add hostname to OIDC OP operations

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/oidc/JpaOidcOpConfigurationDao.java

@@ -40,6 +40,24 @@ public class JpaOidcOpConfigurationDao extends JpaBaseDao<OidcOpConfigurationEnt
 		}
 	}	
 	
+	@Override
+	public OidcOpConfigurationEntity findByRealmAndHost(String realm, String host) {
+		CriteriaBuilder builder = em.getCriteriaBuilder();
+		CriteriaQuery<OidcOpConfigurationEntity> criteria = builder.createQuery(OidcOpConfigurationEntity.class);
+		Root<OidcOpConfigurationEntity> root = criteria.from(OidcOpConfigurationEntity.class);
+		criteria.where(builder.and(
+				builder.equal(root.get(OidcOpConfigurationEntity_.realm), realm),
+				builder.equal(root.get(OidcOpConfigurationEntity_.host), host)
+				));
+				
+		criteria.select(root);
+		try {
+			return em.createQuery(criteria).getSingleResult();
+		} catch (NoResultException e) {
+			return null;
+		}
+	}	
+	
 	@Override
 	public Class<OidcOpConfigurationEntity> getEntityClass() {
 		return OidcOpConfigurationEntity.class;

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/oidc/OidcOpConfigurationDao.java

@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.entity.oidc.OidcOpConfigurationEntity;
 public interface OidcOpConfigurationDao extends BaseDao<OidcOpConfigurationEntity, Long> {
 
 	OidcOpConfigurationEntity findByRealm(String realm);
-
+	OidcOpConfigurationEntity findByRealmAndHost(String realm, String host);
 }

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/oidc/OidcOpConfigurationEntity_.java

@@ -10,5 +10,6 @@ public abstract class OidcOpConfigurationEntity_ extends edu.kit.scc.webreg.enti
 
 	public static volatile SingularAttribute<OidcOpConfigurationEntity, String> realm;
 	public static volatile SingularAttribute<OidcOpConfigurationEntity, String> name;
+	public static volatile SingularAttribute<OidcOpConfigurationEntity, String> host;
 }
 

bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpConfigurationService.java

@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.service.BaseService;
 public interface OidcOpConfigurationService extends BaseService<OidcOpConfigurationEntity, Long> {
 
 	OidcOpConfigurationEntity findByRealm(String realm);
-
+	OidcOpConfigurationEntity findByRealmAndHost(String realm, String host);
 }

bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpConfigurationServiceImpl.java

@@ -30,6 +30,10 @@ public class OidcOpConfigurationServiceImpl extends BaseServiceImpl<OidcOpConfig
 		return dao.findByRealm(realm);
 	}
 	
+	public OidcOpConfigurationEntity findByRealmAndHost(String realm, String host) {
+		return dao.findByRealmAndHost(realm, host);
+	}
+	
 	@Override
 	protected BaseDao<OidcOpConfigurationEntity, Long> getDao() {
 		return dao;

bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLogin.java

@@ -20,7 +20,7 @@ public interface OidcOpLogin {
 	String registerAuthRequestReturn(String realm, HttpServletRequest request, HttpServletResponse response)
 			throws IOException, OidcAuthenticationException;
 
-	JSONObject serveUserJwt(String realm) throws OidcAuthenticationException;
+	JSONObject serveUserJwt(String realm, HttpServletRequest request, HttpServletResponse response) throws OidcAuthenticationException;
 
 	JSONObject serveToken(String realm, String grantType, String code, String redirectUri, HttpServletRequest request,
 			HttpServletResponse response, String clientId, String clientSecret) throws OidcAuthenticationException;

bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java

@@ -104,10 +104,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
 			String state, String nonce, String clientId,
 			HttpServletRequest request, HttpServletResponse response) throws IOException, OidcAuthenticationException {
 
-		OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm);
+		OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
 		
 		if (opConfig == null) {
-			throw new OidcAuthenticationException("unknown realm");
+			throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
 		}
 		
