com.sap.cloud.sdk.cloudplatform.connectivity.ConnectivityService Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of connectivity-scp-cf Show documentation
Implementation of the Cloud platform abstraction for general-purpose connectivity on the SAP Cloud Platform (Cloud Foundry).
The newest version!
/*
 * Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved.
 */

package com.sap.cloud.sdk.cloudplatform.connectivity;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Optional;

import javax.annotation.Nullable;

import org.apache.http.HttpHeaders;
import org.slf4j.Logger;

import com.auth0.jwt.interfaces.DecodedJWT;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import com.sap.cloud.sdk.cloudplatform.logging.CloudLoggerFactory;
import com.sap.cloud.sdk.cloudplatform.security.AuthToken;
import com.sap.cloud.sdk.cloudplatform.security.AuthTokenAccessor;

class ConnectivityService
{
    private static final Logger logger = CloudLoggerFactory.getLogger(ConnectivityService.class);

    static final String SERVICE_NAME = "connectivity";

    private static final String SAP_CONNECTIVITY_AUTHENTICATION_HEADER = "SAP-Connectivity-Authentication";

    private static final String PROXY_AUTHORIZATION_HEADER = "Proxy-Authorization";
    private static final String BEARER_PREFIX = "Bearer ";

    List getOnPremiseProxyHeaders( final AccessToken accessToken, final boolean propagateUser )
        throws DestinationAccessException
    {
        final List result = new ArrayList<>();

        appendHeader(PROXY_AUTHORIZATION_HEADER, BEARER_PREFIX + accessToken.getValue(), result);

        if( propagateUser ) {
            appendUserPropagatedConnectivityAuthenticationHeader(result);
        } else {
            appendClientCredentialsConnectivityAuthenticationHeader(accessToken, result);
        }

        return result;
    }

    private void appendClientCredentialsConnectivityAuthenticationHeader(
        final AccessToken accessToken,
        final Collection collectionToModify )
    {
        appendHeader(
            SAP_CONNECTIVITY_AUTHENTICATION_HEADER,
            BEARER_PREFIX + accessToken.getValue(),
            collectionToModify);
    }

    private void appendUserPropagatedConnectivityAuthenticationHeader( final Collection collectionToModify )
    {
        @Nullable
        DecodedJWT authToken = null;

        final Optional currentJwt = AuthTokenAccessor.getCurrentToken();

        if( currentJwt.isPresent() ) {
            if( logger.isDebugEnabled() ) {
                logger.debug(
                    "Forwarding JWT bearer from '"
                        + HttpHeaders.AUTHORIZATION
                        + "' header of current request in '"
                        + SAP_CONNECTIVITY_AUTHENTICATION_HEADER
                        + "' header.");
            }

            authToken = currentJwt.get().getJwt();
        }

        if( authToken == null ) {
            logger.error(
                "Failed to add '"
                    + SAP_CONNECTIVITY_AUTHENTICATION_HEADER
                    + "' header for on-premise connectivity: no JWT bearer found in '"
                    + HttpHeaders.AUTHORIZATION
                    + "' header of request. Continuing without header. "
                    + "Connecting to on-premise systems may not be possible.");
        } else {
            appendHeader(
                SAP_CONNECTIVITY_AUTHENTICATION_HEADER,
                BEARER_PREFIX + authToken.getToken(),
                collectionToModify);
        }
    }

    private void appendHeader( final String key, final String value, final Collection collectionToModify )
    {
        collectionToModify.add(new Header(key, value));
        if( logger.isDebugEnabled() ) {
            logger.debug("Successfully added " + key + " header.");
        }
    }
}