Commit 66b8d2e2 authored by michael.simon's avatar michael.simon
Browse files

fake some OpenId Connect endpoints for now

parent ca7887e0
......@@ -23,6 +23,10 @@ public class JaxRsOidcApplicationActivator extends Application {
public Set<Class<?>> getClasses() {
Set<Class<?>> resources = new HashSet<>();
resources.add(OidcWellknownController.class);
resources.add(OidcAuthorizationController.class);
resources.add(OidcCertsController.class);
resources.add(OidcTokenController.class);
resources.add(OidcUserinfoController.class);
return resources;
}
}
package edu.kit.scc.webreg.oauth;
import java.io.IOException;
import java.util.Map.Entry;
import java.util.UUID;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import org.slf4j.Logger;
@Path("/realms")
public class OidcAuthorizationController {
@Inject
private Logger logger;
@GET
@Path("/{realm}/protocol/openid-connect/auth")
public void auth(@PathParam("realm") String realm, @QueryParam("response_type") String responseType,
@QueryParam("redirect_uri") String redirectUri, @QueryParam("scope") String scope,
@QueryParam("state") String state, @QueryParam("nonce") String nonce, @QueryParam("client_id") String clientId,
@Context HttpServletRequest request, @Context HttpServletResponse response)
throws IOException {
logger.debug("processing {} with redirect to {}", responseType, redirectUri);
logger.debug("red: {}", request.getParameter("redirect_uri"));
for (Entry<String, String[]> e : request.getParameterMap().entrySet()) {
for (String s : e.getValue())
logger.debug("param: {} value: {}", e.getKey(), s);
}
String red = redirectUri + "?code=" + UUID.randomUUID().toString() + "&state=" + state;
logger.debug("Sending client to {}", red);
response.sendRedirect(red);
}
}
package edu.kit.scc.webreg.oauth;
import java.io.IOException;
import javax.inject.Inject;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
@Path("/realms")
public class OidcCertsController {
@Inject
private Logger logger;
@GET
@Path("/{realm}/protocol/openid-connect/certs")
@Produces(MediaType.APPLICATION_JSON)
public void auth(@PathParam("realm") String realm)
throws IOException {
logger.debug("certs called for {}", realm);
}
}
package edu.kit.scc.webreg.oauth;
import java.util.Date;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import net.minidev.json.JSONObject;
@Path("/realms")
public class OidcTokenController {
@Inject
private Logger logger;
@POST
@Path("/{realm}/protocol/openid-connect/token")
@Produces(MediaType.APPLICATION_JSON)
public JSONObject auth(@PathParam("realm") String realm, @FormParam("grant_type") String grantType,
@FormParam("code") String code, @FormParam("redirect_uri") String redirectUri,
@Context HttpServletRequest request, @Context HttpServletResponse response)
throws Exception {
logger.debug("Post token called for {} with code {} and grant_type {}", realm, code, grantType);
JWTClaimsSet claims = new JWTClaimsSet.Builder()
.subject("ls1947@kit.edu")
.expirationTime(new Date(System.currentTimeMillis() + (60L * 60L * 1000L)))
.claim("http://bwidm.scc.kit.edu/is_shibboleth", true)
.build();
MACSigner macSigner = new MACSigner("qwertzuiopasdfghjklyxcvbnm12345678901234567890");
SignedJWT jwt = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claims);
jwt.sign(macSigner);
BearerAccessToken bat = new BearerAccessToken(3600, new Scope("bwidm.scc.kit.edu"));
OIDCTokens tokens = new OIDCTokens(jwt, bat, null);
OIDCTokenResponse tokenResponse = new OIDCTokenResponse(tokens);
logger.debug("tokenResponse: " + tokenResponse.toJSONObject());
return tokenResponse.toJSONObject();
}
}
package edu.kit.scc.webreg.oauth;
import java.io.IOException;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
@Path("/realms")
public class OidcUserinfoController {
@Inject
private Logger logger;
@GET
@Path("/{realm}/protocol/openid-connect/userinfo")
@Produces(MediaType.APPLICATION_JSON)
public void userinfo(@PathParam("realm") String realm,
@Context HttpServletRequest request, @Context HttpServletResponse response)
throws IOException {
logger.debug("userinfo called for {}", realm);
}
}
package edu.kit.scc.webreg.oauth;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
......@@ -20,6 +16,10 @@ import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
import com.nimbusds.oauth2.sdk.ResponseMode;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.SubjectType;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
......@@ -35,16 +35,39 @@ public class OidcWellknownController {
@GET
@Path("/{realm}/.well-known/openid-configuration")
@Produces(MediaType.APPLICATION_JSON)
public JSONObject wellknown(@PathParam("realm") String serviceShortName)
public JSONObject wellknown(@PathParam("realm") String realm)
throws ServletException {
/*
* TODO: Realm from configuration (database)
*/
try {
List<SubjectType> subjectTypeList = new ArrayList<SubjectType>();
subjectTypeList.add(SubjectType.PAIRWISE);
subjectTypeList.add(SubjectType.PUBLIC);
OIDCProviderMetadata metadata = new OIDCProviderMetadata(new Issuer("https://bwidm.scc.kit.edu/oidc/auth/realms/bwidm"),
subjectTypeList, new URI("https://bwidm.scc.kit.edu/oidc/jwk"));
List<SubjectType> subjectTypeList = Arrays.asList(new SubjectType[] { SubjectType.PAIRWISE, SubjectType.PUBLIC });
OIDCProviderMetadata metadata = new OIDCProviderMetadata(new Issuer("https://bwidm.scc.kit.edu/oidc/realms/" + realm),
subjectTypeList, new URI("https://bwidm.scc.kit.edu/oidc/realms/" + realm + "/protocol/openid-connect/certs"));
logger.debug(metadata.toJSONObject().toString());
metadata.setAuthorizationEndpointURI(new URI("https://bwidm.scc.kit.edu/oidc/realms/" + realm + "/protocol/openid-connect/auth"));
metadata.setTokenEndpointURI(new URI("https://bwidm.scc.kit.edu/oidc/realms/" + realm + "/protocol/openid-connect/token"));
metadata.setUserInfoEndpointURI(new URI("https://bwidm.scc.kit.edu/oidc/realms/" + realm + "/protocol/openid-connect/userinfo"));
List<ResponseMode> rms = Arrays.asList(new ResponseMode[] { ResponseMode.QUERY, ResponseMode.FRAGMENT });
metadata.setResponseModes(rms);
List<ClientAuthenticationMethod> authMethods = Arrays.asList(new ClientAuthenticationMethod[] {
ClientAuthenticationMethod.CLIENT_SECRET_POST, ClientAuthenticationMethod.PRIVATE_KEY_JWT,
ClientAuthenticationMethod.CLIENT_SECRET_BASIC } );
metadata.setTokenEndpointAuthMethods(authMethods);
List<ResponseType> rts = new ArrayList<ResponseType>();
rts.add(new ResponseType("code"));
rts.add(new ResponseType("id_token"));
rts.add(new ResponseType("code", "id_token"));
metadata.setResponseTypes(rts);
metadata.setScopes(new Scope("openid", "profile", "email"));
if (logger.isTraceEnabled())
logger.trace(metadata.toJSONObject().toString());
return metadata.toJSONObject();
} catch (URISyntaxException e) {
throw new ServletException(e);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment