use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class Drupal8Target method createClient.
public HttpCon createClient() throws Exception {
ArrayList<Header> defheaders = new ArrayList<Header>();
defheaders.add(new BasicHeader("X-Csrf-Token", "1"));
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultHeaders(defheaders).setDefaultRequestConfig(rc).build();
HttpCon con = new HttpCon();
con.setBcm(bhcm);
con.setHttp(http);
return con;
}
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class K8sCrdInsert method loadUserFromK8sCrd.
private void loadUserFromK8sCrd(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
if (logger.isDebugEnabled()) {
logger.debug("Looking up user '" + name + "' in namespace '" + this.nameSpace + "'");
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(name).toString();
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
if (logger.isDebugEnabled()) {
logger.debug("Can't find '" + name + "'");
}
if (exceptionOnNotFound) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
LDAPEntry ldapUser = new LDAPEntry(entryDN);
ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
ldapUser.getAttributeSet().add(new LDAPAttribute("uid", k8sUser.getUid()));
ldapUser.getAttributeSet().add(new LDAPAttribute("sub", k8sUser.getSub()));
ldapUser.getAttributeSet().add(new LDAPAttribute("first_name", k8sUser.getFirstName()));
ldapUser.getAttributeSet().add(new LDAPAttribute("last_name", k8sUser.getLastName()));
ldapUser.getAttributeSet().add(new LDAPAttribute("email", k8sUser.getEmail()));
if (k8sUser.getGroups().size() > 0) {
LDAPAttribute groups = new LDAPAttribute("groups");
for (String group : k8sUser.getGroups()) {
groups.addValue(group);
}
ldapUser.getAttributeSet().add(groups);
}
ret.add(new Entry(ldapUser));
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (LDAPException le) {
throw le;
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
}
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method deleteAllSessions.
@Override
public void deleteAllSessions(String sessionId) throws Exception {
String sessionIdName = new StringBuilder().append("x").append(sessionId).append("x").toString();
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
JSONObject root = (JSONObject) new JSONParser().parse(jsonResp);
if (root.containsKey("kind") && root.get("kind").equals("Status") && ((Long) root.get("code")) == 404) {
logger.warn(new StringBuilder().append("Session ID ").append(sessionId).append(" does not exist"));
return;
}
JSONObject metadata = (JSONObject) root.get("metadata");
JSONObject labels = (JSONObject) metadata.get("labels");
String dnHash = (String) labels.get("tremolo.io/user-dn");
url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions?labelSelector=tremolo.io%2Fuser-dn%3D").append(dnHash).toString();
jsonResp = k8s.callWSDelete(k8s.getAuthToken(), con, url);
if (logger.isDebugEnabled()) {
logger.debug("json response from deleting object : " + jsonResp);
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method deleteSession.
@Override
public void deleteSession(String sessionId) throws Exception {
String sessionIdName = new StringBuilder().append("x").append(sessionId).append("x").toString();
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWSDelete(k8s.getAuthToken(), con, url);
if (logger.isDebugEnabled()) {
logger.debug("json response from deleting object : " + jsonResp);
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method resetSession.
@Override
public void resetSession(OidcSessionState session) throws Exception {
String sessionIdName = new StringBuilder().append("x").append(session.getSessionID()).append("x").toString();
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
if (logger.isDebugEnabled()) {
logger.debug("json response from deleting object : " + jsonResp);
}
Map ret = gson.fromJson(jsonResp, Map.class);
Map obj = new HashMap();
Map spec = (Map) ret.get("spec");
obj.put("spec", spec);
if (spec == null) {
return;
}
spec.put("encrypted_id_token", session.getEncryptedIdToken());
spec.put("encrypted_access_token", session.getEncryptedAccessToken());
spec.put("refresh_token", session.getRefreshToken());
spec.put("expires", ISODateTimeFormat.dateTime().print(session.getExpires()));
jsonResp = k8s.callWSPatchJson(k8s.getAuthToken(), con, url, gson.toJson(obj));
if (logger.isDebugEnabled()) {
logger.debug("json response from patch : '" + jsonResp + "'");
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
Aggregations