From d0579235478596b3ad6e50be3a8bb18e0d19fd8a Mon Sep 17 00:00:00 2001 From: Ankit Singh <101859999+ankitmashu@users.noreply.github.com> Date: Wed, 13 Sep 2023 10:08:11 +0530 Subject: [PATCH 1/2] drl did changes in for auditing --- .../rs/proxy/apiserver/ApiServerVerticle.java | 8 +++ .../proxy/apiserver/handlers/AuthHandler.java | 39 ++++++------ .../rs/proxy/authenticator/Constants.java | 9 ++- .../JwtAuthenticationServiceImpl.java | 17 ++++-- .../rs/proxy/authenticator/model/JwtData.java | 61 +++++++++++++++---- 5 files changed, 96 insertions(+), 38 deletions(-) diff --git a/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java b/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java index 07b0cf0..d7f287e 100644 --- a/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java +++ b/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java @@ -3,6 +3,7 @@ import static iudx.rs.proxy.apiserver.response.ResponseUtil.generateResponse; import static iudx.rs.proxy.apiserver.util.ApiServerConstants.*; import static iudx.rs.proxy.apiserver.util.ApiServerConstants.HEADER_PUBLIC_KEY; +import static iudx.rs.proxy.authenticator.Constants.*; import static iudx.rs.proxy.common.Constants.DATABROKER_SERVICE_ADDRESS; import static iudx.rs.proxy.apiserver.util.Util.errorResponse; @@ -612,6 +613,13 @@ private void updateAuditTable(RoutingContext context) { long time = zst.toInstant().toEpochMilli(); String isoTime = zst.truncatedTo(ChronoUnit.SECONDS).toString(); String resourceid= authInfo.getString(ID); + String role = authInfo.getString(ROLE); + String drl = authInfo.getString(DRL); + if (role.equalsIgnoreCase("delegate") && drl != null) { + request.put(DELEGATOR_ID, authInfo.getString(DID)); + } else { + request.put(DELEGATOR_ID, authInfo.getString(USER_ID)); + } JsonObject jsonObject = CatalogueService.getCatalogueItemJson(resourceid); String providerID = jsonObject.getString("provider"); request.put(EPOCH_TIME,time); diff --git a/src/main/java/iudx/rs/proxy/apiserver/handlers/AuthHandler.java b/src/main/java/iudx/rs/proxy/apiserver/handlers/AuthHandler.java index b9ac61c..0b3b301 100644 --- a/src/main/java/iudx/rs/proxy/apiserver/handlers/AuthHandler.java +++ b/src/main/java/iudx/rs/proxy/apiserver/handlers/AuthHandler.java @@ -1,6 +1,7 @@ package iudx.rs.proxy.apiserver.handlers; import static iudx.rs.proxy.apiserver.util.ApiServerConstants.*; +import static iudx.rs.proxy.authenticator.Constants.*; import static iudx.rs.proxy.common.Constants.AUTH_SERVICE_ADDRESS; import static iudx.rs.proxy.common.ResponseUrn.INVALID_TOKEN_URN; import static iudx.rs.proxy.common.ResponseUrn.RESOURCE_NOT_FOUND_URN; @@ -25,13 +26,13 @@ public class AuthHandler implements Handler { private static final Logger LOGGER = LogManager.getLogger(AuthHandler.class); static AuthenticationService authenticator; + static Api api; private final String AUTH_INFO = "authInfo"; private HttpServerRequest request; - static Api api; - public static AuthHandler create(Vertx vertx,Api apiEndpoints) { + public static AuthHandler create(Vertx vertx, Api apiEndpoints) { authenticator = AuthenticationService.createProxy(vertx, AUTH_SERVICE_ADDRESS); - api=apiEndpoints; + api = apiEndpoints; return new AuthHandler(); } @@ -40,21 +41,20 @@ public void handle(RoutingContext context) { request = context.request(); RequestBody requestBody = context.body(); - JsonObject requestJson=null; - if(request!=null) { - if(requestBody.asJsonObject()!=null) { - requestJson=requestBody.asJsonObject().copy(); + JsonObject requestJson = null; + if (request != null) { + if (requestBody.asJsonObject() != null) { + requestJson = requestBody.asJsonObject().copy(); } } - if(requestJson==null) { - requestJson=new JsonObject(); + if (requestJson == null) { + requestJson = new JsonObject(); } String token = request.headers().get(HEADER_TOKEN); final String path = getNormalizedPath(request.path()); final String method = context.request().method().toString(); - if (token == null) token = "public"; JsonObject authInfo = @@ -79,6 +79,9 @@ public void handle(RoutingContext context) { authInfo.put(IID, authHandler.result().getValue(IID)); authInfo.put(USER_ID, authHandler.result().getValue(USER_ID)); authInfo.put("apd", authHandler.result().getValue("apd")); + authInfo.put(ROLE, authHandler.result().getValue(ROLE)); + authInfo.put(DID, authHandler.result().getValue(DID)); + authInfo.put(DRL, authHandler.result().getValue(DRL)); context.data().put(AUTH_INFO, authInfo); } else { processAuthFailure(context, authHandler.cause().getMessage()); @@ -123,11 +126,11 @@ private String getId(RoutingContext context) { String paramId = getId4rmRequest(); String bodyId = getId4rmBody(context); String id; - if (paramId != null && !paramId.isBlank()) { - id = paramId; - } else { - id = bodyId; - } + if (paramId != null && !paramId.isBlank()) { + id = paramId; + } else { + id = bodyId; + } return id; } @@ -170,13 +173,13 @@ private String getNormalizedPath(String url) { path = api.getProviderAuditEndpoint(); } else if (url.matches(api.getPostEntitiesEndpoint())) { path = api.getPostEntitiesEndpoint(); - }else if(url.matches(api.getPostTemporalEndpoint())){ + } else if (url.matches(api.getPostTemporalEndpoint())) { path = api.getPostTemporalEndpoint(); } return path; } - + private String getpathRegex(String path) { - return path+"(.*)"; + return path + "(.*)"; } } diff --git a/src/main/java/iudx/rs/proxy/authenticator/Constants.java b/src/main/java/iudx/rs/proxy/authenticator/Constants.java index 3191b19..51f17fa 100644 --- a/src/main/java/iudx/rs/proxy/authenticator/Constants.java +++ b/src/main/java/iudx/rs/proxy/authenticator/Constants.java @@ -4,7 +4,8 @@ public class Constants { - public static final List OPEN_ENDPOINTS = List.of("/temporal/entities","/entities","/consumer/audit","/entityOperations/query"); + public static final List OPEN_ENDPOINTS = + List.of("/temporal/entities", "/entities", "/consumer/audit", "/entityOperations/query"); public static final long CACHE_TIMEOUT_AMOUNT = 30; public static final String CAT_SEARCH_PATH = "/search"; public static final String AUTH_CERTIFICATE_PATH = "/cert"; @@ -12,5 +13,9 @@ public class Constants { public static final String JSON_USERID = "userid"; public static final String JSON_IID = "iid"; public static final String JSON_EXPIRY = "expiry"; - public static final String JSON_APD="apd"; + public static final String JSON_APD = "apd"; + public static final String ROLE = "role"; + public static final String DRL = "drl"; + public static final String DID = "did"; + public static final String DELEGATOR_ID = "delegatorId"; } diff --git a/src/main/java/iudx/rs/proxy/authenticator/JwtAuthenticationServiceImpl.java b/src/main/java/iudx/rs/proxy/authenticator/JwtAuthenticationServiceImpl.java index 0a7cca3..381668d 100644 --- a/src/main/java/iudx/rs/proxy/authenticator/JwtAuthenticationServiceImpl.java +++ b/src/main/java/iudx/rs/proxy/authenticator/JwtAuthenticationServiceImpl.java @@ -1,5 +1,7 @@ package iudx.rs.proxy.authenticator; +import static iudx.rs.proxy.authenticator.Constants.*; + import com.google.common.cache.Cache; import com.google.common.cache.CacheBuilder; import io.vertx.core.AsyncResult; @@ -30,25 +32,21 @@ import java.time.LocalDateTime; import java.time.ZoneId; import java.time.ZonedDateTime; -import java.util.Arrays; import java.util.concurrent.TimeUnit; import org.apache.http.HttpStatus; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import static iudx.rs.proxy.authenticator.Constants.*; - public class JwtAuthenticationServiceImpl implements AuthenticationService { private static final Logger LOGGER = LogManager.getLogger(JwtAuthenticationServiceImpl.class); - + static WebClient catWebClient; final JWTAuth jwtAuth; final String host; final int port; final String path; final String audience; final CacheService cache; - static WebClient catWebClient; final Api apis; final String catBasePath; // resourceGroupCache will contain ACL info about all resource group in a resource server @@ -106,6 +104,9 @@ public AuthenticationService tokenIntrospect(JsonObject request, JsonObject auth jsonResponse.put(JSON_EXPIRY, (LocalDateTime.ofInstant( Instant.ofEpochSecond(Long.parseLong(result.jwtData.getExp().toString())), ZoneId.systemDefault())).toString()); + jsonResponse.put(ROLE, result.jwtData.getRole()); + jsonResponse.put(DRL, result.jwtData.getDrl()); + jsonResponse.put(DID, result.jwtData.getDid()); return Future.succeededFuture(jsonResponse); } else { return validateAccess(result.jwtData, result.isOpen, authenticationInfo); @@ -216,6 +217,9 @@ public Future validateAccess(JwtData jwtData, boolean openResource, jsonResponse.put(JSON_IID, jwtId); jsonResponse.put(JSON_USERID, jwtData.getSub()); jsonResponse.put(JSON_APD,jwtData.getApd()); + jsonResponse.put(ROLE, jwtData.getRole()); + jsonResponse.put(DRL, jwtData.getDrl()); + jsonResponse.put(DID, jwtData.getDid()); return