-
Notifications
You must be signed in to change notification settings - Fork 4
/
SSCTokenFactoryUserCredentials.java
93 lines (82 loc) · 3.56 KB
/
SSCTokenFactoryUserCredentials.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/*******************************************************************************
* (c) Copyright 2020 Micro Focus or one of its affiliates, a Micro Focus company
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including without
* limitation the rights to use, copy, modify, merge, publish, distribute,
* sublicense, and/or sell copies of the Software, and to permit persons to
* whom the Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY
* KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
* WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
* PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
* DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
* IN THE SOFTWARE.
******************************************************************************/
package com.fortify.client.ssc.connection;
import java.util.Date;
import java.util.regex.Pattern;
import javax.ws.rs.HttpMethod;
import org.apache.commons.codec.binary.Base64;
import com.fortify.util.log4j.LogMaskingHelper;
import com.fortify.util.rest.json.JSONMap;
import lombok.Data;
import lombok.extern.apachecommons.CommonsLog;
/**
* This class is used to generate SSC tokens for accessing the
* SSC REST API. Given an {@link SSCBasicRestConnection} instance
* and SSC userName and password, it will call the SSC /oauth/token
* API to request a REST token. The token will be automatically
* refreshed as required.
*
* @author Ruud Senden
*
*/
@CommonsLog
public final class SSCTokenFactoryUserCredentials implements ISSCTokenFactory {
private final Pattern EXPR_TOKEN = Pattern.compile("\"token\":\"([^\"]+)\"");
private final SSCBasicRestConnection conn;
private final String userName;
private final String password;
private SSCTokenFactoryUserCredentials.TokenData tokenData = null;
public SSCTokenFactoryUserCredentials(SSCBasicRestConnection conn, String userName, String password) {
this.conn = conn;
this.userName = userName;
this.password = password;
}
@Override
public synchronized String getTokenSynchronized() {
return getToken();
}
public String getToken() {
if ( tokenData == null || tokenData.isExpired() ) {
String authHeaderValue = "Basic "+Base64.encodeBase64String((userName+":"+password).getBytes());
LogMaskingHelper.maskByPatternGroups().patterns(EXPR_TOKEN).on(() ->
tokenData = getTokenData(conn.executeRequest(HttpMethod.POST, conn.getBaseResource().path("/api/v1/auth/obtain_token").request().header("Authorization", authHeaderValue), null, JSONMap.class))
);
log.info("[SSC] Obtained access token, expiring at "+tokenData.getTerminalDate().toString());
}
return tokenData.getToken();
}
private TokenData getTokenData(JSONMap json) {
JSONMap data = json.get("data", JSONMap.class);
return new TokenData((String)data.get("token"), data.get("terminalDate", Date.class));
}
@Data
private static final class TokenData {
private final String token;
private final Date terminalDate;
public boolean isExpired() {
return new Date().getTime() > getTerminalDate().getTime();
}
}
}