[US RABB-1168] Create the proxy to make calls to customer provisioning API

api/api-iam/iam-internal/src/main/config/iam-internal-application-dev.yml

@@ -82,4 +82,37 @@ logging:
     # org.springframework.data.mongodb.core.MongoTemplate: DEBUG
     fr.gouv.vitamui.iam.security: INFO
 
+provisioning-client:
+  identity-providers:
+    - idp-identifier: 1
+      client:
+        server-host: ${vitamui-server-host}.teamdlab.com
+        server-port: 6201
+        secure: true
+        ssl-configuration:
+          keystore:
+            key-path: ../../../dev-deployment/environment/keystores/server/localhost/keystore_archive-internal.jks
+            key-password: changeme
+            type: JKS
+          truststore:
+            key-path: ../../../dev-deployment/environment/keystores/server/truststore_server.jks
+            key-password: changeme
+            type: JKS
+          hostname-verification: false
+    - idp-identifier: 2
+      client:
+        server-host: ${vitamui-server-host}.teamdlab.com
+        server-port: 6201
+        secure: true
+        ssl-configuration:
+          keystore:
+            key-path: ../../../dev-deployment/environment/keystores/server/localhost/keystore_archive-internal.jks
+            key-password: changeme
+            type: JKS
+          truststore:
+            key-path: ../../../dev-deployment/environment/keystores/server/truststore_server.jks
+            key-password: changeme
+            type: JKS
+          hostname-verification: false
+
 gdpr_alert_readonly: true

api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/cas/service/CasInternalService.java

@@ -299,13 +299,14 @@ public class CasInternalService {
         try {
             final UserDto user = internalUserService.findUserByEmail(email);
             if (identityProvider.isAutoProvisioningEnabled() && user.isAutoProvisioningEnabled()) {
-                updateUser(user, provisioningInternalService.getUserInformation(email, idp, userIdentifier));
+                // TODO : quelle unité envoyer ?
+                updateUser(user, provisioningInternalService.getUserInformation(email, idp, Optional.of(user.getGroupId()), Optional.empty(), userIdentifier));
             }
         } catch (NotFoundException e) {
             if (!identityProvider.isAutoProvisioningEnabled()) {
                 throw e;
             }
-            createNewUser(provisioningInternalService.getUserInformation(email, idp, userIdentifier));
+            createNewUser(provisioningInternalService.getUserInformation(email, idp, Optional.empty(), Optional.empty(), userIdentifier));
         }
 
         return getUserByEmail(email, optEmbedded);

api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/config/ApiIamServerConfig.java

@@ -42,6 +42,7 @@ import fr.gouv.vitamui.commons.mongo.config.MongoConfig;
 import fr.gouv.vitamui.commons.mongo.dao.CustomSequenceRepository;
 import fr.gouv.vitamui.commons.rest.RestExceptionHandler;
 import fr.gouv.vitamui.commons.rest.client.BaseRestClientFactory;
+import fr.gouv.vitamui.commons.rest.client.configuration.ProvisioningClientConfiguration;
 import fr.gouv.vitamui.commons.rest.client.configuration.RestClientConfiguration;
 import fr.gouv.vitamui.commons.rest.configuration.SwaggerConfiguration;
 import fr.gouv.vitamui.commons.vitam.api.access.LogbookService;
@@ -81,6 +82,7 @@ import fr.gouv.vitamui.iam.internal.server.owner.service.OwnerInternalService;
 import fr.gouv.vitamui.iam.internal.server.profile.converter.ProfileConverter;
 import fr.gouv.vitamui.iam.internal.server.profile.dao.ProfileRepository;
 import fr.gouv.vitamui.iam.internal.server.profile.service.ProfileInternalService;
+import fr.gouv.vitamui.iam.internal.server.provisioning.service.ProvisioningInternalService;
 import fr.gouv.vitamui.iam.internal.server.security.IamApiAuthenticationProvider;
 import fr.gouv.vitamui.iam.internal.server.security.IamAuthentificationService;
 import fr.gouv.vitamui.iam.internal.server.subrogation.converter.SubrogationConverter;
@@ -113,6 +115,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.multipart.MultipartResolver;
 import org.springframework.web.multipart.commons.CommonsMultipartResolver;
 import org.springframework.web.multipart.support.MultipartFilter;
+import org.springframework.web.reactive.function.client.WebClient;
 
