Example 1 with LastMile
use of com.tremolosecurity.lastmile.LastMile in project OpenUnison by TremoloSecurity.
the class LastMileUtil method addLastMile.
public static void addLastMile(ConfigManager cfg, String username, String userNameAttr, HttpRequestBase req, String keyAlias, boolean addHeader) throws Exception {
if (!addHeader) {
return;
}
String uri = req.getURI().getPath();
DateTime now = new DateTime();
DateTime notBefore = now.minus(5 * 60 * 1000);
DateTime notAfter = now.plus(5 * 60 * 1000);
LastMile lm = new LastMile(uri, notBefore, notAfter, 0, "nochain");
lm.getAttributes().add(new Attribute(userNameAttr, username));
SecretKey sk = cfg.getSecretKey(keyAlias);
String header = lm.generateLastMileToken(sk);
req.addHeader("tremoloHeader", header);
}Example 2 with LastMile
use of com.tremolosecurity.lastmile.LastMile in project OpenUnison by TremoloSecurity.
the class ScaleMain method loadWorkflows.
private void loadWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
HashSet<String> allowedOrgs = new HashSet<String>();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
if (!allowedOrgs.contains(orgid)) {
response.setStatus(401);
response.setContentType("application/json");
ScaleError error = new ScaleError();
error.getErrors().add("Unauthorized");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
} else {
List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
ArrayList<WFDescription> workflows = new ArrayList<WFDescription>();
for (WorkflowType wf : wfs) {
if (wf.isInList() != null && wf.isInList().booleanValue()) {
if (wf.getOrgid() == null || wf.getOrgid().equalsIgnoreCase(orgid)) {
if (wf.getDynamicConfiguration() != null && wf.getDynamicConfiguration().isDynamic()) {
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
if (wf.getDynamicConfiguration().getParam() != null) {
for (ParamType p : wf.getDynamicConfiguration().getParam()) {
Attribute attr = params.get(p.getName());
if (attr == null) {
attr = new Attribute(p.getName());
params.put(p.getName(), attr);
}
attr.getValues().add(p.getValue());
}
}
DynamicWorkflow dwf = (DynamicWorkflow) Class.forName(wf.getDynamicConfiguration().getClassName()).newInstance();
List<Map<String, String>> wfParams = dwf.generateWorkflows(wf, cfgMgr, params, userData);
StringBuffer b = new StringBuffer();
b.append('/').append(URLEncoder.encode(wf.getName(), "UTF-8"));
String uri = b.toString();
for (Map<String, String> wfParamSet : wfParams) {
DateTime now = new DateTime();
DateTime expires = now.plusHours(1);
LastMile lm = new LastMile(uri, now, expires, 0, "");
for (String key : wfParamSet.keySet()) {
String val = wfParamSet.get(key);
Attribute attr = new Attribute(key, val);
lm.getAttributes().add(attr);
}
WFDescription desc = new WFDescription();
desc.setUuid(UUID.randomUUID().toString());
desc.setName(wf.getName());
ST st = new ST(wf.getLabel(), '$', '$');
for (String key : wfParamSet.keySet()) {
st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
}
desc.setLabel(st.render());
st = new ST(wf.getDescription(), '$', '$');
for (String key : wfParamSet.keySet()) {
st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
}
desc.setDescription(st.render());
desc.setEncryptedParams(lm.generateLastMileToken(cfgMgr.getSecretKey(cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey())));
workflows.add(desc);
}
} else {
WFDescription desc = new WFDescription();
desc.setUuid(UUID.randomUUID().toString());
desc.setName(wf.getName());
desc.setLabel(wf.getLabel());
desc.setDescription(wf.getDescription());
workflows.add(desc);
}
}
}
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(workflows).trim());
response.getWriter().flush();
}
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
DateTime(org.joda.time.DateTime)
WFDescription(com.tremolosecurity.provisioning.service.util.WFDescription)
DynamicWorkflow(com.tremolosecurity.provisioning.util.DynamicWorkflow)
HashSet(java.util.HashSet)
ST(org.stringtemplate.v4.ST)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ParamType(com.tremolosecurity.config.xml.ParamType)
LastMile(com.tremolosecurity.lastmile.LastMile)
OrgType(com.tremolosecurity.config.xml.OrgType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 3 with LastMile
use of com.tremolosecurity.lastmile.LastMile in project OpenUnison by TremoloSecurity.
