Commit d8af9811 authored by benjamin.ertl's avatar benjamin.ertl
Browse files

clean up + code style

parent e1f942cc
Pipeline #1838 skipped
......@@ -9,6 +9,7 @@
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<checkstyle.config.location>google_checks.xml</checkstyle.config.location>
</properties>
<build>
......@@ -24,6 +25,27 @@
<skipTests>true</skipTests>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.17</version>
<executions>
<execution>
<id>validate</id>
<phase>validate</phase>
<configuration>
<configLocation>google_checks.xml</configLocation>
<encoding>UTF-8</encoding>
<consoleOutput>true</consoleOutput>
<failsOnError>true</failsOnError>
<linkXRef>false</linkXRef>
</configuration>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
......
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import org.springframework.boot.SpringApplication;
......@@ -14,6 +15,11 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
/**
* Spring Boot Application Runner.
*
* @param args command line arguments
*/
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
......
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
public class AuthenticationController {
private static final Logger log = LoggerFactory.getLogger(AuthenticationController.class);
@Value("${oauth2.authorizeUri}")
private String oauth2AuthorizeUri;
@Value("${oauth2.redirectUri}")
private String oauth2RedirectUri;
@Value("${oauth2.clientId}")
private String oauth2ClientId;
@RequestMapping("/login")
public String login(HttpServletResponse response, Model model) throws UnsupportedEncodingException {
String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
redirectUrl += oauth2ClientId;
redirectUrl += "&redirect_uri=";
redirectUrl += oauth2RedirectUri;
log.debug("Redirect to {}", redirectUrl);
try {
SecureRandom secRnd = new SecureRandom();
char[] VALID_CHARACTERS = "abcdefghijklmnopqrstuvwxyz".toCharArray();
char[] chars = new char[16];
for (int i = 0; i < chars.length; i++)
chars[i] = VALID_CHARACTERS[secRnd.nextInt(chars.length)];
} catch (Exception e) {
log.error("ERROR {}", e.getMessage());
}
return "redirect:" + redirectUrl;
}
@RequestMapping(path = "/oauth2")
public String oauth2Authentication(@RequestParam(value = "code", required = true) String code, Model model) {
log.debug(code);
model.addAttribute("code", code);
return "index";
}
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
package edu.kit.scc;
import edu.kit.scc.dto.PosixGroup;
import edu.kit.scc.dto.PosixUser;
......@@ -23,6 +16,14 @@ import edu.kit.scc.scim.ScimGroup;
import edu.kit.scc.scim.ScimUser;
import edu.kit.scc.scim.ScimUser.Meta;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class IdentityHarmonizer {
......@@ -31,6 +32,12 @@ public class IdentityHarmonizer {
@Autowired
private LdapClient ldapClient;
/**
* Links the users represented in the JSON serialized list of SCIM user's via LDAP locally.
*
* @param scimUsers the SCIM user's to link
* @return a list of JSON serialized SCIM user's containing the modification information
*/
public List<ScimUser> harmonizeIdentities(List<ScimUser> scimUsers) {
ArrayList<ScimUser> linkedUsers = new ArrayList<>();
ScimUser primaryUser = null;
......@@ -89,7 +96,8 @@ public class IdentityHarmonizer {
scimGroup.setValue(String.valueOf(group.getGidNumber()));
secondaryUser.getGroups().add(scimGroup);
log.debug("Adding user {} to group {}", secondaryUser.getUserName(), group.getCommonName());
log.debug("Adding user {} to group {}", secondaryUser.getUserName(),
group.getCommonName());
}
}
......@@ -104,7 +112,8 @@ public class IdentityHarmonizer {
scimGroup.setValue(String.valueOf(group.getGidNumber()));
primaryUser.getGroups().add(scimGroup);
log.debug("Adding user {} to group {}", primaryUser.getUserName(), group.getCommonName());
log.debug("Adding user {} to group {}", primaryUser.getUserName(),
group.getCommonName());
}
}
......@@ -124,6 +133,12 @@ public class IdentityHarmonizer {
return linkedUsers;
}
/**
* Unlinks the users represented in the JSON serialized list of SCIM user's via LDAP locally.