 @Configuration
 @Import({RestExceptionHandler.class, MongoConfig.class, SwaggerConfiguration.class, ConverterConfig.class,
@@ -145,6 +148,12 @@ public class ApiIamServerConfig extends AbstractContextConfiguration {
         return new RestClientConfiguration();
     }
 
+    @Bean
+    @ConfigurationProperties(value = "provisioning-client")
+    public ProvisioningClientConfiguration provisioningClientProperties() {
+        return new ProvisioningClientConfiguration();
+    }
+
     @Bean
     @ConfigurationProperties(value = "security")
     public RestClientConfiguration securityClientProperties() {
@@ -324,6 +333,11 @@ public class ApiIamServerConfig extends AbstractContextConfiguration {
         return new UserEmailInternalService(factory);
     }
 
+    @Bean
+    public ProvisioningInternalService provisioningService(final WebClient.Builder webClientBuilder, final ProvisioningClientConfiguration provisioningClientConfiguration) {
+        return new ProvisioningInternalService(webClientBuilder, provisioningClientConfiguration);
+    }
+
     @Bean
     public IdentityProviderHelper identityProviderHelper() {
         return new IdentityProviderHelper();

api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/provisioning/service/ProvisioningInternalService.java

 /**
  * Copyright French Prime minister Office/SGMAP/DINSIC/Vitam Program (2019-2020)
  * and the signatories of the "VITAM - Accord du Contributeur" agreement.
- *
+ * <p>
  * contact@programmevitam.fr
- *
+ * <p>
  * This software is a computer program whose purpose is to implement
  * implement a digital archiving front-office system for the secure and
  * efficient high volumetry VITAM solution.
- *
+ * <p>
  * This software is governed by the CeCILL-C license under French law and
  * abiding by the rules of distribution of free software.  You can  use,
  * modify and/ or redistribute the software under the terms of the CeCILL-C
  * license as circulated by CEA, CNRS and INRIA at the following URL
  * "http://www.cecill.info".
- *
+ * <p>
  * As a counterpart to the access to the source code and  rights to copy,
  * modify and redistribute granted by the license, users are provided only
  * with a limited warranty  and the software's author,  the holder of the
  * economic rights,  and the successive licensors  have only  limited
  * liability.
- *
+ * <p>
  * In this respect, the user's attention is drawn to the risks associated
  * with loading,  using,  modifying and/or developing or reproducing the
  * software by the user in light of its specific status of free software,
@@ -30,17 +30,25 @@
  * requirements in conditions enabling the security of their systems and/or
  * data to be ensured and,  more generally, to use and operate it in the
  * same conditions as regards security.
- *
+ * <p>
  * The fact that you are presently reading this means that you have had
  * knowledge of the CeCILL-C license and that you accept its terms.
  */
+
 package fr.gouv.vitamui.iam.internal.server.provisioning.service;
 
 import java.util.Optional;
 
+import org.jetbrains.annotations.NotNull;
 import org.springframework.stereotype.Service;
+import org.springframework.web.reactive.function.client.WebClient;
+import org.springframework.web.util.UriComponentsBuilder;
 
 import fr.gouv.vitamui.commons.api.domain.ProvidedUserDto;
+import fr.gouv.vitamui.commons.api.exception.NotFoundException;
+import fr.gouv.vitamui.commons.rest.client.BaseWebClientFactory;
+import fr.gouv.vitamui.commons.rest.client.configuration.IdPProvisioningClientConfiguration;
+import fr.gouv.vitamui.commons.rest.client.configuration.ProvisioningClientConfiguration;
 