the class OpenUnisonRestful method addAuthorizationHeader.
public void addAuthorizationHeader(String uri, HttpRequestBase request) throws Exception {
LastMile lastMile = new LastMile(uri, DateTime.now().minus(30000), DateTime.now().plus(30000), 0, "");
lastMile.getAttributes().add(this.lastMileAttribute);
StringBuffer b = new StringBuffer();
b.append("Bearer: ").append(lastMile.generateLastMileToken(GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(this.lastMileKeyName)));
request.addHeader("Authorization", b.toString());
}
Also used :
LastMile(com.tremolosecurity.lastmile.LastMile)
Example 4 with LastMile
use of com.tremolosecurity.lastmile.LastMile in project OpenUnison by TremoloSecurity.
the class TremoloValve method invoke.
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
if (!this.initialized.booleanValue()) {
initialize(request.getContext().getServletContext());
}
if (this.ignoreURI == null || this.ignoreURI.isEmpty() || !request.getRequestURI().startsWith(this.ignoreURI)) {
String xml = request.getHeader(this.headerName);
if (xml == null) {
System.out.println("No Header");
((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
if (debug) {
System.out.println("Header value : '" + xml + "'");
}
com.tremolosecurity.lastmile.LastMile lastmile = new com.tremolosecurity.lastmile.LastMile();
try {
lastmile.loadLastMielToken(xml, encryptionKey);
} catch (Exception e) {
e.printStackTrace();
((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
try {
if (!lastmile.isValid(request.getRequestURI())) {
System.out.println("Request not valid");
((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
} catch (Exception e) {
throw new ServletException("Could not validate request", e);
}
HashMap<String, Attribute> attrs = new HashMap<String, Attribute>();
Iterator<Attribute> attribs = lastmile.getAttributes().iterator();
while (attribs.hasNext()) {
Attribute attrib = attribs.next();
if (this.createHeaders) {
for (String val : attrib.getValues()) {
request.getCoyoteRequest().getMimeHeaders().setValue(attrib.getName()).setString(val);
}
}
attrs.put(attrib.getName(), attrib);
if (attrib.getName().equalsIgnoreCase(userAttribute)) {
request.setUserPrincipal(new AutoIDMPrincipal(attrib.getValues().get(0), attrs));
}
}
request.setAttribute("tremolosecurity.loginlevel", lastmile.getLoginLevel());
request.setAttribute("tremolosecurity.authchain", lastmile.getAuthChain());
if (this.postValidate != null) {
try {
this.postValidate.postValidate(request, response, lastmile);
} catch (Exception e) {
throw new ServletException("Error during last mile post validation", e);
}
}
}
this.getNext().invoke(request, response);
}
Also used :
AutoIDMPrincipal(com.tremolosecurity.filter.AutoIDMPrincipal)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
LastMile(com.tremolosecurity.lastmile.LastMile)
ServletException(javax.servlet.ServletException)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
FileNotFoundException(java.io.FileNotFoundException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ServletException(javax.servlet.ServletException)
LastMile(com.tremolosecurity.lastmile.LastMile)
CustomLastMile(com.tremolosecurity.lastmile.custom.CustomLastMile)
Example 5 with LastMile
use of com.tremolosecurity.lastmile.LastMile in project OpenUnison by TremoloSecurity.
the class ListWorkflows method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
String uuid = req.getParameter("uuid");
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
ArrayList<WFDescription> workflows = new ArrayList<WFDescription>();
for (WorkflowType wf : wfs) {
if (wf.isInList() != null && wf.isInList().booleanValue()) {
if (wf.getOrgid() == null || wf.getOrgid().equalsIgnoreCase(uuid)) {
if (wf.getDynamicConfiguration() != null && wf.getDynamicConfiguration().isDynamic()) {
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
if (wf.getDynamicConfiguration().getParam() != null) {
for (ParamType p : wf.getDynamicConfiguration().getParam()) {
Attribute attr = params.get(p.getName());
if (attr == null) {
attr = new Attribute(p.getName());
params.put(p.getName(), attr);
}
attr.getValues().add(p.getValue());
}
}
DynamicWorkflow dwf = (DynamicWorkflow) Class.forName(wf.getDynamicConfiguration().getClassName()).newInstance();
List<Map<String, String>> wfParams = dwf.generateWorkflows(wf, GlobalEntries.getGlobalEntries().getConfigManager(), params);
StringBuffer b = new StringBuffer();
b.append('/').append(URLEncoder.encode(wf.getName(), "UTF-8"));
String uri = b.toString();
for (Map<String, String> wfParamSet : wfParams) {
DateTime now = new DateTime();
DateTime expires = now.plusHours(1);
LastMile lm = new LastMile(uri, now, expires, 0, "");
for (String key : wfParamSet.keySet()) {
String val = wfParamSet.get(key);
Attribute attr = new Attribute(key, val);
lm.getAttributes().add(attr);
}
WFDescription desc = new WFDescription();
desc.setUuid(UUID.randomUUID().toString());
desc.setName(wf.getName());
ST st = new ST(wf.getLabel(), '$', '$');
for (String key : wfParamSet.keySet()) {
st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
}
desc.setLabel(st.render());
st = new ST(wf.getDescription(), '$', '$');
for (String key : wfParamSet.keySet()) {
st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
}
desc.setDescription(st.render());
desc.setEncryptedParams(lm.generateLastMileToken(cfgMgr.getSecretKey(cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey())));
workflows.add(desc);
}
} else {
WFDescription desc = new WFDescription();
desc.setUuid(UUID.randomUUID().toString());
desc.setName(wf.getName());
desc.setLabel(wf.getLabel());
desc.setDescription(wf.getDescription());
workflows.add(desc);
}
}
}
}
WFDescriptions descs = new WFDescriptions();
descs.setWorkflows(workflows);
Gson gson = new Gson();
ProvisioningResult pres = new ProvisioningResult();
pres.setSuccess(true);
pres.setWfDescriptions(descs);
resp.getOutputStream().print(gson.toJson(pres));
} catch (Exception e) {
logger.error("Could not load workflows", e);
Gson gson = new Gson();
ProvisioningResult pres = new ProvisioningResult();
pres.setSuccess(false);
pres.setError(new ProvisioningError("Could not load workflows"));
resp.getOutputStream().print(gson.toJson(pres));
}
}
Also used :
ST(org.stringtemplate.v4.ST)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
ProvisioningResult(com.tremolosecurity.provisioning.service.util.ProvisioningResult)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ParamType(com.tremolosecurity.config.xml.ParamType)
DateTime(org.joda.time.DateTime)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
LastMile(com.tremolosecurity.lastmile.LastMile)
WFDescription(com.tremolosecurity.provisioning.service.util.WFDescription)
ProvisioningError(com.tremolosecurity.provisioning.service.util.ProvisioningError)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
DynamicWorkflow(com.tremolosecurity.provisioning.util.DynamicWorkflow)
HashMap(java.util.HashMap)
Map(java.util.Map)
WFDescriptions(com.tremolosecurity.provisioning.service.util.WFDescriptions)
Aggregations
LastMile (com.tremolosecurity.lastmile.LastMile)6
Attribute (com.tremolosecurity.saml.Attribute)5
WorkflowType (com.tremolosecurity.config.xml.WorkflowType)3
HashMap (java.util.HashMap)3
DateTime (org.joda.time.DateTime)3
ConfigManager (com.tremolosecurity.config.util.ConfigManager)2
ParamType (com.tremolosecurity.config.xml.ParamType)2
WFDescription (com.tremolosecurity.provisioning.service.util.WFDescription)2
DynamicWorkflow (com.tremolosecurity.provisioning.util.DynamicWorkflow)2
IOException (java.io.IOException)2
ArrayList (java.util.ArrayList)2
Map (java.util.Map)2
ServletException (javax.servlet.ServletException)2
ST (org.stringtemplate.v4.ST)2
Gson (com.google.gson.Gson)1
LDAPAttribute (com.novell.ldap.LDAPAttribute)1
OrgType (com.tremolosecurity.config.xml.OrgType)1
AutoIDMPrincipal (com.tremolosecurity.filter.AutoIDMPrincipal)1
CustomLastMile (com.tremolosecurity.lastmile.custom.CustomLastMile)1
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1
