Search in sources :

Example 1 with ConfigManager

use of com.tremolosecurity.config.util.ConfigManager in project OpenUnison by TremoloSecurity.

the class UnisonMessageListener method onMessage.

@Override
public void onMessage(Message msg) {
    try {
        TextMessage smsg = (TextMessage) msg;
        if (smsg.getBooleanProperty("unisonignore")) {
            if (logger.isDebugEnabled()) {
                logger.debug("ignoring message");
            }
            smsg.acknowledge();
            return;
        }
        ConfigManager cfgMgr = (ConfigManager) GlobalEntries.getGlobalEntries().get(ProxyConstants.CONFIG_MANAGER);
        Gson gson = new Gson();
        Object obj;
        if (this.isEncrypted()) {
            EncryptedMessage em = gson.fromJson(smsg.getText(), EncryptedMessage.class);
            obj = cfgMgr.getProvisioningEngine().decryptObject(em);
        } else {
            obj = JsonReader.jsonToJava(smsg.getText());
        }
        this.onMessage(cfgMgr, obj, msg);
        msg.acknowledge();
    } catch (Throwable t) {
        logger.error("Unable to run listener", t);
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        PrintWriter baout = new PrintWriter(baos);
        t.printStackTrace(baout);
        baout.flush();
        baout.close();
        StringBuffer b = new StringBuffer();
        b.append("Could not run listener").append(new String(baos.toByteArray()));
        throw new RuntimeException(b.toString(), t);
    }
}
Also used : EncryptedMessage(com.tremolosecurity.provisioning.util.EncryptedMessage) Gson(com.google.gson.Gson) ByteArrayOutputStream(java.io.ByteArrayOutputStream) TextMessage(javax.jms.TextMessage) ConfigManager(com.tremolosecurity.config.util.ConfigManager) PrintWriter(java.io.PrintWriter)

Example 2 with ConfigManager

use of com.tremolosecurity.config.util.ConfigManager in project OpenUnison by TremoloSecurity.

the class ListOrgs method copyOrg.

private void copyOrg(Organization org, OrgType ot, AzSys az, AuthInfo auinfo) throws MalformedURLException, ProvisioningException {
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    if (ot.getAzRules() != null && ot.getAzRules().getRule().size() > 0) {
        ArrayList<AzRule> rules = new ArrayList<AzRule>();
        for (AzRuleType art : ot.getAzRules().getRule()) {
            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), cfgMgr, null));
        }
        if (!az.checkRules(auinfo, cfgMgr, rules, null)) {
            return;
        }
    }
    org.setId(ot.getUuid());
    org.setName(ot.getName());
    org.setDescription(ot.getDescription());
    for (OrgType child : ot.getOrgs()) {
        Organization sub = new Organization();
        org.getSubOrgs().add(sub);
        copyOrg(sub, child, az, auinfo);
    }
}
Also used : AzRuleType(com.tremolosecurity.config.xml.AzRuleType) Organization(com.tremolosecurity.provisioning.service.util.Organization) OrgType(com.tremolosecurity.config.xml.OrgType) ArrayList(java.util.ArrayList) AzRule(com.tremolosecurity.proxy.az.AzRule) ConfigManager(com.tremolosecurity.config.util.ConfigManager)

Example 3 with ConfigManager

use of com.tremolosecurity.config.util.ConfigManager in project OpenUnison by TremoloSecurity.

the class ListReports method checkOrg.

