Commit f5775833 authored by michael.simon's avatar michael.simon
Browse files

add hostname to OIDC OP operations

parent 7165704e
...@@ -40,6 +40,24 @@ public class JpaOidcOpConfigurationDao extends JpaBaseDao<OidcOpConfigurationEnt ...@@ -40,6 +40,24 @@ public class JpaOidcOpConfigurationDao extends JpaBaseDao<OidcOpConfigurationEnt
} }
} }
@Override
public OidcOpConfigurationEntity findByRealmAndHost(String realm, String host) {
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<OidcOpConfigurationEntity> criteria = builder.createQuery(OidcOpConfigurationEntity.class);
Root<OidcOpConfigurationEntity> root = criteria.from(OidcOpConfigurationEntity.class);
criteria.where(builder.and(
builder.equal(root.get(OidcOpConfigurationEntity_.realm), realm),
builder.equal(root.get(OidcOpConfigurationEntity_.host), host)
));
criteria.select(root);
try {
return em.createQuery(criteria).getSingleResult();
} catch (NoResultException e) {
return null;
}
}
@Override @Override
public Class<OidcOpConfigurationEntity> getEntityClass() { public Class<OidcOpConfigurationEntity> getEntityClass() {
return OidcOpConfigurationEntity.class; return OidcOpConfigurationEntity.class;
......
...@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.entity.oidc.OidcOpConfigurationEntity; ...@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.entity.oidc.OidcOpConfigurationEntity;
public interface OidcOpConfigurationDao extends BaseDao<OidcOpConfigurationEntity, Long> { public interface OidcOpConfigurationDao extends BaseDao<OidcOpConfigurationEntity, Long> {
OidcOpConfigurationEntity findByRealm(String realm); OidcOpConfigurationEntity findByRealm(String realm);
OidcOpConfigurationEntity findByRealmAndHost(String realm, String host);
} }
...@@ -10,5 +10,6 @@ public abstract class OidcOpConfigurationEntity_ extends edu.kit.scc.webreg.enti ...@@ -10,5 +10,6 @@ public abstract class OidcOpConfigurationEntity_ extends edu.kit.scc.webreg.enti
public static volatile SingularAttribute<OidcOpConfigurationEntity, String> realm; public static volatile SingularAttribute<OidcOpConfigurationEntity, String> realm;
public static volatile SingularAttribute<OidcOpConfigurationEntity, String> name; public static volatile SingularAttribute<OidcOpConfigurationEntity, String> name;
public static volatile SingularAttribute<OidcOpConfigurationEntity, String> host;
} }
...@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.service.BaseService; ...@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.service.BaseService;
public interface OidcOpConfigurationService extends BaseService<OidcOpConfigurationEntity, Long> { public interface OidcOpConfigurationService extends BaseService<OidcOpConfigurationEntity, Long> {
OidcOpConfigurationEntity findByRealm(String realm); OidcOpConfigurationEntity findByRealm(String realm);
OidcOpConfigurationEntity findByRealmAndHost(String realm, String host);
} }
...@@ -30,6 +30,10 @@ public class OidcOpConfigurationServiceImpl extends BaseServiceImpl<OidcOpConfig ...@@ -30,6 +30,10 @@ public class OidcOpConfigurationServiceImpl extends BaseServiceImpl<OidcOpConfig
return dao.findByRealm(realm); return dao.findByRealm(realm);
} }
public OidcOpConfigurationEntity findByRealmAndHost(String realm, String host) {
return dao.findByRealmAndHost(realm, host);
}
@Override @Override
protected BaseDao<OidcOpConfigurationEntity, Long> getDao() { protected BaseDao<OidcOpConfigurationEntity, Long> getDao() {
return dao; return dao;
......
...@@ -20,7 +20,7 @@ public interface OidcOpLogin { ...@@ -20,7 +20,7 @@ public interface OidcOpLogin {
String registerAuthRequestReturn(String realm, HttpServletRequest request, HttpServletResponse response) String registerAuthRequestReturn(String realm, HttpServletRequest request, HttpServletResponse response)
throws IOException, OidcAuthenticationException; throws IOException, OidcAuthenticationException;
JSONObject serveUserJwt(String realm) throws OidcAuthenticationException; JSONObject serveUserJwt(String realm, HttpServletRequest request, HttpServletResponse response) throws OidcAuthenticationException;
JSONObject serveToken(String realm, String grantType, String code, String redirectUri, HttpServletRequest request, JSONObject serveToken(String realm, String grantType, String code, String redirectUri, HttpServletRequest request,
HttpServletResponse response, String clientId, String clientSecret) throws OidcAuthenticationException; HttpServletResponse response, String clientId, String clientSecret) throws OidcAuthenticationException;
......
