shift7-ch
diff --git a/‎hub/src/main/java/cloud/katta/protocols/hub/HubAwareProfile.java‎
Lines changed: 1 addition & 19 deletions b/‎hub/src/main/java/cloud/katta/protocols/hub/HubAwareProfile.java‎
Lines changed: 1 addition & 19 deletions
diff --git a/‎hub/src/main/java/cloud/katta/protocols/hub/HubSession.java‎
Lines changed: 14 additions & 41 deletions b/‎hub/src/main/java/cloud/katta/protocols/hub/HubSession.java‎
Lines changed: 14 additions & 41 deletions
diff --git a/‎hub/src/main/java/cloud/katta/protocols/hub/HubUVFVault.java‎
Lines changed: 3 additions & 19 deletions b/‎hub/src/main/java/cloud/katta/protocols/hub/HubUVFVault.java‎
Lines changed: 3 additions & 19 deletions
diff --git a/‎hub/src/main/java/cloud/katta/protocols/hub/HubVaultListService.java‎
Lines changed: 9 additions & 13 deletions b/‎hub/src/main/java/cloud/katta/protocols/hub/HubVaultListService.java‎
Lines changed: 9 additions & 13 deletions
diff --git a/‎hub/src/main/java/cloud/katta/protocols/s3/S3AssumeRoleSession.java‎
Lines changed: 17 additions & 6 deletions b/‎hub/src/main/java/cloud/katta/protocols/s3/S3AssumeRoleSession.java‎
Lines changed: 17 additions & 6 deletions
diff --git a/‎hub/src/main/java/cloud/katta/protocols/s3/STSChainedAssumeRoleRequestInterceptor.java‎
Lines changed: 9 additions & 8 deletions b/‎hub/src/main/java/cloud/katta/protocols/s3/STSChainedAssumeRoleRequestInterceptor.java‎
Lines changed: 9 additions & 8 deletions
@@ -6,7 +6,6 @@
 
 import ch.cyberduck.core.Profile;
 import ch.cyberduck.core.Protocol;
-import ch.cyberduck.core.oauth.OAuth2RequestInterceptor;
 
 import cloud.katta.client.model.ConfigDto;
 import cloud.katta.model.StorageProfileDtoWrapper;
@@ -15,24 +14,7 @@
 
 public final class HubAwareProfile extends Profile {
 
-    private final HubSession hub;
-    private final OAuth2RequestInterceptor oauth;
-
-    public HubAwareProfile(final HubSession hub, final OAuth2RequestInterceptor oauth, final Protocol parent, final ConfigDto configDto, final StorageProfileDtoWrapper storageProfile) {
+    public HubAwareProfile(final Protocol parent, final ConfigDto configDto, final StorageProfileDtoWrapper storageProfile) {
         super(parent, new HubConfigDtoDeserializer(configDto, new StorageProfileDtoWrapperDeserializer(storageProfile)));
-        this.hub = hub;
-        this.oauth = oauth;
-    }
-
-    @SuppressWarnings("unchecked")
-    @Override
-    public <T> T getFeature(final Class<T> type) {
-        if(type == HubSession.class) {
-            return (T) hub;
-        }
-        if(type == OAuth2RequestInterceptor.class) {
-            return (T) oauth;
-        }
-        return super.getFeature(type);
     }
 }
@@ -44,22 +44,18 @@
 import org.apache.logging.log4j.Logger;
 
 import java.io.InputStream;
-import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 
 import cloud.katta.client.ApiException;
 import cloud.katta.client.HubApiClient;
 import cloud.katta.client.api.ConfigResourceApi;
-import cloud.katta.client.api.StorageProfileResourceApi;
 import cloud.katta.client.api.UsersResourceApi;
 import cloud.katta.client.model.ConfigDto;
-import cloud.katta.client.model.StorageProfileDto;
 import cloud.katta.client.model.UserDto;
 import cloud.katta.core.DeviceSetupCallback;
 import cloud.katta.crypto.DeviceKeys;
 import cloud.katta.crypto.UserKeys;
-import cloud.katta.model.StorageProfileDtoWrapper;
 import cloud.katta.protocols.hub.exceptions.HubExceptionMappingService;
 import cloud.katta.protocols.hub.serializer.HubConfigDtoDeserializer;
 import cloud.katta.workflows.DeviceKeysServiceImpl;
@@ -82,11 +78,6 @@ public class HubSession extends HttpSession<HubApiClient> {
      */
     private final Scheduler<?> access = new HubGrantAccessSchedulerService(this, keychain);
 
-    /**
-     * Registered storage profiles
-     */
-    private final ProtocolFactory storage = new ProtocolFactory();
-
     /**
      * Interceptor for OpenID connect flow
      */
@@ -171,36 +162,14 @@ public void login(final LoginCallback prompt, final CancelCallback cancel) throw
             log.warn("Failure {} decoding JWT {}", e, credentials.getOauth().getIdToken());
             throw new LoginCanceledException(e);
         }
-        try {
-            final UserDto me = this.getMe();
-            log.debug("Retrieved user {}", me);
-            // Ensure device key is available
-            final DeviceSetupCallback setup = prompt.getFeature(DeviceSetupCallback.class);
-            log.debug("Configured with setup prompt {}", setup);
-            final UserKeys userKeys = this.getUserKeys(setup);
-            log.debug("Retrieved user keys {}", userKeys);
-            final List<StorageProfileDto> storageProfileDtos = new StorageProfileResourceApi(client).apiStorageprofileGet(false);
-            for(StorageProfileDto storageProfileDto : storageProfileDtos) {
-                final StorageProfileDtoWrapper storageProfile = StorageProfileDtoWrapper.coerce(storageProfileDto);
-                log.debug("Read storage profile {}", storageProfile);
-                switch(storageProfile.getProtocol()) {
-                    case S3:
-                    case S3_STS:
-                        final Profile profile = new HubAwareProfile(this, authorizationService,
-                                ProtocolFactory.get().forType(ProtocolFactory.get().find(ProtocolFactory.BUNDLED_PROFILE_PREDICATE), Protocol.Type.s3),
-                                config, storageProfile);
-                        log.debug("Register profile {}", profile);
-                        storage.register(profile);
-                        break;
-                    default:
-                        throw new InteroperabilityException(String.format("Unsupported storage configuration %s", storageProfile.getProtocol().name()));
-                }
-            }
-            vaults = new HubVaultListService(storage, this, prompt);
-        }
-        catch(ApiException e) {
-            throw new HubExceptionMappingService().map(e);
-        }
+        final UserDto me = this.getMe();
+        log.debug("Retrieved user {}", me);
+        // Ensure device key is available
+        final DeviceSetupCallback setup = prompt.getFeature(DeviceSetupCallback.class);
+        log.debug("Configured with setup prompt {}", setup);
+        final UserKeys userKeys = this.getUserKeys(setup);
+        log.debug("Retrieved user keys {}", userKeys);
+        vaults = new HubVaultListService(this, prompt);
     }
 
     private UserKeys pair(final DeviceSetupCallback setup) throws BackgroundException {
@@ -246,6 +215,10 @@ public UserDto getMe() throws BackgroundException {
         }
     }
 
+    public ConfigDto getConfig() {
+        return config;
+    }
+
     /**
      *
      * @return Destroyed keys after login
@@ -387,8 +360,8 @@ public void preflight(final Path file) throws BackgroundException {
         if(type == CredentialsConfigurator.class) {
             return (T) new HubOAuthTokensCredentialsConfigurator(keychain, host);
         }
-        if(type == ProtocolFactory.class) {
-            return (T) storage;
+        if(type == OAuth2RequestInterceptor.class) {
+            return (T) authorizationService;
         }
         return super._getFeature(type);
     }
 
@@ -4,7 +4,6 @@
 
 package cloud.katta.protocols.hub;
 
