Skip to content
This repository was archived by the owner on Sep 28, 2022. It is now read-only.

Commit b9f5c4d

Browse files
author
Dominik Frantisek Bucik
committed
refactor: 💡 Refactor GA4GH even more
1 parent 141e6c8 commit b9f5c4d

File tree

3 files changed

+237
-123
lines changed

3 files changed

+237
-123
lines changed

perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/ga4gh/BbmriGa4ghClaimSource.java

Lines changed: 113 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,12 @@
1717
import cz.muni.ics.oidc.server.connectors.Affiliation;
1818
import java.net.URISyntaxException;
1919
import java.sql.Timestamp;
20-
import java.time.Instant;
21-
import java.time.ZoneId;
22-
import java.time.ZonedDateTime;
2320
import java.util.Collections;
2421
import java.util.HashSet;
2522
import java.util.List;
2623
import java.util.Set;
2724
import lombok.extern.slf4j.Slf4j;
25+
import org.springframework.util.StringUtils;
2826

2927
/**
3028
* Class producing GA4GH Passport claim. The claim is specified in
@@ -45,17 +43,16 @@
4543
public class BbmriGa4ghClaimSource extends Ga4ghPassportAndVisaClaimSource {
4644

4745
private static final String BONA_FIDE_URL = "https://doi.org/10.1038/s41431-018-0219-y";
48-
private final static String BBMRI_ERIC_ORG_URL = "https://www.bbmri-eric.eu/";
46+
private static final String BBMRI_ERIC_ORG_URL = "https://www.bbmri-eric.eu/";
4947
private static final String BBMRI_ID = "bbmri_id";
48+
private static final String FACULTY_AT = "faculty@";
5049

5150
private final String bonaFideStatusAttr;
5251
private final String groupAffiliationsAttr;
5352
private final Long termsAndPoliciesGroupId;
5453

5554
public BbmriGa4ghClaimSource(ClaimSourceInitContext ctx) throws URISyntaxException {
5655
super(ctx, "BBMRI-ERIC");
57-
log.debug("initializing");
58-
//remember context
5956
bonaFideStatusAttr = ctx.getProperty("bonaFideStatus.attr", null);
6057
groupAffiliationsAttr = ctx.getProperty("groupAffiliations.attr", null);
6158
//TODO: update group ID
@@ -80,13 +77,23 @@ protected String getDefaultConfigFilePath() {
8077
}
8178

