Search in sources :

Example 31 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class Drupal8Target method createClient.

public HttpCon createClient() throws Exception {
    ArrayList<Header> defheaders = new ArrayList<Header>();
    defheaders.add(new BasicHeader("X-Csrf-Token", "1"));
    BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
    RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).build();
    CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultHeaders(defheaders).setDefaultRequestConfig(rc).build();
    HttpCon con = new HttpCon();
    con.setBcm(bhcm);
    con.setHttp(http);
    return con;
}
Also used : RequestConfig(org.apache.http.client.config.RequestConfig) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) Header(org.apache.http.Header) BasicHeader(org.apache.http.message.BasicHeader) ArrayList(java.util.ArrayList) BasicHeader(org.apache.http.message.BasicHeader) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)

Example 32 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class K8sCrdInsert method loadUserFromK8sCrd.

private void loadUserFromK8sCrd(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
    if (logger.isDebugEnabled()) {
        logger.debug("Looking up user '" + name + "' in namespace '" + this.nameSpace + "'");
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(name).toString();
    ArrayList<Entry> ret = new ArrayList<Entry>();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
            K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
            if (k8sUser == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Can't find '" + name + "'");
                }
                if (exceptionOnNotFound) {
                    throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
                }
            } else {
                LDAPEntry ldapUser = new LDAPEntry(entryDN);
                ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("uid", k8sUser.getUid()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("sub", k8sUser.getSub()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("first_name", k8sUser.getFirstName()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("last_name", k8sUser.getLastName()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("email", k8sUser.getEmail()));
                if (k8sUser.getGroups().size() > 0) {
                    LDAPAttribute groups = new LDAPAttribute("groups");
                    for (String group : k8sUser.getGroups()) {
                        groups.addValue(group);
                    }
                    ldapUser.getAttributeSet().add(groups);
                }
                ret.add(new Entry(ldapUser));
            }
            chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
            return;
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (LDAPException le) {
        throw le;
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) UserData(com.tremolosecurity.myvd.dataObj.UserData) ArrayList(java.util.ArrayList) K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet) Entry(net.sourceforge.myvd.types.Entry) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPEntry(com.novell.ldap.LDAPEntry) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) LDAPException(com.novell.ldap.LDAPException)

Example 33 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class K8sSessionStore method deleteAllSessions.

@Override
public void deleteAllSessions(String sessionId) throws Exception {
    String sessionIdName = new StringBuilder().append("x").append(sessionId).append("x").toString();
    OpenShiftTarget k8s = null;
    try {
        k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    } catch (ProvisioningException e1) {
        logger.error("Could not retrieve kubernetes target", e1);
        throw new ProvisioningException("Could not connect to kubernetes", e1);
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
            JSONObject root = (JSONObject) new JSONParser().parse(jsonResp);
            if (root.containsKey("kind") && root.get("kind").equals("Status") && ((Long) root.get("code")) == 404) {
                logger.warn(new StringBuilder().append("Session ID ").append(sessionId).append(" does not exist"));
                return;
            }
            JSONObject metadata = (JSONObject) root.get("metadata");
            JSONObject labels = (JSONObject) metadata.get("labels");
            String dnHash = (String) labels.get("tremolo.io/user-dn");
            url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions?labelSelector=tremolo.io%2Fuser-dn%3D").append(dnHash).toString();
            jsonResp = k8s.callWSDelete(k8s.getAuthToken(), con, url);
            if (logger.isDebugEnabled()) {
                logger.debug("json response from deleting object : " + jsonResp);
            }
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new Exception("Error searching kubernetes", e);
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) JSONParser(org.json.simple.parser.JSONParser) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 34 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class K8sSessionStore method deleteSession.

@Override
public void deleteSession(String sessionId) throws Exception {
    String sessionIdName = new StringBuilder().append("x").append(sessionId).append("x").toString();
    OpenShiftTarget k8s = null;
    try {
        k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    } catch (ProvisioningException e1) {
        logger.error("Could not retrieve kubernetes target", e1);
        throw new ProvisioningException("Could not connect to kubernetes", e1);
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonResp = k8s.callWSDelete(k8s.getAuthToken(), con, url);
            if (logger.isDebugEnabled()) {
                logger.debug("json response from deleting object : " + jsonResp);
            }
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new Exception("Error searching kubernetes", e);
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 35 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class K8sSessionStore method resetSession.

@Override
public void resetSession(OidcSessionState session) throws Exception {
    String sessionIdName = new StringBuilder().append("x").append(session.getSessionID()).append("x").toString();
    OpenShiftTarget k8s = null;
    try {
        k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    } catch (ProvisioningException e1) {
        logger.error("Could not retrieve kubernetes target", e1);
        throw new ProvisioningException("Could not connect to kubernetes", e1);
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
            if (logger.isDebugEnabled()) {
                logger.debug("json response from deleting object : " + jsonResp);
            }
            Map ret = gson.fromJson(jsonResp, Map.class);
            Map obj = new HashMap();
            Map spec = (Map) ret.get("spec");
            obj.put("spec", spec);
            if (spec == null) {
                return;
            }
            spec.put("encrypted_id_token", session.getEncryptedIdToken());
            spec.put("encrypted_access_token", session.getEncryptedAccessToken());
            spec.put("refresh_token", session.getRefreshToken());
            spec.put("expires", ISODateTimeFormat.dateTime().print(session.getExpires()));
            jsonResp = k8s.callWSPatchJson(k8s.getAuthToken(), con, url, gson.toJson(obj));
            if (logger.isDebugEnabled()) {
                logger.debug("json response from patch : '" + jsonResp + "'");
            }
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new Exception("Error searching kubernetes", e);
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) HashMap(java.util.HashMap) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) HashMap(java.util.HashMap) Map(java.util.Map) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Aggregations

HttpCon (com.tremolosecurity.provisioning.util.HttpCon)104 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)82 IOException (java.io.IOException)70 ClientProtocolException (org.apache.http.client.ClientProtocolException)49 JSONObject (org.json.simple.JSONObject)43 ParseException (org.json.simple.parser.ParseException)33 Workflow (com.tremolosecurity.provisioning.core.Workflow)32 ArrayList (java.util.ArrayList)32 UnsupportedEncodingException (java.io.UnsupportedEncodingException)31 OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)27 JSONParser (org.json.simple.parser.JSONParser)25 HashMap (java.util.HashMap)24 JSONArray (org.json.simple.JSONArray)22 User (com.tremolosecurity.provisioning.core.User)18 Attribute (com.tremolosecurity.saml.Attribute)17 Gson (com.google.gson.Gson)16 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)14 HashSet (java.util.HashSet)13 List (java.util.List)13 KSToken (com.tremolosecurity.unison.openstack.util.KSToken)12