Refactor to allow storage session to allow usage of Hub API features.

Author: dkocher

hub/src/main/java/cloud/katta/protocols/hub/HubSession.java

@@ -27,7 +27,6 @@
 import ch.cyberduck.core.oauth.OAuth2AuthorizationService;
 import ch.cyberduck.core.oauth.OAuth2ErrorResponseInterceptor;
 import ch.cyberduck.core.oauth.OAuth2RequestInterceptor;
-import ch.cyberduck.core.preferences.HostPreferences;
 import ch.cyberduck.core.preferences.PreferencesFactory;
 import ch.cyberduck.core.proxy.ProxyFinder;
 import ch.cyberduck.core.ssl.X509KeyManager;
@@ -75,8 +74,6 @@ public class HubSession extends HttpSession<HubApiClient> {
 
     private HubVaultListService vaults;
 
-    public static final String SKIP_LISTING_UPON_LOGIN = "skip.listing.upon.login";
-
     /**
      * Interceptor for OpenID connect flow
      */
@@ -166,10 +163,7 @@ public void login(final LoginCallback prompt, final CancelCallback cancel) throw
             final OAuthTokens tokens = new OAuthTokens(credentials.getOauth().getAccessToken(), credentials.getOauth().getRefreshToken(), credentials.getOauth().getExpiryInMilliseconds(),
                     credentials.getOauth().getIdToken());
             vaults = new HubVaultListService(protocols, this, trust, key, registry, tokens);
-
-            if(!new HostPreferences(host).getBoolean(SKIP_LISTING_UPON_LOGIN)) {
-                vaults.list(Home.root(), new DisabledListProgressListener());
-            }
+            vaults.list(Home.root(), new DisabledListProgressListener());
         }
         catch(SecurityFailure e) {
             throw new InteroperabilityException(LocaleFactory.localizedString("Login failed", "Credentials"), e);

hub/src/main/java/cloud/katta/protocols/hub/HubVaultListService.java

@@ -96,7 +96,7 @@ public AttributedList<Path> list(final Path directory, final ListProgressListene
                         }
                         throw e;
                     }
-                    final Host bookmark = vaultService.getStorageBackend(protocols, configDto, vaultDto.getId(),
+                    final Host bookmark = vaultService.getStorageBackend(protocols, session, configDto, vaultDto.getId(),
                             vaultMetadata.storage(), tokens);
                     log.debug("Configured {} for vault {}", bookmark, vaultDto);
                     final Session<?> storage = SessionFactory.create(bookmark, trust, key);

hub/src/main/java/cloud/katta/protocols/s3/TokenExchangeRequestInterceptor.java

@@ -5,30 +5,15 @@
 package cloud.katta.protocols.s3;
 
 import ch.cyberduck.core.Credentials;
-import ch.cyberduck.core.DisabledCancelCallback;
-import ch.cyberduck.core.DisabledHostKeyCallback;
-import ch.cyberduck.core.DisabledLoginCallback;
-import ch.cyberduck.core.DisabledPasswordCallback;
-import ch.cyberduck.core.DisabledProgressListener;
 import ch.cyberduck.core.Host;
-import ch.cyberduck.core.HostParser;
 import ch.cyberduck.core.LoginCallback;
-import ch.cyberduck.core.LoginConnectionService;
 import ch.cyberduck.core.OAuthTokens;
-import ch.cyberduck.core.PasswordStoreFactory;
-import ch.cyberduck.core.ProtocolFactory;
-import ch.cyberduck.core.SessionFactory;
 import ch.cyberduck.core.exception.BackgroundException;
 import ch.cyberduck.core.exception.LoginCanceledException;
 import ch.cyberduck.core.exception.LoginFailureException;
 import ch.cyberduck.core.oauth.OAuth2RequestInterceptor;
 import ch.cyberduck.core.preferences.HostPreferences;
 import ch.cyberduck.core.preferences.PreferencesReader;
-import ch.cyberduck.core.ssl.DefaultX509KeyManager;
-import ch.cyberduck.core.ssl.DefaultX509TrustManager;
-import ch.cyberduck.core.vault.VaultRegistryFactory;
-
-import static cloud.katta.protocols.hub.HubSession.SKIP_LISTING_UPON_LOGIN;
 
 import org.apache.http.client.HttpClient;
 import org.apache.logging.log4j.LogManager;
@@ -37,7 +22,6 @@
 import java.util.Arrays;
 import java.util.List;
 
