Example 6 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method getAuthToken.
public String getAuthToken() throws Exception {
HttpCon con = this.createClient();
try {
if (!this.useToken) {
StringBuffer b = new StringBuffer();
b.append(this.getUrl()).append("/oauth/authorize?response_type=token&client_id=openshift-challenging-client");
HttpGet get = new HttpGet(b.toString());
b.setLength(0);
b.append(this.userName).append(':').append(this.password);
String b64 = Base64.encodeBase64String(b.toString().getBytes("UTF-8"));
b.setLength(0);
b.append("Basic ").append(b64.substring(0, b64.length() - 2));
get.addHeader(new BasicHeader("Authorization", b.toString()));
HttpResponse resp = con.getHttp().execute(get);
String token = "";
if (resp.getStatusLine().getStatusCode() == 302) {
String url = resp.getFirstHeader("Location").getValue();
int start = url.indexOf("access_token") + "access_token=".length();
int end = url.indexOf("&", start + 1);
token = url.substring(start, end);
} else {
throw new Exception("Unable to obtain token : " + resp.getStatusLine().toString());
}
return token;
} else {
switch(this.tokenType) {
case NONE:
return null;
case TOKENAPI:
this.checkProjectedToken();
case LEGACY:
case STATIC:
return this.osToken;
case OIDC:
return this.generateOidcToken();
default:
throw new ProvisioningException("Unknown tokenType");
}
}
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
HttpGet(org.apache.http.client.methods.HttpGet)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
HttpResponse(org.apache.http.HttpResponse)
BasicHeader(org.apache.http.message.BasicHeader)
KeyStoreException(java.security.KeyStoreException)
StreamException(org.cryptacular.StreamException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KeyManagementException(java.security.KeyManagementException)
JoseException(org.jose4j.lang.JoseException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
ParseException(org.json.simple.parser.ParseException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
EncodingException(org.cryptacular.EncodingException)
IOException(java.io.IOException)
Example 7 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class LoadApplicationsFromK8s method createIdpOnUrl.
private void createIdpOnUrl(JSONObject jsonUrl, UrlType url) throws ProvisioningException, Exception {
IdpType idp = new IdpType();
JSONObject jsonIdp = (JSONObject) jsonUrl.get("idp");
url.setIdp(idp);
idp.setClassName((String) jsonIdp.get("className"));
JSONObject params = (JSONObject) jsonIdp.get("params");
if (params != null) {
for (Object x : params.keySet()) {
String paramName = (String) x;
Object z = params.get(paramName);
if (z instanceof String) {
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue((String) z);
idp.getParams().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object y : values) {
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue((String) y);
idp.getParams().add(pt);
}
}
}
}
JSONArray secretParams = (JSONArray) jsonIdp.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue(secretValue);
idp.getParams().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
JSONObject mappings = (JSONObject) jsonIdp.get("mappings");
if (mappings != null) {
IdpMappingType idpMappingType = new IdpMappingType();
idpMappingType.setStrict(getBoolValue(mappings.get("strict"), true));
JSONArray jsonMap = (JSONArray) mappings.get("map");
if (jsonMap != null) {
for (Object x : jsonMap) {
JSONObject map = (JSONObject) x;
ProvisionMappingType pmt = new ProvisionMappingType();
pmt.setTargetAttributeName((String) map.get("targetAttributeName"));
pmt.setTargetAttributeSource((String) map.get("targetAttributeSource"));
pmt.setSourceType((String) map.get("sourceType"));
idpMappingType.getMapping().add(pmt);
}
}
idp.setMappings(idpMappingType);
}
JSONArray jsonTrusts = (JSONArray) jsonIdp.get("trusts");
if (jsonTrusts != null) {
TrustsType tt = new TrustsType();
for (Object o : jsonTrusts) {
JSONObject jsonTrust = (JSONObject) o;
TrustType trust = new TrustType();
trust.setName((String) jsonTrust.get("name"));
params = (JSONObject) jsonTrust.get("params");
if (params != null) {
for (Object x : params.keySet()) {
String paramName = (String) x;
Object z = params.get(paramName);
if (z instanceof String) {
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue((String) z);
trust.getParam().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object y : values) {
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue((String) y);
trust.getParam().add(pt);
}
}
}
}
secretParams = (JSONArray) jsonTrust.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue(secretValue);
trust.getParam().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
tt.getTrust().add(trust);
}
idp.setTrusts(tt);
}
}
Also used :
IdpType(com.tremolosecurity.config.xml.IdpType)
TrustsType(com.tremolosecurity.config.xml.TrustsType)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
JSONArray(org.json.simple.JSONArray)
TrustType(com.tremolosecurity.config.xml.TrustType)
JSONObject(org.json.simple.JSONObject)
ProvisionMappingType(com.tremolosecurity.config.xml.ProvisionMappingType)
IdpMappingType(com.tremolosecurity.config.xml.IdpMappingType)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
ParamType(com.tremolosecurity.config.xml.ParamType)
Example 8 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method addGroup.
