update dice conf

Author: eisbilir

buildtokenproperties.sh

@@ -17,7 +17,13 @@ AUTH0_NEW_NONINTERACTIVE_ID=$(eval "echo \$${ENV}_AUTH0_NEW_NONINTERACTIVE_ID")
 AUTH0_NEW_NONINTERACTIVE_ID_SECRET=$(eval "echo \$${ENV}_AUTH0_NEW_NONINTERACTIVE_ID_SECRET")
 DICEAUTH_DICE_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_URL")
 DICEAUTH_DICE_API_URL=$(eval "echo \$${ENV}_DICEAUTH_DICE_API_URL")
-DICEAUTH_API_KEY=$(eval "echo \$${ENV}_DICEAUTH_API_KEY")
+DICEAUTH_DICE_VERIFIER=$(eval "echo \$${ENV}_DICEAUTH_DICE_VERIFIER")
+DICEAUTH_ID=$(eval "echo \$${ENV}_DICEAUTH_ID")
+DICEAUTH_ID_SECRET=$(eval "echo \$${ENV}_DICEAUTH_ID_SECRET")
+DICEAUTH_PASSWORD=$(eval "echo \$${ENV}_DICEAUTH_PASSWORD")
+DICEAUTH_SCOPE=$(eval "echo \$${ENV}_DICEAUTH_SCOPE")
+DICEAUTH_TENANT=$(eval "echo \$${ENV}_DICEAUTH_TENANT")
+DICEAUTH_USERNAME=$(eval "echo \$${ENV}_DICEAUTH_USERNAME")
 DICEAUTH_CREDDEFID=$(eval "echo \$${ENV}_DICEAUTH_CREDDEFID")
 ZENDESK_ID=$(eval "echo \$${ENV}_ZENDESK_ID")
 SERVICEACC02_UID=$(eval "echo \$${ENV}_SERVICEACC02_UID")
@@ -90,7 +96,13 @@ perl -pi -e "s/\{\{AUTH0_NEW_NONINTERACTIVE_ID\}\}/$AUTH0_NEW_NONINTERACTIVE_ID/
 perl -pi -e "s/\{\{AUTH0_NEW_NONINTERACTIVE_ID_SECRET\}\}/$AUTH0_NEW_NONINTERACTIVE_ID_SECRET/g" $CONFFILENAME 
 perl -pi -e "s|\{\{DICEAUTH_DICE_URL\}\}|$DICEAUTH_DICE_URL|g" $CONFFILENAME 
 perl -pi -e "s|\{\{DICEAUTH_DICE_API_URL\}\}|$DICEAUTH_DICE_API_URL|g" $CONFFILENAME 
-perl -pi -e "s/\{\{DICEAUTH_API_KEY\}\}/$DICEAUTH_API_KEY/g" $CONFFILENAME 
+perl -pi -e "s|\{\{DICEAUTH_DICE_VERIFIER\}\}|$DICEAUTH_DICE_VERIFIER|g" $CONFFILENAME 
+perl -pi -e "s/\{\{DICEAUTH_ID\}\}/$DICEAUTH_ID/g" $CONFFILENAME 
+perl -pi -e "s/\{\{DICEAUTH_ID_SECRET\}\}/$DICEAUTH_ID_SECRET/g" $CONFFILENAME 
+perl -pi -e "s/\{\{DICEAUTH_PASSWORD\}\}/$DICEAUTH_PASSWORD/g" $CONFFILENAME 
+perl -pi -e "s/\{\{DICEAUTH_SCOPE\}\}/$DICEAUTH_SCOPE/g" $CONFFILENAME 
+perl -pi -e "s/\{\{DICEAUTH_TENANT\}\}/$DICEAUTH_TENANT/g" $CONFFILENAME 
+perl -pi -e "s/\{\{DICEAUTH_USERNAME\}\}/$DICEAUTH_USERNAME/g" $CONFFILENAME 
 perl -pi -e "s/\{\{DICEAUTH_CREDDEFID\}\}/$DICEAUTH_CREDDEFID/g" $CONFFILENAME 
 perl -pi -e "s/\{\{ZENDESK_KEY\}\}/$ZENDESK_KEY/g" $CONFFILENAME 
 perl -pi -e "s/\{\{ZENDESK_ID\}\}/$ZENDESK_ID/g" $CONFFILENAME 

src/main/java/com/appirio/tech/core/service/identity/clients/EventBusServiceClient.java

