Wednesday, November 29, 2017

Getting your UAA token to access IBM cloud services


It seems that lately i am having to deal with lots of security related issues at work (kerberos, IAM, UAA , bearer tokens etc ..) and to be more specific its more related to the authentication part .

If you need to access a service in IBM cloud (formerly known as blue-mix) which requires a UAA token either by username & password or using an API key authentication , both using java code you just got lucky !

This is an explanation of how to create an API key in IBM cloud: creating an API key


package ext.security;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.Scanner;

public class InputHandler  {

    public String getToken(Process process){
        String token = "" ;
        try {
           BufferedReader in = new BufferedReader(new InputStreamReader(process.getInputStream()));
           String line;
           StringBuilder builder = new StringBuilder();
           while ((line = in.readLine()) != null) {
               builder.append(line);
           }
           process.waitFor();
           in.close();
           token = builder.toString();
       }catch(Exception e){
           e.printStackTrace();
       }
       return token ;
    }
}




package ext.security;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.List;
import java.util.logging.Logger;

public class UAATokenAccessor {

    private static final String TOKEN_PREFIX = "{“access_token”:“" ;
    private Logger logger = Logger.getLogger(this.getClass().getName());

    public String getUAATokenUsingUserNamePass(String username, String password, String UAAAuthURL) throws IOException,InterruptedException{
        logger.info("A request to get a UAA token was recieved") ;

        ProcessBuilder pb = new ProcessBuilder(
                "curl",
                "--request","POST",
                "--header","Authorization: Basic Y2Y6",
                "--header","Content-Type: application/x-www-form-urlencoded",
                "--data","grant_type=password&username="+username+"&password="+password,
                UAAAuthURL);
        System.out.println("!-------------------------------------------------!");

        List<String> command = pb.command();
        pb.redirectOutput(ProcessBuilder.Redirect.INHERIT);
        pb.redirectError(ProcessBuilder.Redirect.INHERIT);

        for(int i=0;i<command.size();i++){logger.info(command.get(i)+" ");
        }
        System.out.println("");
        Process process = pb.start();
        InputHandler handler = new InputHandler();
        String tokenRaw = handler.getToken(process);
        String token = formatToken(tokenRaw);
        logger.info("UAA Token returned : " + token);
        return token;
    }

    public String getUAATokenUsingAPiKey(String apiKey,String UAAAuthURL) throws IOException,InterruptedException{

        logger.info("A request to get a UAA token was received") ;

        ProcessBuilder pb = new ProcessBuilder(
                "curl",
                "--insecure",
                "--header","Content-Type: application/x-www-form-urlencoded;charset=utf-8",
                "--header","Accept: application/x-www-form-urlencoded;charset=utf-8",
                "--header","Authorization: Basic Y2Y6",
                "--data","grant_type=password&username=apikey&password=" + apiKey,
                UAAAuthURL);

        System.out.println("!-------------------------------------------------!");
        Process process = pb.start();
        InputHandler handler = new InputHandler();
        String tokenRaw = handler.getToken(process);
        String token = formatToken(tokenRaw);
        logger.info("UAA Token returned : " + token);
        return token;
    }

    private String formatToken(String tokenRaw){
        String token = null ;
        int tokenEnd = 0 ;
        String tokenRawNoPrefix = tokenRaw.substring(TOKEN_PREFIX.length(),tokenRaw.length());
        tokenEnd = tokenRawNoPrefix.indexOf(",");
        token = tokenRawNoPrefix.substring(0,tokenEnd-1);

        return token ;
    }
}

package ext.test;

import ext.security.UAATokenAccessor;
import org.junit.Test;

import java.util.logging.Logger;

public class UAATokenTest {

    private Logger logger = Logger.getLogger(this.getClass().getName());
    
    final static String bluemixUAATokenAuthURI = "https://login.ng.bluemix.net/UAALoginServerWAR/oauth/token" ;
    
    final static String prodApiKey= "<your-generated-apikey>" ;
    final static String bluemixUser = "<your_ibmid>";
    final static String bluemixPassword = "<your_ibmpassword>";

    @Test
    public void doTest(){

        doAPIAuthAuthentication(prodApiKey,bluemixUAATokenAuthURI,"Authentication with API key");

        doUserPassAuthentication(bluemixUser, bluemixPassword,bluemixUAATokenAuthURI,"Authentication with username and password");
    }

    public String doUserPassAuthentication(String user,String password, String authUri, String description){
        logger.info("testing:" + description);
        String authorization = null ;
        final UAATokenAccessor uaaAccessor = new UAATokenAccessor();
        try {
            authorization = uaaAccessor.getUAATokenUsingUserNamePass(user, password, authUri);
            logger.info("result for " + description + ": " +authorization);
        }catch(Exception e){
            e.printStackTrace();
        }
        return authorization ;
    }

    public String doAPIAuthAuthentication(String apiKey, String authURI, String description){
        logger.info("testing:" + description);

        String authorization = null ;
        try {

            final UAATokenAccessor uaaAccessor = new UAATokenAccessor();
            authorization = uaaAccessor.getUAATokenUsingAPiKey(apiKey, authURI);
            logger.info("result for " + description + ": " +authorization);
        }catch(Exception e){
            e.printStackTrace();;
        }

        return authorization ;
    }
}



Have fun !