 		IdentityEntity identity = null;
@@ -153,10 +153,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
 	public String registerAuthRequestReturn(String realm, HttpServletRequest request, HttpServletResponse response)
 			throws IOException, OidcAuthenticationException {
 		
-		OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm);
+		OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
 		
 		if (opConfig == null) {
-			throw new OidcAuthenticationException("unknown realm");
+			throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
 		}
 
 		IdentityEntity identity = null;
@@ -447,12 +447,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {
 	}
 
 	@Override
-	public JSONObject serveUserJwt(String realm) throws OidcAuthenticationException {
+	public JSONObject serveUserJwt(String realm, HttpServletRequest request, HttpServletResponse response) throws OidcAuthenticationException {
 		
-		OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm);
+		OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
 		
 		if (opConfig == null) {
-			throw new OidcAuthenticationException("unknown realm");
+			throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
 		}
 
 		if (session.isLoggedIn()) {

bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/JwtAuthController.java

 package edu.kit.scc.webreg.oauth;
 
 import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
 import org.slf4j.Logger;
@@ -24,12 +27,12 @@ public class JwtAuthController {
 	@GET
 	@Path("/{realm}/jwt")
 	@Produces(MediaType.APPLICATION_JSON)
-	public JSONObject jwt(@PathParam("realm") String realm)
+	public JSONObject jwt(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
 			throws Exception {
 
 		logger.debug("Token JWT called");
 
-		return opLogin.serveUserJwt(realm);
+		return opLogin.serveUserJwt(realm, request, response);
 	}
 	
 }

bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcCertsController.java

@@ -6,10 +6,13 @@ import java.util.ArrayList;
 import java.util.List;
 
 import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
 import org.slf4j.Logger;
@@ -39,14 +42,18 @@ public class OidcCertsController {
 	@GET
 	@Path("/{realm}/protocol/openid-connect/certs")
 	@Produces(MediaType.APPLICATION_JSON)
-	public JSONObject auth(@PathParam("realm") String realm)
+	public JSONObject auth(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
 			throws IOException, OidcAuthenticationException {
 		
 		try {
 			logger.debug("certs called for {}", realm);
+
+			OidcOpConfigurationEntity opConfig = opService.findByRealmAndHost(realm, request.getLocalName());
 			
-			OidcOpConfigurationEntity opConfig = opService.findByRealm(realm);
-			
+			if (opConfig == null) {
+				throw new OidcAuthenticationException("No such realm");
+			}
+						
 			List<JWK> jwkList = new ArrayList<JWK>();
 			if (opConfig.getCertificate() != null && !(opConfig.getCertificate().equals(""))) {
 				X509Certificate certificate = cryptoHelper.getCertificate(opConfig.getCertificate());

bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcWellknownController.java

@@ -8,10 +8,13 @@ import java.util.List;
 
 import javax.inject.Inject;
 import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
 import org.slf4j.Logger;
@@ -41,17 +44,15 @@ public class OidcWellknownController {
 	@GET
 	@Path("/{realm}/.well-known/openid-configuration")
 	@Produces(MediaType.APPLICATION_JSON)
-	public JSONObject wellknown(@PathParam("realm") String realm)
+	public JSONObject wellknown(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
 			throws ServletException {
-		/*
-		 * TODO: Realm from configuration (database)
-		 */
-		OidcOpConfigurationEntity opConfig = opService.findByRealm(realm);
+
+		OidcOpConfigurationEntity opConfig = opService.findByRealmAndHost(realm, request.getLocalName());
 		
 		if (opConfig == null) {
 			throw new ServletException("No such realm");
 		}
-		
+			
 		try {
 			List<SubjectType> subjectTypeList = Arrays.asList(new SubjectType[] { SubjectType.PAIRWISE, SubjectType.PUBLIC });
 			OIDCProviderMetadata metadata = new OIDCProviderMetadata(new Issuer("https://" + opConfig.getHost() + "/oidc/realms/" + opConfig.getRealm()),