Search in sources :

Example 1 with UrlType

use of com.tremolosecurity.config.xml.UrlType in project OpenUnison by TremoloSecurity.

the class UnisonConfigManagerImpl method addAppInternal.

private List<UrlHolder> addAppInternal(ApplicationType app) throws Exception {
    List<UrlHolder> added = new ArrayList<UrlHolder>();
    for (UrlType url : app.getUrls().getUrl()) {
        for (String hostName : url.getHost()) {
            synchronized (this.byHost) {
                ArrayList<UrlHolder> hostUrls = this.byHost.get(hostName);
                if (hostUrls == null) {
                    hostUrls = new ArrayList<UrlHolder>();
                    this.byHost.put(hostName, hostUrls);
                }
                synchronized (hostUrls) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Configuring Application : '" + app.getName() + "'");
                        logger.debug("Configuring URL : '" + url.getHost().toString() + "' / '" + url.getUri() + "'");
                    }
                    UrlHolder holder = new UrlHolder(app, url, this);
                    added.add(holder);
                    hostUrls.add(holder);
                }
            }
        }
    }
    this.appUrls.put(app.getName(), added);
    return added;
}
Also used : ArrayList(java.util.ArrayList) UrlType(com.tremolosecurity.config.xml.UrlType)

Example 2 with UrlType

use of com.tremolosecurity.config.xml.UrlType in project OpenUnison by TremoloSecurity.

the class PreAuthFilter method initFilter.

@Override
public void initFilter(HttpFilterConfig config) throws Exception {
    this.postSAML = config.getAttribute("postSAML") != null && config.getAttribute("postSAML").getValues().get(0).equalsIgnoreCase("true");
    if (postSAML) {
        String idpName = config.getAttribute("idpName").getValues().get(0);
        ApplicationType app = config.getConfigManager().getApp(idpName);
        IdpType idp = app.getUrls().getUrl().get(0).getIdp();
        for (ParamType pt : idp.getParams()) {
            if (pt.getName().equalsIgnoreCase("sigKey")) {
                this.keyAlias = pt.getValue();
            }
        }
        TrustType tt = idp.getTrusts().getTrust().get(0);
        for (ParamType pt : tt.getParam()) {
            if (pt.getName().equalsIgnoreCase("signResponse")) {
                this.signResponse = pt.getValue().equalsIgnoreCase("true");
            } else if (pt.getName().equalsIgnoreCase("signAssertion")) {
                this.signAssertion = pt.getValue().equalsIgnoreCase("true");
            } else if (pt.getName().equalsIgnoreCase("httpPostRespURL")) {
                this.assertionConsumerURL = pt.getValue();
            } else if (pt.getName().equalsIgnoreCase("defaultNameId")) {
                this.nameIDType = pt.getValue();
            } else if (pt.getName().equalsIgnoreCase("nameIdMap")) {
                this.nameIDAttribute = pt.getValue().substring(pt.getValue().indexOf('=') + 1);
            } else if (pt.getName().equalsIgnoreCase("defaultAuthCtx")) {
                this.authnCtxClassRef = pt.getValue();
            }
        }
        String issuerHost = config.getAttribute("issuerHost").getValues().get(0);
        String issuerPort = config.getAttribute("issuerPort").getValues().get(0);
        boolean issuerSSL = config.getAttribute("issuerSSL").getValues().get(0).equalsIgnoreCase("true");
        StringBuffer b = new StringBuffer();
        if (issuerSSL) {
            b.append("https://");
        } else {
            b.append("http://");
        }
        b.append(issuerHost);
        if (!issuerPort.isEmpty()) {
            b.append(':').append(issuerPort);
        }
        b.append("/auth/idp/").append(idpName);
        this.issuer = b.toString();
        // this.issuer = config.getAttribute("issuer").getValues().get(0);
        this.audience = tt.getName();
        this.relayState = config.getAttribute("relayState").getValues().get(0);
        InitializationService.initialize();
        this.url = this.assertionConsumerURL;
    } else {
        this.url = config.getAttribute("url").getValues().get(0);
    }
    URL nurl = new URL(this.url);
    this.uri = nurl.getPath();
    UrlType urlCfg = config.getConfigManager().findURL(this.url).getUrl();
    for (FilterConfigType filterCfg : urlCfg.getFilterChain().getFilter()) {
        if (filterCfg.getClazz().equalsIgnoreCase("com.tremolosecurity.proxy.filters.LastMile")) {
            for (ParamWithValueType pt : filterCfg.getParam()) {
                if (pt.getName().equalsIgnoreCase("encKeyAlias")) {
                    this.lastMileKeyAlias = pt.getValue();
                } else if (pt.getName().equalsIgnoreCase("headerName")) {
                    this.headerName = pt.getValue();
                } else if (pt.getName().equalsIgnoreCase("userAttribute")) {
                    this.loginAttribute = pt.getValue();
                }
            }
            for (ParamWithValueType pt : filterCfg.getParam()) {
                if (pt.getName().equalsIgnoreCase("attribs")) {
                    String param = pt.getValue();
                    String fromUser = param.substring(0, param.indexOf('='));
                    String toApp = param.substring(param.indexOf('=') + 1);
                    if (fromUser.equalsIgnoreCase(this.headerName)) {
                        this.headerName = toApp;
                    }
                }
            }
        }
    }
    logger.info("URL : '" + this.url + "'");
    logger.info("Key Alias : '" + this.lastMileKeyAlias + "'");
    logger.info("Login ID Attribute : '" + this.loginAttribute + "'");
    logger.info("Header Attribute : '" + this.headerName + "'");
    if (this.postSAML) {
        logger.info("Saml : true");
        logger.info("Issuer : " + this.issuer);
    }
}
Also used : ApplicationType(com.tremolosecurity.config.xml.ApplicationType) IdpType(com.tremolosecurity.config.xml.IdpType) FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType) TrustType(com.tremolosecurity.config.xml.TrustType) ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType) UrlType(com.tremolosecurity.config.xml.UrlType) ParamType(com.tremolosecurity.config.xml.ParamType) URL(java.net.URL)

