in custos-services/custos-integration-services/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/ResourceSecretManagementAuthInterceptorImpl.java [52:206]
public <ReqT> ReqT intercept(String method, Metadata headers, ReqT reqT) {
if (method.equals("getSecret")) {
Optional<AuthClaim> claim = authorize(headers);
return claim.map(cl -> {
String oauthId = cl.getIamAuthId();
String oauthSec = cl.getIamAuthSecret();
long tenantId = cl.getTenantId();
return (ReqT) ((GetSecretRequest) reqT).toBuilder()
.setClientId(oauthId)
.setClientSec(oauthSec)
.setTenantId(tenantId)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("getJWKS")) {
Optional<AuthClaim> claim = authorize(headers);
return claim.map(cl -> {
String oauthId = cl.getIamAuthId();
String oauthSec = cl.getIamAuthSecret();
long tenantId = cl.getTenantId();
return (ReqT) ((GetJWKSRequest) reqT).toBuilder()
.setClientId(oauthId)
.setClientSecret(oauthSec)
.setTenantId(tenantId)
.build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("getAllResourceCredentialSummaries")) {
String clientId = ((GetResourceCredentialSummariesRequest) reqT).getClientId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
return (ReqT) ((GetResourceCredentialSummariesRequest) reqT).toBuilder()
.setTenantId(cl.getTenantId()).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("addSSHCredential")) {
String clientId = ((SSHCredential) reqT).getMetadata().getClientId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
SecretMetadata metadata = ((SSHCredential) reqT).getMetadata().toBuilder()
.setTenantId(cl.getTenantId()).build();
return (ReqT) ((SSHCredential) reqT).toBuilder().setMetadata(metadata).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("addPasswordCredential")) {
String clientId = ((PasswordCredential) reqT).getMetadata().getClientId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
SecretMetadata metadata = ((PasswordCredential) reqT).
getMetadata().toBuilder().setTenantId(cl.getTenantId()).build();
return (ReqT) ((PasswordCredential) reqT).toBuilder().setMetadata(metadata).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("addCertificateCredential")) {
String clientId = ((CertificateCredential) reqT).getMetadata().getClientId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
SecretMetadata metadata = ((CertificateCredential) reqT).getMetadata()
.toBuilder().setTenantId(cl.getTenantId()).build();
return (ReqT) ((CertificateCredential) reqT).toBuilder().setMetadata(metadata).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("updateCertificateCredential")) {
String clientId = ((CertificateCredential) reqT).getMetadata().getClientId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
SecretMetadata metadata = ((CertificateCredential) reqT).getMetadata()
.toBuilder().setTenantId(cl.getTenantId()).build();
return (ReqT) ((CertificateCredential) reqT).toBuilder().setMetadata(metadata).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("getSSHCredential") || method.equals("getPasswordCredential") || method.equals("getCertificateCredential")
|| method.equals("deleteSSHCredential") || method.equals("deletePWDCredential") || method.equals("deleteCertificateCredential")
|| method.equals("getResourceCredentialSummary")) {
String clientId = ((GetResourceCredentialByTokenRequest) reqT).getClientId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
return (ReqT) ((GetResourceCredentialByTokenRequest) reqT).toBuilder().
setTenantId(cl.getTenantId()).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("getKVCredential") || method.equals("addKVCredential") || method.equals("updateKVCredential")
|| method.equals("deleteKVCredential")) {
String clientId = ((KVCredential) reqT).getMetadata().getClientId();
String username = ((KVCredential) reqT).getMetadata().getOwnerId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
SecretMetadata metadata = ((KVCredential) reqT)
.getMetadata()
.toBuilder().setOwnerId(cl.getUsername() != null &&
!cl.getUsername().isEmpty() ? cl.getUsername() : username)
.setTenantId(cl.getTenantId()).build();
return (ReqT) ((KVCredential) reqT).toBuilder().setMetadata(metadata).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
} else if (method.equals("getCredentialMap") || method.equals("addCredentialMap") || method.equals("updateCredentialMap")
|| method.equals("deleteCredentialMap")) {
String clientId = ((CredentialMap) reqT).getMetadata().getClientId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
SecretMetadata metadata = ((CredentialMap) reqT)
.getMetadata()
.toBuilder().setTenantId(cl.getTenantId()).build();
return (ReqT) ((CredentialMap) reqT).toBuilder().setMetadata(metadata).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized", null);
});
}
return reqT;
}