*
* @param scimUsers the SCIM user's to unlink
* @return a list of JSON serialized SCIM user's containing the user's information after unlinking
*/
public List<ScimUser> unlinkUsers(List<ScimUser> scimUsers) {
ArrayList<ScimUser> unlinkedUsers = new ArrayList<>();
......
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import java.util.List;
package edu.kit.scc;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.FormParam;
import edu.kit.scc.scim.ScimUser;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
......@@ -19,7 +17,6 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
......@@ -27,13 +24,9 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.util.List;
import edu.kit.scc.http.HttpResponse;
import edu.kit.scc.oidc.OidcClient;
import edu.kit.scc.regapp.RegAppClient;
import edu.kit.scc.scim.ScimListResponse;
import edu.kit.scc.scim.ScimUser;
import javax.servlet.http.HttpServletResponse;
@RestController
@RequestMapping("/rest")
......@@ -47,15 +40,17 @@ public class RestServiceController {
@Value("${rest.servicePassword}")
private String restPassword;
@Autowired
private RegAppClient regAppClient;
@Autowired
private OidcClient oidcClient;
@Autowired
private IdentityHarmonizer identityHarmonizer;
/**
* Linking endpoint.
*
* @param basicAuthorization authorization header value
* @param scimUsers a JSON serialized list of SCIM users for linking
* @param response the HttpServletResponse
* @return a JSON serialized list of SCIM users containing the modifications done
*/
@RequestMapping(path = "/link", method = RequestMethod.POST)
public List<ScimUser> linkUsers(@RequestHeader("Authorization") String basicAuthorization,
@RequestBody List<ScimUser> scimUsers, HttpServletResponse response) {
......@@ -65,12 +60,20 @@ public class RestServiceController {
log.debug("Request body {}", scimUsers);
List<ScimUser> modifiedUsers = identityHarmonizer.harmonizeIdentities(scimUsers);
if (!modifiedUsers.isEmpty())
if (!modifiedUsers.isEmpty()) {
return modifiedUsers;
}
throw new ConflictException();
}
/**
* Unlinking endpoint.
*
* @param basicAuthorization authorization header value
* @param scimUsers a JSON serialized list of SCIM users for unlinking
* @param response the HttpServletResponse
* @return A JSON serialized list of SCIM users containing the local user information.
*/
@RequestMapping(path = "/unlink", method = RequestMethod.POST)
public List<ScimUser> unlinkUsers(@RequestHeader("Authorization") String basicAuthorization,
@RequestBody List<ScimUser> scimUsers, HttpServletResponse response) {
......@@ -80,74 +83,12 @@ public class RestServiceController {
log.debug("Request body {}", scimUsers);
List<ScimUser> modifiedUsers = identityHarmonizer.unlinkUsers(scimUsers);
if (!modifiedUsers.isEmpty())
if (!modifiedUsers.isEmpty()) {
return modifiedUsers;
throw new ConflictException();
}
@RequestMapping(path = "/scim/Users", method = RequestMethod.POST, produces = "application/scim+json")
@ResponseStatus(value = HttpStatus.CREATED)
public ScimUser scimAddUser(@RequestHeader("Authorization") String basicAuthorization,
@RequestBody ScimUser scimUser, HttpServletResponse response) {
verifyAuthorization(basicAuthorization);
log.debug("Request body {}", scimUser);
ScimUser createdScimUser = scimUser; // scimService.createLdapIndigoUser(scimUser);
if (createdScimUser != null) {
response.addHeader("Location", "");
return createdScimUser;
}
throw new ConflictException();
}
@RequestMapping(path = "/ecp/regid/{regId}", method = RequestMethod.POST)
public ScimListResponse ecpAuthentication(@PathVariable String regId,
@RequestHeader("Authorization") String basicAuthorization, @FormParam("username") String username,
@FormParam("password") String password, @RequestBody String body) {
verifyAuthorization(basicAuthorization);
log.debug("Request body {}", body);
boolean regAppSuccess = false;
boolean oidcSuccess = false;
// REG-APP
log.debug("Try reg-app authentication");
regAppSuccess = regAppClient.authenticate(regId, body);
log.debug("Reg-app authentication {}", regAppSuccess);
HttpResponse regAppQuery = null;
OIDCTokens tokens = null;