Example 3 with UrlType

use of com.tremolosecurity.config.xml.UrlType in project OpenUnison by TremoloSecurity.

the class ScaleJSOperator method initFilter.

@Override
public void initFilter(HttpFilterConfig config) throws Exception {
    this.config = new OperatorsConfig();
    Attribute bases = config.getAttribute("bases");
    if (bases == null) {
        throw new Exception("bases not set");
    }
    for (String base : bases.getValues()) {
        String desc = base.substring(0, base.indexOf('='));
        String ldap = base.substring(base.indexOf('=') + 1);
        this.config.getBaseLabelToDN().put(desc, ldap);
        this.config.getSearchBases().add(desc);
    }
    Attribute attr = config.getAttribute("searchableAttributes");
    if (attr == null) {
        throw new Exception("searchableAttributes not found");
    }
    for (String searchable : attr.getValues()) {
        String name = searchable.substring(0, searchable.indexOf('='));
        String label = searchable.substring(searchable.indexOf('=') + 1);
        this.config.getSearchableAttributes().add(new AttributeConfig(name, label, ""));
    }
    attr = config.getAttribute("resultAttributes");
    if (attr == null) {
        throw new Exception("resultAttributes not found");
    }
    for (String resultAttr : attr.getValues()) {
        String name = resultAttr.substring(0, resultAttr.indexOf('='));
        String label = resultAttr.substring(resultAttr.indexOf('=') + 1);
        this.config.getResultsAttributes().add(new AttributeConfig(name, label, ""));
    }
    this.config.setScaleJsMainUri(this.loadAttributeValue("scaleMainURI", "Scale Main URI", config));
    this.config.setHomeUrl(this.loadAttributeValue("homeUrl", "Home URL", config));
    this.scalejsAppName = this.loadAttributeValue("scaleMainAppName", "Scale Main Application", config);
    ApplicationType app = null;
    for (ApplicationType at : config.getConfigManager().getCfg().getApplications().getApplication()) {
        if (at.getName().equalsIgnoreCase(scalejsAppName)) {
            app = at;
        }
    }
    if (app == null) {
        throw new Exception(scalejsAppName + " does not exist");
    }
    for (UrlType url : app.getUrls().getUrl()) {
        if (url.getUri().equalsIgnoreCase(this.config.getScaleJsMainUri())) {
            this.scaleJsUrl = url;
        }
    }
    if (this.scaleJsUrl == null) {
        throw new Exception("Could not find url for ScaleJS Main");
    }
    this.scaleMainURL = "https://" + this.scaleJsUrl.getHost().get(0) + this.scaleJsUrl.getUri();
    HashMap<String, Attribute> decCfg = new HashMap<String, Attribute>();
    for (FilterConfigType filter : this.scaleJsUrl.getFilterChain().getFilter()) {
        if (filter.getClazz().equalsIgnoreCase("com.tremolosecurity.scalejs.ws.ScaleMain")) {
            for (ParamWithValueType pt : filter.getParam()) {
                if (pt.getName().equalsIgnoreCase("uiHelperClassName")) {
                    this.dec = (UiDecisions) Class.forName(pt.getValue()).newInstance();
                } else if (pt.getName().equalsIgnoreCase("uihelper.params")) {
                    String v = pt.getValue();
                    String name = v.substring(0, v.indexOf('='));
                    String value = v.substring(v.indexOf('=') + 1);
                    Attribute param = decCfg.get(name);
                    if (param == null) {
                        param = new Attribute(name);
                        decCfg.put(name, param);
                    }
                    param.getValues().add(value);
                }
            }
        }
    }
    if (this.dec != null) {
        this.dec.init(decCfg);
    }
}
Also used : ApplicationType(com.tremolosecurity.config.xml.ApplicationType) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType) OperatorsConfig(com.tremolosecurity.scalejs.operators.config.OperatorsConfig) ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType) AttributeConfig(com.tremolosecurity.scalejs.operators.config.AttributeConfig) UrlType(com.tremolosecurity.config.xml.UrlType) LDAPException(com.novell.ldap.LDAPException) IOException(java.io.IOException)

