Example 71 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method listRoles.
public List<Map<Object, Object>> listRoles() throws ProvisioningException {
HttpCon con = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/roles");
String json = this.callWS(token.getAuthToken(), con, b.toString());
GsonBuilder builder = new GsonBuilder();
Object o = builder.create().fromJson(json, Object.class);
List<Map<Object, Object>> roles = (List<Map<Object, Object>>) ((Map<Object, Object>) o).get("roles");
return roles;
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
GsonBuilder(com.google.gson.GsonBuilder)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KSToken(com.tremolosecurity.unison.openstack.util.KSToken)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
LinkedTreeMap(com.google.gson.internal.LinkedTreeMap)
HashMap(java.util.HashMap)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
IOException(java.io.IOException)
Example 72 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class UserPrincipal method deleteGroup.
@Override
public void deleteGroup(String name, User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
IPACall groupSearch = new IPACall();
groupSearch.setId(0);
groupSearch.setMethod("group_del");
ArrayList<String> groupArray = new ArrayList<String>();
groupArray.add(name);
groupSearch.getParams().add(groupArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
groupSearch.getParams().add(additionalParams);
HttpCon con = null;
try {
con = this.createClient();
IPAResponse resp = this.executeIPACall(groupSearch, con);
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "group-object", name);
} catch (Exception e) {
throw new ProvisioningException("Could not find groups", e);
} finally {
if (con != null) {
con.getBcm().close();
}
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
HashMap(java.util.HashMap)
IPACall(com.tremolosecurity.unison.freeipa.json.IPACall)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ArrayList(java.util.ArrayList)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
IPAException(com.tremolosecurity.unison.freeipa.util.IPAException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 73 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class UserPrincipal method createUser.
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
HttpCon con = this.createClient();
try {
if (principal.isPrimaryDomain()) {
IPACall createUser = new IPACall();
createUser.setId(0);
createUser.setMethod("user_add");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
createUser.getParams().add(userArray);
HashMap<String, Object> userAttrs = new HashMap<String, Object>();
for (String attrName : attributes) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null && !attr.getName().equalsIgnoreCase("uid")) {
if (attr.getValues().size() == 1) {
userAttrs.put(attr.getName(), attr.getValues().get(0));
} else {
ArrayList vals = new ArrayList<String>();
vals.addAll(attr.getValues());
userAttrs.put(attr.getName(), vals);
}
}
}
createUser.getParams().add(userAttrs);
IPAResponse resp = this.executeIPACall(createUser, con);
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "uid", user.getUserID());
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "uid", user.getUserID());
for (String attrName : userAttrs.keySet()) {
Object o = userAttrs.get(attrName);
if (o instanceof String) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attrName, (String) o);
} else {
List<String> vals = (List<String>) o;
for (String val : vals) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attrName, val);
}
}
}
for (String group : user.getGroups()) {
this.addGroup(principal, group, con, approvalID, workflow);
}
if (this.createShadowAccount) {
String password = new BigInteger(130, random).toString(32);
password = PBKDF2.generateHash(password);
user.setPassword(password);
this.setUserPassword(user, request);
}
} else {
IPACall idOveride = new IPACall();
idOveride.setId(0);
idOveride.setMethod("idoverrideuser_add");
List<String> params = new ArrayList<String>();
params.add(this.trustViewName);
params.add(principal.getUPN());
idOveride.getParams().add(params);
Map<String, Object> param2 = new HashMap<String, Object>();
for (String attrName : attributes) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null) {
if (attr.getName().equalsIgnoreCase("uid") && !attr.getValues().get(0).equals(user.getUserID())) {
param2.put(attr.getName(), attr.getValues().get(0));
} else if (!attr.getName().equalsIgnoreCase("uid")) {
param2.put(attr.getName(), attr.getValues().get(0));
}
}
}
idOveride.getParams().add(param2);
IPAResponse resp = this.executeIPACall(idOveride, con);
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "uid", user.getUserID());
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "uid", user.getUserID());
for (String attrName : attributes) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attrName, attr.getValues().get(0));
}
}
for (String group : user.getGroups()) {
this.addGroup(principal, group, con, approvalID, workflow);
}
}
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not run search", e);
}
}
Also used :
IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse)
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
IPACall(com.tremolosecurity.unison.freeipa.json.IPACall)
ArrayList(java.util.ArrayList)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
IPAException(com.tremolosecurity.unison.freeipa.util.IPAException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
BigInteger(java.math.BigInteger)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 74 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class OAuth2K8sServiceAccount method processToken.
@Override
public void processToken(HttpServletRequest request, HttpServletResponse response, AuthStep as, HttpSession session, HashMap<String, Attribute> authParams, AuthChainType act, String realmName, String scope, ConfigManager cfg, String lmToken) throws ServletException, IOException {
String k8sTarget = authParams.get("k8sTarget").getValues().get(0);
boolean linkToDirectory = Boolean.parseBoolean(authParams.get("linkToDirectory").getValues().get(0));
String noMatchOU = authParams.get("noMatchOU").getValues().get(0);
String uidAttr = authParams.get("uidAttr").getValues().get(0);
String lookupFilter = authParams.get("lookupFilter").getValues().get(0);
String defaultObjectClass = authParams.get("defaultObjectClass").getValues().get(0);
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
JSONObject root = new JSONObject();
root.put("kind", "TokenReview");
root.put("apiVersion", "authentication.k8s.io/v1");
root.put("spec", new JSONObject());
((JSONObject) root.get("spec")).put("token", lmToken);
String json = root.toJSONString();
OpenShiftTarget target = null;
HttpCon con = null;
try {
target = (OpenShiftTarget) cfg.getProvisioningEngine().getTarget(k8sTarget).getProvider();
con = target.createClient();
String respJSON = target.callWSPost(target.getAuthToken(), con, "/apis/authentication.k8s.io/v1/tokenreviews", json);
if (logger.isDebugEnabled()) {
logger.debug("JSON - " + respJSON);
}
JSONParser parser = new JSONParser();
JSONObject resp = (JSONObject) parser.parse(respJSON);
JSONObject status = (JSONObject) resp.get("status");
if (status.get("error") != null) {
logger.error("Could not validate token : " + status.get("error"));
as.setExecuted(true);
as.setSuccess(false);
cfg.getAuthManager().nextAuth(request, response, request.getSession(), false);
super.sendFail(response, realmName, scope, null, null);
return;
} else {
Boolean authenticated = (Boolean) status.get("authenticated");
if (authenticated != null && authenticated) {
JSONObject user = (JSONObject) status.get("user");
if (!linkToDirectory) {
loadUnlinkedUser(session, noMatchOU, uidAttr, act, user, defaultObjectClass);
as.setSuccess(true);
} else {
lookupUser(as, session, cfg.getMyVD(), noMatchOU, uidAttr, lookupFilter, act, user, defaultObjectClass);
}
String redirectToURL = request.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
as.setExecuted(true);
as.setSuccess(true);
cfg.getAuthManager().nextAuth(request, response, request.getSession(), false);
} else {
as.setExecuted(true);
as.setSuccess(false);
cfg.getAuthManager().nextAuth(request, response, request.getSession(), false);
super.sendFail(response, realmName, scope, null, null);
return;
}
}
} catch (Exception e) {
throw new ServletException("Could not validate token", e);
} finally {
con.getHttp().close();
con.getBcm().close();
}
}
Also used :
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
JSONParser(org.json.simple.parser.JSONParser)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
LDAPException(com.novell.ldap.LDAPException)
ServletException(javax.servlet.ServletException)
ParseException(org.json.simple.parser.ParseException)
IOException(java.io.IOException)
JoseException(org.jose4j.lang.JoseException)
Example 75 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class LoadApplicationsFromK8s method createApplication.
public ApplicationType createApplication(JSONObject item, String name) throws Exception {
ApplicationType app = new ApplicationType();
app.setName(name);
JSONObject spec = (JSONObject) item.get("spec");
app.setAzTimeoutMillis(getLongValue(spec.get("azTimeoutMillis"), 3000));
app.setIsApp(getBoolValue(spec.get("isApp"), true));
JSONArray urls = (JSONArray) spec.get("urls");
app.setUrls(new UrlsType());
for (Object o : urls) {
JSONObject jsonUrl = (JSONObject) o;
UrlType url = new UrlType();
if (!app.isIsApp()) {
createIdpOnUrl(jsonUrl, url);
}
JSONArray hosts = (JSONArray) jsonUrl.get("hosts");
for (Object x : hosts) {
url.getHost().add((String) x);
}
JSONArray filters = (JSONArray) jsonUrl.get("filterChain");
url.setFilterChain(new FilterChainType());
if (filters != null) {
for (Object x : filters) {
JSONObject jsonFilter = (JSONObject) x;
FilterConfigType ft = new FilterConfigType();
ft.setClazz((String) jsonFilter.get("className"));
JSONObject params = (JSONObject) jsonFilter.get("params");
if (params != null) {
for (Object y : params.keySet()) {
String paramName = (String) y;
Object z = params.get(paramName);
if (z instanceof String) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) z);
ft.getParam().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object w : values) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) w);
ft.getParam().add(pt);
}
}
}
}
JSONArray secretParams = (JSONArray) jsonFilter.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue(secretValue);
pt.setValueAttribute(secretValue);
ft.getParam().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
url.getFilterChain().getFilter().add(ft);
}
}
JSONArray jsonAzRules = (JSONArray) jsonUrl.get("azRules");
AzRulesType art = new AzRulesType();
if (jsonAzRules != null) {
for (Object x : jsonAzRules) {
JSONObject jsonRule = (JSONObject) x;
AzRuleType artx = new AzRuleType();
artx.setScope((String) jsonRule.get("scope"));
artx.setConstraint((String) jsonRule.get("constraint"));
art.getRule().add(artx);
}
}
url.setAzRules(art);
url.setProxyTo((String) jsonUrl.get("proxyTo"));
url.setUri((String) jsonUrl.get("uri"));
url.setRegex(getBoolValue(jsonUrl.get("regex"), false));
url.setAuthChain((String) jsonUrl.get("authChain"));
url.setOverrideHost(getBoolValue(jsonUrl.get("overrideHost"), false));
url.setOverrideReferer(getBoolValue(jsonUrl.get("overrideReferer"), false));
JSONObject jsonResults = (JSONObject) jsonUrl.get("results");
if (jsonResults != null) {
ResultRefType rt = new ResultRefType();
rt.setAuSuccess((String) jsonResults.get("auSuccess"));
rt.setAzSuccess((String) jsonResults.get("azSuccess"));
rt.setAuFail((String) jsonResults.get("auFail"));
rt.setAzFail((String) jsonResults.get("azFail"));
url.setResults(rt);
}
app.getUrls().getUrl().add(url);
}
JSONObject jsonCookie = (JSONObject) spec.get("cookieConfig");
if (jsonCookie != null) {
CookieConfigType cct = new CookieConfigType();
cct.setSessionCookieName((String) jsonCookie.get("sessionCookieName"));
cct.setDomain((String) jsonCookie.get("domain"));
cct.setScope(getIntValue(jsonCookie.get("scope"), -1));
cct.setLogoutURI((String) jsonCookie.get("logoutURI"));
cct.setKeyAlias((String) jsonCookie.get("keyAlias"));
cct.setTimeout(getIntValue(jsonCookie.get("timeout"), 0).intValue());
cct.setSecure(getBoolValue(jsonCookie.get("secure"), false));
cct.setHttpOnly(getBoolValue(jsonCookie.get("httpOnly"), false));
cct.setSameSite((String) jsonCookie.get("sameSite"));
cct.setCookiesEnabled(getBoolValue(jsonCookie.get("cookiesEnabled"), true));
app.setCookieConfig(cct);
}
return app;
}
Also used :
AzRulesType(com.tremolosecurity.config.xml.AzRulesType)
JSONArray(org.json.simple.JSONArray)
UrlsType(com.tremolosecurity.config.xml.UrlsType)
FilterChainType(com.tremolosecurity.config.xml.FilterChainType)
ResultRefType(com.tremolosecurity.config.xml.ResultRefType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
CookieConfigType(com.tremolosecurity.config.xml.CookieConfigType)
JSONObject(org.json.simple.JSONObject)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
UrlType(com.tremolosecurity.config.xml.UrlType)
Aggregations
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)104
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)82
IOException (java.io.IOException)70
ClientProtocolException (org.apache.http.client.ClientProtocolException)49
JSONObject (org.json.simple.JSONObject)43
ParseException (org.json.simple.parser.ParseException)33
Workflow (com.tremolosecurity.provisioning.core.Workflow)32
ArrayList (java.util.ArrayList)32
UnsupportedEncodingException (java.io.UnsupportedEncodingException)31
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)27
JSONParser (org.json.simple.parser.JSONParser)25
HashMap (java.util.HashMap)24
JSONArray (org.json.simple.JSONArray)22
User (com.tremolosecurity.provisioning.core.User)18
Attribute (com.tremolosecurity.saml.Attribute)17
Gson (com.google.gson.Gson)16
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)14
HashSet (java.util.HashSet)13
List (java.util.List)13
KSToken (com.tremolosecurity.unison.openstack.util.KSToken)12