private void checkOrg(HashSet<String> allowedOrgs, OrgType ot, AzSys az, AuthInfo auinfo) throws MalformedURLException, ProvisioningException {
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    if (ot.getAzRules() != null && ot.getAzRules().getRule().size() > 0) {
        ArrayList<AzRule> rules = new ArrayList<AzRule>();
        for (AzRuleType art : ot.getAzRules().getRule()) {
            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), cfgMgr, null));
        }
        if (!az.checkRules(auinfo, cfgMgr, rules, null)) {
            return;
        }
    }
    allowedOrgs.add(ot.getUuid());
    for (OrgType child : ot.getOrgs()) {
        checkOrg(allowedOrgs, child, az, auinfo);
    }
}
Also used : AzRuleType(com.tremolosecurity.config.xml.AzRuleType) OrgType(com.tremolosecurity.config.xml.OrgType) ArrayList(java.util.ArrayList) AzRule(com.tremolosecurity.proxy.az.AzRule) ConfigManager(com.tremolosecurity.config.util.ConfigManager)

Example 4 with ConfigManager

use of com.tremolosecurity.config.util.ConfigManager in project OpenUnison by TremoloSecurity.

the class UnisonServletFilter method init.

@Override
public void init(FilterConfig filterCfg) throws ServletException {
    this.ctx = filterCfg.getServletContext();
    // TODO This needs to be replaced with configurable code
    try {
        Security.addProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance());
    } catch (InstantiationException e1) {
        throw new ServletException("Could not load bouncycastle", e1);
    } catch (IllegalAccessException e1) {
        throw new ServletException("Could not load bouncycastle", e1);
    } catch (ClassNotFoundException e1) {
        throw new ServletException("Could not load bouncycastle", e1);
    }
    this.cfg = filterCfg;
    String tmp = filterCfg.getInitParameter("mode");
    if (tmp == null || tmp.equalsIgnoreCase("embedded")) {
        this.passOn = false;
    } else {
        this.passOn = true;
    }
    ConfigManager cfg = null;
    try {
        String registryName = filterCfg.getInitParameter("registryName");
        if (registryName == null) {
            registryName = "proxy";
        }
        cfg = loadConfiguration(filterCfg, registryName);
        cfg.initialize(registryName);
        cfg.loadFilters();
        filterCfg.getServletContext().setAttribute(ProxyConstants.TREMOLO_CONFIG, cfg);
        cfg.loadAuthMechs();
        String userPrinicialAttribute = filterCfg.getInitParameter("userPrincipalAttribute");
        String roleAttribute = filterCfg.getInitParameter("roleAttribute");
        cfg.setPaasUserPrinicipalAttribute(userPrinicialAttribute);
        cfg.setPaasRoleAttribute(roleAttribute);
        boolean forceToSSL = filterCfg.getInitParameter("forceToSSL") != null && filterCfg.getInitParameter("forceToSSL").equalsIgnoreCase("true");
        GlobalEntries.getGlobalEntries().set(registryName + "_" + ProxyConstants.FORCE_TO_SSL, forceToSSL);
        this.postLoadConfiguration(filterCfg, registryName, cfg);
    } catch (Exception e) {
        e.printStackTrace();
        throw new ServletException(e);
    }
}
Also used : ServletException(javax.servlet.ServletException) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 5 with ConfigManager

use of com.tremolosecurity.config.util.ConfigManager in project OpenUnison by TremoloSecurity.

the class SamlTransaction method postResponse.