...@@ -104,10 +104,10 @@ public class OidcOpLoginImpl implements OidcOpLogin { ...@@ -104,10 +104,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
String state, String nonce, String clientId, String state, String nonce, String clientId,
HttpServletRequest request, HttpServletResponse response) throws IOException, OidcAuthenticationException { HttpServletRequest request, HttpServletResponse response) throws IOException, OidcAuthenticationException {
OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm); OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
if (opConfig == null) { if (opConfig == null) {
throw new OidcAuthenticationException("unknown realm"); throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
} }
IdentityEntity identity = null; IdentityEntity identity = null;
...@@ -153,10 +153,10 @@ public class OidcOpLoginImpl implements OidcOpLogin { ...@@ -153,10 +153,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
public String registerAuthRequestReturn(String realm, HttpServletRequest request, HttpServletResponse response) public String registerAuthRequestReturn(String realm, HttpServletRequest request, HttpServletResponse response)
throws IOException, OidcAuthenticationException { throws IOException, OidcAuthenticationException {
OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm); OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
if (opConfig == null) { if (opConfig == null) {
throw new OidcAuthenticationException("unknown realm"); throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
} }
IdentityEntity identity = null; IdentityEntity identity = null;
...@@ -447,12 +447,12 @@ public class OidcOpLoginImpl implements OidcOpLogin { ...@@ -447,12 +447,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {
} }
@Override @Override
public JSONObject serveUserJwt(String realm) throws OidcAuthenticationException { public JSONObject serveUserJwt(String realm, HttpServletRequest request, HttpServletResponse response) throws OidcAuthenticationException {
OidcOpConfigurationEntity opConfig = opDao.findByRealm(realm); OidcOpConfigurationEntity opConfig = opDao.findByRealmAndHost(realm, request.getLocalName());
if (opConfig == null) { if (opConfig == null) {
throw new OidcAuthenticationException("unknown realm"); throw new OidcAuthenticationException("unknown realm/host combination: " + realm + " / " + request.getLocalName());
} }
if (session.isLoggedIn()) { if (session.isLoggedIn()) {
......
package edu.kit.scc.webreg.oauth; package edu.kit.scc.webreg.oauth;
import javax.inject.Inject; import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.slf4j.Logger; import org.slf4j.Logger;
...@@ -24,12 +27,12 @@ public class JwtAuthController { ...@@ -24,12 +27,12 @@ public class JwtAuthController {
@GET @GET
@Path("/{realm}/jwt") @Path("/{realm}/jwt")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public JSONObject jwt(@PathParam("realm") String realm) public JSONObject jwt(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
throws Exception { throws Exception {
logger.debug("Token JWT called"); logger.debug("Token JWT called");
return opLogin.serveUserJwt(realm); return opLogin.serveUserJwt(realm, request, response);
} }
} }
...@@ -6,10 +6,13 @@ import java.util.ArrayList; ...@@ -6,10 +6,13 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import javax.inject.Inject; import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.slf4j.Logger; import org.slf4j.Logger;
...@@ -39,14 +42,18 @@ public class OidcCertsController { ...@@ -39,14 +42,18 @@ public class OidcCertsController {
@GET @GET
@Path("/{realm}/protocol/openid-connect/certs") @Path("/{realm}/protocol/openid-connect/certs")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public JSONObject auth(@PathParam("realm") String realm) public JSONObject auth(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
throws IOException, OidcAuthenticationException { throws IOException, OidcAuthenticationException {
try { try {
logger.debug("certs called for {}", realm); logger.debug("certs called for {}", realm);
OidcOpConfigurationEntity opConfig = opService.findByRealmAndHost(realm, request.getLocalName());
OidcOpConfigurationEntity opConfig = opService.findByRealm(realm); if (opConfig == null) {
throw new OidcAuthenticationException("No such realm");
}
List<JWK> jwkList = new ArrayList<JWK>(); List<JWK> jwkList = new ArrayList<JWK>();
if (opConfig.getCertificate() != null && !(opConfig.getCertificate().equals(""))) { if (opConfig.getCertificate() != null && !(opConfig.getCertificate().equals(""))) {
X509Certificate certificate = cryptoHelper.getCertificate(opConfig.getCertificate()); X509Certificate certificate = cryptoHelper.getCertificate(opConfig.getCertificate());
......
...@@ -8,10 +8,13 @@ import java.util.List; ...@@ -8,10 +8,13 @@ import java.util.List;
import javax.inject.Inject; import javax.inject.Inject;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.slf4j.Logger; import org.slf4j.Logger;
...@@ -41,17 +44,15 @@ public class OidcWellknownController { ...@@ -41,17 +44,15 @@ public class OidcWellknownController {
@GET @GET
@Path("/{realm}/.well-known/openid-configuration") @Path("/{realm}/.well-known/openid-configuration")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public JSONObject wellknown(@PathParam("realm") String realm) public JSONObject wellknown(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
throws ServletException { throws ServletException {
/*
* TODO: Realm from configuration (database) OidcOpConfigurationEntity opConfig = opService.findByRealmAndHost(realm, request.getLocalName());
*/
OidcOpConfigurationEntity opConfig = opService.findByRealm(realm);
if (opConfig == null) { if (opConfig == null) {
throw new ServletException("No such realm"); throw new ServletException("No such realm");
} }
try { try {
List<SubjectType> subjectTypeList = Arrays.asList(new SubjectType[] { SubjectType.PAIRWISE, SubjectType.PUBLIC }); List<SubjectType> subjectTypeList = Arrays.asList(new SubjectType[] { SubjectType.PAIRWISE, SubjectType.PUBLIC });
OIDCProviderMetadata metadata = new OIDCProviderMetadata(new Issuer("https://" + opConfig.getHost() + "/oidc/realms/" + opConfig.getRealm()), OIDCProviderMetadata metadata = new OIDCProviderMetadata(new Issuer("https://" + opConfig.getHost() + "/oidc/realms/" + opConfig.getRealm()),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment