Post review fixes. Test fixes.

035d2e14 · Dustin Jenkins · fdaefc31 · 035d2e14
Commit 035d2e14 authored 8 years ago by Dustin Jenkins
--- a/cadc-access-control/src/main/java/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/cadc-access-control/src/main/java/ca/nrc/cadc/ac/client/GMSClient.java
@@ -74,7 +74,8 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
+import java.io.FileNotFoundException;
 import java.net.URI;
 import java.net.URL;
 import java.security.AccessControlContext;
@@ -85,12 +86,23 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
-import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLSocketFactory;
 import javax.security.auth.Subject;
-import ca.nrc.cadc.auth.*;
+import ca.nrc.cadc.auth.AuthenticationUtil;
-import ca.nrc.cadc.net.*;
+import ca.nrc.cadc.auth.AuthMethod;
+import ca.nrc.cadc.auth.HttpPrincipal;
+import ca.nrc.cadc.auth.SSOCookieCredential;
+import ca.nrc.cadc.auth.X509CertificateChain;
+import ca.nrc.cadc.auth.SSLUtil;
+import ca.nrc.cadc.net.HttpDownload;
+import ca.nrc.cadc.net.HttpPost;
+import ca.nrc.cadc.net.HttpTransfer;
+import ca.nrc.cadc.net.HttpUpload;
+import ca.nrc.cadc.net.HttpDelete;
+import ca.nrc.cadc.net.NetUtil;
+import ca.nrc.cadc.net.InputStreamWrapper;
 import org.apache.log4j.Logger;
 import ca.nrc.cadc.ac.Group;
@@ -173,8 +185,7 @@ public class GMSClient implements TransferListener
        throws GroupAlreadyExistsException, AccessControlException,
               UserNotFoundException, WriterException, IOException
    {
-        URL createGroupURL = getRegistryClient()
+        URL createGroupURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        log.debug("createGroupURL request to " + createGroupURL.toString());
        // reset the state of the cache
@@ -245,8 +256,7 @@ public class GMSClient implements TransferListener
    public Group getGroup(String groupName)
        throws GroupNotFoundException, AccessControlException, IOException
    {
-        URL groupsURL = getRegistryClient()
+        URL groupsURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL getGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName);
        log.debug("getGroup request to " + getGroupURL.toString());
@@ -301,12 +311,11 @@ public class GMSClient implements TransferListener
    public List<String> getGroupNames()
        throws AccessControlException, IOException
    {
-        URL getGroupNamesURL = getRegistryClient()
+        URL getGroupNamesURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        log.debug("getGroupNames request to " + getGroupNamesURL.toString());
-        final List<String> groupNames = new ArrayList<String>();
+        final List<String> groupNames = new ArrayList<>();
        final HttpDownload httpDownload =
                new HttpDownload(getGroupNamesURL, new InputStreamWrapper()
        {
@@ -379,8 +388,7 @@ public class GMSClient implements TransferListener
        throws IllegalArgumentException, GroupNotFoundException, UserNotFoundException,
               AccessControlException, WriterException, IOException
    {
-        URL groupsURL = getRegistryClient()
+        URL groupsURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL updateGroupURL = new URL(groupsURL.toExternalForm() + "/" + group.getID().getName());
        log.debug("updateGroup request to " + updateGroupURL.toString());
@@ -424,20 +432,6 @@ public class GMSClient implements TransferListener
        }
        return getGroup(group.getID().getName());
-// Cookie gets lost when following redirect and pulling the XML down!
-//        try
-//        {
-//            String retXML = transfer.getResponseBody();
-//            log.debug("getGroup returned: " + retXML);
-//            GroupReader groupReader = new GroupReader();
-//            return groupReader.read(retXML);
-//        }
-//        catch (Exception bug)
-//        {
-//            log.error("Unexpected exception", bug);
-//            throw new RuntimeException(bug);
-//        }
    }
    /**
@@ -451,8 +445,7 @@ public class GMSClient implements TransferListener
    public void deleteGroup(String groupName)
        throws GroupNotFoundException, AccessControlException, IOException
    {
-        URL groupsURL = getRegistryClient()
+        URL groupsURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL deleteGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName);
        log.debug("deleteGroup request to " + deleteGroupURL.toString());
@@ -467,9 +460,7 @@ public class GMSClient implements TransferListener
        if (error != null)
        {
            // transfer returns a -1 code for anonymous access.
-            if ((delete.getResponseCode() == -1) ||
+            if (error instanceof AccessControlException)
-                (delete.getResponseCode() == 401) ||
-                (delete.getResponseCode() == 403))
            {
                throw new AccessControlException(error.getMessage());
            }
@@ -477,7 +468,7 @@ public class GMSClient implements TransferListener
            {
                throw new IllegalArgumentException(error.getMessage());
            }
-            if (delete.getResponseCode() == 404)
+            if (error instanceof FileNotFoundException)
            {
                throw new GroupNotFoundException(error.getMessage());
            }
@@ -502,8 +493,7 @@ public class GMSClient implements TransferListener
    {
        String path = "/" + targetGroupName + "/groupMembers/" + groupMemberName;
-        URL groupsURL = getRegistryClient()
+        URL groupsURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL addGroupMemberURL = new URL(groupsURL.toExternalForm() + path);
        log.debug("addGroupMember request to " + addGroupMemberURL.toString());
@@ -563,8 +553,7 @@ public class GMSClient implements TransferListener
        String userIDType = AuthenticationUtil.getPrincipalType(userID);
        String path = "/" + targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
-        URL groupsURL = getRegistryClient()
+        URL groupsURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL addUserMemberURL = new URL(groupsURL.toExternalForm() + path);
        log.debug("addUserMember request to " + addUserMemberURL.toString());
@@ -620,8 +609,7 @@ public class GMSClient implements TransferListener
    {
        String path = "/" + targetGroupName + "/groupMembers/" + groupMemberName;
-        URL groupsURL = getRegistryClient()
+        URL groupsURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL removeGroupMemberURL = new URL(groupsURL.toExternalForm() + path);
        log.debug("removeGroupMember request to " +
                  removeGroupMemberURL.toString());
@@ -637,17 +625,15 @@ public class GMSClient implements TransferListener
        if (error != null)
        {
            // transfer returns a -1 code for anonymous access.
-            if ((delete.getResponseCode() == -1) ||
+            if (error instanceof AccessControlException)
-                (delete.getResponseCode() == 401) ||
-                (delete.getResponseCode() == 403))
            {
-                throw new AccessControlException(error.getMessage());
+                throw ((AccessControlException) error);
            }
            if (delete.getResponseCode() == 400)
            {
                throw new IllegalArgumentException(error.getMessage());
            }
-            if (delete.getResponseCode() == 404)
+            if (error instanceof FileNotFoundException)
            {
                throw new GroupNotFoundException(error.getMessage());
            }
@@ -673,8 +659,7 @@ public class GMSClient implements TransferListener
        log.debug("removeUserMember: " + targetGroupName + " - " + userID.getName() + " type: " + userIDType);
        String path = "/" + targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
-        URL groupsURL = getRegistryClient()
+        URL groupsURL = lookupServiceURL(Standards.GMS_GROUPS_01);
-            .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, getAuthMethod());
        URL removeUserMemberURL = new URL(groupsURL.toExternalForm() + path);
        log.debug("removeUserMember: " + removeUserMemberURL.toString());
@@ -690,9 +675,7 @@ public class GMSClient implements TransferListener
        if (error != null)
        {
            // transfer returns a -1 code for anonymous access.
-            if ((delete.getResponseCode() == -1) ||
+            if (error instanceof AccessControlException)
-                (delete.getResponseCode() == 401) ||
-                (delete.getResponseCode() == 403))
            {
                throw new AccessControlException(error.getMessage());
            }
@@ -700,7 +683,7 @@ public class GMSClient implements TransferListener
            {
                throw new IllegalArgumentException(error.getMessage());
            }
-            if (delete.getResponseCode() == 404)
+            if (error instanceof FileNotFoundException)
            {
                String errMessage = error.getMessage();
                if (errMessage != null && errMessage.toLowerCase().contains("user"))
@@ -760,19 +743,11 @@ public class GMSClient implements TransferListener
            }
        }
-        //String idType = AuthenticationUtil.getPrincipalType(userID);
-        //String id = userID.getName();
        String roleString = role.getValue();
+        URL searchURL = lookupServiceURL(Standards.GMS_SEARCH_01);
+        URL getMembershipsURL = new URL(searchURL.toExternalForm()
-        StringBuilder searchGroupPath = new StringBuilder("?");
+                                        + "?ROLE="
-        //searchGroupURL.append("ID=").append(NetUtil.encode(id));
+                                        + NetUtil.encode(roleString));
-        //searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType));
-        searchGroupPath.append("ROLE=").append(NetUtil.encode(roleString));
-        URL searchURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01, getAuthMethod());
-        URL getMembershipsURL = new URL(searchURL.toExternalForm() + searchGroupPath.toString());
        log.debug("getMemberships request to " + getMembershipsURL.toString());
        ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -870,25 +845,17 @@ public class GMSClient implements TransferListener
            }
        }
-        //String idType = AuthenticationUtil.getPrincipalType(userID);
-        //String id = userID.getName();
        String roleString = role.getValue();
-        StringBuilder searchGroupPath = new StringBuilder("?");
+        String searchGroupPath = "?ROLE=" + NetUtil.encode(roleString) +
+                                 "&GROUPID=" + NetUtil.encode(groupName);
-        //searchGroupURL.append("ID=").append(NetUtil.encode(id));
+        URL searchURL = lookupServiceURL(Standards.GMS_SEARCH_01);
-        //searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType));
+        URL getMembershipURL = new URL(searchURL.toExternalForm() + searchGroupPath);
-        searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString));
-        searchGroupPath.append("&GROUPID=").append(NetUtil.encode(groupName));
-        URL searchURL = getRegistryClient()
-            .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01, getAuthMethod());
-        URL getMembershipURL = new URL(searchURL.toExternalForm() + searchGroupPath.toString());
        log.debug("getMembership request to " + getMembershipURL.toString());
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        HttpDownload transfer = new HttpDownload(getMembershipURL, out);
        transfer.setSSLSocketFactory(getSSLSocketFactory());
        transfer.run();
@@ -1125,6 +1092,34 @@ public class GMSClient implements TransferListener
        return new RegistryClient();
    }
+    /**
+     * Lookup the Service URL for the given standard.  The current AuthMethod
+     * will be taken into account.
+     *
+     * @param standard  The URI standard to look up.
+     * @return          URL for the service.
+     * @throws AccessControlException       If the URL cannot be found for the
+     *                                      provided AuthMethod.
+     */
+    private URL lookupServiceURL(final URI standard)
+            throws AccessControlException
+    {
+        final URL serviceURL = getRegistryClient()
+                .getServiceURL(this.serviceID, standard, getAuthMethod());
+        if (serviceURL == null)
+        {
+            throw new AccessControlException(
+                    String.format("Unable to get Service URL for '%s', '%s', '%s'",
+                                  serviceID.toString(), Standards.GMS_GROUPS_01,
+                                  getAuthMethod()));
+        }
+        else
+        {
+            return serviceURL;
+        }
+    }
    private AuthMethod getAuthMethod()
    {
        Subject subject = AuthenticationUtil.getCurrentSubject();
@@ -1139,7 +1134,12 @@ public class GMSClient implements TransferListener
                // AuthMethod.PASSWORD not supported
                // AuthMethod.TOKEN not supported
            }
+            throw new AccessControlException("No valid public credentials.");
+        }
+        else
+        {
+            return AuthMethod.ANON;
        }
-        return AuthMethod.ANON;
    }
 }