001/*
002 * (C) Copyright 2014-2017 Nuxeo (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Arnaud Kervern
018 */
019package org.nuxeo.ecm.platform.oauth2.clients;
020
021import java.io.Serializable;
022import java.util.Collections;
023import java.util.List;
024import java.util.Map;
025import java.util.stream.Collectors;
026
027import org.apache.commons.logging.Log;
028import org.apache.commons.logging.LogFactory;
029import org.nuxeo.ecm.core.api.DocumentModel;
030import org.nuxeo.ecm.core.api.DocumentModelList;
031import org.nuxeo.ecm.core.api.NuxeoException;
032import org.nuxeo.ecm.directory.DirectoryException;
033import org.nuxeo.ecm.directory.Session;
034import org.nuxeo.ecm.directory.api.DirectoryService;
035import org.nuxeo.runtime.api.Framework;
036import org.nuxeo.runtime.model.DefaultComponent;
037
038/**
039 * OAuth2 Client service
040 *
041 * @since 9.2
042 */
043public class OAuth2ClientServiceImpl extends DefaultComponent implements OAuth2ClientService {
044
045    private static final Log log = LogFactory.getLog(OAuth2ClientServiceImpl.class);
046
047    @Override
048    public boolean hasClient(String clientId) {
049        OAuth2Client client = getClient(clientId);
050        return client != null && client.isEnabled();
051    }
052
053    @Override
054    public boolean isValidClient(String clientId, String clientSecret) {
055        OAuth2Client client = getClient(clientId);
056        return client != null && client.isValidWith(clientId, clientSecret);
057    }
058
059    @Override
060    public OAuth2Client getClient(String clientId) {
061        DocumentModel doc = getClientModel(clientId);
062        if (doc == null) {
063            return null;
064        }
065        return OAuth2Client.fromDocumentModel(doc);
066    }
067
068    @Override
069    public List<OAuth2Client> getClients() {
070        return queryClients().stream().map(OAuth2Client::fromDocumentModel).collect(Collectors.toList());
071    }
072
073    protected DocumentModel getClientModel(String clientId) {
074        DirectoryService service = Framework.getService(DirectoryService.class);
075        return Framework.doPrivileged(() -> {
076            try (Session session = service.open(OAUTH2CLIENT_DIRECTORY_NAME)) {
077                Map<String, Serializable> filter = Collections.singletonMap("clientId", clientId);
078                DocumentModelList docs = session.query(filter);
079                if (docs.size() == 1) {
080                    return docs.get(0);
081                } else if (docs.size() > 1) {
082                    throw new NuxeoException(
083                            String.format("More than one client registered for the '%s' id", clientId));
084                }
085            }
086            return null;
087        });
088    }
089
090    protected List<DocumentModel> queryClients() {
091        DirectoryService service = Framework.getService(DirectoryService.class);
092        return Framework.doPrivileged(() -> {
093            try (Session session = service.open(OAUTH2CLIENT_DIRECTORY_NAME)) {
094                return session.query(Collections.emptyMap());
095            } catch (DirectoryException e) {
096                throw new NuxeoException("Error while fetching client directory", e);
097            }
098        });
099    }
100}