if (regAppSuccess) {
regAppQuery = regAppClient.attributeQuery(regId);
log.debug("{}", regAppQuery);
// return identityHarmonizer.harmonizeIdentities(username,
// regAppQuery);
}
// OIDC
log.debug("Try OIDC authentication");
log.debug("Got token {}", password);
tokens = oidcClient.requestTokens(password);
if (tokens != null) {
oidcSuccess = true;
log.debug("OIDC authentication {}", oidcSuccess);
// return identityHarmonizer.harmonizeIdentities(username, tokens);
}
log.debug("OIDC authentication {}", oidcSuccess);
// if nothing succeeded, fail
throw new UnauthorizedException();
}
private void verifyAuthorization(String basicAuthorization) {
String encodedCredentials = basicAuthorization.split(" ")[1];
String[] credentials = new String(Base64.decodeBase64(encodedCredentials)).split(":");
......@@ -171,8 +112,8 @@ public class RestServiceController {
super(message);
}
public UnauthorizedException(Throwable e) {
super(e);
public UnauthorizedException(Throwable ex) {
super(ex);
}
}
......@@ -189,8 +130,8 @@ public class RestServiceController {
super(message);
}
public ConflictException(Throwable e) {
super(e);
public ConflictException(Throwable ex) {
super(ex);
}
}
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.dao;
import java.util.List;
import edu.kit.scc.dto.PosixGroup;
public interface PosixGroupDAO {
public List<PosixGroup> getAllGroups();
public List<PosixGroup> getGroupDetails(String commonName);
public void insertGroup(PosixGroup group);
public void updateGroup(PosixGroup group);
public void deleteGroup(PosixGroup group);
}
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.dao;
import edu.kit.scc.dto.PosixGroup;
import java.util.List;
public interface PosixGroupDao {
public List<PosixGroup> getAllGroups();
public List<PosixGroup> getGroupDetails(String commonName);
public void insertGroup(PosixGroup group);
public void updateGroup(PosixGroup group);
public void deleteGroup(PosixGroup group);
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.dao;
import java.util.List;
import edu.kit.scc.dto.PosixUser;
public interface PosixUserDAO {
public List<PosixUser> getAllUsers();
public List<PosixUser> getUserDetails(String uid);
public void insertUser(PosixUser user);
public void updateUser(PosixUser user);
public void deleteUser(PosixUser user);
}
\ No newline at end of file
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.dao;
import edu.kit.scc.dto.PosixUser;
import java.util.List;
public interface PosixUserDao {
public List<PosixUser> getAllUsers();
public List<PosixUser> getUserDetails(String uid);
public void insertUser(PosixUser user);
public void updateUser(PosixUser user);
public void deleteUser(PosixUser user);
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.dto;
import java.util.Arrays;
......@@ -61,8 +62,9 @@ public class PosixGroup {
@Override
public String toString() {
return "PosixGroup [" + (commonName != null ? "commonName=" + commonName + ", " : "") + "gidNumber=" + gidNumber
+ ", " + (memberUids != null ? "memberUids=" + memberUids + ", " : "")
return "PosixGroup [" + (commonName != null ? "commonName=" + commonName + ", " : "")
+ "gidNumber=" + gidNumber + ", "
+ (memberUids != null ? "memberUids=" + memberUids + ", " : "")
+ (description != null ? "description=" + description + ", " : "")
+ (userPassword != null ? "userPassword=" + Arrays.toString(userPassword) : "") + "]";
}
......
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.dto;
import java.util.Arrays;
......@@ -113,7 +114,7 @@ public class PosixUser {
+ (description != null ? "description=" + description + ", " : "")
+ (gecos != null ? "gecos=" + gecos + ", " : "")
+ (loginShell != null ? "loginShell=" + loginShell + ", " : "")
+ (userPassword != null ? "userPassword=" + Arrays.toString(userPassword) + ", " : "") + "uidNumber="
+ uidNumber + ", gidNumber=" + gidNumber + "]";
+ (userPassword != null ? "userPassword=" + Arrays.toString(userPassword) + ", " : "")
+ "uidNumber=" + uidNumber + ", gidNumber=" + gidNumber + "]";
}
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.http;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStore;