Support OAuth2 (#127)

Signed-off-by: AlbertWaninge <[email protected]>

Author: albertGopacs

CHANGELOG.md

@@ -0,0 +1,18 @@
+# Changelog
+
+Starting from version 3.0.0, all notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [3.0.0]
+
+### Added
+
+- Support for authorization when sending UFTP messages. This entails:  
+  - the addition of the ParticipantAuthorizationProvider interface that is used to take care of the authorization
+  - a stub implementation of ParticipantAuthorizationProvider in the spring-module, which throws an exception when called
+  - the extension of UftpParticipantInformation with a property that tells whether authorization is required
+  - see README.md for more details
+
+

README.md

@@ -411,3 +411,18 @@ Useful tools for creating a key pair, signing and verifying UFTP messages:
 
 Each payload message `*.xml` has a `*Signed.xml` counterpart which contains the same message but
 signed (encrypted using the private key) in a `SignedMessage`.
+
+## Sending messages to participants that require authorization
+Starting from version 3.0.0, the Shapeshifter library supports sending messages to participants that require 
+authorization. This means that the sender must have a valid token to send a message to the recipient.
+
+Your implementation of `UftpParticipantService`, which returns `UftpParticipantInformation` instances, must tell
+whether the UFTP participant requires authorization in order to send messages to it. 
+The `UftpSendMessageService` will check whether the recipient requires authorization and, if so, will call the 
+`ParticipantAuthorizationProvider` to take care of the authorization for that participant and receive the Authorization
+header. If you are using the shapeshifter-spring library, a stub implementation of the `ParticipantAuthorizationProvider`
+that throws UnsupportedOperationException is provided. This is enough when you have no participants that require 
+authorization. If you don't use the spring library or you have participants that require authorization, you must provide
+your own implementation of the `ParticipantAuthorizationProvider`.
+
+

api/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.lfenergy.shapeshifter</groupId>
     <artifactId>shapeshifter-library</artifactId>
-    <version>2.7.0-SNAPSHOT</version>
+    <version>3.0.0-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
@@ -46,6 +46,11 @@
       <artifactId>assertj-core</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>net.datafaker</groupId>
+      <artifactId>datafaker</artifactId>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <build>

api/src/main/java/org/lfenergy/shapeshifter/api/model/UftpParticipantInformation.java

@@ -4,4 +4,13 @@
 
 package org.lfenergy.shapeshifter.api.model;
 
-public record UftpParticipantInformation(String domain, String publicKey, String endpoint) {}
+/**
+ * Data transfer object for UFTP participant information.
+ *
+ * @param domain The domain of the participant. It is not not be confused with the 'endpoint' for UFTP communication,
+ *               but rather serves as an identifier for the participant.
+ * @param publicKey The public key of the participant.
+ * @param endpoint The endpoint of the participant. This is the URL where the participant can be reached.
+ * @param requiresAuthorization Specifies whether the participant requires authorization to communicate with it.
+ */
+public record UftpParticipantInformation(String domain, String publicKey, String endpoint, boolean requiresAuthorization) {}

api/src/test/java/org/lfenergy/shapeshifter/api/model/UftpParticipantInformationTest.java

@@ -6,20 +6,28 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+import net.bytebuddy.utility.RandomString;
 import org.junit.jupiter.api.Test;
+import org.junit.platform.commons.util.StringUtils;
+
+import java.util.Random;
 
 class UftpParticipantInformationTest {
 
-  public static final String DOMAIN = "DOMAIN";
-  public static final String ENDPOINT = "ENDPOINT";
-  public static final String PUBLIC_KEY = "PUBLIC_KEY";
 
   @Test
   void construction() {
-    var testSubject = new UftpParticipantInformation(DOMAIN, PUBLIC_KEY, ENDPOINT);
+    Random random = new Random();
+    String domain = "DOMAIN" + random.nextInt();
+    String endpoint = "ENDPOINT"  + random.nextInt();
+    String publicKey = "PUBLIC_KEY" + random.nextInt();
+    boolean requiresAuth = random.nextBoolean();
+
+    var testSubject = new UftpParticipantInformation(domain, publicKey, endpoint, requiresAuth);
 
-    assertThat(testSubject.domain()).isEqualTo(DOMAIN);
-    assertThat(testSubject.publicKey()).isEqualTo(PUBLIC_KEY);
-    assertThat(testSubject.endpoint()).isEqualTo(ENDPOINT);
+    assertThat(testSubject.domain()).isEqualTo(domain);
+    assertThat(testSubject.publicKey()).isEqualTo(publicKey);
+    assertThat(testSubject.endpoint()).isEqualTo(endpoint);
+    assertThat(testSubject.requiresAuthorization()).isEqualTo(requiresAuth);
   }
 }

core/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.lfenergy.shapeshifter</groupId>
     <artifactId>shapeshifter-library</artifactId>
-    <version>2.7.0-SNAPSHOT</version>
+    <version>3.0.0-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
@@ -129,6 +129,12 @@
       <artifactId>assertj-core</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>net.datafaker</groupId>
+      <artifactId>datafaker</artifactId>
+      <scope>test</scope>
+    </dependency>
+
     <!-- Configure a test application without UftpConnector mapping test beans -->
     <dependency>
       <groupId>org.wiremock</groupId>

core/src/main/java/org/lfenergy/shapeshifter/core/service/ParticipantAuthorizationProvider.java

@@ -0,0 +1,18 @@
+package org.lfenergy.shapeshifter.core.service;
+
+import org.lfenergy.shapeshifter.core.model.UftpParticipant;
+
+/**
+ * The ParticipantAuthorizationProvider provides a method to get the Authorization header value for a given participant.
+ */
+public interface ParticipantAuthorizationProvider {
+
+    /**
+     * Method that returns the complete header value of the 'Authorization' header for the given participant.
+     *
+     * @param participant The participant for whom the Authorization header is requested
+     *
+     */
+    String getAuthorizationHeader(UftpParticipant participant);
+
+}

core/src/main/java/org/lfenergy/shapeshifter/core/service/participant/ParticipantResolutionService.java

@@ -24,6 +24,10 @@ public String getPublicKey(USEFRoleType senderRole, String senderDomain) {
     return getDomain(senderRole, senderDomain).publicKey();
   }
 
+  public UftpParticipantInformation getParticipantInformation(UftpParticipant recipient) {
+    return getDomain(recipient.role(), recipient.domain());
+  }
+
   private UftpParticipantInformation getDomain(USEFRoleType role, String domain) {
     return uftpParticipantService.getParticipantInformation(role, domain).orElseThrow(
         () -> new UftpConnectorException("No participant found for " + domain + " in " + role));

core/src/main/java/org/lfenergy/shapeshifter/core/service/sending/UftpSendMessageService.java

@@ -13,16 +13,19 @@
 import java.net.http.HttpResponse.BodyHandlers;
 import java.text.MessageFormat;
 import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Set;
 
 import lombok.NonNull;
 import lombok.extern.apachecommons.CommonsLog;
 import org.lfenergy.shapeshifter.api.PayloadMessageResponseType;
 import org.lfenergy.shapeshifter.api.PayloadMessageType;
+import org.lfenergy.shapeshifter.api.model.UftpParticipantInformation;
 import org.lfenergy.shapeshifter.core.common.HttpStatusCode;
 import org.lfenergy.shapeshifter.core.model.SigningDetails;
 import org.lfenergy.shapeshifter.core.model.UftpMessage;
-import org.lfenergy.shapeshifter.core.model.UftpParticipant;
+import org.lfenergy.shapeshifter.core.service.ParticipantAuthorizationProvider;
 import org.lfenergy.shapeshifter.core.service.crypto.UftpCryptoService;
 import org.lfenergy.shapeshifter.core.service.participant.ParticipantResolutionService;
 import org.lfenergy.shapeshifter.core.service.serialization.UftpSerializer;
@@ -60,6 +63,7 @@ public class UftpSendMessageService {
     private final UftpSerializer serializer;
     private final UftpCryptoService cryptoService;
     private final ParticipantResolutionService participantService;
+    private final ParticipantAuthorizationProvider participantAuthorizationProvider;
     private final UftpValidationService uftpValidationService;
     private final HttpClient httpClient;
 
@@ -69,8 +73,9 @@ public class UftpSendMessageService {
     public UftpSendMessageService(@NonNull UftpSerializer serializer,
                                   @NonNull UftpCryptoService cryptoService,
                                   @NonNull ParticipantResolutionService participantService,
+                                  @NonNull ParticipantAuthorizationProvider participantAuthorizationProvider,
                                   @NonNull UftpValidationService uftpValidationService) {
-        this(serializer, cryptoService, participantService, uftpValidationService, HttpClient.newHttpClient());
+        this(serializer, cryptoService, participantService, participantAuthorizationProvider, uftpValidationService, HttpClient.newHttpClient());
     }
 
     /**
@@ -79,11 +84,13 @@ public UftpSendMessageService(@NonNull UftpSerializer serializer,
     public UftpSendMessageService(@NonNull UftpSerializer serializer,
                                   @NonNull UftpCryptoService cryptoService,
                                   @NonNull ParticipantResolutionService participantService,
+                                  @NonNull ParticipantAuthorizationProvider participantAuthorizationProvider,
                                   @NonNull UftpValidationService uftpValidationService,
                                   @NonNull HttpClient httpClient) {
         this.serializer = serializer;
         this.cryptoService = cryptoService;
         this.participantService = participantService;
+        this.participantAuthorizationProvider = participantAuthorizationProvider;
         this.uftpValidationService = uftpValidationService;
         this.httpClient = httpClient;
     }
@@ -116,7 +123,13 @@ public void attemptToValidateAndSendMessage(@NonNull PayloadMessageType payloadM
 
     private void doSend(PayloadMessageType payloadMessage, SigningDetails details) {
         String signedXml = getSignedXml(payloadMessage, details);
-        send(signedXml, details.recipient());
+        UftpParticipantInformation participantInformation = participantService.getParticipantInformation(details.recipient());
+        String url = participantInformation.endpoint();
+        Map<String, String> additionalHeaders = new HashMap<>();
+        if (participantInformation.requiresAuthorization()) {
+            additionalHeaders.put("Authorization", participantAuthorizationProvider.getAuthorizationHeader(details.recipient()));
+        }
+        send(signedXml, url, additionalHeaders, MAX_FOLLOW_REDIRECTS);
     }
 
     private String getSignedXml(PayloadMessageType payloadMessage, SigningDetails details) {
@@ -125,20 +138,18 @@ private String getSignedXml(PayloadMessageType payloadMessage, SigningDetails de
         return serializer.toXml(signedMessage);
     }
 
-    private void send(String signedXml, UftpParticipant recipient) {
-        var url = participantService.getEndPointUrl(recipient);
-        send(signedXml, url, MAX_FOLLOW_REDIRECTS);
-    }
-
-    private void send(String signedXml, String url, int maxFollowRedirects) {
+    private void send(String signedXml, String url, Map<String, String> additionalHeaders, int maxFollowRedirects) {
         try {
             log.debug(String.format("Sending message to: %s", url));
 
-            var request = HttpRequest.newBuilder()
+            var requestBuilder = HttpRequest.newBuilder()
                     .uri(new URI(url))
                     .POST(BodyPublishers.ofString(signedXml))
-                    .setHeader("Content-Type", "text/xml")
-                    .build();
+                    .setHeader("Content-Type", "text/xml");
+            for (var header : additionalHeaders.entrySet()) {
+                requestBuilder.setHeader(header.getKey(), header.getValue());
+            }
+            var request = requestBuilder.build();
 
             var response = httpClient.send(request, BodyHandlers.ofString());
 
@@ -154,7 +165,7 @@ private void send(String signedXml, String url, int maxFollowRedirects) {
                     var redirectUrl = response.headers().firstValue(REDIRECT_LOCATION_HEADER_NAME)
                             .orElseThrow(() -> new UftpServerErrorException(MessageFormat.format(MSG_MISSING_REDIRECT_LOCATION, url), httpStatusCode));
 
-                    send(signedXml, redirectUrl, maxFollowRedirects - 1);
+                    send(signedXml, redirectUrl, additionalHeaders, maxFollowRedirects - 1);
                 } else if (httpStatusCode.isClientError()) {
                     throw new UftpClientErrorException(MessageFormat.format(MSG_CLIENT_ERROR, response.statusCode(), url, response.body()), httpStatusCode);
                 } else if (httpStatusCode.isServerError()) {

core/src/test/java/org/lfenergy/shapeshifter/core/common/xsd/XsdSchemaPoolTest.java

@@ -85,7 +85,7 @@ void create_throws() throws Exception {
 
     verify(factoryPool).release(factory);
   }
-
+  
   @Test
   void create_violate_xxe_then_fail() {
     doTestXXE(XXE_ATTACK, "DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true.");