Support providing HTTP credentials from an external process

This enables use of something like `cf oauth-token` to authenticate the
Shell to a DF server using Oauth2 tokens.

See https://www.pivotaltracker.com/story/show/138282513

Author: mheath

spring-cloud-dataflow-rest-resource/src/main/java/org/springframework/cloud/dataflow/rest/util/HttpClientConfigurer.java

@@ -0,0 +1,114 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.cloud.dataflow.rest.util;
+
+import java.net.URI;
+
+import org.apache.http.HttpHost;
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+
+import org.springframework.http.client.ClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+
+/**
+ * Utility for configuring a {@link CloseableHttpClient}. This class allows for
+ * chained method invocation. If both basic auth credentials and a target host
+ * are provided, the HTTP client will aggressively send the credentials
+ * without having to receive an HTTP 401 response first.
+ *
+ * <p>This class can also be used to configure the client used by
+ * {@link org.springframework.web.client.RestTemplate} using
+ * {@link #buildClientHttpRequestFactory()}.
+ *
+ * @author Mike Heath
+ */
+public class HttpClientConfigurer {
+
+	private final HttpClientBuilder httpClientBuilder;
+
+	private boolean useBasicAuth;
+	private HttpHost targetHost;
+
+	public static HttpClientConfigurer create() {
+		return new HttpClientConfigurer();
+	}
+
+	protected HttpClientConfigurer() {
+		httpClientBuilder = HttpClientBuilder.create();
+	}
+
+	public HttpClientConfigurer basicAuthCredentials(String username, String password) {
+		final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+		credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
+		httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
+
+		useBasicAuth = true;
+
+		return this;
+	}
+
+	/**
+	 * Sets the client's {@link javax.net.ssl.SSLContext} to use
+	 * {@link HttpUtils#buildCertificateIgnoringSslContext()}.
+	 *
+	 * @return a reference to {@code this} to enable chained method invocation
+	 */
+	public HttpClientConfigurer skipTlsCertificateVerification() {
+		httpClientBuilder.setSSLContext(HttpUtils.buildCertificateIgnoringSslContext());
+		httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
+
+		return this;
+	}
+
+	public HttpClientConfigurer skipTlsCertificateVerification(boolean skipTlsCertificateVerification) {
+		if (skipTlsCertificateVerification) {
+			skipTlsCertificateVerification();
+		}
+
+		return this;
+	}
+
+	public HttpClientConfigurer targetHost(URI targetHost) {
+		this.targetHost = new HttpHost(targetHost.getHost(), targetHost.getPort(), targetHost.getScheme());
+
+		return this;
+	}
+
+	public HttpClientConfigurer addInterceptor(HttpRequestInterceptor interceptor) {
+		httpClientBuilder.addInterceptorLast(interceptor);
+
+		return this;
+	}
+
+	public CloseableHttpClient buildHttpClient() {
+		return httpClientBuilder.build();
+	}
+
+	public ClientHttpRequestFactory buildClientHttpRequestFactory() {
+		if (useBasicAuth && targetHost != null) {
+			return new PreemptiveBasicAuthHttpComponentsClientHttpRequestFactory(buildHttpClient(), targetHost);
+		} else {
+			return new HttpComponentsClientHttpRequestFactory(buildHttpClient());
+		}
+	}
+
+}

spring-cloud-dataflow-rest-resource/src/main/java/org/springframework/cloud/dataflow/rest/util/HttpUtils.java

@@ -15,30 +15,14 @@
  */
 package org.springframework.cloud.dataflow.rest.util;
 
-import java.net.URI;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
 
 import javax.net.ssl.SSLContext;
 
-import org.apache.http.HttpHost;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.HttpClient;
-import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.ssl.SSLContexts;
-import org.apache.http.ssl.TrustStrategy;
-
-import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-import org.springframework.web.client.RestTemplate;
 
 /**
  * Provides utilities for the Apache {@link HttpClient}, used to make REST calls
@@ -47,63 +31,16 @@
  */
 public class HttpUtils {
 