@@ -9,8 +9,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.net.SocketTimeoutException;
-
+import javax.ws.rs.ProcessingException;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.Invocation;
@@ -89,9 +88,8 @@ public void reFireEvent(EventMessage eventMessage) {
             if (response.getStatusInfo().getStatusCode() != HttpStatus.OK_200 &&  response.getStatusInfo().getStatusCode()!= HttpStatus.NO_CONTENT_204) {
                 LOGGER.error("Unable to fire the event: {}", response);
             }
-        } catch (SocketTimeoutException e) {
-                LOGGER.info(e.getMessage());
-                if(!e.getMessage().equals("Read timed out")) {
+        } catch (ProcessingException e) {
+                if(!e.getMessage().equals("java.net.SocketTimeoutException: Read timed out")) {
                     LOGGER.error("Failed to fire the event: {}", e);
                 }
         } catch (Exception e) {

src/main/java/com/appirio/tech/core/service/identity/resource/UserResource.java

@@ -1517,50 +1517,52 @@ public ApiResponse updateUser2fa(
         validateResourceIdAndCheckPermission(authUser, id, user2faFactory.getUpdateScopes());
         // checking param
         checkParam(postRequest);
-        
+
         User2fa user2fa = postRequest.getParam();
 
-        if(user2fa.getEnabled() == null) {
+        if (user2fa.getEnabled() == null) {
             throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "enabled"));
         }
         logger.info(String.format("update user 2fa(%s) - %b", resourceId, user2fa.getEnabled()));
 
         Long userId = Utils.toLongValue(id);
-        
+
         logger.info(String.format("findUserById(%s)", resourceId));
         User2fa user2faInDb = userDao.findUser2faById(userId);
-        if(user2faInDb==null)
+        if (user2faInDb == null)
             throw new APIRuntimeException(SC_NOT_FOUND, MSG_TEMPLATE_USER_NOT_FOUND);
-        
+
         Boolean shouldSendInvite = false;
-        if(user2faInDb.getEnabled() == null) {
+        if (user2faInDb.getEnabled() == null) {
             userDao.insertUser2fa(userId, user2fa.getEnabled());
             shouldSendInvite = user2fa.getEnabled();
-        } else if(!user2faInDb.getEnabled().equals(user2fa.getEnabled())) {
+        } else if (!user2faInDb.getEnabled().equals(user2fa.getEnabled())) {
             userDao.update2fa(user2faInDb.getId(), user2fa.getEnabled(), false);
             shouldSendInvite = user2fa.getEnabled();
         }
 
         if (shouldSendInvite) {
             Response response;
             try {
-                response = new Request(diceAuth.getDiceApiUrl() + "/v1/connection/submit", "POST")
+                response = new Request(diceAuth.getDiceApiUrl() + "/connection/invitation", "POST")
                         .param("emailId", user2faInDb.getEmail())
-                        .header("x-api-key", diceAuth.getApiKey())
+                        .header("Authorization", "Bearer " + diceAuth.getToken())
                         .execute();
             } catch (Exception e) {
                 logger.error("Error when calling 2fa submit api", e);
+                userDao.update2fa(user2faInDb.getId(), false, false);
                 throw new APIRuntimeException(SC_INTERNAL_SERVER_ERROR, "Error when calling 2fa submit api");
             }
             if (response.getStatusCode() != HttpURLConnection.HTTP_CREATED) {
+                userDao.update2fa(user2faInDb.getId(), false, false);
                 throw new APIRuntimeException(HttpURLConnection.HTTP_INTERNAL_ERROR,
                         String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(),
                                 response.getMessage()));
             }
             logger.info(response.getText());
             send2faInvitationEmailEvent(user2faInDb, diceAuth.getDiceUrl() + "/verify/" + response.getText());
         }
-        
+
         return ApiResponseFactory.createResponse("SUCCESS");
     }
 
