Commit f5775833 authored by michael.simon's avatar michael.simon
Browse files

add hostname to OIDC OP operations

parent 7165704e
......@@ -40,6 +40,24 @@ public class JpaOidcOpConfigurationDao extends JpaBaseDao<OidcOpConfigurationEnt
}
}
@Override
public OidcOpConfigurationEntity findByRealmAndHost(String realm, String host) {
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<OidcOpConfigurationEntity> criteria = builder.createQuery(OidcOpConfigurationEntity.class);
Root<OidcOpConfigurationEntity> root = criteria.from(OidcOpConfigurationEntity.class);
criteria.where(builder.and(
builder.equal(root.get(OidcOpConfigurationEntity_.realm), realm),
builder.equal(root.get(OidcOpConfigurationEntity_.host), host)
));
criteria.select(root);
try {
return em.createQuery(criteria).getSingleResult();
} catch (NoResultException e) {
return null;
}
}
@Override
public Class<OidcOpConfigurationEntity> getEntityClass() {
return OidcOpConfigurationEntity.class;
......
......@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.entity.oidc.OidcOpConfigurationEntity;
public interface OidcOpConfigurationDao extends BaseDao<OidcOpConfigurationEntity, Long> {
OidcOpConfigurationEntity findByRealm(String realm);
OidcOpConfigurationEntity findByRealmAndHost(String realm, String host);
}
......@@ -10,5 +10,6 @@ public abstract class OidcOpConfigurationEntity_ extends edu.kit.scc.webreg.enti
public static volatile SingularAttribute<OidcOpConfigurationEntity, String> realm;
public static volatile SingularAttribute<OidcOpConfigurationEntity, String> name;
public static volatile SingularAttribute<OidcOpConfigurationEntity, String> host;
}
......@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.service.BaseService;
public interface OidcOpConfigurationService extends BaseService<OidcOpConfigurationEntity, Long> {
OidcOpConfigurationEntity findByRealm(String realm);
OidcOpConfigurationEntity findByRealmAndHost(String realm, String host);
}
......@@ -30,6 +30,10 @@ public class OidcOpConfigurationServiceImpl extends BaseServiceImpl<OidcOpConfig
return dao.findByRealm(realm);
}
public OidcOpConfigurationEntity findByRealmAndHost(String realm, String host) {
return dao.findByRealmAndHost(realm, host);
}
@Override
protected BaseDao<OidcOpConfigurationEntity, Long> getDao() {
return dao;
......
......@@ -20,7 +20,7 @@ public interface OidcOpLogin {
String registerAuthRequestReturn(String realm, HttpServletRequest request, HttpServletResponse response)
throws IOException, OidcAuthenticationException;
JSONObject serveUserJwt(String realm) throws OidcAuthenticationException;
JSONObject serveUserJwt(String realm, HttpServletRequest request, HttpServletResponse response) throws OidcAuthenticationException;
JSONObject serveToken(String realm, String grantType, String code, String redirectUri, HttpServletRequest request,
HttpServletResponse response, String clientId, String clientSecret) throws OidcAuthenticationException;
......
......@@ -104,10 +104,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
String state, String nonce, String clientId,
HttpServletRequest request, HttpServletResponse response) throws IOException, OidcAuthenticationException {
OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm);
OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
if (opConfig == null) {
throw new OidcAuthenticationException("unknown realm");
throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
}
IdentityEntity identity = null;
......@@ -153,10 +153,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
public String registerAuthRequestReturn(String realm, HttpServletRequest request, HttpServletResponse response)
throws IOException, OidcAuthenticationException {
OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm);
OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
if (opConfig == null) {
throw new OidcAuthenticationException("unknown realm");
throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
}
IdentityEntity identity = null;
......@@ -447,12 +447,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {
}
@Override
public JSONObject serveUserJwt(String realm) throws OidcAuthenticationException {
public JSONObject serveUserJwt(String realm, HttpServletRequest request, HttpServletResponse response) throws OidcAuthenticationException {
OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm);
OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
if (opConfig == null) {
throw new OidcAuthenticationException("unknown realm");
throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
}
if (session.isLoggedIn()) {
......
package edu.kit.scc.webreg.oauth;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
......@@ -24,12 +27,12 @@ public class JwtAuthController {
@GET
@Path("/{realm}/jwt")
@Produces(MediaType.APPLICATION_JSON)
public JSONObject jwt(@PathParam("realm") String realm)
public JSONObject jwt(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
throws Exception {
logger.debug("Token JWT called");
return opLogin.serveUserJwt(realm);
return opLogin.serveUserJwt(realm, request, response);
}
}
......@@ -6,10 +6,13 @@ import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
......@@ -39,14 +42,18 @@ public class OidcCertsController {
@GET
@Path("/{realm}/protocol/openid-connect/certs")
@Produces(MediaType.APPLICATION_JSON)
public JSONObject auth(@PathParam("realm") String realm)
public JSONObject auth(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
throws IOException, OidcAuthenticationException {
try {
logger.debug("certs called for {}", realm);
OidcOpConfigurationEntity opConfig = opService.findByRealmAndHost(realm, request.getLocalName());
OidcOpConfigurationEntity opConfig = opService.findByRealm(realm);
if (opConfig == null) {
throw new OidcAuthenticationException("No such realm");
}
List<JWK> jwkList = new ArrayList<JWK>();
if (opConfig.getCertificate() != null && !(opConfig.getCertificate().equals(""))) {
X509Certificate certificate = cryptoHelper.getCertificate(opConfig.getCertificate());
......
......@@ -8,10 +8,13 @@ import java.util.List;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
......@@ -41,17 +44,15 @@ public class OidcWellknownController {
@GET
@Path("/{realm}/.well-known/openid-configuration")
@Produces(MediaType.APPLICATION_JSON)
public JSONObject wellknown(@PathParam("realm") String realm)
public JSONObject wellknown(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
throws ServletException {
/*
* TODO: Realm from configuration (database)
*/
OidcOpConfigurationEntity opConfig = opService.findByRealm(realm);
OidcOpConfigurationEntity opConfig = opService.findByRealmAndHost(realm, request.getLocalName());
if (opConfig == null) {
throw new ServletException("No such realm");
}
try {
List<SubjectType> subjectTypeList = Arrays.asList(new SubjectType[] { SubjectType.PAIRWISE, SubjectType.PUBLIC });
OIDCProviderMetadata metadata = new OIDCProviderMetadata(new Issuer("https://" + opConfig.getHost() + "/oidc/realms/" + opConfig.getRealm()),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment