use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class ModuleType method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
try {
ModuleType mt = this.getModuleType(request);
String sessionId = sugarLogin();
Gson gson = new Gson();
SugarGetEntryList sgel = new SugarGetEntryList();
sgel.setSession(sessionId);
sgel.setModule_name(mt.name);
StringBuffer b = new StringBuffer();
b.append(mt.lookupByEmail).append(userID).append("')");
sgel.setQuery(b.toString());
sgel.setOrder_by("");
sgel.setOffset(0);
ArrayList<String> reqFields = new ArrayList<String>();
reqFields.add("id");
sgel.setSelect_fields(reqFields);
sgel.setMax_results(-1);
sgel.setDeleted(false);
sgel.setLink_name_to_fields_array(new HashMap<String, List<String>>());
String searchJson = gson.toJson(sgel);
String respJSON = execJson(searchJson, "get_entry_list");
JSONObject jsonObj = (JSONObject) JSONValue.parse(respJSON);
JSONArray jsonArray = (JSONArray) jsonObj.get("entry_list");
String id = (String) ((JSONObject) jsonArray.get(0)).get("id");
SugarGetEntry sge = new SugarGetEntry();
sge.setId(id);
sge.setSession(sessionId);
sge.setSelect_fields(new ArrayList<String>());
sge.setModule_name(mt.name);
sge.setLink_name_to_fields_array(new HashMap<String, List<String>>());
searchJson = gson.toJson(sge);
respJSON = execJson(searchJson, "get_entry");
// System.out.println(respJSON);
SugarEntrySet res = gson.fromJson(respJSON, SugarEntrySet.class);
User user = new User(userID);
SugarContactEntry sce = res.getEntry_list().get(0);
for (String attrName : sce.getName_value_list().keySet()) {
NVP nvp = sce.getName_value_list().get(attrName);
if (attributes.size() > 0 && !attributes.contains(nvp.getName())) {
continue;
}
if (nvp.getValue() != null && !nvp.getValue().isEmpty()) {
Attribute attr = new Attribute(nvp.getName(), nvp.getValue());
user.getAttribs().put(nvp.getName(), attr);
}
}
return user;
} catch (Exception e) {
throw new ProvisioningException("Could not find user", e);
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class TokenData method generateClaims.
private JwtClaims generateClaims(String dn, ConfigManager cfg, URL url, OpenIDConnectTrust trust, String nonce, HashMap<String, String> extraAttribs, HttpServletRequest request, String authChainName, JSONObject existingClaims, JSONObject actor) throws LDAPException, ProvisioningException {
StringBuffer issuer = new StringBuffer();
// issuer.append(cfg.getAuthIdPPath()).append(this.idpName);
issuer.append(this.authURI);
String issuerUrl = ProxyTools.getInstance().getFqdnUrl(issuer.toString(), request);
// Create the Claims, which will be the content of the JWT
JwtClaims claims = new JwtClaims();
// who creates the token and signs it
claims.setIssuer(issuerUrl);
// to whom the token is intended to be sent
claims.setAudience(trust.getClientID());
// time when the token will expire (10 minutes from now)
claims.setExpirationTimeMinutesInTheFuture(trust.getAccessTokenTimeToLive() / 1000 / 60);
// a unique identifier for the token
claims.setGeneratedJwtId();
// when the token was issued/created (now)
claims.setIssuedAtToNow();
// time before which the token is not yet valid (2 minutes ago)
claims.setNotBeforeMinutesInThePast(trust.getAccessTokenSkewMillis() / 1000 / 60);
// claims.setSubject(dn); // the subject/principal is whom the token is about
if (nonce != null) {
claims.setClaim("nonce", nonce);
}
LDAPEntry entry = null;
User user = null;
ArrayList<String> attrs = new ArrayList<String>();
LDAPSearchResults res = null;
boolean userFromLdap = false;
try {
res = cfg.getMyVD().search(dn, 0, "(objectClass=*)", attrs);
if (res.hasMore()) {
userFromLdap = true;
}
} catch (LDAPException e) {
if (e.getResultCode() == 32) {
userFromLdap = false;
} else {
throw e;
}
}
if (userFromLdap) {
entry = res.next();
} else {
if (existingClaims != null) {
LDAPAttributeSet atts = new LDAPAttributeSet();
for (Object key : existingClaims.keySet()) {
if (!ignoredClaims.contains((String) key)) {
LDAPAttribute attr = new LDAPAttribute((String) key);
atts.add(attr);
Object o = existingClaims.get(key);
if (o instanceof JSONArray) {
JSONArray vals = (JSONArray) o;
for (Object x : vals) {
try {
attr.addValue(x.toString().getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
// can't happen
}
}
} else {
try {
attr.addValue(o.toString().getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
// can't happen
}
}
}
}
entry = new LDAPEntry(dn, atts);
} else {
throw new ProvisioningException("Could not lookup user or get from existing claims");
}
}
user = new User(entry);
if (userFromLdap) {
user = this.mapper.mapUser(user, true);
}
for (String attrName : user.getAttribs().keySet()) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null) {
if (attr.getName().equalsIgnoreCase("sub")) {
claims.setSubject(attr.getValues().get(0));
} else if (attr.getValues().size() == 1) {
claims.setClaim(attrName, attr.getValues().get(0));
} else {
claims.setStringListClaim(attrName, attr.getValues());
}
}
}
String amr = this.authChainToAmr.get(authChainName);
if (amr != null) {
claims.setClaim("amr", new String[] { amr });
}
if (extraAttribs != null) {
for (String key : extraAttribs.keySet()) {
claims.setClaim(key, extraAttribs.get(key));
}
}
if (actor != null) {
JSONObject actorToAdd = new JSONObject();
for (Object key : existingClaims.keySet()) {
if (!ignoredClaims.contains((String) key)) {
actorToAdd.put(key, actor.get(key));
}
}
Map actorFromSubject = (Map) claims.getClaimValue("actor");
if (actorFromSubject != null) {
actorFromSubject.put("act", actorToAdd);
} else {
claims.setClaim("act", actorToAdd);
}
}
if (this.claimsUpdater != null) {
this.claimsUpdater.updateClaimsBeforeSigning(dn, cfg, url, trust, nonce, extraAttribs, entry, user, claims);
}
return claims;
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class TokenData method jwtToAuthInfo.