Example 4 with UrlType

use of com.tremolosecurity.config.xml.UrlType in project OpenUnison by TremoloSecurity.

the class LoadApplicationsFromK8s method createApplication.

public ApplicationType createApplication(JSONObject item, String name) throws Exception {
    ApplicationType app = new ApplicationType();
    app.setName(name);
    JSONObject spec = (JSONObject) item.get("spec");
    app.setAzTimeoutMillis(getLongValue(spec.get("azTimeoutMillis"), 3000));
    app.setIsApp(getBoolValue(spec.get("isApp"), true));
    JSONArray urls = (JSONArray) spec.get("urls");
    app.setUrls(new UrlsType());
    for (Object o : urls) {
        JSONObject jsonUrl = (JSONObject) o;
        UrlType url = new UrlType();
        if (!app.isIsApp()) {
            createIdpOnUrl(jsonUrl, url);
        }
        JSONArray hosts = (JSONArray) jsonUrl.get("hosts");
        for (Object x : hosts) {
            url.getHost().add((String) x);
        }
        JSONArray filters = (JSONArray) jsonUrl.get("filterChain");
        url.setFilterChain(new FilterChainType());
        if (filters != null) {
            for (Object x : filters) {
                JSONObject jsonFilter = (JSONObject) x;
                FilterConfigType ft = new FilterConfigType();
                ft.setClazz((String) jsonFilter.get("className"));
                JSONObject params = (JSONObject) jsonFilter.get("params");
                if (params != null) {
                    for (Object y : params.keySet()) {
                        String paramName = (String) y;
                        Object z = params.get(paramName);
                        if (z instanceof String) {
                            ParamWithValueType pt = new ParamWithValueType();
                            pt.setName(paramName);
                            pt.setValue((String) z);
                            ft.getParam().add(pt);
                        } else {
                            JSONArray values = (JSONArray) z;
                            for (Object w : values) {
                                ParamWithValueType pt = new ParamWithValueType();
                                pt.setName(paramName);
                                pt.setValue((String) w);
                                ft.getParam().add(pt);
                            }
                        }
                    }
                }
                JSONArray secretParams = (JSONArray) jsonFilter.get("secretParams");
                if (secretParams != null) {
                    HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
                    String token = this.k8sWatch.getK8s().getAuthToken();
                    try {
                        for (Object ox : secretParams) {
                            JSONObject secretParam = (JSONObject) ox;
                            String paramName = (String) secretParam.get("name");
                            String secretName = (String) secretParam.get("secretName");
                            String secretKey = (String) secretParam.get("secretKey");
                            String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
                            ParamWithValueType pt = new ParamWithValueType();
                            pt.setName(paramName);
                            pt.setValue(secretValue);
                            pt.setValueAttribute(secretValue);
                            ft.getParam().add(pt);
                        }
                    } finally {
                        nonwatchHttp.getHttp().close();
                        nonwatchHttp.getBcm().close();
                    }
                }
                url.getFilterChain().getFilter().add(ft);
            }
        }
        JSONArray jsonAzRules = (JSONArray) jsonUrl.get("azRules");
        AzRulesType art = new AzRulesType();
        if (jsonAzRules != null) {
            for (Object x : jsonAzRules) {
                JSONObject jsonRule = (JSONObject) x;