-import cloud.katta.client.ApiClient;
 import cloud.katta.client.ApiException;
 import cloud.katta.client.api.StorageResourceApi;
 import cloud.katta.client.model.AccessTokenResponse;
@@ -47,8 +31,6 @@
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 
-import static cloud.katta.protocols.s3.S3AssumeRoleProtocol.OAUTH_TOKENEXCHANGE_BASEPATH;
-
 /**
  * Exchange OIDC token to scoped token using OAuth 2.0 Token Exchange. Used for S3-STS in Katta.
  */
@@ -61,14 +43,11 @@ public class TokenExchangeRequestInterceptor extends OAuth2RequestInterceptor {
      */
     public static final String OIDC_AUTHORIZED_PARTY = "azp";
 
-
     private final Host bookmark;
-    private final HttpClient client;
 
     public TokenExchangeRequestInterceptor(final HttpClient client, final Host bookmark, final LoginCallback prompt) throws LoginCanceledException {
         super(client, bookmark, prompt);
         this.bookmark = bookmark;
-        this.client = client;
     }
 
     @Override
@@ -92,9 +71,9 @@ public OAuthTokens refresh(final OAuthTokens previous) throws BackgroundExceptio
     public OAuthTokens exchange(final OAuthTokens previous) throws BackgroundException {
         log.info("Exchange tokens {} for {}", previous, bookmark);
         final PreferencesReader preferences = new HostPreferences(bookmark);
-        final ApiClient apiClient = getHubApiClient(previous, preferences);
-
-        final StorageResourceApi api = new StorageResourceApi(apiClient);
+        final HubSession hub = bookmark.getProtocol().getFeature(HubSession.class);
+        log.debug("Exchange token with hub {}", hub);
+        final StorageResourceApi api = new StorageResourceApi(hub.getClient());
         try {
             AccessTokenResponse tokenExchangeResponse = api.apiStorageS3TokenPost(preferences.getProperty(S3AssumeRoleProtocol.OAUTH_TOKENEXCHANGE_VAULT));
             // N.B. token exchange with Id token does not work!
@@ -109,18 +88,6 @@ public OAuthTokens exchange(final OAuthTokens previous) throws BackgroundExcepti
         }
     }
 
-    private static ApiClient getHubApiClient(final OAuthTokens previous, final PreferencesReader preferences) throws BackgroundException {
-        final ProtocolFactory factory = ProtocolFactory.get();
-        final Host hub = new HostParser(factory).get(preferences.getProperty(OAUTH_TOKENEXCHANGE_BASEPATH)).withCredentials(new Credentials().withOauth(new OAuthTokens(previous)));
-        hub.setProperty(SKIP_LISTING_UPON_LOGIN, "true"); // prevent infinite recursion
-        final HubSession session = (HubSession) SessionFactory.create(hub, new DefaultX509TrustManager(), new DefaultX509KeyManager())
-                .withRegistry(VaultRegistryFactory.get(new DisabledPasswordCallback()));
-        final LoginConnectionService login = new LoginConnectionService(new DisabledLoginCallback(), new DisabledHostKeyCallback(),
-                PasswordStoreFactory.get(), new DisabledProgressListener());
-        login.check(session, new DisabledCancelCallback());
-        return session.getClient();
-    }
-
     @Override
     public Credentials validate() throws BackgroundException {
         final Credentials credentials = super.validate();

hub/src/main/java/cloud/katta/workflows/CreateVaultService.java

@@ -134,7 +134,7 @@ public void createVault(final UserKeys userKeys, final StorageProfileDtoWrapper
 
             final OAuthTokens tokens = keychain.findOAuthTokens(hubSession.getHost());
             final Host bookmark = new VaultServiceImpl(vaultResource, storageProfileResource).getStorageBackend(ProtocolFactory.get(),
-                    configResource.apiConfigGet(), vaultDto.getId(), metadataPayload.storage(), tokens);
+                    hubSession, configResource.apiConfigGet(), vaultDto.getId(), metadataPayload.storage(), tokens);
             if(storageProfileWrapper.getProtocol() == Protocol.S3) {
                 // permanent: template upload into existing bucket from client (not backend)
                 templateUploadService.uploadTemplate(bookmark, metadataPayload, storageDto, hashedRootDirId);

hub/src/main/java/cloud/katta/workflows/VaultService.java

@@ -5,18 +5,18 @@
 package cloud.katta.workflows;
 
 import ch.cyberduck.core.Host;
-
-import java.util.UUID;
-
 import ch.cyberduck.core.OAuthTokens;
 import ch.cyberduck.core.ProtocolFactory;
 
+import java.util.UUID;
+
 import cloud.katta.client.ApiException;
 import cloud.katta.client.model.ConfigDto;
 import cloud.katta.crypto.UserKeys;
 import cloud.katta.crypto.uvf.UvfAccessTokenPayload;
 import cloud.katta.crypto.uvf.UvfMetadataPayload;
 import cloud.katta.crypto.uvf.VaultMetadataJWEBackendDto;
+import cloud.katta.protocols.hub.HubSession;
 import cloud.katta.workflows.exceptions.AccessException;
 import cloud.katta.workflows.exceptions.SecurityFailure;
 
@@ -47,13 +47,15 @@ public interface VaultService {
 
     /**
      * Prepares (virtual) bookmark for vault to access its configured storage backend.
+     *
      * @param protocols Registered protocol implementations to access backend storage
+     * @param hub       Hub API Connection
      * @param configDto Hub configuration
-     * @param vaultId Vault ID
-     * @param metadata Storage Backend configuration
+     * @param vaultId   Vault ID
+     * @param metadata  Storage Backend configuration
      * @return Configuration
      * @throws AccessException Unsupported backend storage protocol
-     * @throws ApiException Server error accessing storage profile
+     * @throws ApiException    Server error accessing storage profile
      */
-    Host getStorageBackend(final ProtocolFactory protocols, final ConfigDto configDto, UUID vaultId, VaultMetadataJWEBackendDto metadata, final OAuthTokens tokens) throws AccessException, ApiException;
+    Host getStorageBackend(final ProtocolFactory protocols, final HubSession hub, final ConfigDto configDto, UUID vaultId, VaultMetadataJWEBackendDto metadata, final OAuthTokens tokens) throws AccessException, ApiException;
 }

hub/src/main/java/cloud/katta/workflows/VaultServiceImpl.java

@@ -84,7 +84,7 @@ public UvfAccessTokenPayload getVaultAccessTokenJWE(final UUID vaultId, final Us
     }
 
     @Override
-    public Host getStorageBackend(final ProtocolFactory protocols, final ConfigDto configDto, final UUID vaultId, final VaultMetadataJWEBackendDto vaultMetadata, final OAuthTokens tokens) throws ApiException, AccessException {
+    public Host getStorageBackend(final ProtocolFactory protocols, final HubSession hub, final ConfigDto configDto, final UUID vaultId, final VaultMetadataJWEBackendDto vaultMetadata, final OAuthTokens tokens) throws ApiException, AccessException {
         if(null == protocols.forName(vaultMetadata.getProvider())) {
             log.debug("Load missing profile {}", vaultMetadata.getProvider());
             final StorageProfileDtoWrapper storageProfile = StorageProfileDtoWrapper.coerce(storageProfileResourceApi
@@ -93,8 +93,8 @@ public Host getStorageBackend(final ProtocolFactory protocols, final ConfigDto c
             switch(storageProfile.getProtocol()) {
                 case S3:
                 case S3_STS:
-                    final Profile profile = new Profile(protocols.forType(protocols.find(ProtocolFactory.BUNDLED_PROFILE_PREDICATE), Protocol.Type.s3), new StorageProfileDtoWrapperDeserializer(
-                            new HubConfigDtoDeserializer(configDto), storageProfile));
+                    final Profile profile = new HubAwareProfile(hub, protocols.forType(protocols.find(ProtocolFactory.BUNDLED_PROFILE_PREDICATE), Type.s3),
+                            configDto, storageProfile);
                     log.debug("Register storage profile {}", profile);
                     protocols.register(profile);
                     break;
@@ -129,4 +129,23 @@ public Host getStorageBackend(final ProtocolFactory protocols, final ConfigDto c
         bookmark.setRegion(vaultMetadata.getRegion());
         return bookmark;
     }
+
+    private static final class HubAwareProfile extends Profile {
+        private final HubSession hub;
+
+        public HubAwareProfile(final HubSession hub, final Protocol parent, final ConfigDto configDto, final StorageProfileDtoWrapper storageProfile) {
+            super(parent, new StorageProfileDtoWrapperDeserializer(
+                    new HubConfigDtoDeserializer(configDto), storageProfile));
+            this.hub = hub;
+        }
+
+        @SuppressWarnings("unchecked")
+        @Override
+        public <T> T getFeature(final Class<T> type) {
+            if(type == HubSession.class) {
+                return (T) hub;
+            }
+            return super.getFeature(type);
+        }
+    }
 }

hub/src/test/java/cloud/katta/core/AbstractHubSynchronizeTest.java

@@ -238,6 +238,7 @@ public void test03AddVault(final HubTestConfig config) throws Exception {
                 final Host bookmark = new VaultServiceImpl(new VaultResourceApi(hubSession.getClient()), new StorageProfileResourceApi(hubSession.getClient()))
                         .getStorageBackend(
                                 ProtocolFactory.get(),
+                                hubSession,
                                 new ConfigResourceApi(hubSession.getClient()).apiConfigGet(), vaultId, new VaultMetadataJWEBackendDto()
                                         .provider(storageProfileWrapper.getId().toString())
                                         .defaultPath(config.vault.bucketName)