8279
@Override
83-
protected void addAffiliationAndRoles(long now, ClaimSourceProduceContext pctx, ArrayNode passport, List<Affiliation> affiliations) {
80+
protected void addAffiliationAndRoles(long now,
81+
ClaimSourceProduceContext pctx,
82+
ArrayNode passport,
83+
List<Affiliation> affiliations)
84+
{
8485
//by=system for users with affiliation asserted by their IdP (set in UserExtSource attribute "affiliation")
85-
for (Affiliation affiliation : affiliations) {
86+
if (affiliations == null) {
87+
return;
88+
}
89+
for (Affiliation affiliation: affiliations) {
8690
//expires 1 year after the last login from the IdP asserting the affiliation
87-
long expires = Instant.ofEpochSecond(affiliation.getAsserted()).atZone(ZoneId.systemDefault()).plusYears(1L).toEpochSecond();
88-
if (expires < now) continue;
89-
JsonNode visa = createPassportVisa(TYPE_AFFILIATION_AND_ROLE, pctx, affiliation.getValue(), affiliation.getSource(), BY_SYSTEM, affiliation.getAsserted(), expires, null);
91+
long expires = Ga4ghUtils.getOneYearExpires(affiliation.getAsserted());
92+
if (expires < now) {
93+
continue;
94+
}
95+
JsonNode visa = createPassportVisa(TYPE_AFFILIATION_AND_ROLE, pctx, affiliation.getValue(),
96+
affiliation.getSource(), BY_SYSTEM, affiliation.getAsserted(), expires, null);
9097
if (visa != null) {
9198
passport.add(visa);
9299
}
@@ -97,28 +104,65 @@ protected void addAffiliationAndRoles(long now, ClaimSourceProduceContext pctx,
97104
protected void addAcceptedTermsAndPolicies(long now, ClaimSourceProduceContext pctx, ArrayNode passport) {
98105
//by=self for members of the group 10432 "Bona Fide Researchers"
99106
boolean userInGroup = pctx.getPerunAdapter().isUserInGroup(pctx.getPerunUserId(), termsAndPoliciesGroupId);
100-
if (userInGroup) {
107+
if (!userInGroup) {
108+
return;
109+
}
110+
long asserted = now;
111+
if (bonaFideStatusAttr != null) {
101112
PerunAttribute bonaFideStatus = pctx.getPerunAdapter()
102113
.getAdapterRpc()
103114
.getUserAttribute(pctx.getPerunUserId(), bonaFideStatusAttr);
104-
String valueCreatedAt = bonaFideStatus.getValueCreatedAt();
105-
long asserted;
106-
if (valueCreatedAt != null) {
107-
asserted = Timestamp.valueOf(valueCreatedAt).getTime() / 1000L;
108-
} else {
109-
asserted = System.currentTimeMillis() / 1000L;
115+
if (bonaFideStatus != null && bonaFideStatus.getValueCreatedAt() != null) {
116+
asserted = Timestamp.valueOf(bonaFideStatus.getValueCreatedAt()).getTime() / 1000L;
110117
}
111-
long expires = Instant.ofEpochSecond(asserted).atZone(ZoneId.systemDefault()).plusYears(100L).toEpochSecond();
112-
if (expires < now) return;
113-
JsonNode visa = createPassportVisa(TYPE_ACCEPTED_TERMS_AND_POLICIES, pctx, BONA_FIDE_URL, BBMRI_ERIC_ORG_URL, BY_SELF, asserted, expires, null);
118+
}
119+
long expires = Ga4ghUtils.getExpires(asserted, 100L);
120+
if (expires < now) {
121+
return;
122+
}
123+
JsonNode visa = createPassportVisa(TYPE_ACCEPTED_TERMS_AND_POLICIES, pctx, BONA_FIDE_URL,
124+
BBMRI_ERIC_ORG_URL, BY_SELF, asserted, expires, null);
125+
if (visa != null) {
126+
passport.add(visa);
127+
}
128+
}
129+
130+
@Override
131+
protected void addResearcherStatuses(long now,
132+
ClaimSourceProduceContext pctx, ArrayNode passport,
133+
List<Affiliation> affiliations)
134+
{
135+
addResearcherStatusFromBonaFideAttribute(pctx, now, passport);
136+
addResearcherStatusFromAffiliation(pctx, affiliations, now, passport);
137+
addResearcherStatusGroupAffiliations(pctx, now, passport);
138+
}
139+
140+
@Override
141+
protected void addControlledAccessGrants(long now, ClaimSourceProduceContext pctx, ArrayNode passport) {
142+
if (CLAIM_REPOSITORIES.isEmpty()) {
143+
return;
144+
}
145+
Set<String> linkedIdentities = new HashSet<>();
146+
for (Ga4ghClaimRepository repo: CLAIM_REPOSITORIES) {
147+
callPermissionsJwtAPI(repo, Collections.singletonMap(BBMRI_ID, pctx.getSub()), passport, linkedIdentities);
148+
}
149+
if (linkedIdentities.isEmpty()) {
150+
return;
151+
}
152+
for (String linkedIdentity : linkedIdentities) {
153+
long expires = Ga4ghUtils.getOneYearExpires(now);
154+
JsonNode visa = createPassportVisa(TYPE_LINKED_IDENTITIES, pctx, linkedIdentity,
155+
BBMRI_ERIC_ORG_URL, BY_SYSTEM, now, expires, null);
114156
if (visa != null) {
115157
passport.add(visa);
116158
}
117159
}
118160
}
119161

120-
@Override
121-
protected void addResearcherStatuses(long now, ClaimSourceProduceContext pctx, ArrayNode passport, List<Affiliation> affiliations) {
162+
private void addResearcherStatusFromBonaFideAttribute(ClaimSourceProduceContext pctx,
163+
long now,
164+
ArrayNode passport)
165+
{
122166
//by=peer for users with attribute elixirBonaFideStatusREMS
123167
PerunAttribute bbmriBonaFideStatus = pctx.getPerunAdapter()
124168
.getAdapterRpc()
@@ -129,52 +173,61 @@ protected void addResearcherStatuses(long now, ClaimSourceProduceContext pctx, A
129173
valueCreatedAt = bbmriBonaFideStatus.getValueCreatedAt();
130174
}
131175

132-
if (valueCreatedAt != null) {
133-
long asserted = Timestamp.valueOf(valueCreatedAt).getTime() / 1000L;
134-
long expires = ZonedDateTime.now().plusYears(1L).toEpochSecond();
135-
if (expires > now) {
136-
JsonNode visa = createPassportVisa(TYPE_RESEARCHER_STATUS, pctx, BONA_FIDE_URL, BBMRI_ERIC_ORG_URL, BY_PEER, asserted, expires, null);
137-
if (visa != null) {
138-
passport.add(visa);
139-
}
176+
if (valueCreatedAt == null) {
177+
return;
178+
}
179+
long asserted = Timestamp.valueOf(valueCreatedAt).getTime() / 1000L;
180+
long expires = Ga4ghUtils.getOneYearExpires(asserted);
181+
if (expires > now) {
182+
JsonNode visa = createPassportVisa(TYPE_RESEARCHER_STATUS, pctx, BONA_FIDE_URL,
183+
BBMRI_ERIC_ORG_URL, BY_PEER, asserted, expires, null);
184+
if (visa != null) {
185+
passport.add(visa);
140186
}
141187
}
188+
}
189+
190+
private void addResearcherStatusFromAffiliation(ClaimSourceProduceContext pctx,
191+
List<Affiliation> affiliations,
192+
long now,
193+
ArrayNode passport)
194+
{
142195
//by=system for users with faculty affiliation asserted by their IdP (set in UserExtSource attribute "affiliation")
143-
for (Affiliation affiliation : affiliations) {
144-
if (affiliation.getValue().startsWith("faculty@")) {
145-
long expires = Instant.ofEpochSecond(affiliation.getAsserted()).atZone(ZoneId.systemDefault()).plusYears(1L).toEpochSecond();
146-
if (expires < now) continue;
147-
JsonNode visa = createPassportVisa(TYPE_RESEARCHER_STATUS, pctx, BONA_FIDE_URL, affiliation.getSource(), BY_SYSTEM, affiliation.getAsserted(), expires, null);
148-
if (visa != null) {
149-
passport.add(visa);
150-
}
151-
}
196+
if (affiliations == null) {
197+
return;
152198
}
153-
//by=so for users with faculty affiliation asserted by membership in a group with groupAffiliations attribute
154-
for (Affiliation affiliation : pctx.getPerunAdapter().getGroupAffiliations(pctx.getPerunUserId(), groupAffiliationsAttr)) {
155-
if (affiliation.getValue().startsWith("faculty@")) {
156-
long expires = ZonedDateTime.now().plusYears(1L).toEpochSecond();
157-
JsonNode visa = createPassportVisa(TYPE_RESEARCHER_STATUS, pctx, BONA_FIDE_URL, BBMRI_ERIC_ORG_URL, BY_SO, affiliation.getAsserted(), expires, null);
158-
if (visa != null) {
159-
passport.add(visa);
160-
}
199+
for (Affiliation affiliation: affiliations) {
200+
if (!StringUtils.startsWithIgnoreCase(affiliation.getValue(), FACULTY_AT)) {
201+
continue;
202+
}
203+
long expires = Ga4ghUtils.getOneYearExpires(affiliation.getAsserted());
204+
if (expires < now) {
205+
continue;
206+
}
207+
JsonNode visa = createPassportVisa(TYPE_RESEARCHER_STATUS, pctx, BONA_FIDE_URL,
208+
affiliation.getSource(), BY_SYSTEM, affiliation.getAsserted(), expires, null);
209+
if (visa != null) {
210+
passport.add(visa);
161211
}
162212
}
163213
}
164214

165-
@Override
166-
protected void addControlledAccessGrants(long now, ClaimSourceProduceContext pctx, ArrayNode passport) {
167-
Set<String> linkedIdentities = new HashSet<>();
168-
//call Resource Entitlement Management System
169-
for (Ga4ghClaimRepository repo: CLAIM_REPOSITORIES) {
170-
callPermissionsJwtAPI(repo, Collections.singletonMap(BBMRI_ID, pctx.getSub()), passport, linkedIdentities);
215+
private void addResearcherStatusGroupAffiliations(ClaimSourceProduceContext pctx, long now, ArrayNode passport) {
216+
//by=so for users with faculty affiliation asserted by membership in a group with groupAffiliations attribute
217+
List<Affiliation> groupAffiliations = pctx.getPerunAdapter()
218+
.getGroupAffiliations(pctx.getPerunUserId(), groupAffiliationsAttr);
219+
if (groupAffiliations == null) {
220+
return;
171221
}
172-
if (!linkedIdentities.isEmpty()) {
173-
for (String linkedIdentity : linkedIdentities) {
174-
JsonNode visa = createPassportVisa(TYPE_LINKED_IDENTITIES, pctx, linkedIdentity, BBMRI_ERIC_ORG_URL, BY_SYSTEM, now, now + 3600L * 24 * 365, null);
175-
if (visa != null) {
176-
passport.add(visa);
177-
}
222+
for (Affiliation affiliation: groupAffiliations) {
223+
if (!StringUtils.startsWithIgnoreCase(affiliation.getValue(), FACULTY_AT)) {
224+
continue;
225+
}
226+
long expires = Ga4ghUtils.getOneYearExpires(now);
227+
JsonNode visa = createPassportVisa(TYPE_RESEARCHER_STATUS, pctx, BONA_FIDE_URL,
228+
BBMRI_ERIC_ORG_URL, BY_SO, affiliation.getAsserted(), expires, null);
229+
if (visa != null) {
230+
passport.add(visa);
178231
}
179232
}
180233
}

0 commit comments

Comments
 (0)