@Override
public void addGroup(String name, Map<String, String> additionalAttributes, User user, Map<String, Object> request) throws ProvisioningException {
HttpCon con = null;
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
String token = this.getAuthToken();
con = this.createClient();
Gson gson = new Gson();
// first lets see if the group exists
StringBuilder sb = new StringBuilder();
sb.append("/apis/user.openshift.io/v1/groups/").append(name);
com.tremolosecurity.unison.openshiftv3.model.groups.Group group = new com.tremolosecurity.unison.openshiftv3.model.groups.Group();
group.setKind("Group");
group.setApiVersion("user.openshift.io/v1");
group.setMetadata(new HashMap<String, Object>());
group.getMetadata().put("name", name);
group.getMetadata().put("creationTimestamp", null);
group.setUsers(null);
String jsonInput = gson.toJson(group);
if (!this.isObjectExists(token, con, "/apis/user.openshift.io/v1/groups", jsonInput)) {
String json = this.callWSPost(token, con, "/apis/user.openshift.io/v1/groups", jsonInput);
Response resp = gson.fromJson(json, Response.class);
if (resp.getKind().equalsIgnoreCase("Group")) {
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "group-object", name);
} else {
throw new ProvisioningException("Unknown response : '" + json + "'");
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not load group", e);
} finally {
if (con != null) {
con.getBcm().close();
}
}
}
Also used :
UserStoreProviderWithAddGroup(com.tremolosecurity.provisioning.core.UserStoreProviderWithAddGroup)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Gson(com.google.gson.Gson)
KeyStoreException(java.security.KeyStoreException)
StreamException(org.cryptacular.StreamException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KeyManagementException(java.security.KeyManagementException)
JoseException(org.jose4j.lang.JoseException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
ParseException(org.json.simple.parser.ParseException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
EncodingException(org.cryptacular.EncodingException)
IOException(java.io.IOException)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
Response(com.tremolosecurity.unison.openshiftv3.model.Response)
HttpResponse(org.apache.http.HttpResponse)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
JSONObject(org.json.simple.JSONObject)
Example 9 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class LoadAuthChainsFromK8s method createAuthChain.