 /**
  * Customer provisioning service.
@@ -50,8 +58,42 @@ import fr.gouv.vitamui.commons.api.domain.ProvidedUserDto;
 @Service
 public class ProvisioningInternalService {
 
-    public ProvidedUserDto getUserInformation(final String email, final String idp, final Optional<String> userIdentifier) {
-        // TODO : get user info from effective customer proxy
-        return new ProvidedUserDto();
+    private final WebClient.Builder webClientBuilder;
+
+    private final ProvisioningClientConfiguration provisioningClientConfiguration;
+
+    public ProvisioningInternalService(final WebClient.Builder webClientBuilder, final ProvisioningClientConfiguration provisioningClientConfiguration) {
+        this.webClientBuilder = webClientBuilder;
+        this.provisioningClientConfiguration = provisioningClientConfiguration;
+    }
+
+    public ProvidedUserDto getUserInformation(final String email, final String idp, Optional<String> groupId, Optional<String> unit, final Optional<String> technicalUserId) {
+        final IdPProvisioningClientConfiguration idpProvisioningClient =
+                provisioningClientConfiguration.getIdentityProviders().stream().filter(provisioningClient -> provisioningClient.getIdpIdentifier().equals(idp))
+                        .findFirst().orElseThrow(() -> new NotFoundException(String.format("Provisioning client configuration not found for IdP : {}", idp)));
+        final BaseWebClientFactory clientFactory = new BaseWebClientFactory(idpProvisioningClient.getClient(), webClientBuilder);
+
+        return clientFactory.getWebClient().get()
+                .uri(getUri(email, groupId, unit, technicalUserId, idpProvisioningClient))
+                .retrieve().bodyToMono(ProvidedUserDto.class).block();
     }
+
+    @NotNull
+    private String getUri(final String email, final Optional<String> groupId, final Optional<String> unit, final Optional<String> technicalUserId,
+            final IdPProvisioningClientConfiguration idpProvisioningClient) {
+        final UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromHttpUrl(idpProvisioningClient.getUri());
+        uriBuilder.queryParam("email", email);
+        if (groupId.isPresent()) {
+            uriBuilder.queryParam("groupId", groupId);
+        }
+        if (unit.isPresent()) {
+            uriBuilder.queryParam("unit", unit.get());
+        }
+        if (technicalUserId.isPresent()) {
+            uriBuilder.queryParam("technicalUserId", technicalUserId.get());
+        }
+
+        return uriBuilder.toUriString();
+    }
+
 }

api/api-iam/iam-internal/src/test/java/fr/gouv/vitamui/iam/internal/server/cas/service/CasInternalServiceTest.java

@@ -72,7 +72,7 @@ class CasInternalServiceTest {
         when(identityProviderInternalService.getOne(IDP))
                 .thenReturn(buildIDP(true));
 
-        when(provisioningInternalService.getUserInformation(USER_EMAIL, IDP, Optional.empty()))
+        when(provisioningInternalService.getUserInformation(USER_EMAIL, IDP, Optional.empty(), Optional.empty(), Optional.empty()))
                 .thenReturn(buildProvidedUser("RH"));
 
         when(groupInternalService.getAll(any(), any())).thenReturn(List.of(buildProfilesGroup()));
@@ -92,7 +92,7 @@ class CasInternalServiceTest {
         when(identityProviderInternalService.getOne(IDP))
                 .thenReturn(buildIDP(true));
 
-        when(provisioningInternalService.getUserInformation(USER_EMAIL, IDP, Optional.empty()))
+        when(provisioningInternalService.getUserInformation(USER_EMAIL, IDP, Optional.empty(), Optional.empty(), Optional.empty()))
                 .thenReturn(buildProvidedUser("RH"));
 
         when(groupInternalService.getAll(any(), any())).thenReturn(List.of(buildProfilesGroup()));

commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/IdPProvisioningClientConfiguration.java