@@ -1619,10 +1621,10 @@ public ApiResponse issueCredentials(
         preview.set("attributes", attributes);
         Response response;
         try {
-            response = new Request(diceAuth.getDiceApiUrl()+"/v1/credentialoffer/api/credentialoffer", "POST")
-                    .header("x-api-key", diceAuth.getApiKey())
-            		.json(mapper.writeValueAsString(body))
-            		.execute();
+            response = new Request(diceAuth.getDiceApiUrl() + "/cred/issuance/offer", "POST")
+                    .header("Authorization", "Bearer " + diceAuth.getToken())
+                    .json(mapper.writeValueAsString(body))
+                    .execute();
         } catch (JsonProcessingException e) {
             logger.error("Error when processing JSON content", e);
             throw new APIRuntimeException(SC_INTERNAL_SERVER_ERROR, "Error when calling credentialoffer api");
@@ -1635,6 +1637,9 @@ public ApiResponse issueCredentials(
                     String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(),
                             response.getMessage()));
         }
+        if (user.getVerified()) {
+            userDao.update2fa(user.getId(), true, false);
+        }
         return ApiResponseFactory.createResponse("SUCCESS");
     }
 
@@ -2098,6 +2103,7 @@ private void send2faInvitationEmailEvent(User2fa user, String inviteLink) {
         Map<String,Object> data = new LinkedHashMap<String,Object>();
         data.put("handle", user.getHandle());
         data.put("link", inviteLink);
+        data.put("verifier", diceAuth.getDiceVerifier());
 
         payload.put("data", data);
 

src/main/java/com/appirio/tech/core/service/identity/util/auth/DICEAuth.java

@@ -1,29 +1,72 @@
 package com.appirio.tech.core.service.identity.util.auth;
 
+import java.net.HttpURLConnection;
+import java.util.Date;
+
 import javax.validation.constraints.NotNull;
 
+import org.apache.log4j.Logger;
+
+import com.appirio.tech.core.api.v3.exception.APIRuntimeException;
+import com.appirio.tech.core.api.v3.util.jwt.InvalidTokenException;
+import com.appirio.tech.core.service.identity.util.HttpUtil.Request;
+import com.appirio.tech.core.service.identity.util.HttpUtil.Response;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.exceptions.JWTDecodeException;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
 public class DICEAuth {
+    private static final Logger logger = Logger.getLogger(Auth0Client.class);
+
     @NotNull
     private String diceUrl;
 
     @NotNull
     private String diceApiUrl;
 
     @NotNull
-    private String apiKey;
+    private String diceVerifier;
+
+    @NotNull
+    private String tenant;
+
+    @NotNull
+    private String username;
+
+    @NotNull
+    private String password;
+
+    @NotNull
+    private String scope;
+
+    @NotNull
+    private String clientId;
+
+    @NotNull
+    private String clientSecret;
 
     @NotNull
     private String credDefId;
 
     private String credPreview = "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview";
 
+    private String cachedToken;
+
     public DICEAuth() {
     }
 
-    public DICEAuth(String diceUrl, String diceApiUrl, String apiKey, String credDefId) {
+    public DICEAuth(String diceUrl, String diceApiUrl, String diceVerifier, String tenant, String username,
+            String password, String scope, String clientId, String clientSecret, String credDefId) {
         this.diceUrl = diceUrl;
         this.diceApiUrl = diceApiUrl;
-        this.apiKey = apiKey;
+        this.diceVerifier = diceVerifier;
+        this.tenant = tenant;
+        this.username = username;
+        this.password = password;
+        this.scope = scope;
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
         this.credDefId = credDefId;
     }
 
@@ -43,12 +86,60 @@ public void setDiceApiUrl(String diceApiUrl) {
         this.diceApiUrl = diceApiUrl;
     }
 
-    public String getApiKey() {
-        return apiKey;
+    public String getDiceVerifier() {
+        return diceVerifier;
+    }
+
+    public void setDiceVerifier(String diceVerifier) {
+        this.diceVerifier = diceVerifier;
+    }
+
+    public String getTenant() {
+        return tenant;
+    }
+
+    public void setTenant(String tenant) {
+        this.tenant = tenant;
     }
 