private AuthChainType createAuthChain(JSONObject item, String name) throws Exception {
AuthChainType act = new AuthChainType();
act.setName(name);
JSONObject spec = (JSONObject) item.get("spec");
act.setLevel(((Long) spec.get("level")).intValue());
Boolean finishOnRequiredSucess = (Boolean) spec.get("finishOnRequiredSucess");
if (finishOnRequiredSucess != null) {
act.setFinishOnRequiredSucess(finishOnRequiredSucess);
} else {
act.setFinishOnRequiredSucess(false);
}
String root = (String) spec.get("root");
if (root != null) {
act.setRoot(root);
}
JSONObject jsonCompliance = (JSONObject) spec.get("compliance");
if (jsonCompliance != null) {
AuthLockoutType alt = new AuthLockoutType();
alt.setEnabled((Boolean) jsonCompliance.get("enabled"));
alt.setMaxFailedAttempts(((Integer) jsonCompliance.get("maxLockoutTime")));
alt.setNumFailedAttribute((String) jsonCompliance.get("numFailedAttribute"));
alt.setLastFailedAttribute((String) jsonCompliance.get("lastFailedAttribute"));
alt.setLastSucceedAttribute((String) jsonCompliance.get("lastSucceedAttribute"));
alt.setUpdateAttributesWorkflow((String) jsonCompliance.get("updateAttributesWorkflow"));
alt.setUidAttributeName((String) jsonCompliance.get("uidAttributeName"));
act.setCompliance(alt);
}
JSONArray mechs = (JSONArray) spec.get("authMechs");
for (Object o : mechs) {
JSONObject mech = (JSONObject) o;
AuthMechType amt = new AuthMechType();
amt.setName((String) mech.get("name"));
amt.setRequired((String) mech.get("required"));
amt.setParams(new AuthMechParamType());
JSONObject jsonObj = (JSONObject) mech.get("params");
for (Object ok : jsonObj.keySet()) {
String paramName = (String) ok;
Object val = jsonObj.get(paramName);
if (val instanceof String) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) val);
amt.getParams().getParam().add(pt);
} else {
JSONArray vals = (JSONArray) val;
for (Object ov : vals) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) ov);
amt.getParams().getParam().add(pt);
}
}
}
JSONArray secretParams = (JSONArray) mech.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue(secretValue);
amt.getParams().getParam().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
act.getAuthMech().add(amt);
}
return act;
}
Also used :
AuthLockoutType(com.tremolosecurity.config.xml.AuthLockoutType)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
JSONArray(org.json.simple.JSONArray)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
JSONObject(org.json.simple.JSONObject)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 10 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class LoadAuthorizationsFromK8s method createCustomAz.
private CustomAzRuleType createCustomAz(JSONObject item, String name) throws ProvisioningException {
CustomAzRuleType cart = new CustomAzRuleType();
JSONObject spec = (JSONObject) item.get("spec");
cart.setName(name);
cart.setClassName((String) spec.get("className"));
JSONObject params = (JSONObject) spec.get("params");
for (Object o : params.keySet()) {
String keyName = (String) o;
Object v = params.get(keyName);
if (v instanceof String) {
String val = (String) v;
ParamType pt = new ParamType();
pt.setName(keyName);
pt.setValue(val);
cart.getParams().add(pt);
} else if (v instanceof JSONArray) {
for (Object ov : ((JSONArray) v)) {
ParamType pt = new ParamType();
pt.setName(keyName);
pt.setValue((String) ov);
cart.getParams().add(pt);
}
}
}
JSONArray secretParams = (JSONArray) spec.get("secretParams");
if (secretParams != null) {
try {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue(secretValue);
cart.getParams().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
} catch (Exception e) {
throw new ProvisioningException("Could not generate secret params from '" + name + "'", e);
}
}
return cart;
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
JSONArray(org.json.simple.JSONArray)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
JSONObject(org.json.simple.JSONObject)
ParamType(com.tremolosecurity.config.xml.ParamType)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ParseException(org.json.simple.parser.ParseException)
Aggregations
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)104
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)82
IOException (java.io.IOException)70
ClientProtocolException (org.apache.http.client.ClientProtocolException)49
JSONObject (org.json.simple.JSONObject)43
ParseException (org.json.simple.parser.ParseException)33
Workflow (com.tremolosecurity.provisioning.core.Workflow)32
ArrayList (java.util.ArrayList)32
UnsupportedEncodingException (java.io.UnsupportedEncodingException)31
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)27
JSONParser (org.json.simple.parser.JSONParser)25
HashMap (java.util.HashMap)24
JSONArray (org.json.simple.JSONArray)22
User (com.tremolosecurity.provisioning.core.User)18
Attribute (com.tremolosecurity.saml.Attribute)17
Gson (com.google.gson.Gson)16
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)14
HashSet (java.util.HashSet)13
List (java.util.List)13
KSToken (com.tremolosecurity.unison.openstack.util.KSToken)12