-	/**
-	 * Ensures that the passed-in {@link RestTemplate} is using the Apache HTTP Client. If
-	 * the optional {@code
-	 * username} AND {@code password} are not empty, then a
-	 * {@link BasicCredentialsProvider} will be added to the {@link CloseableHttpClient}.
-	 * <p>
-	 * Furthermore, you can set the underlying {@link SSLContext} of the
-	 * {@link HttpClient} allowing you to accept self-signed certificates.
-	 *
-	 * @param restTemplate the rest template, must not be null
-	 * @param host the target host URI
-	 * @param username the username for authentication, can be null
-	 * @param password the password for authentication, can be null
-	 * @param skipSslValidation whether to skip ssl validation. Use with caution! If true
-	 * certificate warnings will be ignored.
-	 */
-	public static void prepareRestTemplate(RestTemplate restTemplate, URI host, String username, String password,
-			boolean skipSslValidation) {
-
-		Assert.notNull(restTemplate, "The provided RestTemplate must not be null.");
-
-		final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
-
-		if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
-			final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-			credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
-			httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
-		}
-
-		if (skipSslValidation) {
-			httpClientBuilder.setSSLContext(HttpUtils.buildCertificateIgnoringSslContext());
-			httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
-		}
-
-		final CloseableHttpClient httpClient = httpClientBuilder.build();
-		final HttpHost targetHost = new HttpHost(host.getHost(), host.getPort(), host.getScheme());
-
-		final HttpComponentsClientHttpRequestFactory requestFactory = new PreemptiveBasicAuthHttpComponentsClientHttpRequestFactory(
-				httpClient, targetHost);
-		restTemplate.setRequestFactory(requestFactory);
-	}
-
 	/**
 	 * Will create a certificate-ignoring {@link SSLContext}. Please use with utmost
 	 * caution as it undermines security, but may be useful in certain testing or
 	 * development scenarios.
 	 *
-	 * @return The SSLContext
+	 * @return an SSLContext that will ignore peer certificates
 	 */
 	public static SSLContext buildCertificateIgnoringSslContext() {
 		try {
-			return SSLContexts.custom().loadTrustMaterial(new TrustStrategy() {
-				@Override
-				public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
-					return true;
-				}
-			}).build();
+			return SSLContexts.custom().loadTrustMaterial((chain, authType) -> true).build();
 		}
 		catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
 			throw new IllegalStateException(

spring-cloud-dataflow-rest-resource/src/main/java/org/springframework/cloud/dataflow/rest/util/PreemptiveBasicAuthHttpComponentsClientHttpRequestFactory.java

@@ -30,7 +30,12 @@
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 
 /**
+ * {@link HttpComponentsClientHttpRequestFactory} extension that aggressively
+ * sends HTTP basic authentication credentials without having to first
+ * receive an HTTP 401 response from the server.
+ *
  * @author Gunnar Hillert
+ * @author Mike Heath
  */
 public class PreemptiveBasicAuthHttpComponentsClientHttpRequestFactory extends HttpComponentsClientHttpRequestFactory {
 
@@ -43,10 +48,6 @@ public PreemptiveBasicAuthHttpComponentsClientHttpRequestFactory(HttpClient http
 
 	@Override
 	protected HttpContext createHttpContext(HttpMethod httpMethod, URI uri) {
-		return createHttpContext();
-	}
-
-	private HttpContext createHttpContext() {
 		final AuthCache authCache = new BasicAuthCache();
 
 		final BasicScheme basicAuth = new BasicScheme();
@@ -56,4 +57,5 @@ private HttpContext createHttpContext() {
 		localcontext.setAttribute(HttpClientContext.AUTH_CACHE, authCache);
 		return localcontext;
 	}
+
 }

spring-cloud-dataflow-rest-resource/src/main/java/org/springframework/cloud/dataflow/rest/util/ProcessOutputResource.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.cloud.dataflow.rest.util;
+
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.springframework.core.io.AbstractResource;
+
+/**
+ * {@link org.springframework.core.io.Resource} implementation to create an
+ * operating system process process and capture its output.
+ *
+ * @author Mike Heath
+ */
+public class ProcessOutputResource extends AbstractResource {
+
+	private final ProcessBuilder processBuilder;
+
+	public ProcessOutputResource(String... command) {
+		processBuilder = new ProcessBuilder(command);
+	}
+
+	@Override
+	public String getDescription() {
+		return processBuilder.toString();
+	}
+
+	@Override
+	public InputStream getInputStream() throws IOException {
+		return processBuilder.start().getInputStream();
+	}
+
+	@Override
+	public String toString() {
+		return getDescription();
+	}
+}

spring-cloud-dataflow-rest-resource/src/main/java/org/springframework/cloud/dataflow/rest/util/ResourceBasedAuthorizationInterceptor.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.cloud.dataflow.rest.util;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+import org.apache.http.HttpException;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.protocol.HttpContext;
+
+import org.springframework.core.io.Resource;
+import org.springframework.util.StreamUtils;
+
+/**
+ * {@link HttpRequestInterceptor} that adds an {@code Authorization} header
+ * with a value obtained from a {@link Resource}.
+ *
+ * @author Mike Heath
+ */
+public class ResourceBasedAuthorizationInterceptor implements HttpRequestInterceptor {
+
+	private final Resource resource;
+
+	public ResourceBasedAuthorizationInterceptor(Resource resource) {
+		this.resource = resource;
+	}
+
+	@Override
+	public void process(HttpRequest httpRequest, HttpContext httpContext) throws HttpException, IOException {
+		final String credentials = StreamUtils.copyToString(resource.getInputStream(), StandardCharsets.UTF_8);
+		httpRequest.addHeader(HttpHeaders.AUTHORIZATION, credentials);
+	}
+}