private void postResponse(final SamlTransaction transaction, HttpServletRequest request, HttpServletResponse response, AuthInfo authInfo, UrlHolder holder) throws MalformedURLException, ServletException, UnsupportedEncodingException, IOException {
    User mapped = null;
    try {
        if (authInfo.getAttribs().get(transaction.nameIDAttr) == null) {
            StringBuffer b = new StringBuffer();
            b.append("No attribute mapping for '").append(transaction.nameIDAttr).append("'");
            throw new ServletException(b.toString());
        }
        User orig = new User(authInfo.getAttribs().get(transaction.nameIDAttr).getValues().get(0));
        orig.getAttribs().putAll(authInfo.getAttribs());
        mapped = this.mapper.mapUser(orig);
    } catch (Exception e) {
        throw new ServletException("Could not map user", e);
    }
    String subject = authInfo.getAttribs().get(transaction.nameIDAttr).getValues().get(0);
    Saml2Trust trust = trusts.get(transaction.issuer);
    if (transaction.authnCtxName == null) {
        transaction.authnCtxName = trust.params.get("defaultAuthCtx").getValues().get(0);
    }
    PrivateKey pk = holder.getConfig().getPrivateKey(this.idpSigKeyName);
    java.security.cert.X509Certificate cert = holder.getConfig().getCertificate(this.idpSigKeyName);
    java.security.cert.X509Certificate spEncCert = holder.getConfig().getCertificate(trust.spEncCert);
    StringBuffer issuer = new StringBuffer();
    URL url = new URL(request.getRequestURL().toString());
    if (request.isSecure()) {
        issuer.append("https://");
    } else {
        issuer.append("http://");
    }
    issuer.append(url.getHost());
    if (url.getPort() != -1) {
        issuer.append(':').append(url.getPort());
    }
    ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    // issuer.append(holder.getUrl().getUri());
    issuer.append(cfg.getAuthIdPPath()).append(this.idpName);
    Saml2Assertion resp = new Saml2Assertion(subject, pk, cert, spEncCert, issuer.toString(), transaction.postToURL, transaction.issuer, trust.signAssertion, trust.signResponse, trust.encAssertion, transaction.nameIDFormat, transaction.authnCtxName);
    for (String attrName : mapped.getAttribs().keySet()) {
        resp.getAttribs().add(mapped.getAttribs().get(attrName));
    }
    // resp.getAttribs().add(new Attribute("groups","admin"));
    String respXML = "";
    try {
        respXML = resp.generateSaml2Response();
    } catch (Exception e) {
        throw new ServletException("Could not generate SAMLResponse", e);
    }
    if (logger.isDebugEnabled()) {
        logger.debug(respXML);
    }
    String base64 = Base64.encodeBase64String(respXML.getBytes("UTF-8"));
    request.setAttribute("postdata", base64);
    request.setAttribute("postaction", transaction.postToURL);
    if (transaction.relayState != null) {
        request.setAttribute("relaystate", transaction.relayState);
    } else {
        request.setAttribute("relaystate", "");
    }
    ST st = new ST(this.saml2PostTemplate, '$', '$');
    st.add("relaystate", (String) request.getAttribute("relaystate"));
    st.add("postdata", base64);
    st.add("postaction", transaction.postToURL);
    response.setContentType("text/html");
    response.getWriter().write(st.render());
}
Also used : ST(org.stringtemplate.v4.ST) User(com.tremolosecurity.provisioning.core.User) PrivateKey(java.security.PrivateKey) ServletException(javax.servlet.ServletException) SignatureException(java.security.SignatureException) UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SAXException(org.xml.sax.SAXException) InvalidKeyException(java.security.InvalidKeyException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InitializationException(org.opensaml.core.config.InitializationException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) URL(java.net.URL) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ServletException(javax.servlet.ServletException) Saml2Assertion(com.tremolosecurity.saml.Saml2Assertion)

Aggregations

ConfigManager (com.tremolosecurity.config.util.ConfigManager)45 Attribute (com.tremolosecurity.saml.Attribute)20 ServletException (javax.servlet.ServletException)20 HashMap (java.util.HashMap)18 IOException (java.io.IOException)15 AuthController (com.tremolosecurity.proxy.auth.AuthController)14 LDAPAttribute (com.novell.ldap.LDAPAttribute)12 UrlHolder (com.tremolosecurity.config.util.UrlHolder)12 HttpSession (javax.servlet.http.HttpSession)12 Gson (com.google.gson.Gson)10 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)10 ArrayList (java.util.ArrayList)10 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 DateTime (org.joda.time.DateTime)9 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)7 AuthMechType (com.tremolosecurity.config.xml.AuthMechType)6 AzRuleType (com.tremolosecurity.config.xml.AzRuleType)6 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)6 ScaleError (com.tremolosecurity.scalejs.data.ScaleError)6 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6