CWMS-2055 - Updates to allow for a token provider with a discovered token url that the client implements (#263)

Updates to allow for a token provider with a discovered token url that the client implements
Update TokenUrlDiscoveryService to be an interface
Update TokenUrlDiscoveryService to return ApiConnectionInfo. Refactors code to pass ApiConnectionInfo for token url. This moved responsibility of creation of ssl socket data to client for discovered token url.

Author: rma-bryson

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java

@@ -1,7 +1,7 @@
 /*
  * MIT License
  *
- * Copyright (c) 2024 Hydrologic Engineering Center
+ * Copyright (c) 2025 Hydrologic Engineering Center
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -23,18 +23,17 @@
  */
 package hec.army.usace.hec.cwbi.auth.http.client;
 
-import java.io.IOException;
+import hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager;
 import java.util.Objects;
 import javax.net.ssl.SSLSocketFactory;
-import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
-import mil.army.usace.hec.cwms.http.client.auth.OAuth2TokenProvider;
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfoBuilder;
+import mil.army.usace.hec.cwms.http.client.SslSocketData;
 
-public final class CwbiAuthTokenProvider implements OAuth2TokenProvider {
+public final class CwbiAuthTokenProvider extends CwbiAuthTokenProviderBase {
 
-    private OAuth2Token oauth2Token;
-    private final String url;
-    private final String clientId;
     private final SSLSocketFactory sslSocketFactory;
+    private final String url;
 
     /**
      * Provider for OAuth2Tokens.
@@ -44,52 +43,16 @@ public final class CwbiAuthTokenProvider implements OAuth2TokenProvider {
      * @param sslSocketFactory - ssl socket factory
      */
     public CwbiAuthTokenProvider(String tokenUrl, String clientId, SSLSocketFactory sslSocketFactory) {
+        super(clientId);
+        this.sslSocketFactory = Objects.requireNonNull(sslSocketFactory, "Missing required sslSocketFactory");
         this.url = Objects.requireNonNull(tokenUrl, "Missing required tokenUrl");
-        this.clientId = Objects.requireNonNull(clientId, "Missing required clientId");
-        this.sslSocketFactory =Objects.requireNonNull(sslSocketFactory, "Missing required KeyManager");
-    }
-
-    @Override
-    public synchronized void clear() {
-        oauth2Token = null;
-    }
-
-    @Override
-    public synchronized OAuth2Token getToken() throws IOException {
-        if (oauth2Token == null) {
-            oauth2Token = newToken();
-        }
-        return oauth2Token;
-    }
-
-    @Override
-    public OAuth2Token newToken() throws IOException {
-        return new DirectGrantX509TokenRequestBuilder()
-            .withSSlSocketFactory(sslSocketFactory)
-            .withUrl(url)
-            .withClientId(clientId)
-            .fetchToken();
     }
 
     @Override
-    public synchronized OAuth2Token refreshToken() throws IOException {
-        OAuth2Token token = new RefreshTokenRequestBuilder()
-            .withSSlSocketFactory(sslSocketFactory)
-            .withRefreshToken(oauth2Token.getRefreshToken())
-            .withUrl(url)
-            .withClientId(clientId)
-            .fetchToken();
-        oauth2Token = token;
-        return token;
+    ApiConnectionInfo getUrl() {
+        return new ApiConnectionInfoBuilder(url)
+                .withSslSocketData(new SslSocketData(sslSocketFactory, CwbiAuthTrustManager.getTrustManager()))
+                .build();
     }
 
-    //package scoped for testing
-    String getUrl() {
-        return url;
-    }
-
-    //package scoped for testing
-    String getClientId() {
-        return clientId;
-    }
 }

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProviderBase.java

@@ -0,0 +1,78 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2025 Hydrologic Engineering Center
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package hec.army.usace.hec.cwbi.auth.http.client;
+
+import java.io.IOException;
+import java.util.Objects;
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
+import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
+import mil.army.usace.hec.cwms.http.client.auth.OAuth2TokenProvider;
+
+abstract class CwbiAuthTokenProviderBase implements OAuth2TokenProvider {
+    protected OAuth2Token oauth2Token;
+    protected final String clientId;
+
+    protected CwbiAuthTokenProviderBase(String clientId) {
+        this.clientId = Objects.requireNonNull(clientId, "Missing required clientId");
+    }
+
+    abstract ApiConnectionInfo getUrl();
+
+    @Override
+    public synchronized void clear() {
+        oauth2Token = null;
+    }
+
+    @Override
+    public synchronized OAuth2Token getToken() throws IOException {
+        if (oauth2Token == null) {
+            oauth2Token = newToken();
+        }
+        return oauth2Token;
+    }
+
+    @Override
+    public OAuth2Token newToken() throws IOException {
+        return new DirectGrantX509TokenRequestBuilder()
+                .withUrl(getUrl())
+                .withClientId(clientId)
+                .fetchToken();
+    }
+
+    @Override
+    public synchronized OAuth2Token refreshToken() throws IOException {
+        OAuth2Token token = new RefreshTokenRequestBuilder()
+                .withRefreshToken(oauth2Token.getRefreshToken())
+                .withUrl(getUrl())
+                .withClientId(clientId)
+                .fetchToken();
+        oauth2Token = token;
+        return token;
+    }
+
+    //package scoped for testing
+    String getClientId() {
+        return clientId;
+    }
+}

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/DirectGrantX509TokenRequestBuilder.java

@@ -23,54 +23,36 @@
  */
 package hec.army.usace.hec.cwbi.auth.http.client;
 
-import hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager;
-import mil.army.usace.hec.cwms.http.client.ApiConnectionInfoBuilder;
 import mil.army.usace.hec.cwms.http.client.HttpRequestBuilderImpl;
 import mil.army.usace.hec.cwms.http.client.HttpRequestResponse;
-import mil.army.usace.hec.cwms.http.client.SslSocketData;
 import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
 import mil.army.usace.hec.cwms.http.client.request.HttpRequestExecutor;
 
-import javax.net.ssl.SSLSocketFactory;
 import java.io.IOException;
-import java.util.Objects;
 
-public final class DirectGrantX509TokenRequestBuilder implements DirectGrantX509TokenRequestFluentBuilder {
-
-    private SslSocketData sslSocketData;
+public final class DirectGrantX509TokenRequestBuilder extends TokenRequestBuilder {
 
     @Override
-    public TokenRequestFluentBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory) {
-        this.sslSocketData = new SslSocketData(Objects.requireNonNull(sslSocketFactory, "Missing required SSLSocketFactory"),
-            CwbiAuthTrustManager.getTrustManager());
-        return new TokenRequestBuilderImpl();
-    }
-
-    private class TokenRequestBuilderImpl extends TokenRequestBuilder {
-
-        @Override
-        OAuth2Token retrieveToken() throws IOException {
-            OAuth2Token retVal = null;
-            String formBody = new UrlEncodedFormData()
+    OAuth2Token retrieveToken() throws IOException {
+        OAuth2Token retVal = null;
+        String formBody = new UrlEncodedFormData()
                 .addPassword("")
                 .addGrantType("password")
                 .addScopes("openid", "profile")
                 .addClientId(getClientId())
                 .addUsername("")
                 .buildEncodedString();
-            HttpRequestExecutor executor =
-                new HttpRequestBuilderImpl(new ApiConnectionInfoBuilder(getUrl())
-                    .withSslSocketData(sslSocketData).build())
-                    .post()
-                    .withBody(formBody)
-                    .withMediaType(MEDIA_TYPE);
-            try (HttpRequestResponse response = executor.execute()) {
-                String body = response.getBody();
-                if (body != null) {
-                    retVal = OAuth2ObjectMapper.mapJsonToObject(body, OAuth2Token.class);
-                }
+        HttpRequestExecutor executor =
+                new HttpRequestBuilderImpl(getUrl())
+                        .post()
+                        .withBody(formBody)
+                        .withMediaType(MEDIA_TYPE);
+        try (HttpRequestResponse response = executor.execute()) {
+            String body = response.getBody();
+            if (body != null) {
+                retVal = OAuth2ObjectMapper.mapJsonToObject(body, OAuth2Token.class);
             }
-            return retVal;
         }
+        return retVal;
     }
 }

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/DiscoveredCwbiAuthTokenProvider.java

@@ -0,0 +1,49 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2025 Hydrologic Engineering Center
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package hec.army.usace.hec.cwbi.auth.http.client;
+
+import java.util.Objects;
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
+
+public final class DiscoveredCwbiAuthTokenProvider extends CwbiAuthTokenProviderBase
+{
+    private final TokenUrlDiscoveryService tokenUrlDiscoveryService;
+    private ApiConnectionInfo url;
+
+    public DiscoveredCwbiAuthTokenProvider(String clientId, TokenUrlDiscoveryService tokenUrlDiscoveryService)
+    {
+        super(clientId);
+        this.tokenUrlDiscoveryService = Objects.requireNonNull(tokenUrlDiscoveryService, "Missing required tokenUrlDiscoveryService");
+    }
+
+    @Override
+    synchronized ApiConnectionInfo getUrl()
+    {
+        if(url == null)
+        {
+            url = tokenUrlDiscoveryService.discoverTokenUrl();
+        }
+        return url;
+    }
+}

