validate tier one session

833903cf · Marco Amoia · ea5223ce · 833903cf · 833903cf · 833903cf
Commit 833903cf authored 5 months ago by Marco Amoia
--- a/src/main/java/com/aruba/simpl/usersroles/controllers/SessionController.java
+++ b/src/main/java/com/aruba/simpl/usersroles/controllers/SessionController.java
@@ -10,10 +10,9 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import java.util.List;
 import java.util.UUID;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.web.bind.annotation.*;

 @RestController
 @RequestMapping("session")
@@ -56,4 +55,9 @@ public class SessionController {
    public List<IdentityAttributeDTO> getIdentityAttributesOfParticipant(@PathVariable UUID participantId) {
        return sessionService.getIdentityAttributesOfParticipant(participantId);
    }
+
+    @GetMapping("credential")
+    public void validateTierOneSession(@RequestHeader HttpHeaders headers) {
+        sessionService.validateTierOneSession(headers);
+    }
 }
--- a/src/main/java/com/aruba/simpl/usersroles/services/SessionService.java
+++ b/src/main/java/com/aruba/simpl/usersroles/services/SessionService.java
 package com.aruba.simpl.usersroles.services;

 import com.aruba.simpl.common.model.dto.IdentityAttributeDTO;
+import org.springframework.http.HttpHeaders;
+
 import java.util.List;
 import java.util.UUID;

 public interface SessionService {
    List<IdentityAttributeDTO> getIdentityAttributesOfParticipant(UUID participantId);
+
+    void validateTierOneSession(HttpHeaders headers);
 }
--- a/src/main/java/com/aruba/simpl/usersroles/services/impl/SessionServiceImpl.java
+++ b/src/main/java/com/aruba/simpl/usersroles/services/impl/SessionServiceImpl.java
@@ -3,12 +3,14 @@ package com.aruba.simpl.usersroles.services.impl;
 import com.aruba.simpl.common.model.dto.IdentityAttributeDTO;
 import com.aruba.simpl.common.model.ephemeralproof.JwtEphemeralProofParser;
 import com.aruba.simpl.usersroles.repositories.EphemeralProofRepository;
+import com.aruba.simpl.usersroles.services.CredentialService;
 import com.aruba.simpl.usersroles.services.SessionService;
 import java.util.List;
 import java.util.Objects;
 import java.util.UUID;
 import java.util.function.Function;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
 import org.springframework.stereotype.Service;

 @Service
@@ -16,13 +18,17 @@ public class SessionServiceImpl implements SessionService {

    private final EphemeralProofRepository ephemeralProofRepository;
    private final Function<String, JwtEphemeralProofParser> ephemeralProofParserFactory;
+    private final TierOneSessionValidator tierOneSessionValidator;
+    private final CredentialService credentialService;

    public SessionServiceImpl(
            EphemeralProofRepository ephemeralProofRepository,
-            @Autowired(required = false) Function<String, JwtEphemeralProofParser> ephemeralProofParserFactory) {
+            @Autowired(required = false) Function<String, JwtEphemeralProofParser> ephemeralProofParserFactory, TierOneSessionValidator tierOneSessionValidator, CredentialService credentialService) {
        this.ephemeralProofRepository = ephemeralProofRepository;
        this.ephemeralProofParserFactory =
                Objects.requireNonNullElse(ephemeralProofParserFactory, JwtEphemeralProofParser::new);
+        this.tierOneSessionValidator = tierOneSessionValidator;
+        this.credentialService = credentialService;
    }

    @Override
@@ -30,4 +36,10 @@ public class SessionServiceImpl implements SessionService {
        var ephemeralProof = ephemeralProofRepository.findByIdOrThrow(participantId);
        return ephemeralProofParserFactory.apply(ephemeralProof.getContent()).getIdentityAttributes();
    }
+
+    @Override
+    public void validateTierOneSession(HttpHeaders headers) {
+        var participantDTO = credentialService.getMyParticipantId();
+        tierOneSessionValidator.validate(headers, participantDTO.getId());
+    }
 }
--- a/src/main/java/com/aruba/simpl/usersroles/services/impl/TierOneSessionValidator.java
+++ b/src/main/java/com/aruba/simpl/usersroles/services/impl/TierOneSessionValidator.java
+package com.aruba.simpl.usersroles.services.impl;
+
+import com.aruba.simpl.common.model.ephemeralproof.JwtEphemeralProofParser;
+import com.aruba.simpl.common.redis.model.entity.EphemeralProof;
+import com.aruba.simpl.common.services.AbstractTierOneSessionValidator;
+import com.aruba.simpl.usersroles.repositories.EphemeralProofRepository;
+import org.springframework.stereotype.Service;
+
+import java.util.Optional;
+import java.util.UUID;
+
+@Service
+public class TierOneSessionValidator extends AbstractTierOneSessionValidator<JwtEphemeralProofParser> {
+
+    private final EphemeralProofRepository repository;
+
+    public TierOneSessionValidator(EphemeralProofRepository repository) {
+        this.repository = repository;
+    }
+
+    @Override
+    protected Optional<EphemeralProof> fetchEphemeralProofById(UUID participantId) {
+        return repository.findById(participantId);
+    }
+
+    @Override
+    protected JwtEphemeralProofParser getEphemeralProofParser(String rawEphemeralProof) {
+        return new JwtEphemeralProofParser(rawEphemeralProof);
+    }
+}