private AuthInfo jwtToAuthInfo(TokenData td, String uidAttr, AuthChainType act, String subjectAuthMethod) throws ServletException {
String filter = "";
if (td.subjectUid == null) {
filter = "(!(objectClass=*))";
} else {
filter = equal(uidAttr, td.subjectUid).toString();
}
try {
String root = act.getRoot();
if (root == null || root.trim().isEmpty()) {
root = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot();
}
AuthChainType actForSubject = GlobalEntries.getGlobalEntries().getConfigManager().getAuthChains().get(subjectAuthMethod);
if (actForSubject == null) {
logger.warn(new StringBuilder("No authentication chain named '").append(subjectAuthMethod).append("'"));
}
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(root, 2, filter, new ArrayList<String>());
if (res.hasMore()) {
LDAPEntry entry = res.next();
AuthInfo authInfo = new AuthInfo(entry.getDN(), null, actForSubject != null ? actForSubject.getName() : null, actForSubject != null ? actForSubject.getLevel() : 0);
User user = new User(entry);
user = this.getMapper().mapUser(user);
for (String attrName : user.getAttribs().keySet()) {
authInfo.getAttribs().put(attrName, user.getAttribs().get(attrName));
}
if (authInfo.getAttribs().get(uidAttr) == null) {
authInfo.getAttribs().put(uidAttr, new Attribute(uidAttr, td.subjectUid));
}
return authInfo;
} else {
String dn = new StringBuilder().append(uidAttr).append("=").append(td.subjectUid).append(",ou=oauth2,").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot()).toString();
AuthInfo authInfo = new AuthInfo(dn, null, actForSubject != null ? actForSubject.getName() : null, actForSubject != null ? actForSubject.getLevel() : 0);
for (Object key : td.root.keySet()) {
Attribute attr = new Attribute(key.toString());
if (attr.getName().equalsIgnoreCase("sub")) {
authInfo.getAttribs().put(uidAttr, new Attribute(uidAttr, (String) td.root.get(key)));
}
if (td.root.get(key) instanceof JSONArray) {
attr.getValues().addAll(((JSONArray) td.root.get(key)));
} else {
attr.getValues().add(td.root.get(key).toString());
}
authInfo.getAttribs().put((String) key, attr);
return authInfo;
}
}
} catch (LDAPException | ProvisioningException e) {
throw new ServletException("Could not lookup sts subject", e);
}
return null;
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class TokenPostAuth method lookupUser.
private AuthInfo lookupUser(HttpSession session, MyVDConnection myvd, String uidAttr, AuthChainType act, String uid, String subjectAuthMethod) throws ServletException {
String filter = "";
StringBuffer b = new StringBuffer();
String userParam = uid;
b.append('(').append(uidAttr).append('=').append(userParam).append(')');
if (userParam == null) {
filter = "(!(objectClass=*))";
} else {
filter = equal(uidAttr, userParam).toString();
}
try {
String root = act.getRoot();
if (root == null || root.trim().isEmpty()) {
root = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot();
}
LDAPSearchResults res = myvd.search(root, 2, filter, new ArrayList<String>());
if (res.hasMore()) {
LDAPEntry entry = res.next();
AuthChainType actForSubject = GlobalEntries.getGlobalEntries().getConfigManager().getAuthChains().get(subjectAuthMethod);
if (actForSubject == null) {
logger.warn(new StringBuilder("No authentication chain named '").append(subjectAuthMethod).append("'"));
}
AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), actForSubject.getName(), actForSubject.getLevel());
User user = new User(entry);
user = idp.getMapper().mapUser(user);
for (String attrName : user.getAttribs().keySet()) {
authInfo.getAttribs().put(attrName, user.getAttribs().get(attrName));
}
return authInfo;
} else {
return null;
}
} catch (LDAPException | ProvisioningException e) {
throw new ServletException("Could not lookup sts subject", e);
}
}
Aggregations