+/**
+ * Copyright French Prime minister Office/SGMAP/DINSIC/Vitam Program (2019-2020)
+ * and the signatories of the "VITAM - Accord du Contributeur" agreement.
+ *
+ * contact@programmevitam.fr
+ *
+ * This software is a computer program whose purpose is to implement
+ * implement a digital archiving front-office system for the secure and
+ * efficient high volumetry VITAM solution.
+ *
+ * This software is governed by the CeCILL-C license under French law and
+ * abiding by the rules of distribution of free software.  You can  use,
+ * modify and/ or redistribute the software under the terms of the CeCILL-C
+ * license as circulated by CEA, CNRS and INRIA at the following URL
+ * "http://www.cecill.info".
+ *
+ * As a counterpart to the access to the source code and  rights to copy,
+ * modify and redistribute granted by the license, users are provided only
+ * with a limited warranty  and the software's author,  the holder of the
+ * economic rights,  and the successive licensors  have only  limited
+ * liability.
+ *
+ * In this respect, the user's attention is drawn to the risks associated
+ * with loading,  using,  modifying and/or developing or reproducing the
+ * software by the user in light of its specific status of free software,
+ * that may mean  that it is complicated to manipulate,  and  that  also
+ * therefore means  that it is reserved for developers  and  experienced
+ * professionals having in-depth computer knowledge. Users are therefore
+ * encouraged to load and test the software's suitability as regards their
+ * requirements in conditions enabling the security of their systems and/or
+ * data to be ensured and,  more generally, to use and operate it in the
+ * same conditions as regards security.
+ *
+ * The fact that you are presently reading this means that you have had
+ * knowledge of the CeCILL-C license and that you accept its terms.
+ */
+package fr.gouv.vitamui.commons.rest.client.configuration;
+
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+
+@Getter
+@Setter
+@EqualsAndHashCode
+@ToString
+public class IdPProvisioningClientConfiguration {
+
+    private Integer idpIdentifier;
+
+    private String uri;
+
+    private RestClientConfiguration client;
+}

commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/ProvisioningClientConfiguration.java

+/**
+ * Copyright French Prime minister Office/SGMAP/DINSIC/Vitam Program (2019-2020)
+ * and the signatories of the "VITAM - Accord du Contributeur" agreement.
+ *
+ * contact@programmevitam.fr
+ *
+ * This software is a computer program whose purpose is to implement
+ * implement a digital archiving front-office system for the secure and
+ * efficient high volumetry VITAM solution.
+ *
+ * This software is governed by the CeCILL-C license under French law and
+ * abiding by the rules of distribution of free software.  You can  use,
+ * modify and/ or redistribute the software under the terms of the CeCILL-C
+ * license as circulated by CEA, CNRS and INRIA at the following URL
+ * "http://www.cecill.info".
+ *
+ * As a counterpart to the access to the source code and  rights to copy,
+ * modify and redistribute granted by the license, users are provided only
+ * with a limited warranty  and the software's author,  the holder of the
+ * economic rights,  and the successive licensors  have only  limited
+ * liability.
+ *
+ * In this respect, the user's attention is drawn to the risks associated
+ * with loading,  using,  modifying and/or developing or reproducing the
+ * software by the user in light of its specific status of free software,
+ * that may mean  that it is complicated to manipulate,  and  that  also
+ * therefore means  that it is reserved for developers  and  experienced
+ * professionals having in-depth computer knowledge. Users are therefore
+ * encouraged to load and test the software's suitability as regards their
+ * requirements in conditions enabling the security of their systems and/or
+ * data to be ensured and,  more generally, to use and operate it in the
+ * same conditions as regards security.
+ *
+ * The fact that you are presently reading this means that you have had
+ * knowledge of the CeCILL-C license and that you accept its terms.
+ */
+package fr.gouv.vitamui.commons.rest.client.configuration;
+
+import java.util.List;
+
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+
+@Getter
+@Setter
+@EqualsAndHashCode
+@ToString
+public class ProvisioningClientConfiguration {
+    private List<IdPProvisioningClientConfiguration> identityProviders;
+}