenticator)
         self._service_factory = ServiceFactory(self._api_client_factory, self._bot_session, self._config)
         self._user_service = self._service_factory.get_user_service()
         self._message_service = self._service_factory.get_message_service()
@@ -123,6 +124,7 @@ def _initialize_bot_services(self):
         self._datafeed_loop.subscribe(self._activity_registry)
         # initialises extension service and register decorated extensions
         self._extension_service = ExtensionService(self._api_client_factory, self._bot_session, self._config)
+        bot_authenticator.agent_version_service = self._service_factory.get_agent_version_service()
 
     @bot_service
     def bot_session(self) -> AuthSession: