add prototype keyflow implementation

Author: marceljk

core/src/main/java/cloud/stackit/sdk/core/ApiException.java

@@ -0,0 +1,152 @@
+package cloud.stackit.sdk.core;
+
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * <p>ApiException class.</p>
+ */
+public class ApiException extends Exception {
+    private static final long serialVersionUID = 1L;
+
+    private int code = 0;
+    private Map<String, List<String>> responseHeaders = null;
+    private String responseBody = null;
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     */
+    public ApiException() {}
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     *
+     * @param throwable a {@link java.lang.Throwable} object
+     */
+    public ApiException(Throwable throwable) {
+        super(throwable);
+    }
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     *
+     * @param message the error message
+     */
+    public ApiException(String message) {
+        super(message);
+    }
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     *
+     * @param message the error message
+     * @param throwable a {@link java.lang.Throwable} object
+     * @param code HTTP status code
+     * @param responseHeaders a {@link java.util.Map} of HTTP response headers
+     * @param responseBody the response body
+     */
+    public ApiException(String message, Throwable throwable, int code, Map<String, List<String>> responseHeaders, String responseBody) {
+        super(message, throwable);
+        this.code = code;
+        this.responseHeaders = responseHeaders;
+        this.responseBody = responseBody;
+    }
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     *
+     * @param message the error message
+     * @param code HTTP status code
+     * @param responseHeaders a {@link java.util.Map} of HTTP response headers
+     * @param responseBody the response body
+     */
+    public ApiException(String message, int code, Map<String, List<String>> responseHeaders, String responseBody) {
+        this(message, null, code, responseHeaders, responseBody);
+    }
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     *
+     * @param message the error message
+     * @param throwable a {@link java.lang.Throwable} object
+     * @param code HTTP status code
+     * @param responseHeaders a {@link java.util.Map} of HTTP response headers
+     */
+    public ApiException(String message, Throwable throwable, int code, Map<String, List<String>> responseHeaders) {
+        this(message, throwable, code, responseHeaders, null);
+    }
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     *
+     * @param code HTTP status code
+     * @param responseHeaders a {@link java.util.Map} of HTTP response headers
+     * @param responseBody the response body
+     */
+    public ApiException(int code, Map<String, List<String>> responseHeaders, String responseBody) {
+        this("Response Code: " + code + " Response Body: " + responseBody, null, code, responseHeaders, responseBody);
+    }
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     *
+     * @param code HTTP status code
+     * @param message a {@link java.lang.String} object
+     */
+    public ApiException(int code, String message) {
+        super(message);
+        this.code = code;
+    }
+
+    /**
+     * <p>Constructor for ApiException.</p>
+     *
+     * @param code HTTP status code
+     * @param message the error message
+     * @param responseHeaders a {@link java.util.Map} of HTTP response headers
+     * @param responseBody the response body
+     */
+    public ApiException(int code, String message, Map<String, List<String>> responseHeaders, String responseBody) {
+        this(code, message);
+        this.responseHeaders = responseHeaders;
+        this.responseBody = responseBody;
+    }
+
+    /**
+     * Get the HTTP status code.
+     *
+     * @return HTTP status code
+     */
+    public int getCode() {
+        return code;
+    }
+
+    /**
+     * Get the HTTP response headers.
+     *
+     * @return A map of list of string
+     */
+    public Map<String, List<String>> getResponseHeaders() {
+        return responseHeaders;
+    }
+
+    /**
+     * Get the HTTP response body.
+     *
+     * @return Response body in the form of string
+     */
+    public String getResponseBody() {
+        return responseBody;
+    }
+
+    /**
+     * Get the exception message including HTTP response data.
+     *
+     * @return The exception message
+     */
+    public String getMessage() {
+        return String.format("Message: %s%nHTTP response code: %s%nHTTP response body: %s%nHTTP response headers: %s",
+                super.getMessage(), this.getCode(), this.getResponseBody(), this.getResponseHeaders());
+    }
+}

core/src/main/java/cloud/stackit/sdk/core/KeyFlowAuthenticator.java

@@ -0,0 +1,152 @@
+package cloud.stackit.sdk.core;
+
+import cloud.stackit.sdk.core.model.ServiceAccountCredentials;
+import cloud.stackit.sdk.core.model.ServiceAccountKey;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.google.gson.Gson;
+import com.google.gson.annotations.SerializedName;
+import okhttp3.*;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.nio.charset.StandardCharsets;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+
+public class KeyFlowAuthenticator {
+    private final String REFRESH_TOKEN = "refresh_token";
+    private final String ASSERTION = "assertion";
+
+    private final OkHttpClient httpClient;
+    private final ServiceAccountKey saKey;
+    private KeyFlowTokenResponse token;
+    private final Gson gson;
+    private final String tokenUrl;
+
+    private static class KeyFlowTokenResponse {
+        @SerializedName("access_token")
+        private String accessToken;
+        @SerializedName("refresh_token")
+        private String refreshToken;
+        @SerializedName("expires_in")
+        private long expiresIn;
+        @SerializedName("scope")
+        private String scope;
+        @SerializedName("token_type")
+        private String tokenType;
+
+        public boolean isExpired() {
+            return expiresIn < new Date().toInstant().minusSeconds(60).getEpochSecond();
+        }
+
+        public String getAccessToken() {
+            return accessToken;
+        }
+    }
+
+    public KeyFlowAuthenticator(ServiceAccountKey saKey) {
+        this.saKey = saKey;
+        this.gson = new Gson();
+        this.httpClient = new OkHttpClient.Builder()
+                .connectTimeout(10, TimeUnit.SECONDS)
+                .writeTimeout(10, TimeUnit.SECONDS)
+                .readTimeout(30, TimeUnit.SECONDS)
+                .build();
+        this.tokenUrl = "https://service-account.api.stackit.cloud/token";
+        createAccessToken();
+    }
+
+
+    public synchronized String getAccessToken() throws IOException {
+        if (token == null || token.isExpired()) {
+            createAccessTokenWithRefreshToken();
+        }
+        return token.getAccessToken();
+    }
+
+    private void createAccessToken() {
+        String grant = "urn:ietf:params:oauth:grant-type:jwt-bearer";
+        String assertion = generateSelfSignedJWT();
+        try(Response response = requestToken(grant, assertion).execute()) {
+            parseTokenResponse(response);
+        } catch (IOException | ApiException e) {
+            e.printStackTrace();
+        }
+    }
+
+    private synchronized void createAccessTokenWithRefreshToken() throws IOException {
+        String refreshToken = token.refreshToken;
+        try (Response response = requestToken(REFRESH_TOKEN, refreshToken).execute()) {
+            parseTokenResponse(response);
+        } catch (ApiException e) {
+            e.printStackTrace();
+        }
+    }
+
+    private synchronized void parseTokenResponse(Response response) throws ApiException {
+        if (response.code() != HttpURLConnection.HTTP_OK) {
+            String body = null;
+            if (response.body() != null) {
+                body = response.body().toString();
+                response.body().close();
+            }
+            throw new ApiException(response.message(), response.code(), response.headers().toMultimap(), body);
+        }
+        if (response.body() == null) {
+            throw new ApiException("body from token creation is null");
+        }
+
+        token = gson.fromJson(new InputStreamReader(response.body().byteStream(), StandardCharsets.UTF_8), KeyFlowTokenResponse.class);
+        token.expiresIn = JWT.decode(token.accessToken).getExpiresAt().toInstant().getEpochSecond();
+        response.body().close();
+    }
+
+    private Call requestToken(String grant, String assertion) throws IOException {
+        FormBody.Builder bodyBuilder = new FormBody.Builder();
+        bodyBuilder.addEncoded("grant_type", grant);
+        if (grant.equals(REFRESH_TOKEN)) {
+            bodyBuilder.addEncoded(REFRESH_TOKEN, assertion);
+        } else {
+            bodyBuilder.addEncoded(ASSERTION, assertion);
+        }
+        FormBody body = bodyBuilder.build();
+
+        Request request = new Request.Builder()
+                .url(tokenUrl)
+                .post(body)
+                .addHeader("Content-Type", "application/x-www-form-urlencoded")
+                .build();
+        return httpClient.newCall(request);
+    }
+
+    private String generateSelfSignedJWT() {
+        RSAPrivateKey prvKey = saKey.getCredentials().getPrivateKeyParsed();
+        Algorithm algorithm = null;
+        try {
+            algorithm  = Algorithm.RSA512(prvKey);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        Map<String, Object> jwtHeader = new HashMap<>();
+        jwtHeader.put("kid", saKey.getCredentials().getKid());
+
+        return JWT.create()
+                .withIssuer(saKey.getCredentials().getIss())
+                .withSubject(saKey.getCredentials().getSub().toString())
+                .withJWTId(UUID.randomUUID().toString())
+                .withAudience(saKey.getCredentials().getAud())
+                .withIssuedAt(new Date())
+                .withExpiresAt(new Date().toInstant().plusSeconds(10 * 60))
+                .withHeader(jwtHeader)
+                .sign(algorithm);
+    }
+}

core/src/main/java/cloud/stackit/sdk/core/keyflow/KeyFlowInterceptor.java

@@ -0,0 +1,27 @@
+package cloud.stackit.sdk.core.keyflow;
+
+import cloud.stackit.sdk.core.KeyFlowAuthenticator;
+import okhttp3.Interceptor;
+import okhttp3.Request;
+import okhttp3.Response;
+
+import java.io.IOException;
+
+public class KeyFlowInterceptor implements Interceptor {
+    private final KeyFlowAuthenticator authenticator;
+
+    public KeyFlowInterceptor(KeyFlowAuthenticator authenticator) {
+        this.authenticator = authenticator;
+    }
+
+    @Override
+    public Response intercept(Chain chain) throws IOException {
+        Request originalRequest = chain.request();
+        String accessToken = authenticator.getAccessToken();
+
+        Request authenticatedRequest = originalRequest.newBuilder()
+                .header("Authorization", "Bearer " + accessToken)
+                .build();
+        return chain.proceed(authenticatedRequest);
+    }
+}

core/src/main/java/cloud/stackit/sdk/core/model/ServiceAccountCredentials.java

@@ -0,0 +1,65 @@
+package cloud.stackit.sdk.core.model;
+
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+import java.util.UUID;
+
+public class ServiceAccountCredentials {
+    private final String aud;
+    private final String iss;
+    private final String kid;
+    private final String privateKey;
+    private final UUID sub;
+
+    public ServiceAccountCredentials(String aud, String iss, String kid, String privateKey, UUID sub) {
+        this.aud = aud;
+        this.iss = iss;
+        this.kid = kid;
+        this.privateKey = privateKey;
+        this.sub = sub;
+    }
+
+    public String getAud() {
+        return aud;
+    }
+
+    public String getIss() {
+        return iss;
+    }
+
+    public String getKid() {
+        return kid;
+    }
+
+    public String getPrivateKey() {
+        return privateKey;
+    }
+
+    public UUID getSub() {
+        return sub;
+    }
+
+    public RSAPrivateKey getPrivateKeyParsed() {
+        RSAPrivateKey prvKey = null;
+        try {
+            String trimmedKey = privateKey.replaceFirst("-----BEGIN PRIVATE KEY-----", "");
+            trimmedKey = trimmedKey.replaceFirst("-----END PRIVATE KEY-----", "");
+            trimmedKey = trimmedKey.replaceAll("\n","");
+
+            byte[] privateBytes = Base64.getDecoder().decode(trimmedKey);
+            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateBytes);
+            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+            prvKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
+        } catch (InvalidKeySpecException e) {
+            e.printStackTrace();
+        } catch (NoSuchAlgorithmException e) {
+            System.out.println(e);
+        }
+        return prvKey;
+    }
+}