-import ch.cyberduck.core.CredentialsConfigurator;
 import ch.cyberduck.core.DisabledCancelCallback;
 import ch.cyberduck.core.DisabledHostKeyCallback;
 import ch.cyberduck.core.Host;
@@ -13,13 +12,10 @@
 import ch.cyberduck.core.PasswordCallback;
 import ch.cyberduck.core.Path;
 import ch.cyberduck.core.PathAttributes;
-import ch.cyberduck.core.Protocol;
 import ch.cyberduck.core.Session;
-import ch.cyberduck.core.SessionFactory;
 import ch.cyberduck.core.cryptomator.ContentWriter;
 import ch.cyberduck.core.cryptomator.UVFVault;
 import ch.cyberduck.core.exception.BackgroundException;
-import ch.cyberduck.core.exception.ConnectionCanceledException;
 import ch.cyberduck.core.exception.InteroperabilityException;
 import ch.cyberduck.core.exception.UnsupportedException;
 import ch.cyberduck.core.features.AttributesFinder;
@@ -29,8 +25,6 @@
 import ch.cyberduck.core.preferences.PreferencesFactory;
 import ch.cyberduck.core.proxy.ProxyFactory;
 import ch.cyberduck.core.s3.S3Session;
-import ch.cyberduck.core.ssl.X509KeyManager;
-import ch.cyberduck.core.ssl.X509TrustManager;
 import ch.cyberduck.core.transfer.TransferStatus;
 import ch.cyberduck.core.vault.VaultCredentials;
 import ch.cyberduck.core.vault.VaultUnlockCancelException;
@@ -52,14 +46,11 @@
 import cloud.katta.crypto.UserKeys;
 import cloud.katta.crypto.uvf.UvfMetadataPayload;
 import cloud.katta.crypto.uvf.UvfMetadataPayloadPasswordCallback;
-import cloud.katta.crypto.uvf.VaultMetadataJWEBackendDto;
 import cloud.katta.protocols.hub.exceptions.HubExceptionMappingService;
 import cloud.katta.protocols.s3.S3AssumeRoleProtocol;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.nimbusds.jose.JOSEException;
 
-import static cloud.katta.protocols.s3.S3AssumeRoleProtocol.OAUTH_TOKENEXCHANGE_VAULT;
-
 /**
  * Unified vault format (UVF) implementation for Katta
  */
@@ -77,25 +68,18 @@ public class HubUVFVault extends UVFVault {
 
     /**
      *
-     * @param profile       Storage provider configuration
+     * @param storage       Storage connection
      * @param vaultId       Vault Id
      * @param vaultMetadata Vault UVF metadata
      * @param prompt        Login prompt to access storage
      */
-    public HubUVFVault(final Protocol profile, final UUID vaultId, final UvfMetadataPayload vaultMetadata, final LoginCallback prompt) throws ConnectionCanceledException {
+    public HubUVFVault(final Session<?> storage, final UUID vaultId, final UvfMetadataPayload vaultMetadata, final LoginCallback prompt) {
         super(new Path(vaultMetadata.storage().getDefaultPath(), EnumSet.of(Path.Type.directory, Path.Type.volume),
                 new PathAttributes().setDisplayname(vaultMetadata.storage().getNickname())));
+        this.storage = storage;
         this.vaultId = vaultId;
         this.vaultMetadata = vaultMetadata;
         this.login = prompt;
-        final VaultMetadataJWEBackendDto vaultStorageMetadata = vaultMetadata.storage();
-        final HubSession hub = profile.getFeature(HubSession.class);
-        log.debug("Loaded profile {} for UVF metadata {}", profile, vaultMetadata);
-        final Host storageProvider = new Host(profile, hub.getFeature(CredentialsConfigurator.class).reload().configure(hub.getHost())
-                .setUsername(vaultStorageMetadata.getUsername()).setPassword(vaultStorageMetadata.getPassword())).withRegion(vaultStorageMetadata.getRegion());
-        storageProvider.setProperty(OAUTH_TOKENEXCHANGE_VAULT, vaultId.toString());
-        log.debug("Configured {} for vault {}", storageProvider, this);
-        this.storage = SessionFactory.create(storageProvider, hub.getFeature(X509TrustManager.class), hub.getFeature(X509KeyManager.class));
     }
 
     /**
 
@@ -10,8 +10,7 @@
 import ch.cyberduck.core.LocaleFactory;
 import ch.cyberduck.core.LoginCallback;
 import ch.cyberduck.core.Path;
-import ch.cyberduck.core.Protocol;
-import ch.cyberduck.core.ProtocolFactory;
+import ch.cyberduck.core.Session;
 import ch.cyberduck.core.exception.AccessDeniedException;
 import ch.cyberduck.core.exception.BackgroundException;
 import ch.cyberduck.core.exception.NotfoundException;
@@ -37,15 +36,10 @@
 public class HubVaultListService implements ListService {
     private static final Logger log = LogManager.getLogger(HubVaultListService.class);
 
-    /**
-     * Storage profiles
-     */
-    private final ProtocolFactory storage;
     private final HubSession session;
     private final LoginCallback prompt;
 
-    public HubVaultListService(final ProtocolFactory storage, final HubSession session, final LoginCallback prompt) {
-        this.storage = storage;
+    public HubVaultListService(final HubSession session, final LoginCallback prompt) {
         this.session = session;
         this.prompt = prompt;
     }
@@ -54,6 +48,7 @@ public HubVaultListService(final ProtocolFactory storage, final HubSession sessi
     public AttributedList<Path> list(final Path directory, final ListProgressListener listener) throws BackgroundException {
         if(directory.isRoot()) {
             try {
+                final VaultServiceImpl vaultService = new VaultServiceImpl(session);
                 final VaultRegistry registry = session.getRegistry();
                 final AttributedList<Path> vaults = new AttributedList<>();
                 for(final VaultDto vaultDto : new VaultResourceApi(session.getClient()).apiVaultsAccessibleGet(null)) {
@@ -64,19 +59,17 @@ public AttributedList<Path> list(final Path directory, final ListProgressListene
                     log.debug("Load vault {}", vaultDto);
                     try {
                         // Find storage configuration in vault metadata
-                        final VaultServiceImpl vaultService = new VaultServiceImpl(session);
                         final DeviceSetupCallback setup = prompt.getFeature(DeviceSetupCallback.class);
                         final UvfMetadataPayload vaultMetadata = vaultService.getVaultMetadataJWE(vaultDto.getId(), session.getUserKeys(setup));
-                        final Protocol profile = storage.forName(vaultMetadata.storage().getProvider());
-                        final HubUVFVault vault = new HubUVFVault(profile, vaultDto.getId(), vaultMetadata, prompt);
+                        final Session<?> storage = vaultService.getVaultStorageSession(session, vaultDto.getId(), vaultMetadata);
+                        final HubUVFVault vault = new HubUVFVault(storage, vaultDto.getId(), vaultMetadata, prompt);
                         try {
                             registry.add(vault.load(session, prompt));
                             vaults.add(vault.getHome());
                             listener.chunk(directory, vaults);
                         }
                         catch(VaultUnlockCancelException e) {
                             log.warn("Skip vault {} with failure {} loading", vaultDto, e);
-                            continue;
                         }
                     }
                     catch(ApiException e) {
@@ -86,7 +79,10 @@ public AttributedList<Path> list(final Path directory, final ListProgressListene
                         }
                         throw e;
                     }
-                    catch(AccessException | SecurityFailure e) {
+                    catch(AccessException e) {
+                        log.warn("Skip vault {} with access failure {}", vaultDto, e);
+                    }
+                    catch(SecurityFailure e) {
                         throw new AccessDeniedException(e.getMessage(), e);
                     }
                 }
 
@@ -6,7 +6,6 @@
 
 import ch.cyberduck.core.Host;
 import ch.cyberduck.core.LoginCallback;
-import ch.cyberduck.core.OAuthTokens;
 import ch.cyberduck.core.exception.LoginCanceledException;
 import ch.cyberduck.core.oauth.OAuth2RequestInterceptor;
 import ch.cyberduck.core.s3.S3CredentialsStrategy;
@@ -19,11 +18,25 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
+import java.util.UUID;
+
+import cloud.katta.protocols.hub.HubSession;
+
 public class S3AssumeRoleSession extends S3Session {
     private static final Logger log = LogManager.getLogger(S3AssumeRoleSession.class);
 
-    public S3AssumeRoleSession(final Host host, final X509TrustManager trust, final X509KeyManager key) {
-        super(host, trust, key);
+    private final HubSession hub;
+    /**
+     * Shared OAuth tokens
+     */
+    private final OAuth2RequestInterceptor oauth;
+    private final UUID vaultId;
+
+    public S3AssumeRoleSession(final HubSession hub, final UUID vaultId, final Host host) {
+        super(host, hub.getFeature(X509TrustManager.class), hub.getFeature(X509KeyManager.class));
+        this.hub = hub;
+        this.oauth = hub.getFeature(OAuth2RequestInterceptor.class);
+        this.vaultId = vaultId;
     }
 
     /**
@@ -37,11 +50,9 @@ public S3AssumeRoleSession(final Host host, final X509TrustManager trust, final
     @Override
     protected S3CredentialsStrategy configureCredentialsStrategy(final HttpClientBuilder configuration, final LoginCallback prompt) throws LoginCanceledException {
         if(host.getProtocol().isOAuthConfigurable()) {
-            // Shared OAuth tokens
-            final OAuth2RequestInterceptor oauth = host.getProtocol().getFeature(OAuth2RequestInterceptor.class);
             log.debug("Register interceptor {}", oauth);
             configuration.addInterceptorLast(oauth);
-            final STSRequestInterceptor sts = new STSChainedAssumeRoleRequestInterceptor(hub, vaultId, host, trust, key, prompt);
+            final STSRequestInterceptor sts = new STSChainedAssumeRoleRequestInterceptor(hub, oauth, vaultId, host, trust, key, prompt);
             log.debug("Register interceptor {}", sts);
             configuration.addInterceptorLast(sts);
             return sts;
 
@@ -10,6 +10,7 @@
 import ch.cyberduck.core.Profile;
 import ch.cyberduck.core.TemporaryAccessTokens;
 import ch.cyberduck.core.exception.BackgroundException;
+import ch.cyberduck.core.exception.InteroperabilityException;
 import ch.cyberduck.core.exception.LoginFailureException;
 import ch.cyberduck.core.oauth.OAuth2RequestInterceptor;
 import ch.cyberduck.core.preferences.HostPreferencesFactory;
@@ -24,6 +25,7 @@
 
 import java.util.Arrays;
 import java.util.List;
+import java.util.UUID;
 
 import cloud.katta.client.ApiException;
 import cloud.katta.client.api.StorageResourceApi;
@@ -46,15 +48,17 @@ public class STSChainedAssumeRoleRequestInterceptor extends STSAssumeRoleWithWeb
      */
     private static final String OIDC_AUTHORIZED_PARTY = "azp";
 
+    private final HubSession hub;
     private final Host bookmark;
-    private final String vaultId;
+    private final UUID vaultId;
 
-    public STSChainedAssumeRoleRequestInterceptor(final OAuth2RequestInterceptor oauth, final Host host,
+    public STSChainedAssumeRoleRequestInterceptor(final HubSession hub, final OAuth2RequestInterceptor oauth, final UUID vaultId, final Host host,
                                                   final X509TrustManager trust, final X509KeyManager key,
                                                   final LoginCallback prompt) {
         super(oauth, host, trust, key, prompt);
+        this.hub = hub;
         this.bookmark = host;
-        this.vaultId = HostPreferencesFactory.get(host).getProperty(S3AssumeRoleProtocol.OAUTH_TOKENEXCHANGE_VAULT);
+        this.vaultId = vaultId;
     }
 
     @Override
@@ -95,18 +99,15 @@ public TemporaryAccessTokens assumeRoleWithWebIdentity(final OAuthTokens oauth,
      * Perform OAuth 2.0 Token Exchange
      *
      * @return New tokens
-     * @see S3AssumeRoleProtocol#OAUTH_TOKENEXCHANGE_VAULT
      */
     private OAuthTokens tokenExchange(final OAuthTokens tokens) throws BackgroundException {
         final PreferencesReader settings = HostPreferencesFactory.get(bookmark);
         if(settings.getBoolean(S3AssumeRoleProtocol.OAUTH_TOKENEXCHANGE)) {
             if(this.isTokenExchangeRequired(tokens)) {
-                log.info("Exchange tokens for {}", bookmark);
-                final HubSession hub = bookmark.getProtocol().getFeature(HubSession.class);
-                log.debug("Exchange token with hub {}", hub);
+                log.info("Exchange tokens {} for vault {}", tokens, vaultId);
                 final StorageResourceApi api = new StorageResourceApi(hub.getClient());
                 try {
-                    final AccessTokenResponse tokenExchangeResponse = api.apiStorageS3TokenPost(vaultId);
+                    final AccessTokenResponse tokenExchangeResponse = api.apiStorageS3TokenPost(vaultId.toString());
                     // N.B. token exchange with Id token does not work!
                     final OAuthTokens exchanged = new OAuthTokens(tokenExchangeResponse.getAccessToken(),
                             tokenExchangeResponse.getRefreshToken(),