Future.succeededFuture(jsonResponse); } @@ -236,6 +240,9 @@ public Future validateAccess(JwtData jwtData, boolean openResource, jsonResponse.put(JSON_EXPIRY, (LocalDateTime.ofInstant( Instant.ofEpochSecond(Long.parseLong(jwtData.getExp().toString())), ZoneId.systemDefault())).toString()); + jsonResponse.put(ROLE, jwtData.getRole()); + jsonResponse.put(DRL, jwtData.getDrl()); + jsonResponse.put(DID, jwtData.getDid()); promise.complete(jsonResponse); } else { LOGGER.error("failed - no access provided to endpoint"); diff --git a/src/main/java/iudx/rs/proxy/authenticator/model/JwtData.java b/src/main/java/iudx/rs/proxy/authenticator/model/JwtData.java index ca14575..d5b5fb0 100644 --- a/src/main/java/iudx/rs/proxy/authenticator/model/JwtData.java +++ b/src/main/java/iudx/rs/proxy/authenticator/model/JwtData.java @@ -16,6 +16,16 @@ public final class JwtData { private String role; private JsonObject cons; private JsonObject apd; + private String drl; + private String did; + + public JwtData() { + super(); + } + + public JwtData(JsonObject json) { + JwtDataConverter.fromJson(json, this); + } public JsonObject toJson() { JsonObject json = new JsonObject(); @@ -23,12 +33,20 @@ public JsonObject toJson() { return json; } - public JwtData() { - super(); + public String getDrl() { + return drl; } - public JwtData(JsonObject json) { - JwtDataConverter.fromJson(json, this); + public void setDrl(String drl) { + this.drl = drl; + } + + public String getDid() { + return did; + } + + public void setDid(String did) { + this.did = did; } public String getAccess_token() { @@ -102,7 +120,7 @@ public Integer getIat() { public void setIat(Integer iat) { this.iat = iat; } - + public JsonObject getApd() { return apd; } @@ -113,13 +131,30 @@ public void setApd(JsonObject apd) { @Override public String toString() { - return "JwtData [access_token=" + access_token + ", sub=" + sub + ", iss=" + iss + ", aud=" - + aud + ", exp=" + exp + ", iat=" + iat + ", iid=" + iid + ", role=" + role + ", cons=" - + cons + ", apd=" + apd + "]"; + return "JwtData [access_token=" + + access_token + + ", sub=" + + sub + + ", iss=" + + iss + + ", aud=" + + aud + + ", exp=" + + exp + + ", iat=" + + iat + + ", iid=" + + iid + + ", role=" + + role + + ", cons=" + + cons + + ", apd=" + + apd + + ", drl=" + + drl + + ", did=" + + did + + "]"; } - - - - - } From 97225a60e0dc447b4a774b0d1526434b19d7b680 Mon Sep 17 00:00:00 2001 From: Ankit Singh <101859999+ankitmashu@users.noreply.github.com> Date: Wed, 13 Sep 2023 12:32:43 +0530 Subject: [PATCH 2/2] added type and resourceGroup for auditing_rs --- .../java/iudx/rs/proxy/apiserver/ApiServerVerticle.java | 8 ++++++++ .../iudx/rs/proxy/apiserver/util/ApiServerConstants.java | 2 ++ 2 files changed, 10 insertions(+) diff --git a/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java b/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java index d7f287e..fc98489 100644 --- a/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java +++ b/src/main/java/iudx/rs/proxy/apiserver/ApiServerVerticle.java @@ -622,6 +622,14 @@ private void updateAuditTable(RoutingContext context) { } JsonObject jsonObject = CatalogueService.getCatalogueItemJson(resourceid); String providerID = jsonObject.getString("provider"); + String type = + jsonObject.containsKey(RESOURCE_GROUP) ? "RESOURCE" : "RESOURCE_GROUP"; + String resourceGroup = + jsonObject.containsKey(RESOURCE_GROUP) + ? jsonObject.getString(RESOURCE_GROUP) + : jsonObject.getString(ID); + request.put(RESOURCE_GROUP, resourceGroup); + request.put(TYPE_KEY, type); request.put(EPOCH_TIME,time); request.put(ISO_TIME,isoTime); request.put(USER_ID, authInfo.getValue(USER_ID)); diff --git a/src/main/java/iudx/rs/proxy/apiserver/util/ApiServerConstants.java b/src/main/java/iudx/rs/proxy/apiserver/util/ApiServerConstants.java index 9bccbe5..7b614b7 100644 --- a/src/main/java/iudx/rs/proxy/apiserver/util/ApiServerConstants.java +++ b/src/main/java/iudx/rs/proxy/apiserver/util/ApiServerConstants.java @@ -104,6 +104,8 @@ public class ApiServerConstants { public static final String IID = "iid"; public static final String API = "api"; public static final String USER_ID = "userid"; + public static final String RESOURCE_GROUP = "resourceGroup"; + public static final String TYPE_KEY = "type"; public static final String GEO_QUERY = "geo-query"; public static final String TEMPORAL_QUERY = "temporal-query";