-    public void setApiKey(String apiKey) {
-        this.apiKey = apiKey;
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public String getScope() {
+        return scope;
+    }
+
+    public void setScope(String scope) {
+        this.scope = scope;
+    }
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
     }
 
     public String getCredDefId() {
@@ -66,4 +157,55 @@ public String getCredPreview() {
     public void setCredPreview(String credPreview) {
         this.credPreview = credPreview;
     }
+
+    public String getToken() throws Exception {
+        Boolean isCachedTokenExpired = false;
+        if (cachedToken != null) {
+            if (getTokenExpiryTime(cachedToken) <= 0) {
+                isCachedTokenExpired = true;
+                logger.info("Application cached token expired");
+            }
+        }
+        if (cachedToken == null || isCachedTokenExpired) {
+            Response response = new Request(
+                    "https://login.microsoftonline.com/" + getTenant() + "/oauth2/v2.0/token", "POST")
+                    .param("grant_type", "password")
+                    .param("username", getUsername())
+                    .param("password", getPassword())
+                    .param("scope", getScope())
+                    .param("client_id", getClientId())
+                    .param("client_secret", getClientSecret()).execute();
+            if (response.getStatusCode() != HttpURLConnection.HTTP_OK) {
+                throw new APIRuntimeException(HttpURLConnection.HTTP_INTERNAL_ERROR,
+                        String.format("Got unexpected response from remote service. %d %s", response.getStatusCode(),
+                                response.getText()));
+            }
+            cachedToken = new ObjectMapper().readValue(response.getText(), Auth0Credential.class).getIdToken();
+        }
+        return cachedToken;
+    }
+
+    /**
+     * Get token expiry time in seconds
+     *
+     * @param token JWT token
+     *              throws Exception if any error occurs
+     * @return the Integer result
+     */
+    private Integer getTokenExpiryTime(String token) throws Exception {
+        DecodedJWT decodedJWT = null;
+        Integer tokenExpiryTime = 0;
+        if (token != null) {
+            try {
+                decodedJWT = JWT.decode(token);
+            } catch (JWTDecodeException e) {
+                throw new InvalidTokenException(token, "Error occurred in decoding token. " + e.getLocalizedMessage(),
+                        e);
+            }
+            Date tokenExpiryDate = decodedJWT.getExpiresAt();
+            Long tokenExpiryTimeInMilliSeconds = tokenExpiryDate.getTime() - (new Date().getTime()) - 60 * 1000;
+            tokenExpiryTime = (int) Math.floor(tokenExpiryTimeInMilliSeconds / 1000);
+        }
+        return tokenExpiryTime;
+    }
 }

src/main/resources/config.yml

@@ -95,7 +95,13 @@ auth0New:
 diceAuth:
   diceUrl: @diceAuth.diceUrl@
   diceApiUrl: @diceAuth.diceApiUrl@
-  apiKey: @diceAuth.apiKey@
+  diceVerifier: @diceAuth.diceVerifier@
+  clientId: @diceAuth.clientId@
+  clientSecret: @diceAuth.clientSecret@
+  password: @diceAuth.password@
+  scope: @diceAuth.scope@
+  tenant: @diceAuth.tenant@
+  username: @diceAuth.username@
   credDefId: @diceAuth.credDefId@
 
 # Authorized accounts

src/main/resources/config.yml.localdev

@@ -87,7 +87,14 @@ auth0New:
 
 diceAuth:
   diceUrl: dummy
-  apiKey: dummy
+  diceApiUrl: dummy
+  diceVerifier: dummy
+  clientId: dummy
+  clientSecret: dummy
+  password: dummy
+  scope: dummy
+  tenant: dummy
+  username: dummy
   credDefId: dummy
 
 # LDAP Settings

token.properties.localdev

@@ -32,7 +32,13 @@
 
 @diceAuth.diceUrl@=dummy
 @diceAuth.diceApiUrl@=dummy
-@diceAuth.apiKey@=dummy
+@diceAuth.diceVerifier@=dummy
+@diceAuth.clientId@=dummy
+@diceAuth.clientSecret@=dummy
+@diceAuth.password@=dummy
+@diceAuth.scope@=dummy
+@diceAuth.tenant@=dummy
+@diceAuth.username@=dummy
 @diceAuth.credDefId@=dummy
 
 @zendesk.secret@=ZENDESK_SECRET