                AzRuleType artx = new AzRuleType();
                artx.setScope((String) jsonRule.get("scope"));
                artx.setConstraint((String) jsonRule.get("constraint"));
                art.getRule().add(artx);
            }
        }
        url.setAzRules(art);
        url.setProxyTo((String) jsonUrl.get("proxyTo"));
        url.setUri((String) jsonUrl.get("uri"));
        url.setRegex(getBoolValue(jsonUrl.get("regex"), false));
        url.setAuthChain((String) jsonUrl.get("authChain"));
        url.setOverrideHost(getBoolValue(jsonUrl.get("overrideHost"), false));
        url.setOverrideReferer(getBoolValue(jsonUrl.get("overrideReferer"), false));
        JSONObject jsonResults = (JSONObject) jsonUrl.get("results");
        if (jsonResults != null) {
            ResultRefType rt = new ResultRefType();
            rt.setAuSuccess((String) jsonResults.get("auSuccess"));
            rt.setAzSuccess((String) jsonResults.get("azSuccess"));
            rt.setAuFail((String) jsonResults.get("auFail"));
            rt.setAzFail((String) jsonResults.get("azFail"));
            url.setResults(rt);
        }
        app.getUrls().getUrl().add(url);
    }
    JSONObject jsonCookie = (JSONObject) spec.get("cookieConfig");
    if (jsonCookie != null) {
        CookieConfigType cct = new CookieConfigType();
        cct.setSessionCookieName((String) jsonCookie.get("sessionCookieName"));
        cct.setDomain((String) jsonCookie.get("domain"));
        cct.setScope(getIntValue(jsonCookie.get("scope"), -1));
        cct.setLogoutURI((String) jsonCookie.get("logoutURI"));
        cct.setKeyAlias((String) jsonCookie.get("keyAlias"));
        cct.setTimeout(getIntValue(jsonCookie.get("timeout"), 0).intValue());
        cct.setSecure(getBoolValue(jsonCookie.get("secure"), false));
        cct.setHttpOnly(getBoolValue(jsonCookie.get("httpOnly"), false));
        cct.setSameSite((String) jsonCookie.get("sameSite"));
        cct.setCookiesEnabled(getBoolValue(jsonCookie.get("cookiesEnabled"), true));
        app.setCookieConfig(cct);
    }
    return app;
}
Also used : AzRulesType(com.tremolosecurity.config.xml.AzRulesType) JSONArray(org.json.simple.JSONArray) UrlsType(com.tremolosecurity.config.xml.UrlsType) FilterChainType(com.tremolosecurity.config.xml.FilterChainType) ResultRefType(com.tremolosecurity.config.xml.ResultRefType) ApplicationType(com.tremolosecurity.config.xml.ApplicationType) CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType) AzRuleType(com.tremolosecurity.config.xml.AzRuleType) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType) CookieConfigType(com.tremolosecurity.config.xml.CookieConfigType) JSONObject(org.json.simple.JSONObject) ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType) UrlType(com.tremolosecurity.config.xml.UrlType)

Aggregations

UrlType (com.tremolosecurity.config.xml.UrlType)4 ApplicationType (com.tremolosecurity.config.xml.ApplicationType)3 FilterConfigType (com.tremolosecurity.config.xml.FilterConfigType)3 ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)3 LDAPAttribute (com.novell.ldap.LDAPAttribute)1 LDAPException (com.novell.ldap.LDAPException)1 AzRuleType (com.tremolosecurity.config.xml.AzRuleType)1 AzRulesType (com.tremolosecurity.config.xml.AzRulesType)1 CookieConfigType (com.tremolosecurity.config.xml.CookieConfigType)1 CustomAzRuleType (com.tremolosecurity.config.xml.CustomAzRuleType)1 FilterChainType (com.tremolosecurity.config.xml.FilterChainType)1 IdpType (com.tremolosecurity.config.xml.IdpType)1 ParamType (com.tremolosecurity.config.xml.ParamType)1 ResultRefType (com.tremolosecurity.config.xml.ResultRefType)1 TrustType (com.tremolosecurity.config.xml.TrustType)1 UrlsType (com.tremolosecurity.config.xml.UrlsType)1 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)1 Attribute (com.tremolosecurity.saml.Attribute)1 AttributeConfig (com.tremolosecurity.scalejs.operators.config.AttributeConfig)1 OperatorsConfig (com.tremolosecurity.scalejs.operators.config.OperatorsConfig)1