com.google.broker.client.connect.BrokerGateway Maven / Gradle / Ivy
// Copyright 2020 Google LLC
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.broker.client.connect;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import io.grpc.ManagedChannel;
import io.grpc.Metadata;
import io.grpc.stub.MetadataUtils;
import com.google.common.io.BaseEncoding;
import org.ietf.jgss.GSSException;
import com.google.broker.client.utils.GrpcUtils;
import com.google.broker.client.utils.SpnegoUtils;
// Classes dynamically generated by protobuf-maven-plugin:
import com.google.cloud.broker.apps.brokerserver.protobuf.BrokerGrpc;
public class BrokerGateway {
public static String REQUEST_AUTH_HEADER = "BrokerSession";
private BrokerGrpc.BrokerBlockingStub stub;
private ManagedChannel managedChannel;
private BrokerServerInfo serverInfo;
public BrokerGateway(BrokerServerInfo serverInfo) {
this.serverInfo = serverInfo;
// Extract the host and port from the URI
URL url;
try {
url = new URL(serverInfo.getServerUri());
}
catch (MalformedURLException e) {
throw new RuntimeException("Invalid server URI: " + serverInfo.getServerUri());
}
String host = url.getHost();
int port = url.getPort();
// Determine if TLS should be used
boolean useTLS;
String protocol = url.getProtocol();
if (protocol.equals("http")) {
useTLS = false;
if (port == -1) {
// Default HTTP port
port = 80;
}
}
else if (protocol.equals("https")) {
useTLS = true;
if (port == -1) {
// Default HTTPS port
port = 443;
}
}
else {
throw new RuntimeException("Incorrect URI scheme `" + protocol + " ` in server URI: " + serverInfo.getServerUri());
}
String tlsCertificate = serverInfo.getCertificate();
if (tlsCertificate == null) {
String tlsCerfiticatePath = serverInfo.getCertificatePath();
if (tlsCerfiticatePath != null) {
try {
tlsCertificate = Files.readString(Paths.get(tlsCerfiticatePath), StandardCharsets.US_ASCII);
} catch (IOException e) {
throw new RuntimeException("Error reading the TLS certificate file: " + e.getMessage());
}
}
}
managedChannel = GrpcUtils.newManagedChannel(host, port, useTLS, tlsCertificate);
stub = GrpcUtils.newStub(managedChannel);
}
public BrokerGrpc.BrokerBlockingStub getStub() {
return stub;
}
public ManagedChannel getManagedChannel() {
return managedChannel;
}
public void setSPNEGOToken() {
String encodedToken;
try {
encodedToken = BaseEncoding.base64().encode(SpnegoUtils.newSPNEGOToken(serverInfo.getKerberosPrincipal()));
} catch (GSSException e) {
// Clean up the channel before re-throwing the exception
managedChannel.shutdownNow();
throw new RuntimeException(
"User is not logged-in with Kerberos or cannot authenticate with the broker. Kerberos error message: " + e.getMessage());
}
// Set the 'authorization' header with the SPNEGO token
Metadata metadata = new Metadata();
Metadata.Key key = Metadata.Key.of("authorization", Metadata.ASCII_STRING_MARSHALLER);
metadata.put(key, "Negotiate " + encodedToken);
stub = MetadataUtils.attachHeaders(stub, metadata);
}
public void setSessionToken(String sessionToken) {
// Set the session token in the 'authorization' header
Metadata metadata = new Metadata();
Metadata.Key key = Metadata.Key.of("authorization", Metadata.ASCII_STRING_MARSHALLER);
metadata.put(key, REQUEST_AUTH_HEADER + " " + sessionToken);
stub = MetadataUtils.attachHeaders(stub, metadata);
}
} © 2015 - 2025 Weber Informatics LLC | Privacy Policy