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestBuilder.java

@@ -1,12 +1,8 @@
 package hec.army.usace.hec.cwbi.auth.http.client;
 
-import hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager;
-import java.util.Optional;
-import javax.net.ssl.SSLSocketFactory;
-import mil.army.usace.hec.cwms.http.client.ApiConnectionInfoBuilder;
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
 import mil.army.usace.hec.cwms.http.client.HttpRequestBuilderImpl;
 import mil.army.usace.hec.cwms.http.client.HttpRequestResponse;
-import mil.army.usace.hec.cwms.http.client.SslSocketData;
 import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
 import mil.army.usace.hec.cwms.http.client.request.HttpRequestExecutor;
 
@@ -16,7 +12,6 @@
 public final class RefreshTokenRequestBuilder implements RefreshTokenRequestFluentBuilder {
 
     private String refreshToken;
-    private SSLSocketFactory sslSocketFactory;
 
     /**
      * Retrieved token via a refresh token.
@@ -29,32 +24,13 @@ public TokenRequestFluentBuilder withRefreshToken(String refreshToken) {
         return new RefreshTokenRequestExecutor();
     }
 
-    /**
-     * Set the SSLSocketFactory for the refresh request should it be needed.
-     * @param sslSocketFactory - SSLSocketFactory to use
-     * @return Builder for http request
-     */
-    @Override
-    public RefreshTokenRequestBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory) {
-        this.sslSocketFactory = sslSocketFactory;
-        return this;
-    }
-
-    //package scoped for testing
-    Optional<SSLSocketFactory> getSslSocketFactory() {
-        return Optional.ofNullable(sslSocketFactory);
-    }
-
-    private class RefreshTokenRequestExecutor extends TokenRequestBuilder {
+    class RefreshTokenRequestExecutor extends TokenRequestBuilder {
 
         @Override
         OAuth2Token retrieveToken() throws IOException {
             OAuth2Token retVal = null;
-            SslSocketData sslSocketData = getSslSocketFactory().map(sf -> new SslSocketData(sf, CwbiAuthTrustManager.getTrustManager()))
-                    .orElse(null);
             HttpRequestExecutor executor =
-                new HttpRequestBuilderImpl(new ApiConnectionInfoBuilder(getUrl())
-                        .withSslSocketData(sslSocketData).build())
+                new HttpRequestBuilderImpl(getUrl())
                     .post()
                     .withBody(new UrlEncodedFormData()
                         .addRefreshToken(refreshToken)

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestFluentBuilder.java

@@ -1,8 +1,5 @@
 package hec.army.usace.hec.cwbi.auth.http.client;
 
-import javax.net.ssl.SSLSocketFactory;
-
 public interface RefreshTokenRequestFluentBuilder {
     TokenRequestFluentBuilder withRefreshToken(String refreshToken);
-    RefreshTokenRequestBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory);
 }

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/TokenRequestBuilder.java

@@ -25,17 +25,18 @@
 
 import java.io.IOException;
 import java.util.Objects;
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
 import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
 
 abstract class TokenRequestBuilder implements TokenRequestFluentBuilder {
 
     static final String MEDIA_TYPE = "application/x-www-form-urlencoded";
-    private String url;
+    private ApiConnectionInfo url;
     private String clientId;
 
     abstract OAuth2Token retrieveToken() throws IOException;
 
-    String getUrl() {
+    ApiConnectionInfo getUrl() {
         return url;
     }
 
@@ -44,7 +45,7 @@ String getClientId() {
     }
 
     @Override
-    public RequestClientId withUrl(String url) {
+    public RequestClientId withUrl(ApiConnectionInfo url) {
         this.url = Objects.requireNonNull(url, "Missing required URL");
         return new RequestClientIdImpl();
     }

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/TokenRequestFluentBuilder.java

@@ -23,7 +23,9 @@
  */
 package hec.army.usace.hec.cwbi.auth.http.client;
 
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
+
 public interface TokenRequestFluentBuilder {
 
-    RequestClientId withUrl(String url);
+    RequestClientId withUrl(ApiConnectionInfo url);
 }